ci: rewrite cd-main.yml — production runner, pre-installed toolchain, no deploy step
CD - Develop / build-and-deploy (push) Failing after 9m3s
CD - Develop / build-and-deploy (push) Failing after 9m3s
This commit is contained in:
@@ -7,7 +7,7 @@ on:
|
||||
|
||||
jobs:
|
||||
build-and-deploy:
|
||||
runs-on: ubuntu-latest
|
||||
runs-on: production
|
||||
env:
|
||||
GIT_SSL_NO_VERIFY: "true"
|
||||
MAVEN_OPTS: "-Dmaven.wagon.http.ssl.insecure=true -Dmaven.wagon.http.ssl.allowall=true"
|
||||
@@ -16,20 +16,12 @@ jobs:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Verify toolchain
|
||||
run: java -version && mvn -version && trivy --version
|
||||
|
||||
- name: Clean runner disk
|
||||
run: docker system prune -f 2>/dev/null || true
|
||||
|
||||
- name: Install Java 21 and Maven
|
||||
run: |
|
||||
apt-get update -qq
|
||||
apt-get install -y -qq wget apt-transport-https gnupg
|
||||
wget -qO - https://packages.adoptium.net/artifactory/api/gpg/key/public | gpg --dearmor -o /usr/share/keyrings/adoptium.gpg
|
||||
echo "deb [signed-by=/usr/share/keyrings/adoptium.gpg] https://packages.adoptium.net/artifactory/deb $(. /etc/os-release && echo $VERSION_CODENAME) main" | tee /etc/apt/sources.list.d/adoptium.list
|
||||
apt-get update -qq
|
||||
apt-get install -y -qq temurin-21-jdk maven
|
||||
java -version
|
||||
mvn -version
|
||||
|
||||
- name: Configure Maven settings
|
||||
run: |
|
||||
mkdir -p ~/.m2
|
||||
@@ -73,9 +65,6 @@ jobs:
|
||||
- name: Build JAR
|
||||
run: mvn clean package -DskipTests -B
|
||||
|
||||
- name: Install Trivy
|
||||
run: curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin
|
||||
|
||||
- name: Trivy vulnerability scan
|
||||
run: |
|
||||
trivy fs \
|
||||
@@ -83,6 +72,7 @@ jobs:
|
||||
--severity HIGH,CRITICAL \
|
||||
--ignore-unfixed \
|
||||
--scanners vuln \
|
||||
--skip-db-update \
|
||||
--format table \
|
||||
target/
|
||||
|
||||
@@ -98,15 +88,12 @@ jobs:
|
||||
-DautoUpdate=false \
|
||||
-DdataDirectory=/tmp/owasp-data \
|
||||
-DsuppressionFile=deployment/owasp-suppressions.xml \
|
||||
-DassemblyAnalyzerEnabled=false \
|
||||
-Dformats=HTML,JSON \
|
||||
-B
|
||||
|
||||
- name: Build and push Docker image
|
||||
run: |
|
||||
if ! command -v docker &> /dev/null; then
|
||||
apt-get update -qq && apt-get install -y -qq docker.io
|
||||
fi
|
||||
DOCKER_BUILDKIT=0 docker system prune -f 2>/dev/null || true
|
||||
export DOCKER_BUILDKIT=0
|
||||
echo "${{ secrets.REGISTRY_PASSWORD }}" | \
|
||||
docker login ${{ secrets.REGISTRY_URL }} \
|
||||
@@ -127,4 +114,4 @@ jobs:
|
||||
RUN_URL="https://hiveiq-gitea.directlx.dev/hiveiq-src/hiveops-aria/actions/runs/${{ github.run_id }}"
|
||||
curl -s -X POST "${{ secrets.SLACK_PROD_WEBHOOK_URL }}" \
|
||||
-H "Content-Type: application/json" \
|
||||
-d "{\"attachments\":[{\"color\":\"$COLOR\",\"text\":\"*<$RUN_URL|hiveops-aria CD Production — $STATUS>*\n${{ github.ref_name }} · $SHORT_SHA · ${{ github.actor }}\",\"mrkdwn_in\":[\"text\"],\"footer\":\"Gitea Actions\"}]}"
|
||||
-d "{\"attachments\":[{\"color\":\"$COLOR\",\"text\":\"*<$RUN_URL|hiveops-aria CD Production — $STATUS>*\\n${{ github.ref_name }} · $SHORT_SHA · ${{ github.actor }}\",\"mrkdwn_in\":[\"text\"],\"footer\":\"Gitea Actions\"}]}"
|
||||
|
||||
Reference in New Issue
Block a user