|
| 1 | +name: "Test-with-sonar" |
| 2 | +on: [push] |
| 3 | +permissions: |
| 4 | + id-token: write |
| 5 | + contents: read |
| 6 | + attestations: write |
| 7 | +jobs: |
| 8 | + test: |
| 9 | + runs-on: self-hosted |
| 10 | + steps: |
| 11 | + # Checkout and install prerequisites |
| 12 | + - name: Checkout |
| 13 | + uses: actions/checkout@v4 |
| 14 | + |
| 15 | + - name: Setup NodeJS |
| 16 | + uses: actions/setup-node@v4 |
| 17 | + with: |
| 18 | + node-version: "20.x" |
| 19 | + |
| 20 | + - name: Install jfrog cli |
| 21 | + id: setup-cli |
| 22 | + uses: jfrog/setup-jfrog-cli@v4 |
| 23 | + env: |
| 24 | + JF_URL: https://${{ vars.JF_URL }} |
| 25 | + JF_PROJECT: "barber-shop" |
| 26 | + with: |
| 27 | + oidc-provider-name: github-barber-shop |
| 28 | + - name: Generate .npmrc |
| 29 | + run: | |
| 30 | + jfrog c show |
| 31 | + jf npm-config --global --repo-resolve=barber-shop-npm-remote --repo-deploy=barber-shop-npm-local |
| 32 | + |
| 33 | + # Check build URL |
| 34 | + - name: Check build URL |
| 35 | + uses: wei/curl@master |
| 36 | + with: |
| 37 | + args: -I ${JFROG_CLI_BUILD_URL} |
| 38 | + if: runner.os == 'Linux' |
| 39 | + |
| 40 | + # Install and run tests |
| 41 | + - name: Install |
| 42 | + run: jf npm i --project barber-shop |
| 43 | + |
| 44 | + - name: Install SonarQube Scanner |
| 45 | + run: | |
| 46 | + curl -sL -sSLo sonar-scanner.zip https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-6.2.1.4610.zip |
| 47 | + unzip sonar-scanner.zip |
| 48 | + export PATH=$PATH:$PWD/sonar-scanner-6.2.1.4610/bin |
| 49 | + pwd |
| 50 | + ls -l $PWD/sonar-scanner-6.2.1.4610/bin/ |
| 51 | + echo "$PWD/sonar-scanner-6.2.1.4610/bin" |
| 52 | + |
| 53 | + - name: Run SonarScanner |
| 54 | + id: run-sonar-scanner |
| 55 | + env: |
| 56 | + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} |
| 57 | + run: | |
| 58 | + $PWD/sonar-scanner-6.2.1.4610/bin/sonar-scanner \ |
| 59 | + -Dsonar.projectKey=setup-jfrog-cli \ |
| 60 | + -Dsonar.organization=my-evidence-test-org1 \ |
| 61 | + -Dsonar.host.url=https://sonarcloud.io \ |
| 62 | + -Dsonar.java.jdkHome=$JAVA_HOME \ |
| 63 | + -Dsonar.verbose=true \ |
| 64 | + -Dsonar.token=$SONAR_TOKEN |
| 65 | + - name: get task id |
| 66 | + run: | |
| 67 | + cat $PWD/.scannerwork/report-task.txt |
| 68 | + - name: publish to artifactory |
| 69 | + run: | |
| 70 | + jf npm publish --project barber-shop --registry https://${{ vars.JF_URL }}/artifactory/api/npm/barber-shop-npm-local/ |
| 71 | +
|
| 72 | + - name: Authenticate Docker |
| 73 | + uses: docker/login-action@v3 |
| 74 | + with: |
| 75 | + registry: ${{ vars.JF_URL }} |
| 76 | + username: ${{ steps.setup-cli.outputs.oidc-user }} |
| 77 | + password: ${{ steps.setup-cli.outputs.oidc-token }} |
| 78 | + |
| 79 | + - name: Set up QEMU |
| 80 | + uses: docker/setup-qemu-action@v3 |
| 81 | + |
| 82 | + - name: Set up Docker Buildx |
| 83 | + uses: docker/setup-buildx-action@v3 |
| 84 | + with: |
| 85 | + platforms: linux/amd64,linux/arm64 |
| 86 | + install: true |
| 87 | + |
| 88 | + - name: docker build through |
| 89 | + id: build-and-push |
| 90 | + run: | |
| 91 | + docker buildx ls |
| 92 | + jf docker --version |
| 93 | + jf docker build --tag ${{ vars.JF_URL }}/barber-shop-docker-local/book-service:${{ github.run_number }} --platform linux/amd64 --metadata-file metadata.json --push . |
| 94 | +
|
| 95 | + digest=$(cat metadata.json | jq '.["containerimage.digest"]') |
| 96 | + echo "digest=$digest" |
| 97 | + echo "docker_digest=$digest" | tr -d '"' >> $GITHUB_OUTPUT |
| 98 | + |
| 99 | + - name: Generate docker attestation |
| 100 | + id: attest |
| 101 | + uses: actions/attest-build-provenance@v2 |
| 102 | + with: |
| 103 | + subject-name: barber-shop-docker-local/book-service/${{ github.run_number }}/list.manifest.json |
| 104 | + subject-digest: ${{ steps.build-and-push.outputs.docker_digest }} |
| 105 | + |
| 106 | + - name: check attestation bundle |
| 107 | + run: | |
| 108 | + echo "bundle-path=${{ steps.attest.outputs.bundle-path }} " |
| 109 | + echo "----------------" |
| 110 | + cat ${{ steps.attest.outputs.bundle-path }} |
| 111 | + echo "----------------" |
0 commit comments