sonar token #43
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Java CI with Maven | |
| on: | |
| push: | |
| branches: [ master ] | |
| pull_request: | |
| branches: [ master ] | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| steps: | |
| # 📥 Obtener el código fuente del repositorio | |
| - name: Checkout repo | |
| uses: actions/checkout@v4 | |
| # ☕ Configurar JDK 17 y cachear dependencias de Maven | |
| - name: Set up JDK 17 | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: '17' | |
| distribution: 'temurin' | |
| cache: maven | |
| # 🔨 Compilar y ejecutar pruebas con Maven | |
| - name: Build with Maven | |
| run: mvn -B -V -DskipTests=false verify | |
| #- name: Upload test results | |
| # if: always() | |
| # uses: actions/upload-artifact@v4 | |
| # with: | |
| # name: test-results | |
| # path: | | |
| # target/surefire-reports/**/*.xml | |
| # target/failsafe-reports/**/*.xml | |
| # target/** | |
| # if-no-files-found: warn | |
| # 📦 Copiar el JAR generado al contexto de Docker | |
| - name: Copy JAR to docker context | |
| run: | | |
| mkdir -p dockerfile | |
| echo "Jar files in target:" | |
| ls -la target/*.jar || true | |
| cp target/*.jar dockerfile/ || true | |
| # 🐳 Construir imagen Docker con el JAR | |
| - name: Build Docker image | |
| run: docker build -f dockerfile/Dockerfile -t my-app-image:${{ github.sha }} dockerfile/ | |
| # 🔍 Escanear vulnerabilidades de la imagen con Trivy | |
| - name: Scan Docker image with Trivy | |
| uses: aquasecurity/trivy-action@0.33.1 | |
| continue-on-error: true | |
| with: | |
| image-ref: my-app-image:${{ github.sha }} | |
| format: table | |
| severity: CRITICAL,HIGH | |
| vuln-type: os,library | |
| # 🔑 Autenticarse en GitHub Container Registry | |
| - name: Log in to GitHub Container Registry | |
| uses: docker/login-action@v2 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| # 📤 Construir y publicar imagen en GHCR con dos tags (latest y commit SHA) | |
| - name: Build and push to GHCR | |
| uses: docker/build-push-action@v4 | |
| with: | |
| context: dockerfile | |
| file: dockerfile/Dockerfile | |
| push: true | |
| tags: | | |
| ghcr.io/${{ github.repository_owner }}/my-app-image:latest | |
| ghcr.io/${{ github.repository_owner }}/my-app-image:${{ github.sha }} | |
| # 🚀 Desplegar contenedor localmente para pruebas rápidas | |
| - name: Deploy Docker container | |
| run: | | |
| docker run -d --name my-app-container -p 8080:8080 ghcr.io/jsgiraldoh/my-app-image:${{ github.sha }} | |
| # 📜 Mostrar logs del contenedor en ejecución | |
| - name: Show Docker container logs | |
| run: docker logs -f my-app-container | |
| # 🧹 Eliminar contenedor al finalizar | |
| - name: Remove Docker container | |
| run: docker container rm -f my-app-container |