Merge pull request #11 from cabinetoffice/GAP-1993-Old-JWT-values-ame… #20
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Push Image Workflow | |
| on: | |
| create: | |
| push: | |
| branches: | |
| - release/** | |
| - develop | |
| paths-ignore: | |
| - "*.md" | |
| env: | |
| AWS_REGION: eu-west-2 | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| # Need to check here as create event can't be filtered by branch name... | |
| if: github.ref == 'refs/heads/develop' || startsWith(github.ref, 'refs/heads/release') | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Set up JDK 17 | |
| uses: actions/setup-java@v3 | |
| with: | |
| java-version: "17" | |
| distribution: "temurin" | |
| cache: maven | |
| - name: Build with Maven | |
| run: mvn -B package --file pom.xml | |
| - name: DependencyCheck | |
| uses: dependency-check/Dependency-Check_Action@main | |
| env: | |
| JAVA_HOME: /opt/jdk | |
| id: DependencyCheck | |
| with: | |
| project: "GAP-apply-applicant-backend" | |
| path: "." | |
| format: "HTML" | |
| args: > | |
| --enableRetired | |
| --disableOssIndex true | |
| - name: Upload Test results | |
| uses: actions/upload-artifact@master | |
| with: | |
| name: DependencyCheck report | |
| path: ${{github.workspace}}/reports | |
| imageBuild: | |
| needs: build | |
| environment: AWS | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| # Fetch all commits since we use the total commit count to determine the build version | |
| fetch-depth: 0 | |
| - name: Set up JDK 17 | |
| uses: actions/setup-java@v3 | |
| with: | |
| java-version: "17" | |
| distribution: "temurin" | |
| cache: maven | |
| - name: Setup AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v1-node16 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: ${{ env.AWS_REGION }} | |
| - name: Login to AWS ECR | |
| id: login-ecr | |
| uses: aws-actions/amazon-ecr-login@v1 | |
| - name: Determine & set BUILD_VERSION | |
| run: | | |
| GIT_COUNT=$(git rev-list $GITHUB_SHA --count) | |
| echo "BUILD_VERSION=b_$GIT_COUNT" >> $GITHUB_ENV | |
| echo BUILD_VERSION is ${{ env.BUILD_VERSION }} | |
| - name: Build container image | |
| run: | | |
| ./mvnw spring-boot:build-image | |
| - name: Tag and push container image to AWS ECR | |
| env: | |
| ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
| run: | | |
| docker tag apply-backend:0.0.1-SNAPSHOT $ECR_REGISTRY/gap-apply-applicant-backend:${{ env.BUILD_VERSION }} | |
| docker push $ECR_REGISTRY/gap-apply-applicant-backend:${{ env.BUILD_VERSION }} | |
| - name: Create env tag | |
| env: | |
| ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
| run: | | |
| ENV_TAG=${{ (github.ref == 'refs/heads/develop' && 'develop') || (startsWith(github.ref, 'refs/heads/release') && 'qa') }} | |
| docker tag $ECR_REGISTRY/gap-apply-applicant-backend:${{ env.BUILD_VERSION }} $ECR_REGISTRY/gap-apply-applicant-backend:$ENV_TAG | |
| docker push $ECR_REGISTRY/gap-apply-applicant-backend:$ENV_TAG | |
| - name: Create release tag - if we are committing to a release branch | |
| if: ${{ startsWith(github.ref, 'refs/heads/release/') }} | |
| env: | |
| ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
| run: | | |
| RELEASE_VERSION=V_${GITHUB_REF##*/} | |
| docker tag $ECR_REGISTRY/gap-apply-applicant-backend:${{ env.BUILD_VERSION }} $ECR_REGISTRY/gap-apply-applicant-backend:$RELEASE_VERSION | |
| docker push $ECR_REGISTRY/gap-apply-applicant-backend:$RELEASE_VERSION |