diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS new file mode 100644 index 0000000..282a791 --- /dev/null +++ b/.github/CODEOWNERS @@ -0,0 +1,2 @@ +# Only allow Workiva employees to alter GHA workflows +/.github/ @Workiva/cloud42 diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml new file mode 100644 index 0000000..1d447de --- /dev/null +++ b/.github/workflows/ci.yaml @@ -0,0 +1,62 @@ +name: flip-tables CI + +on: + pull_request: + branches: [ '*' ] + push: + branches: [ 'master' ] + tags: [ '*' ] + +permissions: + contents: read + id-token: write + +jobs: + gradle-build: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: actions/setup-java@v4 + with: + distribution: 'corretto' + java-version: '8' + - uses: gradle/actions/setup-gradle@v3 + + - name: Build Release Version + if: ${{ github.ref_type == 'tag' }} + run: ./gradlew clean assemble --info -Dorg.gradle.project.version=${{ github.ref_name }} + + - name: Build Non-Release Version + if: ${{ github.ref_type != 'tag' }} + run: ./gradlew clean assemble --info + + - name: Bundle/TAR up JAR files + run: | + tar -cvzf ./build/libs/java.tar.gz ./build/libs/*.jar + ls -ls ./build/libs + + - name: Publish Artifact + uses: actions/upload-artifact@v4 + with: + name: flip-tables + path: ./build/libs/flip-tables-*.*.jar + + - name: Publish Snapshot + if: ${{ github.ref_type != 'tag' && github.ref_name != 'master' && hashFiles('./build/libs/*-SNAPSHOT.jar') != '' }} + uses: actions/upload-artifact@v4 + with: + name: flip-tables-snapshot + path: ./build/libs/*-SNAPSHOT.jar + + Unit-Test: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: actions/setup-java@v4 + with: + distribution: 'corretto' + java-version: '8' + - uses: gradle/actions/setup-gradle@v3 + + - name: Run Tests + run: ./gradlew --no-daemon --console=plain test diff --git a/.github/workflows/publish-sbom.yaml b/.github/workflows/publish-sbom.yaml new file mode 100644 index 0000000..e65810f --- /dev/null +++ b/.github/workflows/publish-sbom.yaml @@ -0,0 +1,26 @@ +name: Publish SBOM + +on: + push: + tags: + # Releases + - '[0-9]+.[0-9]+.[0-9]+' + +# Permissions should look like this +permissions: + contents: write + id-token: write + pull-requests: write + +jobs: + create-sbom-release-asset: + name: Create SBOM Release Asset + runs-on: ubuntu-latest + steps: + # If you don't check the code out, the SBOM will be empty + - uses: actions/checkout@v4 + - name: Publish SBOM to Release Assets + uses: anchore/sbom-action@v0 + with: + path: ./ # actions/checkout default location + format: cyclonedx-json diff --git a/Dockerfile b/Dockerfile deleted file mode 100644 index 6f6878b..0000000 --- a/Dockerfile +++ /dev/null @@ -1,28 +0,0 @@ -FROM amazoncorretto:8 AS build -WORKDIR /build - -RUN yum install tar gzip -y - -COPY settings.gradle build.gradle gradlew ./ -COPY gradle gradle - -# run to pull down the gradle wrapper and cache that on its own layer -RUN ./gradlew --version - -COPY . . - -ARG GIT_BRANCH -ARG GIT_TAG - -# Build the application. -# -RUN ./scripts/build.sh -# Collect assembled jar for publishing -ARG BUILD_ARTIFACTS_JAVA=/build/build/libs/*.jar - -# Generate Veracode Artifact -RUN tar -cvzf /java.tar.gz /build/build/libs/ -ARG BUILD_ARTIFACTS_VERACODE=/java.tar.gz - -# We only care about publishing a jar -FROM scratch diff --git a/skynet.yaml b/skynet.yaml deleted file mode 100644 index e4b64d0..0000000 --- a/skynet.yaml +++ /dev/null @@ -1,24 +0,0 @@ -# Testing with Skynet - https://github.com/Workiva/skynet/tree/master/docs -name: flip-tables-tests -image: amazoncorretto:8 -description: run flip-tables unit tests -timeout: 300 #5 minutes -size: small -contact: support-onecloud - -run: - on-pull-request: yes - on-tag: yes - when-branch-name-is: - - .*_debug - - ^refs/tags/.+ - - master - -artifacts: - - /testing/build/test-results/test - -test-reports: - - /testing/build/test-results/test - -scripts: - - ./gradlew --no-daemon --console=plain test