From 521f158cd366c05849289b084ff8afba49f3a50e Mon Sep 17 00:00:00 2001 From: Marcos Aurelio Date: Tue, 6 May 2025 16:17:17 -0300 Subject: [PATCH 01/28] Create code-quality.yaml --- .github/workflows/code-quality.yaml | 135 ++++++++++++++++++++++++++++ 1 file changed, 135 insertions(+) create mode 100644 .github/workflows/code-quality.yaml diff --git a/.github/workflows/code-quality.yaml b/.github/workflows/code-quality.yaml new file mode 100644 index 0000000..c18b4e7 --- /dev/null +++ b/.github/workflows/code-quality.yaml @@ -0,0 +1,135 @@ +name: code-quality + +on: + workflow_call: + # code quality em flow separado pois necessita rodar em runner especifico. + + inputs: + git_ref: + description: 'A referência do Git (branch, tag, SHA) a ser buildada/deployada' + required: true + type: string + SONAR_BDSP_HOST_URL: + description: 'URL do host do SonarQube' + required: true + type: string + + secrets: + SONAR_BDSP_TOKEN: + description: 'Token de acesso ao SonarQube' + required: true +env: + SONAR_LANGUAGE: "java" + SONAR_MAIN_BRANCH: "master" + SONAR_VISIBILITY: "private" + SONAR_QUALITY_PROFILE: "Sonar way" + SONAR_QUALITY_GATE: "QG_PNB_BACKEND" + SONAR_PERMISSION_TEMPLATE: "PNB-TEMPLATE" + SONAR_NEW_CODE_DEF_TYPE: "PREVIOUS_VERSION" + +jobs: + Code-Quality: + runs-on: pb-pefisa-runner + steps: + - name: Checkout code + uses: actions/checkout@v4 + with: + ref: ${{ inputs.git_ref }} + fetch-depth: 0 + + - name: Check project existence in SonarQube + id: checkSonarProjectExistence + run: | + set -e + echo "Verificando se o projeto existe no SonarQube..." + + RESPONSE=$(curl --verbose --fail --location \ + "${{ inputs.SONAR_BDSP_HOST_URL }}/api/projects/search?projects=${{ github.event.repository.name }}" \ + --header "Authorization: Bearer ${{ secrets.SONAR_BDSP_TOKEN }}") + + echo "$RESPONSE" + + FOUND_PROJECTS=$(echo "$RESPONSE" | jq -r '.paging.total' 2>/dev/null || echo "0") + + echo "FOUND_PROJECTS: $FOUND_PROJECTS" + + if [[ "$FOUND_PROJECTS" =~ ^[0-9]+$ && "$FOUND_PROJECTS" -eq 0 ]]; then + echo "exists=false" >> "$GITHUB_OUTPUT" + else + echo "exists=true" >> "$GITHUB_OUTPUT" + fi + + - name: Creating new project on SonarQube + if: steps.checkSonarProjectExistence.outputs.exists == 'false' + run: | + set -e + echo "Criando projeto no SonarQube..." + curl -f --location '${{ inputs.SONAR_BDSP_HOST_URL }}/api/projects/create' \ + --header 'Authorization: Bearer ${{ secrets.SONAR_BDSP_TOKEN }}' \ + --header 'Content-Type: application/x-www-form-urlencoded' \ + --data-urlencode 'project=${{ github.event.repository.name }}' \ + --data-urlencode 'name=${{ github.event.repository.name }}' \ + --data-urlencode 'mainBranch=${{env.SONAR_MAIN_BRANCH}}' \ + --data-urlencode 'newCodeDefinitionType=${{env.SONAR_NEW_CODE_DEF_TYPE}}' \ + --data-urlencode 'visibility=${{env.SONAR_VISIBILITY}}' + + - name: Configuring quality gate + if: steps.checkSonarProjectExistence.outputs.exists == 'false' + run: | + set -e + echo "Atribuindo Quality Gate ao projeto..." + curl --location '${{ inputs.SONAR_BDSP_HOST_URL }}/api/qualitygates/select' \ + --header 'Authorization: Bearer ${{ secrets.SONAR_BDSP_TOKEN }}' \ + --header 'Content-Type: application/x-www-form-urlencoded' \ + --data-urlencode 'gateName=${{env.SONAR_QUALITY_GATE}}' \ + --data-urlencode 'projectKey=${{ github.event.repository.name }}' + + - name: Configuring quality profile + if: steps.checkSonarProjectExistence.outputs.exists == 'false' + run: | + set -e + echo "Atribuindo Quality Profile..." + curl --location '${{ inputs.SONAR_BDSP_HOST_URL }}/api/qualityprofiles/add_project' \ + --header 'Authorization: Bearer ${{ secrets.SONAR_BDSP_TOKEN }}' \ + --header 'Content-Type: application/x-www-form-urlencoded' \ + --data-urlencode 'language=${{env.SONAR_LANGUAGE}}' \ + --data-urlencode 'qualityProfile=${{env.SONAR_QUALITY_PROFILE}}' \ + --data-urlencode 'project=${{ github.event.repository.name }}' + + - name: Applying template permission + if: steps.checkSonarProjectExistence.outputs.exists == 'false' + run: | + set -e + echo "Atribuindo Permission Template..." + curl --location '${{ inputs.SONAR_BDSP_HOST_URL }}/api/permissions/apply_template' \ + --header 'Authorization: Bearer ${{ secrets.SONAR_BDSP_TOKEN }}' \ + --header 'Content-Type: application/x-www-form-urlencoded' \ + --data-urlencode 'projectKey=${{ github.event.repository.name }}' \ + --data-urlencode 'templateName=${{env.SONAR_PERMISSION_TEMPLATE}}' + + - name: Get project version + run: echo "PROJECT_VERSION=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)" >> $GITHUB_ENV + + - name: SonarQube Scan + uses: sonarsource/sonarqube-scan-action@master + env: + SONAR_HOST_URL: ${{ inputs.SONAR_BDSP_HOST_URL }} + SONAR_TOKEN: ${{ secrets.SONAR_BDSP_TOKEN }} + with: + args: >- + -Dsonar.projectKey=${{ github.event.repository.name }} + -Dsonar.projectVersion=${{ env.PROJECT_VERSION }} + -Dsonar.sources=src/main/java + -Dsonar.tests=src/test/java + -Dsonar.java.binaries=target/classes + -Dsonar.sourceEncoding=UTF-8 + -Dsonar.language=java + -Dsonar.coverage.jacoco.xmlReportPaths=target/site/jacoco/jacoco.xml + -Dsonar.java.libraries=./lib + + - name: SonarQube Quality Gate check + uses: sonarsource/sonarqube-quality-gate-action@master + env: + SONAR_TOKEN: ${{ secrets.SONAR_BDSP_TOKEN }} + + From f9b033c8cf2c1590ad3ccfaf84125ba7421a691d Mon Sep 17 00:00:00 2001 From: Marcos Aurelio Date: Tue, 6 May 2025 16:46:38 -0300 Subject: [PATCH 02/28] Update code-quality.yaml test --- .github/workflows/code-quality.yaml | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/.github/workflows/code-quality.yaml b/.github/workflows/code-quality.yaml index c18b4e7..1de23ec 100644 --- a/.github/workflows/code-quality.yaml +++ b/.github/workflows/code-quality.yaml @@ -13,8 +13,6 @@ on: description: 'URL do host do SonarQube' required: true type: string - - secrets: SONAR_BDSP_TOKEN: description: 'Token de acesso ao SonarQube' required: true @@ -45,7 +43,7 @@ jobs: RESPONSE=$(curl --verbose --fail --location \ "${{ inputs.SONAR_BDSP_HOST_URL }}/api/projects/search?projects=${{ github.event.repository.name }}" \ - --header "Authorization: Bearer ${{ secrets.SONAR_BDSP_TOKEN }}") + --header "Authorization: Bearer ${{ inputs.SONAR_BDSP_TOKEN }}") echo "$RESPONSE" @@ -65,7 +63,7 @@ jobs: set -e echo "Criando projeto no SonarQube..." curl -f --location '${{ inputs.SONAR_BDSP_HOST_URL }}/api/projects/create' \ - --header 'Authorization: Bearer ${{ secrets.SONAR_BDSP_TOKEN }}' \ + --header 'Authorization: Bearer ${{ inputs.SONAR_BDSP_TOKEN }}' \ --header 'Content-Type: application/x-www-form-urlencoded' \ --data-urlencode 'project=${{ github.event.repository.name }}' \ --data-urlencode 'name=${{ github.event.repository.name }}' \ @@ -79,7 +77,7 @@ jobs: set -e echo "Atribuindo Quality Gate ao projeto..." curl --location '${{ inputs.SONAR_BDSP_HOST_URL }}/api/qualitygates/select' \ - --header 'Authorization: Bearer ${{ secrets.SONAR_BDSP_TOKEN }}' \ + --header 'Authorization: Bearer ${{ inputs.SONAR_BDSP_TOKEN }}' \ --header 'Content-Type: application/x-www-form-urlencoded' \ --data-urlencode 'gateName=${{env.SONAR_QUALITY_GATE}}' \ --data-urlencode 'projectKey=${{ github.event.repository.name }}' @@ -90,7 +88,7 @@ jobs: set -e echo "Atribuindo Quality Profile..." curl --location '${{ inputs.SONAR_BDSP_HOST_URL }}/api/qualityprofiles/add_project' \ - --header 'Authorization: Bearer ${{ secrets.SONAR_BDSP_TOKEN }}' \ + --header 'Authorization: Bearer ${{ inputs.SONAR_BDSP_TOKEN }}' \ --header 'Content-Type: application/x-www-form-urlencoded' \ --data-urlencode 'language=${{env.SONAR_LANGUAGE}}' \ --data-urlencode 'qualityProfile=${{env.SONAR_QUALITY_PROFILE}}' \ @@ -102,7 +100,7 @@ jobs: set -e echo "Atribuindo Permission Template..." curl --location '${{ inputs.SONAR_BDSP_HOST_URL }}/api/permissions/apply_template' \ - --header 'Authorization: Bearer ${{ secrets.SONAR_BDSP_TOKEN }}' \ + --header 'Authorization: Bearer ${{ inputs.SONAR_BDSP_TOKEN }}' \ --header 'Content-Type: application/x-www-form-urlencoded' \ --data-urlencode 'projectKey=${{ github.event.repository.name }}' \ --data-urlencode 'templateName=${{env.SONAR_PERMISSION_TEMPLATE}}' @@ -114,7 +112,7 @@ jobs: uses: sonarsource/sonarqube-scan-action@master env: SONAR_HOST_URL: ${{ inputs.SONAR_BDSP_HOST_URL }} - SONAR_TOKEN: ${{ secrets.SONAR_BDSP_TOKEN }} + SONAR_TOKEN: ${{ inputs.SONAR_BDSP_TOKEN }} with: args: >- -Dsonar.projectKey=${{ github.event.repository.name }} @@ -130,6 +128,6 @@ jobs: - name: SonarQube Quality Gate check uses: sonarsource/sonarqube-quality-gate-action@master env: - SONAR_TOKEN: ${{ secrets.SONAR_BDSP_TOKEN }} + SONAR_TOKEN: ${{ inputs.SONAR_BDSP_TOKEN }} From 5804eae52f6f6fa3b8f2b18cae0c88fe5ccc3fd6 Mon Sep 17 00:00:00 2001 From: Marcos Aurelio Date: Tue, 6 May 2025 16:55:55 -0300 Subject: [PATCH 03/28] Update code-quality.yaml test --- .github/workflows/code-quality.yaml | 28 +++++++++++++++++++++------- 1 file changed, 21 insertions(+), 7 deletions(-) diff --git a/.github/workflows/code-quality.yaml b/.github/workflows/code-quality.yaml index 1de23ec..48671ca 100644 --- a/.github/workflows/code-quality.yaml +++ b/.github/workflows/code-quality.yaml @@ -14,6 +14,7 @@ on: required: true type: string SONAR_BDSP_TOKEN: + type: string description: 'Token de acesso ao SonarQube' required: true env: @@ -26,7 +27,20 @@ env: SONAR_NEW_CODE_DEF_TYPE: "PREVIOUS_VERSION" jobs: + mask-input: + runs-on: ubuntu-latest + outputs: + token: ${{ steps.set-env.outputs.token }} + steps: + - name: Create secret environment variables from inputs + run: | + SONAR_BDSP_TOKEN=$(jq -r '.inputs.SONAR_BDSP_TOKEN' $GITHUB_EVENT_PATH) + echo ::add-mask::$SONAR_BDSP_TOKEN + echo EMAIL_ADDRESS="$SONAR_BDSP_TOKEN" >> $GITHUB_ENV + echo "token=$SONAR_BDSP_TOKEN" >> $GITHUB_OUTPUT + Code-Quality: + needs: mask-input runs-on: pb-pefisa-runner steps: - name: Checkout code @@ -43,7 +57,7 @@ jobs: RESPONSE=$(curl --verbose --fail --location \ "${{ inputs.SONAR_BDSP_HOST_URL }}/api/projects/search?projects=${{ github.event.repository.name }}" \ - --header "Authorization: Bearer ${{ inputs.SONAR_BDSP_TOKEN }}") + --header "Authorization: Bearer ${{ needs.mask-input.outputs.token }}") echo "$RESPONSE" @@ -63,7 +77,7 @@ jobs: set -e echo "Criando projeto no SonarQube..." curl -f --location '${{ inputs.SONAR_BDSP_HOST_URL }}/api/projects/create' \ - --header 'Authorization: Bearer ${{ inputs.SONAR_BDSP_TOKEN }}' \ + --header 'Authorization: Bearer ${{ needs.mask-input.outputs.token }}' \ --header 'Content-Type: application/x-www-form-urlencoded' \ --data-urlencode 'project=${{ github.event.repository.name }}' \ --data-urlencode 'name=${{ github.event.repository.name }}' \ @@ -77,7 +91,7 @@ jobs: set -e echo "Atribuindo Quality Gate ao projeto..." curl --location '${{ inputs.SONAR_BDSP_HOST_URL }}/api/qualitygates/select' \ - --header 'Authorization: Bearer ${{ inputs.SONAR_BDSP_TOKEN }}' \ + --header 'Authorization: Bearer ${{ needs.mask-input.outputs.token }}' \ --header 'Content-Type: application/x-www-form-urlencoded' \ --data-urlencode 'gateName=${{env.SONAR_QUALITY_GATE}}' \ --data-urlencode 'projectKey=${{ github.event.repository.name }}' @@ -88,7 +102,7 @@ jobs: set -e echo "Atribuindo Quality Profile..." curl --location '${{ inputs.SONAR_BDSP_HOST_URL }}/api/qualityprofiles/add_project' \ - --header 'Authorization: Bearer ${{ inputs.SONAR_BDSP_TOKEN }}' \ + --header 'Authorization: Bearer ${{ needs.mask-input.outputs.token }}' \ --header 'Content-Type: application/x-www-form-urlencoded' \ --data-urlencode 'language=${{env.SONAR_LANGUAGE}}' \ --data-urlencode 'qualityProfile=${{env.SONAR_QUALITY_PROFILE}}' \ @@ -100,7 +114,7 @@ jobs: set -e echo "Atribuindo Permission Template..." curl --location '${{ inputs.SONAR_BDSP_HOST_URL }}/api/permissions/apply_template' \ - --header 'Authorization: Bearer ${{ inputs.SONAR_BDSP_TOKEN }}' \ + --header 'Authorization: Bearer ${{ needs.mask-input.outputs.token }}' \ --header 'Content-Type: application/x-www-form-urlencoded' \ --data-urlencode 'projectKey=${{ github.event.repository.name }}' \ --data-urlencode 'templateName=${{env.SONAR_PERMISSION_TEMPLATE}}' @@ -112,7 +126,7 @@ jobs: uses: sonarsource/sonarqube-scan-action@master env: SONAR_HOST_URL: ${{ inputs.SONAR_BDSP_HOST_URL }} - SONAR_TOKEN: ${{ inputs.SONAR_BDSP_TOKEN }} + SONAR_TOKEN: ${{ needs.mask-input.outputs.token }} with: args: >- -Dsonar.projectKey=${{ github.event.repository.name }} @@ -128,6 +142,6 @@ jobs: - name: SonarQube Quality Gate check uses: sonarsource/sonarqube-quality-gate-action@master env: - SONAR_TOKEN: ${{ inputs.SONAR_BDSP_TOKEN }} + SONAR_TOKEN: ${{ needs.mask-input.outputs.token }} From 23467f8b1010c106d2918510df500477af7c6b42 Mon Sep 17 00:00:00 2001 From: Marcos Aurelio Date: Tue, 6 May 2025 16:57:53 -0300 Subject: [PATCH 04/28] Update maven-ci-cd.yaml test --- .github/workflows/maven-ci-cd.yaml | 101 ++--------------------------- 1 file changed, 6 insertions(+), 95 deletions(-) diff --git a/.github/workflows/maven-ci-cd.yaml b/.github/workflows/maven-ci-cd.yaml index 5475f16..59d932a 100644 --- a/.github/workflows/maven-ci-cd.yaml +++ b/.github/workflows/maven-ci-cd.yaml @@ -100,101 +100,12 @@ jobs: - name: Build and Test with Maven run: | mvn clean package dependency:copy-dependencies -DoutputDirectory=./lib - - - name: Check project existence in SonarQube - id: checkSonarProjectExistence - run: | - set -e - echo "Verificando se o projeto existe no SonarQube..." - - RESPONSE=$(curl --verbose --fail --location \ - "${{ inputs.SONAR_BDSP_HOST_URL }}/api/projects/search?projects=${{ github.event.repository.name }}" \ - --header "Authorization: Bearer ${{ secrets.SONAR_BDSP_TOKEN }}") - - echo "$RESPONSE" - - FOUND_PROJECTS=$(echo "$RESPONSE" | jq -r '.paging.total' 2>/dev/null || echo "0") - - echo "FOUND_PROJECTS: $FOUND_PROJECTS" - - if [[ "$FOUND_PROJECTS" =~ ^[0-9]+$ && "$FOUND_PROJECTS" -eq 0 ]]; then - echo "exists=false" >> "$GITHUB_OUTPUT" - else - echo "exists=true" >> "$GITHUB_OUTPUT" - fi - - - name: Creating new project on SonarQube - if: steps.checkSonarProjectExistence.outputs.exists == 'false' - run: | - set -e - echo "Criando projeto no SonarQube..." - curl -f --location '${{ inputs.SONAR_BDSP_HOST_URL }}/api/projects/create' \ - --header 'Authorization: Bearer ${{ secrets.SONAR_BDSP_TOKEN }}' \ - --header 'Content-Type: application/x-www-form-urlencoded' \ - --data-urlencode 'project=${{ github.event.repository.name }}' \ - --data-urlencode 'name=${{ github.event.repository.name }}' \ - --data-urlencode 'mainBranch=${{env.SONAR_MAIN_BRANCH}}' \ - --data-urlencode 'newCodeDefinitionType=${{env.SONAR_NEW_CODE_DEF_TYPE}}' \ - --data-urlencode 'visibility=${{env.SONAR_VISIBILITY}}' - - - name: Configuring quality gate - if: steps.checkSonarProjectExistence.outputs.exists == 'false' - run: | - set -e - echo "Atribuindo Quality Gate ao projeto..." - curl --location '${{ inputs.SONAR_BDSP_HOST_URL }}/api/qualitygates/select' \ - --header 'Authorization: Bearer ${{ secrets.SONAR_BDSP_TOKEN }}' \ - --header 'Content-Type: application/x-www-form-urlencoded' \ - --data-urlencode 'gateName=${{env.SONAR_QUALITY_GATE}}' \ - --data-urlencode 'projectKey=${{ github.event.repository.name }}' - - - name: Configuring quality profile - if: steps.checkSonarProjectExistence.outputs.exists == 'false' - run: | - set -e - echo "Atribuindo Quality Profile..." - curl --location '${{ inputs.SONAR_BDSP_HOST_URL }}/api/qualityprofiles/add_project' \ - --header 'Authorization: Bearer ${{ secrets.SONAR_BDSP_TOKEN }}' \ - --header 'Content-Type: application/x-www-form-urlencoded' \ - --data-urlencode 'language=${{env.SONAR_LANGUAGE}}' \ - --data-urlencode 'qualityProfile=${{env.SONAR_QUALITY_PROFILE}}' \ - --data-urlencode 'project=${{ github.event.repository.name }}' - - - name: Applying template permission - if: steps.checkSonarProjectExistence.outputs.exists == 'false' - run: | - set -e - echo "Atribuindo Permission Template..." - curl --location '${{ inputs.SONAR_BDSP_HOST_URL }}/api/permissions/apply_template' \ - --header 'Authorization: Bearer ${{ secrets.SONAR_BDSP_TOKEN }}' \ - --header 'Content-Type: application/x-www-form-urlencoded' \ - --data-urlencode 'projectKey=${{ github.event.repository.name }}' \ - --data-urlencode 'templateName=${{env.SONAR_PERMISSION_TEMPLATE}}' - - - name: Get project version - run: echo "PROJECT_VERSION=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)" >> $GITHUB_ENV - - - name: SonarQube Scan - uses: sonarsource/sonarqube-scan-action@master - env: - SONAR_HOST_URL: ${{ inputs.SONAR_BDSP_HOST_URL }} - SONAR_TOKEN: ${{ secrets.SONAR_BDSP_TOKEN }} + - name: code-quality + uses: sua-org/seu-repo-reutilizavel/.github/workflows/code-quality.yml@main with: - args: >- - -Dsonar.projectKey=${{ github.event.repository.name }} - -Dsonar.projectVersion=${{ env.PROJECT_VERSION }} - -Dsonar.sources=src/main/java - -Dsonar.tests=src/test/java - -Dsonar.java.binaries=target/classes - -Dsonar.sourceEncoding=UTF-8 - -Dsonar.language=java - -Dsonar.coverage.jacoco.xmlReportPaths=target/site/jacoco/jacoco.xml - -Dsonar.java.libraries=./lib - - - name: SonarQube Quality Gate check - uses: sonarsource/sonarqube-quality-gate-action@master - env: - SONAR_TOKEN: ${{ secrets.SONAR_BDSP_TOKEN }} + git_ref: ${{ github.ref }} + SONAR_BDSP_HOST_URL: 'https://sonar.seusistema.com.br' + SONAR_BDSP_TOKEN: ${{ secrets.SONAR_BDSP_TOKEN }} - name: Build and Push Docker image to GCR id: build_push @@ -313,4 +224,4 @@ jobs: uses: platformbuilders/github-actions-bdsp-templates/slack-notify@main with: type: "failure" - webhook_url: ${{ secrets.SLACK_WEBHOOK_URL }} \ No newline at end of file + webhook_url: ${{ secrets.SLACK_WEBHOOK_URL }} From d5000bd94b89783fa80d2fdc96623e5439583d1f Mon Sep 17 00:00:00 2001 From: Marcos Aurelio Date: Tue, 6 May 2025 17:51:08 -0300 Subject: [PATCH 05/28] Update maven-ci-cd-teste.yaml --- .github/workflows/maven-ci-cd-teste.yaml | 106 +---------------------- 1 file changed, 1 insertion(+), 105 deletions(-) diff --git a/.github/workflows/maven-ci-cd-teste.yaml b/.github/workflows/maven-ci-cd-teste.yaml index 5218631..11d4875 100644 --- a/.github/workflows/maven-ci-cd-teste.yaml +++ b/.github/workflows/maven-ci-cd-teste.yaml @@ -60,17 +60,9 @@ env: jobs: - Notify_Start: - runs-on: ubuntu-latest - steps: - - name: "Notify Slack: Start" - uses: platformbuilders/github-actions-bdsp-templates/slack-notify@main - with: - type: "start" - webhook_url: ${{ secrets.SLACK_WEBHOOK_URL }} + CI: - needs: Notify_Start if: ${{ !inputs.is_production_branch }} runs-on: runner-pb-pefisa outputs: @@ -123,99 +115,3 @@ jobs: path: ${{ github.event.repository.name }}-${{ steps.build_push.outputs.IMAGE_TAG }}-image-scanner-report.txt retention-days: 3 - - - name: "Notify Slack: Failure (CI)" - if: ${{ failure() }} - uses: platformbuilders/github-actions-bdsp-templates/slack-notify@main - with: - type: "failure" - webhook_url: ${{ secrets.SLACK_WEBHOOK_URL }} - - CD: - needs: CI - if: ${{ !inputs.is_production_branch && success() }} - runs-on: ubuntu-latest - steps: - - name: Kustomize Argo Manifests - uses: platformbuilders/github-actions-bdsp-templates/kustomize-argo-manifests@main - with: - image-tag: ${{ needs.CI.outputs.IMAGE_TAG }} - image-digest: ${{ needs.CI.outputs.IMAGE_DIGEST }} - github-token: ${{ secrets.TOKEN_GITHUB }} - repository-name: ${{ github.repository }} - env: - GH_TOKEN: ${{ secrets.TOKEN_GITHUB }} - - - - name: "Notify Slack: Success (CI/CD Non-Prod)" - if: ${{ success() }} - uses: platformbuilders/github-actions-bdsp-templates/slack-notify@main - with: - type: "success" - webhook_url: ${{ secrets.SLACK_WEBHOOK_URL }} - - - - name: "Notify Slack: Failure (CD)" - if: ${{ failure() }} - uses: platformbuilders/github-actions-bdsp-templates/slack-notify@main - with: - type: "failure" - webhook_url: ${{ secrets.SLACK_WEBHOOK_URL }} - - - CI_PRD: - needs: Notify_Start - - if: ${{ inputs.is_production_branch }} - runs-on: ubuntu-latest - outputs: - IMAGE_TAG: ${{ steps.get_image.outputs.IMAGE_TAG }} - IMAGE_DIGEST: ${{ steps.get_image.outputs.IMAGE_DIGEST }} - steps: - - name: Checkout code - uses: actions/checkout@v4 - with: - ref: ${{ inputs.git_ref }} - - - name: Get image to GCR - id: get_image - uses: platformbuilders/github-actions-bdsp-templates/build-push-image@main - env: - GCP_SERVICE_ACCOUNT_KEY: ${{ secrets.GCP_SERVICE_ACCOUNT_KEY }} - - - name: "Notify Slack: Failure (CI_PRD)" - if: ${{ failure() }} - uses: platformbuilders/github-actions-bdsp-templates/slack-notify@main - with: - type: "failure" - webhook_url: ${{ secrets.SLACK_WEBHOOK_URL }} - - - CD_PRD: - needs: CI_PRD - if: ${{ inputs.is_production_branch && success() }} - runs-on: ubuntu-latest - steps: - - name: Kustomize Argo Manifests - uses: platformbuilders/github-actions-bdsp-templates/kustomize-argo-manifests@main - with: - image-tag: ${{ needs.CI_PRD.outputs.IMAGE_TAG }} - image-digest: ${{ needs.CI_PRD.outputs.IMAGE_DIGEST }} - github-token: ${{ secrets.TOKEN_GITHUB }} - repository-name: ${{ github.repository }} - env: - GH_TOKEN: ${{ secrets.TOKEN_GITHUB }} - - - name: "Notify Slack: Success (CI/CD PRD)" - if: ${{ success() }} - uses: platformbuilders/github-actions-bdsp-templates/slack-notify@main - with: - type: "success" - webhook_url: ${{ secrets.SLACK_WEBHOOK_URL }} - - - name: "Notify Slack: Failure (CD_PRD)" - if: ${{ failure() }} - uses: platformbuilders/github-actions-bdsp-templates/slack-notify@main - with: - type: "failure" - webhook_url: ${{ secrets.SLACK_WEBHOOK_URL }} From 68857d2cf35dbbbc7c60d9dabf1550d639bc7e78 Mon Sep 17 00:00:00 2001 From: Marcos Aurelio Date: Tue, 6 May 2025 18:53:40 -0300 Subject: [PATCH 06/28] Update maven-ci-cd.yaml test --- .github/workflows/maven-ci-cd.yaml | 271 ++++++++++------------------- 1 file changed, 89 insertions(+), 182 deletions(-) diff --git a/.github/workflows/maven-ci-cd.yaml b/.github/workflows/maven-ci-cd.yaml index 59d932a..097b4b3 100644 --- a/.github/workflows/maven-ci-cd.yaml +++ b/.github/workflows/maven-ci-cd.yaml @@ -1,55 +1,24 @@ -name: maven-ci-cd +name: code-quality on: workflow_call: - # Pipeline de CI/CD padrão para aplicações Maven, incluindo build, testes, SonarQube e scan de imagem. + # code quality em flow separado pois necessita rodar em runner especifico. inputs: - java_version: - description: 'Versão do Java a ser usada' - required: true - type: string git_ref: description: 'A referência do Git (branch, tag, SHA) a ser buildada/deployada' required: true type: string - is_production_branch: - description: 'Indica se a execução é para uma branch de produção (master/main)' - required: true - type: boolean SONAR_BDSP_HOST_URL: description: 'URL do host do SonarQube' required: true type: string secrets: - SLACK_WEBHOOK_URL: - description: 'Webhook URL do Slack para notificações' - required: true SONAR_BDSP_TOKEN: description: 'Token de acesso ao SonarQube' required: true - GCP_SERVICE_ACCOUNT_KEY: - description: 'Chave da service account GCP' - required: true - TOKEN_GITHUB: - description: 'Token do GitHub para automação' - required: true - - outputs: - IMAGE_TAG: - description: "Tag da imagem Docker construída" - value: ${{ jobs.CI.outputs.IMAGE_TAG }} - IMAGE_DIGEST: - description: "Digest da imagem Docker construída" - value: ${{ jobs.CI.outputs.IMAGE_DIGEST }} - IMAGE_URI: - description: "URI completa da imagem Docker" - value: ${{ jobs.CI.outputs.IMAGE_URI }} - - env: - JAVA_VERSION: ${{ inputs.java_version }} SONAR_LANGUAGE: "java" SONAR_MAIN_BRANCH: "master" SONAR_VISIBILITY: "private" @@ -59,25 +28,8 @@ env: SONAR_NEW_CODE_DEF_TYPE: "PREVIOUS_VERSION" jobs: - - Notify_Start: - runs-on: ubuntu-latest - steps: - - name: "Notify Slack: Start" - uses: platformbuilders/github-actions-bdsp-templates/slack-notify@main - with: - type: "start" - webhook_url: ${{ secrets.SLACK_WEBHOOK_URL }} - - CI: - needs: Notify_Start - if: ${{ !inputs.is_production_branch }} - runs-on: ubuntu-latest - outputs: - IMAGE_TAG: ${{ steps.build_push.outputs.IMAGE_TAG }} - IMAGE_DIGEST: ${{ steps.build_push.outputs.IMAGE_DIGEST }} - IMAGE_URI: ${{ steps.build_push.outputs.IMAGE_URI }} - + Code-Quality: + runs-on: pb-pefisa-runner steps: - name: Checkout code uses: actions/checkout@v4 @@ -85,143 +37,98 @@ jobs: ref: ${{ inputs.git_ref }} fetch-depth: 0 - - name: Run Secret Scanner - uses: trufflesecurity/trufflehog@main - with: - extra_args: > - --log-level=2 - - - name: Set up JDK ${{ env.JAVA_VERSION }} - uses: actions/setup-java@v3 - with: - distribution: 'temurin' - java-version: '${{ env.JAVA_VERSION }}' - - - name: Build and Test with Maven + - name: Check project existence in SonarQube + id: checkSonarProjectExistence run: | - mvn clean package dependency:copy-dependencies -DoutputDirectory=./lib - - name: code-quality - uses: sua-org/seu-repo-reutilizavel/.github/workflows/code-quality.yml@main - with: - git_ref: ${{ github.ref }} - SONAR_BDSP_HOST_URL: 'https://sonar.seusistema.com.br' - SONAR_BDSP_TOKEN: ${{ secrets.SONAR_BDSP_TOKEN }} + set -e + echo "Verificando se o projeto existe no SonarQube..." - - name: Build and Push Docker image to GCR - id: build_push - uses: platformbuilders/github-actions-bdsp-templates/build-push-image@main - env: - GCP_SERVICE_ACCOUNT_KEY: ${{ secrets.GCP_SERVICE_ACCOUNT_KEY }} + RESPONSE=$(curl --verbose --fail --location \ + "${{ inputs.SONAR_BDSP_HOST_URL }}/api/projects/search?projects=${{ github.event.repository.name }}" \ + --header "Authorization: Bearer ${{ secrets.SONAR_BDSP_TOKEN }}") - - name: Run Image Vulnerability Scanner - uses: aquasecurity/trivy-action@master - with: - image-ref: "${{ steps.build_push.outputs.IMAGE_URI }}" - format: 'table' - output: "${{ github.event.repository.name }}-${{ steps.build_push.outputs.IMAGE_TAG }}-image-scanner-report.txt" - exit-code: '0' - severity: "CRITICAL,HIGH" - - - name: Upload Image Vulnerability Scanner Report - uses: actions/upload-artifact@v4 - with: - name: ${{ github.event.repository.name }}-${{ steps.build_push.outputs.IMAGE_TAG }}-image-scanner-report - path: ${{ github.event.repository.name }}-${{ steps.build_push.outputs.IMAGE_TAG }}-image-scanner-report.txt - retention-days: 3 - - - - name: "Notify Slack: Failure (CI)" - if: ${{ failure() }} - uses: platformbuilders/github-actions-bdsp-templates/slack-notify@main - with: - type: "failure" - webhook_url: ${{ secrets.SLACK_WEBHOOK_URL }} + echo "$RESPONSE" - CD: - needs: CI - if: ${{ !inputs.is_production_branch && success() }} - runs-on: ubuntu-latest - steps: - - name: Kustomize Argo Manifests - uses: platformbuilders/github-actions-bdsp-templates/kustomize-argo-manifests@main - with: - image-tag: ${{ needs.CI.outputs.IMAGE_TAG }} - image-digest: ${{ needs.CI.outputs.IMAGE_DIGEST }} - github-token: ${{ secrets.TOKEN_GITHUB }} - repository-name: ${{ github.repository }} - env: - GH_TOKEN: ${{ secrets.TOKEN_GITHUB }} + FOUND_PROJECTS=$(echo "$RESPONSE" | jq -r '.paging.total' 2>/dev/null || echo "0") - - - name: "Notify Slack: Success (CI/CD Non-Prod)" - if: ${{ success() }} - uses: platformbuilders/github-actions-bdsp-templates/slack-notify@main - with: - type: "success" - webhook_url: ${{ secrets.SLACK_WEBHOOK_URL }} + echo "FOUND_PROJECTS: $FOUND_PROJECTS" - - - name: "Notify Slack: Failure (CD)" - if: ${{ failure() }} - uses: platformbuilders/github-actions-bdsp-templates/slack-notify@main - with: - type: "failure" - webhook_url: ${{ secrets.SLACK_WEBHOOK_URL }} - - - CI_PRD: - needs: Notify_Start - - if: ${{ inputs.is_production_branch }} - runs-on: ubuntu-latest - outputs: - IMAGE_TAG: ${{ steps.get_image.outputs.IMAGE_TAG }} - IMAGE_DIGEST: ${{ steps.get_image.outputs.IMAGE_DIGEST }} - steps: - - name: Checkout code - uses: actions/checkout@v4 - with: - ref: ${{ inputs.git_ref }} + if [[ "$FOUND_PROJECTS" =~ ^[0-9]+$ && "$FOUND_PROJECTS" -eq 0 ]]; then + echo "exists=false" >> "$GITHUB_OUTPUT" + else + echo "exists=true" >> "$GITHUB_OUTPUT" + fi - - name: Get image to GCR - id: get_image - uses: platformbuilders/github-actions-bdsp-templates/build-push-image@main + - name: Creating new project on SonarQube + if: steps.checkSonarProjectExistence.outputs.exists == 'false' + run: | + set -e + echo "Criando projeto no SonarQube..." + curl -f --location '${{ inputs.SONAR_BDSP_HOST_URL }}/api/projects/create' \ + --header 'Authorization: Bearer ${{ secrets.SONAR_BDSP_TOKEN }}' \ + --header 'Content-Type: application/x-www-form-urlencoded' \ + --data-urlencode 'project=${{ github.event.repository.name }}' \ + --data-urlencode 'name=${{ github.event.repository.name }}' \ + --data-urlencode 'mainBranch=${{env.SONAR_MAIN_BRANCH}}' \ + --data-urlencode 'newCodeDefinitionType=${{env.SONAR_NEW_CODE_DEF_TYPE}}' \ + --data-urlencode 'visibility=${{env.SONAR_VISIBILITY}}' + + - name: Configuring quality gate + if: steps.checkSonarProjectExistence.outputs.exists == 'false' + run: | + set -e + echo "Atribuindo Quality Gate ao projeto..." + curl --location '${{ inputs.SONAR_BDSP_HOST_URL }}/api/qualitygates/select' \ + --header 'Authorization: Bearer ${{ secrets.SONAR_BDSP_TOKEN }}' \ + --header 'Content-Type: application/x-www-form-urlencoded' \ + --data-urlencode 'gateName=${{env.SONAR_QUALITY_GATE}}' \ + --data-urlencode 'projectKey=${{ github.event.repository.name }}' + + - name: Configuring quality profile + if: steps.checkSonarProjectExistence.outputs.exists == 'false' + run: | + set -e + echo "Atribuindo Quality Profile..." + curl --location '${{ inputs.SONAR_BDSP_HOST_URL }}/api/qualityprofiles/add_project' \ + --header 'Authorization: Bearer ${{ secrets.SONAR_BDSP_TOKEN }}' \ + --header 'Content-Type: application/x-www-form-urlencoded' \ + --data-urlencode 'language=${{env.SONAR_LANGUAGE}}' \ + --data-urlencode 'qualityProfile=${{env.SONAR_QUALITY_PROFILE}}' \ + --data-urlencode 'project=${{ github.event.repository.name }}' + + - name: Applying template permission + if: steps.checkSonarProjectExistence.outputs.exists == 'false' + run: | + set -e + echo "Atribuindo Permission Template..." + curl --location '${{ inputs.SONAR_BDSP_HOST_URL }}/api/permissions/apply_template' \ + --header 'Authorization: Bearer ${{ secrets.SONAR_BDSP_TOKEN }}' \ + --header 'Content-Type: application/x-www-form-urlencoded' \ + --data-urlencode 'projectKey=${{ github.event.repository.name }}' \ + --data-urlencode 'templateName=${{env.SONAR_PERMISSION_TEMPLATE}}' + + - name: Get project version + run: echo "PROJECT_VERSION=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)" >> $GITHUB_ENV + + - name: SonarQube Scan + uses: sonarsource/sonarqube-scan-action@master env: - GCP_SERVICE_ACCOUNT_KEY: ${{ secrets.GCP_SERVICE_ACCOUNT_KEY }} - - - name: "Notify Slack: Failure (CI_PRD)" - if: ${{ failure() }} - uses: platformbuilders/github-actions-bdsp-templates/slack-notify@main - with: - type: "failure" - webhook_url: ${{ secrets.SLACK_WEBHOOK_URL }} - - - CD_PRD: - needs: CI_PRD - if: ${{ inputs.is_production_branch && success() }} - runs-on: ubuntu-latest - steps: - - name: Kustomize Argo Manifests - uses: platformbuilders/github-actions-bdsp-templates/kustomize-argo-manifests@main - with: - image-tag: ${{ needs.CI_PRD.outputs.IMAGE_TAG }} - image-digest: ${{ needs.CI_PRD.outputs.IMAGE_DIGEST }} - github-token: ${{ secrets.TOKEN_GITHUB }} - repository-name: ${{ github.repository }} + SONAR_HOST_URL: ${{ inputs.SONAR_BDSP_HOST_URL }} + SONAR_TOKEN: ${{ secrets.SONAR_BDSP_TOKEN }} + with: + args: >- + -Dsonar.projectKey=${{ github.event.repository.name }} + -Dsonar.projectVersion=${{ env.PROJECT_VERSION }} + -Dsonar.sources=src/main/java + -Dsonar.tests=src/test/java + -Dsonar.java.binaries=target/classes + -Dsonar.sourceEncoding=UTF-8 + -Dsonar.language=java + -Dsonar.coverage.jacoco.xmlReportPaths=target/site/jacoco/jacoco.xml + -Dsonar.java.libraries=./lib + + - name: SonarQube Quality Gate check + uses: sonarsource/sonarqube-quality-gate-action@master env: - GH_TOKEN: ${{ secrets.TOKEN_GITHUB }} + SONAR_TOKEN: ${{ secrets.SONAR_BDSP_TOKEN }} - - name: "Notify Slack: Success (CI/CD PRD)" - if: ${{ success() }} - uses: platformbuilders/github-actions-bdsp-templates/slack-notify@main - with: - type: "success" - webhook_url: ${{ secrets.SLACK_WEBHOOK_URL }} - - - name: "Notify Slack: Failure (CD_PRD)" - if: ${{ failure() }} - uses: platformbuilders/github-actions-bdsp-templates/slack-notify@main - with: - type: "failure" - webhook_url: ${{ secrets.SLACK_WEBHOOK_URL }} From 8ee98b9ac8bb112579db12264da0c3f655394d06 Mon Sep 17 00:00:00 2001 From: Marcos Aurelio Date: Tue, 6 May 2025 19:02:38 -0300 Subject: [PATCH 07/28] Update code-quality.yaml TEST --- .github/workflows/code-quality.yaml | 31 +++++++++-------------------- 1 file changed, 9 insertions(+), 22 deletions(-) diff --git a/.github/workflows/code-quality.yaml b/.github/workflows/code-quality.yaml index 48671ca..097b4b3 100644 --- a/.github/workflows/code-quality.yaml +++ b/.github/workflows/code-quality.yaml @@ -13,8 +13,9 @@ on: description: 'URL do host do SonarQube' required: true type: string + + secrets: SONAR_BDSP_TOKEN: - type: string description: 'Token de acesso ao SonarQube' required: true env: @@ -27,20 +28,7 @@ env: SONAR_NEW_CODE_DEF_TYPE: "PREVIOUS_VERSION" jobs: - mask-input: - runs-on: ubuntu-latest - outputs: - token: ${{ steps.set-env.outputs.token }} - steps: - - name: Create secret environment variables from inputs - run: | - SONAR_BDSP_TOKEN=$(jq -r '.inputs.SONAR_BDSP_TOKEN' $GITHUB_EVENT_PATH) - echo ::add-mask::$SONAR_BDSP_TOKEN - echo EMAIL_ADDRESS="$SONAR_BDSP_TOKEN" >> $GITHUB_ENV - echo "token=$SONAR_BDSP_TOKEN" >> $GITHUB_OUTPUT - Code-Quality: - needs: mask-input runs-on: pb-pefisa-runner steps: - name: Checkout code @@ -57,7 +45,7 @@ jobs: RESPONSE=$(curl --verbose --fail --location \ "${{ inputs.SONAR_BDSP_HOST_URL }}/api/projects/search?projects=${{ github.event.repository.name }}" \ - --header "Authorization: Bearer ${{ needs.mask-input.outputs.token }}") + --header "Authorization: Bearer ${{ secrets.SONAR_BDSP_TOKEN }}") echo "$RESPONSE" @@ -77,7 +65,7 @@ jobs: set -e echo "Criando projeto no SonarQube..." curl -f --location '${{ inputs.SONAR_BDSP_HOST_URL }}/api/projects/create' \ - --header 'Authorization: Bearer ${{ needs.mask-input.outputs.token }}' \ + --header 'Authorization: Bearer ${{ secrets.SONAR_BDSP_TOKEN }}' \ --header 'Content-Type: application/x-www-form-urlencoded' \ --data-urlencode 'project=${{ github.event.repository.name }}' \ --data-urlencode 'name=${{ github.event.repository.name }}' \ @@ -91,7 +79,7 @@ jobs: set -e echo "Atribuindo Quality Gate ao projeto..." curl --location '${{ inputs.SONAR_BDSP_HOST_URL }}/api/qualitygates/select' \ - --header 'Authorization: Bearer ${{ needs.mask-input.outputs.token }}' \ + --header 'Authorization: Bearer ${{ secrets.SONAR_BDSP_TOKEN }}' \ --header 'Content-Type: application/x-www-form-urlencoded' \ --data-urlencode 'gateName=${{env.SONAR_QUALITY_GATE}}' \ --data-urlencode 'projectKey=${{ github.event.repository.name }}' @@ -102,7 +90,7 @@ jobs: set -e echo "Atribuindo Quality Profile..." curl --location '${{ inputs.SONAR_BDSP_HOST_URL }}/api/qualityprofiles/add_project' \ - --header 'Authorization: Bearer ${{ needs.mask-input.outputs.token }}' \ + --header 'Authorization: Bearer ${{ secrets.SONAR_BDSP_TOKEN }}' \ --header 'Content-Type: application/x-www-form-urlencoded' \ --data-urlencode 'language=${{env.SONAR_LANGUAGE}}' \ --data-urlencode 'qualityProfile=${{env.SONAR_QUALITY_PROFILE}}' \ @@ -114,7 +102,7 @@ jobs: set -e echo "Atribuindo Permission Template..." curl --location '${{ inputs.SONAR_BDSP_HOST_URL }}/api/permissions/apply_template' \ - --header 'Authorization: Bearer ${{ needs.mask-input.outputs.token }}' \ + --header 'Authorization: Bearer ${{ secrets.SONAR_BDSP_TOKEN }}' \ --header 'Content-Type: application/x-www-form-urlencoded' \ --data-urlencode 'projectKey=${{ github.event.repository.name }}' \ --data-urlencode 'templateName=${{env.SONAR_PERMISSION_TEMPLATE}}' @@ -126,7 +114,7 @@ jobs: uses: sonarsource/sonarqube-scan-action@master env: SONAR_HOST_URL: ${{ inputs.SONAR_BDSP_HOST_URL }} - SONAR_TOKEN: ${{ needs.mask-input.outputs.token }} + SONAR_TOKEN: ${{ secrets.SONAR_BDSP_TOKEN }} with: args: >- -Dsonar.projectKey=${{ github.event.repository.name }} @@ -142,6 +130,5 @@ jobs: - name: SonarQube Quality Gate check uses: sonarsource/sonarqube-quality-gate-action@master env: - SONAR_TOKEN: ${{ needs.mask-input.outputs.token }} - + SONAR_TOKEN: ${{ secrets.SONAR_BDSP_TOKEN }} From 39b6be208acd9c2da2d448a2ef087afd69128a98 Mon Sep 17 00:00:00 2001 From: Marcos Aurelio Date: Tue, 6 May 2025 19:06:24 -0300 Subject: [PATCH 08/28] Update code-quality.yaml --- .github/workflows/code-quality.yaml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.github/workflows/code-quality.yaml b/.github/workflows/code-quality.yaml index 097b4b3..b8195e6 100644 --- a/.github/workflows/code-quality.yaml +++ b/.github/workflows/code-quality.yaml @@ -132,3 +132,10 @@ jobs: env: SONAR_TOKEN: ${{ secrets.SONAR_BDSP_TOKEN }} + - name: "Notify Slack: Failure (CI)" + if: ${{ failure() }} + uses: platformbuilders/github-actions-bdsp-templates/slack-notify@main + with: + type: "failure" + webhook_url: ${{ secrets.SLACK_WEBHOOK_URL }} + From d9ce6a23f2b21b9e2aebcc9e21c5ba33be4b7834 Mon Sep 17 00:00:00 2001 From: Marcos Aurelio Date: Tue, 6 May 2025 19:18:17 -0300 Subject: [PATCH 09/28] Update maven-ci-cd.yaml --- .github/workflows/maven-ci-cd.yaml | 271 +++++++++++++++++++---------- 1 file changed, 183 insertions(+), 88 deletions(-) diff --git a/.github/workflows/maven-ci-cd.yaml b/.github/workflows/maven-ci-cd.yaml index 097b4b3..2f58355 100644 --- a/.github/workflows/maven-ci-cd.yaml +++ b/.github/workflows/maven-ci-cd.yaml @@ -1,24 +1,55 @@ -name: code-quality +name: maven-ci-cd on: workflow_call: - # code quality em flow separado pois necessita rodar em runner especifico. + # Pipeline de CI/CD padrão para aplicações Maven, incluindo build, testes, SonarQube e scan de imagem. inputs: + java_version: + description: 'Versão do Java a ser usada' + required: true + type: string git_ref: description: 'A referência do Git (branch, tag, SHA) a ser buildada/deployada' required: true type: string + is_production_branch: + description: 'Indica se a execução é para uma branch de produção (master/main)' + required: true + type: boolean SONAR_BDSP_HOST_URL: description: 'URL do host do SonarQube' required: true type: string secrets: + SLACK_WEBHOOK_URL: + description: 'Webhook URL do Slack para notificações' + required: true SONAR_BDSP_TOKEN: description: 'Token de acesso ao SonarQube' required: true + GCP_SERVICE_ACCOUNT_KEY: + description: 'Chave da service account GCP' + required: true + TOKEN_GITHUB: + description: 'Token do GitHub para automação' + required: true + + outputs: + IMAGE_TAG: + description: "Tag da imagem Docker construída" + value: ${{ jobs.CI.outputs.IMAGE_TAG }} + IMAGE_DIGEST: + description: "Digest da imagem Docker construída" + value: ${{ jobs.CI.outputs.IMAGE_DIGEST }} + IMAGE_URI: + description: "URI completa da imagem Docker" + value: ${{ jobs.CI.outputs.IMAGE_URI }} + + env: + JAVA_VERSION: ${{ inputs.java_version }} SONAR_LANGUAGE: "java" SONAR_MAIN_BRANCH: "master" SONAR_VISIBILITY: "private" @@ -28,8 +59,33 @@ env: SONAR_NEW_CODE_DEF_TYPE: "PREVIOUS_VERSION" jobs: - Code-Quality: - runs-on: pb-pefisa-runner + + Notify_Start: + runs-on: ubuntu-latest + steps: + - name: "Notify Slack: Start" + uses: platformbuilders/github-actions-bdsp-templates/slack-notify@main + with: + type: "start" + webhook_url: ${{ secrets.SLACK_WEBHOOK_URL }} + + CI-Code-Quality: + if: ${{ !inputs.is_production_branch }} + uses: sua-org/seu-repo-reutilizavel/.github/workflows/code-quality.yml@main + with: + git_ref: ${{ github.ref }} + SONAR_BDSP_HOST_URL: ${{ secrets.SONAR_BDSP_HOST_URL }} + SONAR_BDSP_TOKEN: ${{ secrets.SONAR_BDSP_TOKEN }} + + CI: + needs: [Notify_Start,CI-Code-Quality] + if: ${{ !inputs.is_production_branch }} + runs-on: ubuntu-latest + outputs: + IMAGE_TAG: ${{ steps.build_push.outputs.IMAGE_TAG }} + IMAGE_DIGEST: ${{ steps.build_push.outputs.IMAGE_DIGEST }} + IMAGE_URI: ${{ steps.build_push.outputs.IMAGE_URI }} + steps: - name: Checkout code uses: actions/checkout@v4 @@ -37,98 +93,137 @@ jobs: ref: ${{ inputs.git_ref }} fetch-depth: 0 - - name: Check project existence in SonarQube - id: checkSonarProjectExistence + - name: Run Secret Scanner + uses: trufflesecurity/trufflehog@main + with: + extra_args: > + --log-level=2 + + - name: Set up JDK ${{ env.JAVA_VERSION }} + uses: actions/setup-java@v3 + with: + distribution: 'temurin' + java-version: '${{ env.JAVA_VERSION }}' + + - name: Build and Test with Maven run: | - set -e - echo "Verificando se o projeto existe no SonarQube..." + mvn clean package dependency:copy-dependencies -DoutputDirectory=./lib - RESPONSE=$(curl --verbose --fail --location \ - "${{ inputs.SONAR_BDSP_HOST_URL }}/api/projects/search?projects=${{ github.event.repository.name }}" \ - --header "Authorization: Bearer ${{ secrets.SONAR_BDSP_TOKEN }}") + - name: Build and Push Docker image to GCR + id: build_push + uses: platformbuilders/github-actions-bdsp-templates/build-push-image@main + env: + GCP_SERVICE_ACCOUNT_KEY: ${{ secrets.GCP_SERVICE_ACCOUNT_KEY }} - echo "$RESPONSE" + - name: Run Image Vulnerability Scanner + uses: aquasecurity/trivy-action@master + with: + image-ref: "${{ steps.build_push.outputs.IMAGE_URI }}" + format: 'table' + output: "${{ github.event.repository.name }}-${{ steps.build_push.outputs.IMAGE_TAG }}-image-scanner-report.txt" + exit-code: '0' + severity: "CRITICAL,HIGH" + + - name: Upload Image Vulnerability Scanner Report + uses: actions/upload-artifact@v4 + with: + name: ${{ github.event.repository.name }}-${{ steps.build_push.outputs.IMAGE_TAG }}-image-scanner-report + path: ${{ github.event.repository.name }}-${{ steps.build_push.outputs.IMAGE_TAG }}-image-scanner-report.txt + retention-days: 3 + + + - name: "Notify Slack: Failure (CI)" + if: ${{ failure() }} + uses: platformbuilders/github-actions-bdsp-templates/slack-notify@main + with: + type: "failure" + webhook_url: ${{ secrets.SLACK_WEBHOOK_URL }} - FOUND_PROJECTS=$(echo "$RESPONSE" | jq -r '.paging.total' 2>/dev/null || echo "0") + CD: + needs: CI + if: ${{ !inputs.is_production_branch && success() }} + runs-on: ubuntu-latest + steps: + - name: Kustomize Argo Manifests + uses: platformbuilders/github-actions-bdsp-templates/kustomize-argo-manifests@main + with: + image-tag: ${{ needs.CI.outputs.IMAGE_TAG }} + image-digest: ${{ needs.CI.outputs.IMAGE_DIGEST }} + github-token: ${{ secrets.TOKEN_GITHUB }} + repository-name: ${{ github.repository }} + env: + GH_TOKEN: ${{ secrets.TOKEN_GITHUB }} - echo "FOUND_PROJECTS: $FOUND_PROJECTS" + + - name: "Notify Slack: Success (CI/CD Non-Prod)" + if: ${{ success() }} + uses: platformbuilders/github-actions-bdsp-templates/slack-notify@main + with: + type: "success" + webhook_url: ${{ secrets.SLACK_WEBHOOK_URL }} - if [[ "$FOUND_PROJECTS" =~ ^[0-9]+$ && "$FOUND_PROJECTS" -eq 0 ]]; then - echo "exists=false" >> "$GITHUB_OUTPUT" - else - echo "exists=true" >> "$GITHUB_OUTPUT" - fi + + - name: "Notify Slack: Failure (CD)" + if: ${{ failure() }} + uses: platformbuilders/github-actions-bdsp-templates/slack-notify@main + with: + type: "failure" + webhook_url: ${{ secrets.SLACK_WEBHOOK_URL }} + + + CI_PRD: + needs: Notify_Start + + if: ${{ inputs.is_production_branch }} + runs-on: ubuntu-latest + outputs: + IMAGE_TAG: ${{ steps.get_image.outputs.IMAGE_TAG }} + IMAGE_DIGEST: ${{ steps.get_image.outputs.IMAGE_DIGEST }} + steps: + - name: Checkout code + uses: actions/checkout@v4 + with: + ref: ${{ inputs.git_ref }} - - name: Creating new project on SonarQube - if: steps.checkSonarProjectExistence.outputs.exists == 'false' - run: | - set -e - echo "Criando projeto no SonarQube..." - curl -f --location '${{ inputs.SONAR_BDSP_HOST_URL }}/api/projects/create' \ - --header 'Authorization: Bearer ${{ secrets.SONAR_BDSP_TOKEN }}' \ - --header 'Content-Type: application/x-www-form-urlencoded' \ - --data-urlencode 'project=${{ github.event.repository.name }}' \ - --data-urlencode 'name=${{ github.event.repository.name }}' \ - --data-urlencode 'mainBranch=${{env.SONAR_MAIN_BRANCH}}' \ - --data-urlencode 'newCodeDefinitionType=${{env.SONAR_NEW_CODE_DEF_TYPE}}' \ - --data-urlencode 'visibility=${{env.SONAR_VISIBILITY}}' - - - name: Configuring quality gate - if: steps.checkSonarProjectExistence.outputs.exists == 'false' - run: | - set -e - echo "Atribuindo Quality Gate ao projeto..." - curl --location '${{ inputs.SONAR_BDSP_HOST_URL }}/api/qualitygates/select' \ - --header 'Authorization: Bearer ${{ secrets.SONAR_BDSP_TOKEN }}' \ - --header 'Content-Type: application/x-www-form-urlencoded' \ - --data-urlencode 'gateName=${{env.SONAR_QUALITY_GATE}}' \ - --data-urlencode 'projectKey=${{ github.event.repository.name }}' - - - name: Configuring quality profile - if: steps.checkSonarProjectExistence.outputs.exists == 'false' - run: | - set -e - echo "Atribuindo Quality Profile..." - curl --location '${{ inputs.SONAR_BDSP_HOST_URL }}/api/qualityprofiles/add_project' \ - --header 'Authorization: Bearer ${{ secrets.SONAR_BDSP_TOKEN }}' \ - --header 'Content-Type: application/x-www-form-urlencoded' \ - --data-urlencode 'language=${{env.SONAR_LANGUAGE}}' \ - --data-urlencode 'qualityProfile=${{env.SONAR_QUALITY_PROFILE}}' \ - --data-urlencode 'project=${{ github.event.repository.name }}' - - - name: Applying template permission - if: steps.checkSonarProjectExistence.outputs.exists == 'false' - run: | - set -e - echo "Atribuindo Permission Template..." - curl --location '${{ inputs.SONAR_BDSP_HOST_URL }}/api/permissions/apply_template' \ - --header 'Authorization: Bearer ${{ secrets.SONAR_BDSP_TOKEN }}' \ - --header 'Content-Type: application/x-www-form-urlencoded' \ - --data-urlencode 'projectKey=${{ github.event.repository.name }}' \ - --data-urlencode 'templateName=${{env.SONAR_PERMISSION_TEMPLATE}}' - - - name: Get project version - run: echo "PROJECT_VERSION=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)" >> $GITHUB_ENV - - - name: SonarQube Scan - uses: sonarsource/sonarqube-scan-action@master + - name: Get image to GCR + id: get_image + uses: platformbuilders/github-actions-bdsp-templates/build-push-image@main env: - SONAR_HOST_URL: ${{ inputs.SONAR_BDSP_HOST_URL }} - SONAR_TOKEN: ${{ secrets.SONAR_BDSP_TOKEN }} + GCP_SERVICE_ACCOUNT_KEY: ${{ secrets.GCP_SERVICE_ACCOUNT_KEY }} + + - name: "Notify Slack: Failure (CI_PRD)" + if: ${{ failure() }} + uses: platformbuilders/github-actions-bdsp-templates/slack-notify@main + with: + type: "failure" + webhook_url: ${{ secrets.SLACK_WEBHOOK_URL }} + + + CD_PRD: + needs: CI_PRD + if: ${{ inputs.is_production_branch && success() }} + runs-on: ubuntu-latest + steps: + - name: Kustomize Argo Manifests + uses: platformbuilders/github-actions-bdsp-templates/kustomize-argo-manifests@main with: - args: >- - -Dsonar.projectKey=${{ github.event.repository.name }} - -Dsonar.projectVersion=${{ env.PROJECT_VERSION }} - -Dsonar.sources=src/main/java - -Dsonar.tests=src/test/java - -Dsonar.java.binaries=target/classes - -Dsonar.sourceEncoding=UTF-8 - -Dsonar.language=java - -Dsonar.coverage.jacoco.xmlReportPaths=target/site/jacoco/jacoco.xml - -Dsonar.java.libraries=./lib - - - name: SonarQube Quality Gate check - uses: sonarsource/sonarqube-quality-gate-action@master + image-tag: ${{ needs.CI_PRD.outputs.IMAGE_TAG }} + image-digest: ${{ needs.CI_PRD.outputs.IMAGE_DIGEST }} + github-token: ${{ secrets.TOKEN_GITHUB }} + repository-name: ${{ github.repository }} env: - SONAR_TOKEN: ${{ secrets.SONAR_BDSP_TOKEN }} + GH_TOKEN: ${{ secrets.TOKEN_GITHUB }} + - name: "Notify Slack: Success (CI/CD PRD)" + if: ${{ success() }} + uses: platformbuilders/github-actions-bdsp-templates/slack-notify@main + with: + type: "success" + webhook_url: ${{ secrets.SLACK_WEBHOOK_URL }} + + - name: "Notify Slack: Failure (CD_PRD)" + if: ${{ failure() }} + uses: platformbuilders/github-actions-bdsp-templates/slack-notify@main + with: + type: "failure" + webhook_url: ${{ secrets.SLACK_WEBHOOK_URL }} From 0a1e77153281c16ab62ad1307865694d5c9ad4b3 Mon Sep 17 00:00:00 2001 From: Marcos Aurelio Date: Tue, 6 May 2025 19:20:17 -0300 Subject: [PATCH 10/28] Update maven-ci-cd.yaml --- .github/workflows/maven-ci-cd.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/maven-ci-cd.yaml b/.github/workflows/maven-ci-cd.yaml index 2f58355..73d7df8 100644 --- a/.github/workflows/maven-ci-cd.yaml +++ b/.github/workflows/maven-ci-cd.yaml @@ -71,7 +71,7 @@ jobs: CI-Code-Quality: if: ${{ !inputs.is_production_branch }} - uses: sua-org/seu-repo-reutilizavel/.github/workflows/code-quality.yml@main + uses: platformbuilders/github-actions-bdsp-templates/.github/workflows/code-quality.yml@main with: git_ref: ${{ github.ref }} SONAR_BDSP_HOST_URL: ${{ secrets.SONAR_BDSP_HOST_URL }} From b831086fd1446da3a48494b7a5b5681a36312751 Mon Sep 17 00:00:00 2001 From: Marcos Aurelio Date: Tue, 6 May 2025 19:22:38 -0300 Subject: [PATCH 11/28] Update maven-ci-cd.yaml --- .github/workflows/maven-ci-cd.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/maven-ci-cd.yaml b/.github/workflows/maven-ci-cd.yaml index 73d7df8..5c29485 100644 --- a/.github/workflows/maven-ci-cd.yaml +++ b/.github/workflows/maven-ci-cd.yaml @@ -71,7 +71,7 @@ jobs: CI-Code-Quality: if: ${{ !inputs.is_production_branch }} - uses: platformbuilders/github-actions-bdsp-templates/.github/workflows/code-quality.yml@main + uses: platformbuilders/github-actions-bdsp-templates/.github/workflows/code-quality.yml@perf/improve-performance with: git_ref: ${{ github.ref }} SONAR_BDSP_HOST_URL: ${{ secrets.SONAR_BDSP_HOST_URL }} From c8652d610ba2e67bea6f5173afd2323706624a1a Mon Sep 17 00:00:00 2001 From: Marcos Aurelio Date: Tue, 6 May 2025 19:23:40 -0300 Subject: [PATCH 12/28] Update maven-ci-cd.yaml --- .github/workflows/maven-ci-cd.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/maven-ci-cd.yaml b/.github/workflows/maven-ci-cd.yaml index 5c29485..5548c02 100644 --- a/.github/workflows/maven-ci-cd.yaml +++ b/.github/workflows/maven-ci-cd.yaml @@ -71,7 +71,7 @@ jobs: CI-Code-Quality: if: ${{ !inputs.is_production_branch }} - uses: platformbuilders/github-actions-bdsp-templates/.github/workflows/code-quality.yml@perf/improve-performance + uses: platformbuilders/github-actions-bdsp-templates/.github/workflows/code-quality@perf/improve-performance with: git_ref: ${{ github.ref }} SONAR_BDSP_HOST_URL: ${{ secrets.SONAR_BDSP_HOST_URL }} From 4390e66ba799270cf37efe9218595be7c323e78c Mon Sep 17 00:00:00 2001 From: Marcos Aurelio Date: Tue, 6 May 2025 19:24:33 -0300 Subject: [PATCH 13/28] Update maven-ci-cd.yaml --- .github/workflows/maven-ci-cd.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/maven-ci-cd.yaml b/.github/workflows/maven-ci-cd.yaml index 5548c02..3affcc1 100644 --- a/.github/workflows/maven-ci-cd.yaml +++ b/.github/workflows/maven-ci-cd.yaml @@ -71,7 +71,7 @@ jobs: CI-Code-Quality: if: ${{ !inputs.is_production_branch }} - uses: platformbuilders/github-actions-bdsp-templates/.github/workflows/code-quality@perf/improve-performance + uses: platformbuilders/github-actions-bdsp-templates/.github/workflows/code-quality.yaml@perf/improve-performance with: git_ref: ${{ github.ref }} SONAR_BDSP_HOST_URL: ${{ secrets.SONAR_BDSP_HOST_URL }} From 68cd60da16f031acb204ac776d41bc2c1058afa6 Mon Sep 17 00:00:00 2001 From: Marcos Aurelio Date: Tue, 6 May 2025 19:27:51 -0300 Subject: [PATCH 14/28] Update maven-ci-cd.yaml --- .github/workflows/maven-ci-cd.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/maven-ci-cd.yaml b/.github/workflows/maven-ci-cd.yaml index 3affcc1..ded88ce 100644 --- a/.github/workflows/maven-ci-cd.yaml +++ b/.github/workflows/maven-ci-cd.yaml @@ -72,11 +72,11 @@ jobs: CI-Code-Quality: if: ${{ !inputs.is_production_branch }} uses: platformbuilders/github-actions-bdsp-templates/.github/workflows/code-quality.yaml@perf/improve-performance + secrets: inherit with: git_ref: ${{ github.ref }} - SONAR_BDSP_HOST_URL: ${{ secrets.SONAR_BDSP_HOST_URL }} - SONAR_BDSP_TOKEN: ${{ secrets.SONAR_BDSP_TOKEN }} - + SONAR_BDSP_HOST_URL: ${{ inputs.SONAR_BDSP_HOST_URL }} + CI: needs: [Notify_Start,CI-Code-Quality] if: ${{ !inputs.is_production_branch }} From bb9276da119046a05a1ae7e7efe530ef595d0d60 Mon Sep 17 00:00:00 2001 From: Marcos Aurelio Date: Tue, 6 May 2025 19:31:35 -0300 Subject: [PATCH 15/28] Update code-quality.yaml --- .github/workflows/code-quality.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/code-quality.yaml b/.github/workflows/code-quality.yaml index b8195e6..3309577 100644 --- a/.github/workflows/code-quality.yaml +++ b/.github/workflows/code-quality.yaml @@ -29,7 +29,7 @@ env: jobs: Code-Quality: - runs-on: pb-pefisa-runner + runs-on: runner-pb-pefisa steps: - name: Checkout code uses: actions/checkout@v4 From a671b80708733a087127bc73278858024559bb86 Mon Sep 17 00:00:00 2001 From: Marcos Aurelio Date: Tue, 6 May 2025 19:32:42 -0300 Subject: [PATCH 16/28] Update maven-ci-cd.yaml --- .github/workflows/maven-ci-cd.yaml | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/.github/workflows/maven-ci-cd.yaml b/.github/workflows/maven-ci-cd.yaml index ded88ce..68aef80 100644 --- a/.github/workflows/maven-ci-cd.yaml +++ b/.github/workflows/maven-ci-cd.yaml @@ -69,16 +69,10 @@ jobs: type: "start" webhook_url: ${{ secrets.SLACK_WEBHOOK_URL }} - CI-Code-Quality: - if: ${{ !inputs.is_production_branch }} - uses: platformbuilders/github-actions-bdsp-templates/.github/workflows/code-quality.yaml@perf/improve-performance - secrets: inherit - with: - git_ref: ${{ github.ref }} - SONAR_BDSP_HOST_URL: ${{ inputs.SONAR_BDSP_HOST_URL }} + CI: - needs: [Notify_Start,CI-Code-Quality] + needs: [Notify_Start] if: ${{ !inputs.is_production_branch }} runs-on: ubuntu-latest outputs: From 8417d063b1c9e3cb900e8864b53bedc4e81b49f5 Mon Sep 17 00:00:00 2001 From: Marcos Aurelio Date: Tue, 6 May 2025 19:33:55 -0300 Subject: [PATCH 17/28] Update maven-ci-cd.yaml test --- .github/workflows/maven-ci-cd.yaml | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/.github/workflows/maven-ci-cd.yaml b/.github/workflows/maven-ci-cd.yaml index 68aef80..16431d7 100644 --- a/.github/workflows/maven-ci-cd.yaml +++ b/.github/workflows/maven-ci-cd.yaml @@ -69,10 +69,16 @@ jobs: type: "start" webhook_url: ${{ secrets.SLACK_WEBHOOK_URL }} - + CI-Code-Quality: + #if: {{ !inputs.is_production_branch }} + uses: platformbuilders/github-actions-bdsp-templates/.github/workflows/code-quality.yaml@perf/improve-performance + secrets: inherit + with: + git_ref: ${{ github.ref }} + SONAR_BDSP_HOST_URL: ${{ inputs.SONAR_BDSP_HOST_URL }} CI: - needs: [Notify_Start] + needs: [Notify_Start,CI-Code-Quality] if: ${{ !inputs.is_production_branch }} runs-on: ubuntu-latest outputs: From 183fee0d1da674be33ae443e1022f52f06876eea Mon Sep 17 00:00:00 2001 From: Marcos Aurelio Date: Tue, 13 May 2025 14:53:47 -0300 Subject: [PATCH 18/28] Update code-quality.yaml test --- .github/workflows/code-quality.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/code-quality.yaml b/.github/workflows/code-quality.yaml index 3309577..c40a158 100644 --- a/.github/workflows/code-quality.yaml +++ b/.github/workflows/code-quality.yaml @@ -37,6 +37,10 @@ jobs: ref: ${{ inputs.git_ref }} fetch-depth: 0 + - name: Build and Test with Maven + run: | + mvn clean package dependency:copy-dependencies -DoutputDirectory=./lib + - name: Check project existence in SonarQube id: checkSonarProjectExistence run: | From 2d7f979fc69863d1333fd8dbdaa55c871d6c5b71 Mon Sep 17 00:00:00 2001 From: Marcos Aurelio Date: Tue, 13 May 2025 18:43:47 -0300 Subject: [PATCH 19/28] Update code-quality.yaml test --- .github/workflows/code-quality.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/code-quality.yaml b/.github/workflows/code-quality.yaml index c40a158..675f3c0 100644 --- a/.github/workflows/code-quality.yaml +++ b/.github/workflows/code-quality.yaml @@ -36,6 +36,12 @@ jobs: with: ref: ${{ inputs.git_ref }} fetch-depth: 0 + + - name: Set up JDK ${{ env.JAVA_VERSION }} + uses: actions/setup-java@v3 + with: + distribution: 'temurin' + java-version: '${{ env.JAVA_VERSION }}' - name: Build and Test with Maven run: | From ab051e4a0b54a42cb9bed2e206d80408b01ec657 Mon Sep 17 00:00:00 2001 From: Marcos Aurelio Date: Tue, 13 May 2025 18:49:56 -0300 Subject: [PATCH 20/28] Update maven-ci-cd.yaml test --- .github/workflows/maven-ci-cd.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/maven-ci-cd.yaml b/.github/workflows/maven-ci-cd.yaml index 16431d7..0474caa 100644 --- a/.github/workflows/maven-ci-cd.yaml +++ b/.github/workflows/maven-ci-cd.yaml @@ -76,6 +76,7 @@ jobs: with: git_ref: ${{ github.ref }} SONAR_BDSP_HOST_URL: ${{ inputs.SONAR_BDSP_HOST_URL }} + java_version: ${{ inputs.java_version }} CI: needs: [Notify_Start,CI-Code-Quality] From 9e47213a367f1bc21e2b6345c9a20754a9bbb1c8 Mon Sep 17 00:00:00 2001 From: Marcos Aurelio Date: Tue, 13 May 2025 18:50:04 -0300 Subject: [PATCH 21/28] Update code-quality.yaml test --- .github/workflows/code-quality.yaml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/.github/workflows/code-quality.yaml b/.github/workflows/code-quality.yaml index 675f3c0..e1a9b17 100644 --- a/.github/workflows/code-quality.yaml +++ b/.github/workflows/code-quality.yaml @@ -13,7 +13,12 @@ on: description: 'URL do host do SonarQube' required: true type: string - + java_version: + description: 'Versão do Java a ser usada' + required: true + type: string + + secrets: SONAR_BDSP_TOKEN: description: 'Token de acesso ao SonarQube' @@ -26,6 +31,7 @@ env: SONAR_QUALITY_GATE: "QG_PNB_BACKEND" SONAR_PERMISSION_TEMPLATE: "PNB-TEMPLATE" SONAR_NEW_CODE_DEF_TYPE: "PREVIOUS_VERSION" + JAVA_VERSION: ${{ inputs.java_version }} jobs: Code-Quality: From f4defef42a5339c661861088be6877bd140c9f70 Mon Sep 17 00:00:00 2001 From: Marcos Aurelio Date: Fri, 30 May 2025 13:03:22 -0300 Subject: [PATCH 22/28] Update Dockerfile --- build-push-image/Dockerfile | 17 +++++------------ 1 file changed, 5 insertions(+), 12 deletions(-) diff --git a/build-push-image/Dockerfile b/build-push-image/Dockerfile index e6aa85f..4f8e60c 100644 --- a/build-push-image/Dockerfile +++ b/build-push-image/Dockerfile @@ -1,20 +1,13 @@ -FROM ubuntu:latest +FROM google/cloud-sdk:slim -RUN apt-get update && apt-get install -y \ - apt-transport-https \ - ca-certificates \ - gnupg \ - curl \ +RUN apt-get update && apt-get install -y --no-install-recommends \ git \ - docker.io \ jq \ - && curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add - \ - && echo "deb https://packages.cloud.google.com/apt cloud-sdk main" > /etc/apt/sources.list.d/google-cloud-sdk.list \ - && apt-get update \ - && apt-get install -y google-cloud-sdk \ + docker.io \ + && apt-get clean \ && rm -rf /var/lib/apt/lists/* COPY entrypoint.sh /entrypoint.sh RUN chmod +x /entrypoint.sh -ENTRYPOINT ["/entrypoint.sh"] \ No newline at end of file +ENTRYPOINT ["/entrypoint.sh"] From cc76e8a5b9e04debb9146a51cf6229ec1386c492 Mon Sep 17 00:00:00 2001 From: Marcos Aurelio Date: Fri, 30 May 2025 13:51:50 -0300 Subject: [PATCH 23/28] Update maven-ci-cd-teste.yaml --- .github/workflows/maven-ci-cd-teste.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/maven-ci-cd-teste.yaml b/.github/workflows/maven-ci-cd-teste.yaml index 11d4875..e90d797 100644 --- a/.github/workflows/maven-ci-cd-teste.yaml +++ b/.github/workflows/maven-ci-cd-teste.yaml @@ -95,7 +95,7 @@ jobs: - name: Build and Push Docker image to GCR id: build_push - uses: platformbuilders/github-actions-bdsp-templates/build-push-image@main + uses: platformbuilders/github-actions-bdsp-templates/build-push-image@perf/improve-performance env: GCP_SERVICE_ACCOUNT_KEY: ${{ secrets.GCP_SERVICE_ACCOUNT_KEY }} From 20e069598e904fcdbf326139f955daef8fd5efbc Mon Sep 17 00:00:00 2001 From: Marcos Aurelio Date: Tue, 3 Jun 2025 14:10:02 -0300 Subject: [PATCH 24/28] Create build-image-push-action.yaml --- .../workflows/build-image-push-action.yaml | 36 +++++++++++++++++++ 1 file changed, 36 insertions(+) create mode 100644 .github/workflows/build-image-push-action.yaml diff --git a/.github/workflows/build-image-push-action.yaml b/.github/workflows/build-image-push-action.yaml new file mode 100644 index 0000000..1f46344 --- /dev/null +++ b/.github/workflows/build-image-push-action.yaml @@ -0,0 +1,36 @@ +name: Build and Push Docker Image + +on: + push: + paths: + - 'build-push-image/**' + branches: + - main + +jobs: + build-and-push: + runs-on: ubuntu-latest + + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Set up Google Cloud authentication + uses: google-github-actions/auth@v2 + with: + credentials_json: ${{ secrets.GCP_CREDENTIALS }} + + - name: Configure Docker to use the Google Cloud registry + run: | + gcloud --quiet auth configure-docker + + - name: Build Docker image + run: | + IMAGE="gcr.io/${{ secrets.GCP_PROJECT_ID }}/build-push-image:latest" + docker build -t $IMAGE ./build-push-image + + - name: Push Docker image to Google Container Registry + run: | + IMAGE="gcr.io/${{ secrets.GCP_PROJECT_ID }}/build-push-image:latest" + docker push $IMAGE + From 0f79008d32c3d2dcd550c5c4e456af442a540799 Mon Sep 17 00:00:00 2001 From: Marcos Aurelio Date: Tue, 3 Jun 2025 19:28:50 -0300 Subject: [PATCH 25/28] Update action.yaml test --- build-push-image/action.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/build-push-image/action.yaml b/build-push-image/action.yaml index d4e101f..8c4882d 100644 --- a/build-push-image/action.yaml +++ b/build-push-image/action.yaml @@ -2,9 +2,9 @@ name: 'Build and Push Docker Image to GCR' description: 'Builds and pushes a Docker image to Google Container Registry (GCR) based on the branch.' runs: using: 'docker' - image: 'Dockerfile' + image: 'gcr.io/bdsp-devtools/build-push-image:latest' outputs: IMAGE_TAG: description: 'Tag da imagem Docker.' IMAGE_DIGEST: - description: 'Digest da imagem Docker.' \ No newline at end of file + description: 'Digest da imagem Docker.' From c34fcd8868d2d99d4e591bcfaf65cd344a96f03c Mon Sep 17 00:00:00 2001 From: Marcos Aurelio Date: Tue, 3 Jun 2025 19:31:42 -0300 Subject: [PATCH 26/28] Update action.yaml --- build-push-image/action.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build-push-image/action.yaml b/build-push-image/action.yaml index 8c4882d..8a7c519 100644 --- a/build-push-image/action.yaml +++ b/build-push-image/action.yaml @@ -2,7 +2,7 @@ name: 'Build and Push Docker Image to GCR' description: 'Builds and pushes a Docker image to Google Container Registry (GCR) based on the branch.' runs: using: 'docker' - image: 'gcr.io/bdsp-devtools/build-push-image:latest' + image: 'docker://gcr.io/bdsp-devtools/build-push-image:latest' outputs: IMAGE_TAG: description: 'Tag da imagem Docker.' From 782f651d9d734bbe5fa8f578c31588368e37f10d Mon Sep 17 00:00:00 2001 From: Marcos Aurelio Date: Wed, 4 Jun 2025 12:22:45 -0300 Subject: [PATCH 27/28] Update action.yaml --- build-push-image/action.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build-push-image/action.yaml b/build-push-image/action.yaml index 8a7c519..94509bb 100644 --- a/build-push-image/action.yaml +++ b/build-push-image/action.yaml @@ -2,7 +2,7 @@ name: 'Build and Push Docker Image to GCR' description: 'Builds and pushes a Docker image to Google Container Registry (GCR) based on the branch.' runs: using: 'docker' - image: 'docker://gcr.io/bdsp-devtools/build-push-image:latest' + image: 'ghcr.io/platformbuilders/github-actions-bdsp-templates/build-push-image:latest' outputs: IMAGE_TAG: description: 'Tag da imagem Docker.' From 088f7dd88af47f18990509be2a505531d25b823b Mon Sep 17 00:00:00 2001 From: Marcos Aurelio Date: Wed, 4 Jun 2025 13:27:43 -0300 Subject: [PATCH 28/28] Update action.yaml --- build-push-image/action.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build-push-image/action.yaml b/build-push-image/action.yaml index 94509bb..df37441 100644 --- a/build-push-image/action.yaml +++ b/build-push-image/action.yaml @@ -2,7 +2,7 @@ name: 'Build and Push Docker Image to GCR' description: 'Builds and pushes a Docker image to Google Container Registry (GCR) based on the branch.' runs: using: 'docker' - image: 'ghcr.io/platformbuilders/github-actions-bdsp-templates/build-push-image:latest' + image: 'docker://ghcr.io/platformbuilders/github-actions-bdsp-templates/build-push-image:latest' outputs: IMAGE_TAG: description: 'Tag da imagem Docker.'