refactor: Improve exception handling and validation across project services #39
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build, Test, Dockerize, and Deploy to Docker Hub | |
| on: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| branches: | |
| - main | |
| jobs: | |
| # Job to build and test the application using Gradle | |
| build_and_test_application: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout the code | |
| uses: actions/checkout@v3 | |
| - name: Set up JDK 23 (Amazon Corretto) | |
| uses: actions/setup-java@v3 | |
| with: | |
| java-version: '23' | |
| distribution: 'corretto' | |
| - name: Cache Gradle dependencies | |
| uses: actions/cache@v3 | |
| with: | |
| path: ~/.gradle/caches | |
| key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*') }} | |
| restore-keys: | | |
| ${{ runner.os }}-gradle- | |
| - name: Build and test the application with Gradle | |
| run: ./gradlew clean build # This will build and run tests in one command | |
| # Job to build the Docker image using Cloud Native Buildpacks, scan it for vulnerabilities with Trivy, and push it to Docker Hub | |
| dockerize_and_deploy_image: | |
| runs-on: ubuntu-latest | |
| needs: build_and_test_application # Ensure this job only runs after successful build and tests | |
| if: github.event_name == 'push' && github.ref == 'refs/heads/main' # Run workflow only on pushes to the main branch | |
| steps: | |
| - name: Checkout the code | |
| uses: actions/checkout@v3 | |
| - name: Set up JDK 23 (Amazon Corretto) | |
| uses: actions/setup-java@v3 | |
| with: | |
| java-version: '23' | |
| distribution: 'corretto' | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v2 | |
| - name: Log in to Docker Hub | |
| uses: docker/login-action@v2 | |
| with: | |
| username: ${{ secrets.DOCKER_USERNAME }} | |
| password: ${{ secrets.DOCKER_PASSWORD }} | |
| - name: Build the Docker image using Cloud Native Buildpacks | |
| run: | | |
| IMAGE_NAME="ranzyblessingsdocker/roi-project-planner" | |
| TAG_LATEST="${IMAGE_NAME}:latest" | |
| TAG_SHA="${IMAGE_NAME}:${{ github.sha }}" | |
| ./gradlew bootBuildImage --imageName=$TAG_LATEST | |
| ./gradlew bootBuildImage --imageName=$TAG_SHA | |
| - name: Scan Docker image for vulnerabilities with Trivy | |
| uses: aquasecurity/trivy-action@0.28.0 | |
| with: | |
| image-ref: 'ranzyblessingsdocker/roi-project-planner:latest' | |
| format: 'table' | |
| exit-code: '1' | |
| ignore-unfixed: true | |
| vuln-type: 'os,library' | |
| severity: 'CRITICAL,HIGH' | |
| - name: Push the Docker image to Docker Hub | |
| run: | | |
| IMAGE_NAME="ranzyblessingsdocker/roi-project-planner" | |
| docker push ${IMAGE_NAME}:${{ github.sha }} | |
| docker push ${IMAGE_NAME}:latest | |
| # Clean up old Docker images (for good housekeeping) | |
| cleanup_docker_images: | |
| runs-on: ubuntu-latest | |
| needs: dockerize_and_deploy_image # Run this after the image is pushed | |
| steps: | |
| - name: Remove unused Docker images | |
| run: | | |
| docker image prune -f |