Added-trivey-image-scan #19
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: my-test-pipeline | |
| on: | |
| push: | |
| branches: [main] | |
| jobs: | |
| build-deploy: | |
| runs-on: self-hosted # your WSL self-hosted runner | |
| env: | |
| DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} | |
| DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} | |
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
| steps: | |
| # Checkout repository | |
| - name: Checkout Code | |
| uses: actions/checkout@v3 | |
| # Set up JDK | |
| - name: Set up Java 17 | |
| uses: actions/setup-java@v3 | |
| with: | |
| java-version: '17' | |
| distribution: 'temurin' | |
| # Build Maven project | |
| - name: Build with Maven | |
| run: mvn clean package -DskipTests | |
| # Run SonarQube analysis | |
| - name: SonarQube Scan | |
| uses: SonarSource/sonarqube-scan-action@v2 | |
| with: | |
| host-url: http://localhost:9000 | |
| env: | |
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
| # Set up Docker Buildx | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| # Login to DockerHub | |
| - name: Docker Login | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKER_USERNAME }} | |
| password: ${{ secrets.DOCKER_PASSWORD }} | |
| # Build Docker image | |
| - name: Build Docker Image | |
| run: docker build -t $DOCKER_USERNAME/sample:latest . | |
| - name: Trivy Image Scan | |
| run: | | |
| trivy image --exit-code 1 --severity HIGH,CRITICAL sagar2docker/sample:latest | |
| continue-on-error: true | |
| # Push Docker image to DockerHub | |
| - name: Push Docker Image | |
| run: docker push $DOCKER_USERNAME/sample:latest | |
| - name: Run Docker container | |
| run: | | |
| docker stop sample-app || true | |
| docker rm sample-app || true | |
| docker run -d --name sample-app -p 8085:8080 sagar2docker/sample:latest | |
| # - name: Set KUBECONFIG | |
| # run: sudo kubectl config use-context minikube | |
| # # 🔟 Apply Kubernetes manifests | |
| # - name: Deploy to Minikube | |
| # run: | | |
| # sudo kubectl apply -f k8s/deployment.yaml | |
| # sudo kubectl apply -f k8s/service.yaml | |
| # # 1️⃣1️⃣ Restart Deployment to ensure new image is used | |
| # - name: Restart Deployment | |
| # run: sudo kubectl rollout restart deployment/sample-app |