chore(deps): Bump org.sonarqube from 4.2.1.3168 to 4.3.0.3225 #60
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Anchore security scan | |
on: | |
push: | |
branches: | |
- develop | |
pull_request: | |
types: [opened, synchronize, reopened] | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout project | |
uses: actions/checkout@v3 | |
- name: Set up JDK 17 | |
uses: actions/setup-java@v3 | |
with: | |
distribution: 'temurin' | |
java-version: '17' | |
- name: Assemble project | |
uses: gradle/gradle-build-action@v2 | |
with: | |
arguments: assemble | |
- name: Upload jars artifacts | |
uses: actions/upload-artifact@v3 | |
with: | |
name: jars | |
path: | | |
api-gateway/build/libs | |
search-service/build/libs | |
subscription-service/build/libs | |
anchore: | |
runs-on: ubuntu-latest | |
needs: build | |
steps: | |
- name: Checkout project | |
uses: actions/checkout@v3 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v2 | |
- name: Download jars artifacts | |
uses: actions/download-artifact@v3 | |
with: | |
name: jars | |
path: build | |
- name: Build API Gateway local container | |
uses: docker/build-push-action@v4 | |
with: | |
context: . | |
file: ./api-gateway/Dockerfile | |
tags: localbuild/api-gateway:latest-scan | |
push: false | |
load: true | |
build-args: | | |
JAR_FILE=./build/api-gateway/build/libs/api-gateway-latest-dev.jar | |
- name: Build Search Service local container | |
uses: docker/build-push-action@v4 | |
with: | |
context: . | |
file: ./search-service/Dockerfile | |
tags: localbuild/search-service:latest-scan | |
push: false | |
load: true | |
build-args: | | |
JAR_FILE=./build/search-service/build/libs/search-service-latest-dev.jar | |
- name: Build Subscription Service local container | |
uses: docker/build-push-action@v4 | |
with: | |
context: . | |
file: ./subscription-service/Dockerfile | |
tags: localbuild/subscription-service:latest-scan | |
push: false | |
load: true | |
build-args: | | |
JAR_FILE=./build/subscription-service/build/libs/subscription-service-latest-dev.jar | |
- name: Security Scan for API Gateway image | |
id: scan-api-gateway | |
uses: anchore/scan-action@v3 | |
with: | |
image: "localbuild/api-gateway:latest-scan" | |
severity-cutoff: critical | |
- name: Security Scan for Search Service image | |
id: scan-search-service | |
uses: anchore/scan-action@v3 | |
with: | |
image: "localbuild/search-service:latest-scan" | |
severity-cutoff: critical | |
- name: Security Scan for Subscription Service image | |
id: scan-subscription-service | |
uses: anchore/scan-action@v3 | |
with: | |
image: "localbuild/subscription-service:latest-scan" | |
severity-cutoff: critical | |
- name: Upload Anchore scan SARIF report for API Gateway | |
uses: github/codeql-action/upload-sarif@v2 | |
if: always() | |
with: | |
sarif_file: ${{ steps.scan-api-gateway.outputs.sarif }} | |
category: anchore-api-gateway | |
- name: Upload Anchore scan SARIF report for Search Service | |
uses: github/codeql-action/upload-sarif@v2 | |
if: always() | |
with: | |
sarif_file: ${{ steps.scan-search-service.outputs.sarif }} | |
category: anchore-search-service | |
- name: Upload Anchore scan SARIF report for Subscription Service | |
uses: github/codeql-action/upload-sarif@v2 | |
if: always() | |
with: | |
sarif_file: ${{ steps.scan-subscription-service.outputs.sarif }} | |
category: anchore-subscription-service |