feat: Dependencies and workflows updated. (#147)

Author: antoniotarricone

.github/workflows/build-n-push-main.yml

@@ -17,122 +17,34 @@ jobs:
     permissions:
       id-token: write
       packages: write
-      contents: write
 
     steps:
       #
       # Checkout the source code.
       #
       - name: Checkout the source code
-        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab
-        with:
-          token: ${{ secrets.GIT_PAT }}
-          fetch-depth: 0
-
-      #
-      # Cache JDK.
-      #
-      - name: Cache JDK
-        uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8
-        id: cache-jdk
-        with:
-          key: OpenJDK21U-jdk_x64_linux_hotspot_21.0.2_13.tar.gz
-          path: |
-            ${{ runner.temp }}/jdk_setup.tar.gz
-            ${{ runner.temp }}/jdk_setup.sha256
-
-      #
-      # Download JDK and verify its hash.
-      #
-      - name: Download JDK and verify its hash
-        if: steps.cache-jdk.outputs.cache-hit != 'true'
-        run: |
-          echo "454bebb2c9fe48d981341461ffb6bf1017c7b7c6e15c6b0c29b959194ba3aaa5  ${{ runner.temp }}/jdk_setup.tar.gz" >> ${{ runner.temp }}/jdk_setup.sha256
-          curl -L "https://github.com/adoptium/temurin21-binaries/releases/download/jdk-21.0.2%2B13/OpenJDK21U-jdk_x64_linux_hotspot_21.0.2_13.tar.gz" -o "${{ runner.temp }}/jdk_setup.tar.gz"
-          sha256sum --check --status "${{ runner.temp }}/jdk_setup.sha256"
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # 4.2.2
 
       #
-      # Setup JDK.
+      # Setup Java Build Environment.
       #
-      - name: Setup JDK
-        uses: actions/setup-java@5ffc13f4174014e2d4d4572b3d74c3fa61aeb2c2
+      - name: Setup Java Build Environment
+        uses: pagopa/mil-actions/setup-java-build-env@241c6c17f483229fdd4ac26c6d79d1d65be2659c # 1.1.1
         with:
-          distribution: "jdkfile"
-          jdkFile: "${{ runner.temp }}/jdk_setup.tar.gz"
-          java-version: "21"
-          cache: maven
+          gh_user: ${{ secrets.GIT_USER }}
+          gh_token: ${{ secrets.GIT_PAT }}
 
       #
-      # Cache Maven.
+      # Build and push native container image.
       #
-      - name: Cache Maven
-        uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8
-        id: cache-maven
+      - name: Build and push native container image
+        id: build_image
+        uses: pagopa/mil-actions/build-push-native-image@241c6c17f483229fdd4ac26c6d79d1d65be2659c # 1.1.1
         with:
-          key: apache-maven-3.9.6-bin.tar.gz
-          path: |
-            ${{ runner.temp }}/maven_setup.tar.gz
-            ${{ runner.temp }}/maven_setup.sha256
-
-      #
-      # Download Maven and verify its hash.
-      #
-      - name: Download Maven and verify its hash
-        if: steps.cache-maven.outputs.cache-hit != 'true'
-        run: |
-          echo "6eedd2cae3626d6ad3a5c9ee324bd265853d64297f07f033430755bd0e0c3a4b  ${{ runner.temp }}/maven_setup.tar.gz" >> ${{ runner.temp }}/maven_setup.sha256
-          curl -L "https://archive.apache.org/dist/maven/maven-3/3.9.6/binaries/apache-maven-3.9.6-bin.tar.gz" -o "${{ runner.temp }}/maven_setup.tar.gz"
-          sha256sum --check --status "${{ runner.temp }}/maven_setup.sha256"
-
-      #
-      # Setup Maven.
-      #
-      - name: Setup Maven
-        run: |
-          mkdir ${{ runner.temp }}/maven
-          tar -xvf ${{ runner.temp }}/maven_setup.tar.gz -C ${{ runner.temp }}/maven --strip-components=1
-          echo "<settings><servers><server><id>github</id><username>${{ secrets.GIT_USER }}</username><password>${{ secrets.GIT_PAT }}</password></server></servers></settings>" >> ${{ runner.temp }}/settings.xml
-
-      #
-      # Build native executable.
-      #
-      - name: Build native executable
-        run: |
-          ${{ runner.temp }}/maven/bin/mvn clean package \
-            -Pnative \
-            -Dmaven.test.skip=${{ github.event.inputs.skip-unit-test }} \
-            -Dquarkus.native.container-build=true \
-            -Dquarkus.native.builder-image=quay.io/quarkus/ubi-quarkus-mandrel-builder-image@sha256:ce70e1a8016471ff0fc9c8f048cd9e37afddacd3de37ed0bca74201d102e45f5 \
-            -s ${{ runner.temp }}/settings.xml \
-            --no-transfer-progress
-
-      #
-      # Build Docker image.
-      #
-      - name: Build Docker image
-        run: |
-          BRANCH_NAME="${GITHUB_REF////_}"
-          echo "branch_name=$BRANCH_NAME" >> $GITHUB_ENV
-          docker build \
-            -f src/main/docker/Dockerfile.native-micro \
-            -t ghcr.io/${{ github.repository }}:$BRANCH_NAME \
-            .
-
-      #
-      # Push Docker image.
-      #
-      - name: Push Docker image
-        run: |
-          echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
-          docker push -a ghcr.io/${{ github.repository }}
-
-      #
-      # Get Docker image with sha256.
-      #
-      - name: Get Docker image with sha256
-        run: |
-          echo "image_sha256_temp=$(docker image inspect -f '{{index .RepoDigests 0}}' ghcr.io/${{ github.repository }}:${{ env.branch_name }})"
-          echo "image_sha256=${image_sha256_temp/@/:${{ env.branch_name }}@}" >> "$GITHUB_ENV"
+          gh_token: ${{ secrets.GIT_PAT }}
+          sonar_token: ${{ secrets.SONAR_TOKEN }}
+          release_version: "${GITHUB_REF////_}"
+          skip_test: ${{ inputs.skip-unit-test }}
 
       #
       # Update Container App.
@@ -146,4 +58,4 @@ jobs:
           ARM_TENANT_ID: "${{ secrets.AZURE_TENANT_ID }}"
         run: |
           terraform init -backend-config="env/dev-cd/backend.tfvars" -reconfigure
-          terraform apply -var-file="env/dev-cd/terraform.tfvars" -var="mil_auth_image=${{ env.image_sha256 }}" -auto-approve -lock-timeout=300s
+          terraform apply -var-file="env/dev-cd/terraform.tfvars" -var="mil_auth_image=${{ steps.build_image.outputs.image }}" -auto-approve -lock-timeout=300s

.github/workflows/deploy.yml

@@ -24,8 +24,6 @@ jobs:
 
     permissions:
       id-token: write
-      packages: write
-      contents: write
 
     steps:
       #
@@ -40,10 +38,7 @@ jobs:
       # Checkout the source code
       #
       - name: Checkout the source code
-        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab
-        with:
-          token: ${{ secrets.GIT_PAT }}
-          fetch-depth: 0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # 4.2.2
 
       #
       # Terraform