From 7515103a5ba2f6c2369a7e1d26c1acf74a7d14d7 Mon Sep 17 00:00:00 2001 From: devopslearnc Date: Sat, 17 May 2025 16:51:21 -0700 Subject: [PATCH 01/18] added multi stage files --- .github/workflows/multi-stage.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/multi-stage.yml b/.github/workflows/multi-stage.yml index 7f83525..37c188b 100644 --- a/.github/workflows/multi-stage.yml +++ b/.github/workflows/multi-stage.yml @@ -11,4 +11,4 @@ jobs: runs-on: ubuntu-latest steps: - name: check the dev - run: echo "matched to dev branch" \ No newline at end of file + run: echo "matched to dev branch date" \ No newline at end of file From f69cb92ad53e86f2af5dd028d0fcfbda58baf147 Mon Sep 17 00:00:00 2001 From: devopslearnc Date: Sat, 17 May 2025 16:51:57 -0700 Subject: [PATCH 02/18] added multi stage files --- .github/workflows/multi-stage.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/multi-stage.yml b/.github/workflows/multi-stage.yml index 37c188b..aad688a 100644 --- a/.github/workflows/multi-stage.yml +++ b/.github/workflows/multi-stage.yml @@ -5,7 +5,7 @@ on: - dev pull_request: branches: - - main + - dev jobs: push_event_check: runs-on: ubuntu-latest From ec1740d2d70c002e29ae6dbaf1e0d5b4c1b412b0 Mon Sep 17 00:00:00 2001 From: devopslearnc Date: Sat, 17 May 2025 17:19:15 -0700 Subject: [PATCH 03/18] added pom.xml java files --- .github/workflows/cicd.yml | 29 ++++++++++++ pom.xml | 75 ++++++++++++++++++++++++++++++ src/com/mycompany/app/App.java | 15 ++++++ src/com/mycompany/app/AppTest.java | 22 +++++++++ 4 files changed, 141 insertions(+) create mode 100644 .github/workflows/cicd.yml create mode 100644 pom.xml create mode 100644 src/com/mycompany/app/App.java create mode 100644 src/com/mycompany/app/AppTest.java diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml new file mode 100644 index 0000000..213215c --- /dev/null +++ b/.github/workflows/cicd.yml @@ -0,0 +1,29 @@ +name: CICD +on: + push: + branches: + - dev + - main + pull_request: + branches: + - dev + - main + +jobs: + build: + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v4 + name: Set up JDK 17 + - uses: actions/setup-java@v4 + with: + java-version: 17 + distribution: 'temurin' + cache: maven + + - name: Build with Maven + run: mvn -B -DskipTests clean package + + - name: mvn test + run: mvn test diff --git a/pom.xml b/pom.xml new file mode 100644 index 0000000..3847054 --- /dev/null +++ b/pom.xml @@ -0,0 +1,75 @@ + + 4.0.0 + com.mycompany.app + my-app + jar + 1.0-SNAPSHOT + my-app + https://maven.apache.org + + + org.junit.jupiter + junit-jupiter-api + 5.12.2 + test + + + + UTF-8 + + + + + + org.apache.maven.plugins + maven-compiler-plugin + 3.14.0 + + 17 + + + + + + + + org.apache.maven.plugins + maven-jar-plugin + 3.4.2 + + + + true + lib/ + com.mycompany.app.App + + + + + + org.apache.maven.plugins + maven-enforcer-plugin + 3.5.0 + + + enforce-maven + + enforce + + + + + [3.9.2,) + + + [17,) + + + + + + + + + \ No newline at end of file diff --git a/src/com/mycompany/app/App.java b/src/com/mycompany/app/App.java new file mode 100644 index 0000000..ef418dc --- /dev/null +++ b/src/com/mycompany/app/App.java @@ -0,0 +1,15 @@ +package com.mycompany.app; +public class App { + + private static final String MESSAGE = "Hello World!"; + + public App() {} + + public static void main(String[] args) { + System.out.println(MESSAGE); + } + + public String getMessage() { + return MESSAGE; + } +} \ No newline at end of file diff --git a/src/com/mycompany/app/AppTest.java b/src/com/mycompany/app/AppTest.java new file mode 100644 index 0000000..7121f5a --- /dev/null +++ b/src/com/mycompany/app/AppTest.java @@ -0,0 +1,22 @@ +package com.mycompany.app; +import org.junit.jupiter.api.Test; + +import static org.junit.jupiter.api.Assertions.assertEquals; + + +public class AppTest +{ + @Test + public void testAppConstructor() { + App app1 = new App(); + App app2 = new App(); + assertEquals(app1.getMessage(), app2.getMessage()); + } + + @Test + public void testAppMessage() + { + App app = new App(); + assertEquals("Hello World!", app.getMessage()); + } +} From 3010fa994d0bcd59359e0041ab8c23b22fb986fb Mon Sep 17 00:00:00 2001 From: devopslearnc Date: Sat, 17 May 2025 17:21:40 -0700 Subject: [PATCH 04/18] added pom.xml java files --- .github/workflows/cicd.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml index 213215c..3132c84 100644 --- a/.github/workflows/cicd.yml +++ b/.github/workflows/cicd.yml @@ -21,6 +21,8 @@ jobs: java-version: 17 distribution: 'temurin' cache: maven + - name: Java version + run: java --version - name: Build with Maven run: mvn -B -DskipTests clean package From e488047b0fd4e9b59720adaf7c1fc5e885524f39 Mon Sep 17 00:00:00 2001 From: devopslearnc Date: Sat, 17 May 2025 17:32:46 -0700 Subject: [PATCH 05/18] added pom.xml java files --- .github/workflows/cicd.yml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml index 3132c84..7e38ede 100644 --- a/.github/workflows/cicd.yml +++ b/.github/workflows/cicd.yml @@ -29,3 +29,17 @@ jobs: - name: mvn test run: mvn test + security-scan: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: Trivy Installation + run: | + sudo apt-get install wget apt-transport-https gnupg lsb-release + wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | gpg --dearmor | sudo tee /usr/share/keyrings/trivy.gpg > /dev/null + echo "deb [signed-by=/usr/share/keyrings/trivy.gpg] https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main" | sudo tee -a /etc/apt/sources.list.d/trivy.list + sudo apt-get update + sudo apt-get install trivy + + - name: Trivy scan + run: trivy fs --format table -o fs-report.json \ No newline at end of file From 641469d2771cbca74f42b21cb7f85305366f2eb1 Mon Sep 17 00:00:00 2001 From: devopslearnc Date: Sat, 17 May 2025 17:35:22 -0700 Subject: [PATCH 06/18] add git leaks --- .github/workflows/cicd.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml index 7e38ede..7fc06c6 100644 --- a/.github/workflows/cicd.yml +++ b/.github/workflows/cicd.yml @@ -42,4 +42,7 @@ jobs: sudo apt-get install trivy - name: Trivy scan - run: trivy fs --format table -o fs-report.json \ No newline at end of file + run: trivy fs --format table -o fs-report.json . + + - name: gitleaks scan + run: sudo apt install gitleaks -y \ No newline at end of file From 7259e1217ef8239a0d833e279ee2669495e88e9a Mon Sep 17 00:00:00 2001 From: devopslearnc Date: Sat, 17 May 2025 17:39:24 -0700 Subject: [PATCH 07/18] added needs stuff --- .github/workflows/cicd.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml index 7fc06c6..fc946fc 100644 --- a/.github/workflows/cicd.yml +++ b/.github/workflows/cicd.yml @@ -31,6 +31,7 @@ jobs: run: mvn test security-scan: runs-on: ubuntu-latest + needs: build steps: - uses: actions/checkout@v4 - name: Trivy Installation @@ -45,4 +46,7 @@ jobs: run: trivy fs --format table -o fs-report.json . - name: gitleaks scan - run: sudo apt install gitleaks -y \ No newline at end of file + run: sudo apt install gitleaks -y + + - name: Gitleaks Code Scan + run: gitleaks detect source . -r gitleaks-report.json -f json \ No newline at end of file From 20c1dd1ac8f8d4c5cb98f18b0b7e1df2aeec8864 Mon Sep 17 00:00:00 2001 From: devopslearnc Date: Sat, 17 May 2025 18:02:41 -0700 Subject: [PATCH 08/18] sonar stuff added --- .github/workflows/cicd.yml | 25 ++++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml index fc946fc..fe844ba 100644 --- a/.github/workflows/cicd.yml +++ b/.github/workflows/cicd.yml @@ -29,6 +29,7 @@ jobs: - name: mvn test run: mvn test + security-scan: runs-on: ubuntu-latest needs: build @@ -49,4 +50,26 @@ jobs: run: sudo apt install gitleaks -y - name: Gitleaks Code Scan - run: gitleaks detect source . -r gitleaks-report.json -f json \ No newline at end of file + run: gitleaks detect source . -r gitleaks-report.json -f json + + sonar-quality-gate: + runs-on: ubuntu-latest + needs: security-scan + steps: + - name: checkout the code + uses: actions/checkout@v4 + + - name: set up jdk 17 + uses: actions/setup-java@v4 + with: + java-version: 17 + distribution: 'temurin' + cache: maven + + - name: Cache SonarCloud packages + uses: actions/cache@v3 + with: + path: ~/.sonar/cache + key: ${{ runner.os }}-sonarcloud + restore-keys: | + ${{ runner.os }}-sonarcloud From eb24d8db931cc75d2fe8356b305c130525447f57 Mon Sep 17 00:00:00 2001 From: devopslearnc Date: Sat, 17 May 2025 18:12:45 -0700 Subject: [PATCH 09/18] sonar stuff added --- .github/workflows/cicd.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml index fe844ba..cf06da1 100644 --- a/.github/workflows/cicd.yml +++ b/.github/workflows/cicd.yml @@ -73,3 +73,13 @@ jobs: key: ${{ runner.os }}-sonarcloud restore-keys: | ${{ runner.os }}-sonarcloud + + - name: SonarCloud Scan + env: + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + run: | + sonar-scanner \ + -Dsonar.organization=your-org \ + -Dsonar.projectKey=your-org_your-repo \ + -Dsonar.host.url=https://sonarcloud.io \ + -Dsonar.login=$SONAR_TOKEN From 881fc122aa16ceb0da678a82abaacc99f30ce34a Mon Sep 17 00:00:00 2001 From: devopslearnc Date: Sat, 17 May 2025 18:18:56 -0700 Subject: [PATCH 10/18] sonar stuff added --- .github/workflows/cicd.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml index cf06da1..c96dbe6 100644 --- a/.github/workflows/cicd.yml +++ b/.github/workflows/cicd.yml @@ -83,3 +83,9 @@ jobs: -Dsonar.projectKey=your-org_your-repo \ -Dsonar.host.url=https://sonarcloud.io \ -Dsonar.login=$SONAR_TOKEN + + - name: SonarCloud Quality Gate + uses: SonarSource/sonarcloud-github-action@master + with: + args: > + bash <(curl -s https://raw.githubusercontent.com/SonarSource/sonarcloud-github-action/master/entrypoint.sh) From 0308adaa3877cdc901b88e308ba38692e35bc748 Mon Sep 17 00:00:00 2001 From: devopslearnc Date: Sat, 17 May 2025 18:26:37 -0700 Subject: [PATCH 11/18] sonar stuff added --- .github/workflows/cicd.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml index c96dbe6..a894f03 100644 --- a/.github/workflows/cicd.yml +++ b/.github/workflows/cicd.yml @@ -89,3 +89,8 @@ jobs: with: args: > bash <(curl -s https://raw.githubusercontent.com/SonarSource/sonarcloud-github-action/master/entrypoint.sh) + buils_docker_image_and_push: + runs-on: ubuntu-latest + needs: sonar-quality-gate + steps: + - uses: actions/checkout@v4 \ No newline at end of file From 29dc272d76a6f58b52c66a697615c6df9e333693 Mon Sep 17 00:00:00 2001 From: devopslearnc Date: Sat, 17 May 2025 18:29:55 -0700 Subject: [PATCH 12/18] sonar stuff added --- .github/workflows/cicd.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml index a894f03..ee22dda 100644 --- a/.github/workflows/cicd.yml +++ b/.github/workflows/cicd.yml @@ -66,6 +66,14 @@ jobs: distribution: 'temurin' cache: maven + - name: Install SonarScanner CLI + run: | + # download and unpack + wget https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.8.0.2856-linux.zip + unzip sonar-scanner-cli-4.8.0.2856-linux.zip + # add to PATH + echo "::add-path::${{ runner.workspace }}/sonar-scanner-4.8.0.2856-linux/bin" + - name: Cache SonarCloud packages uses: actions/cache@v3 with: From 82124b1d665aa01fc1739306ff918ac067ecace1 Mon Sep 17 00:00:00 2001 From: devopslearnc Date: Sat, 17 May 2025 18:33:10 -0700 Subject: [PATCH 13/18] sonar stuff added --- .github/workflows/cicd.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml index ee22dda..bd123a1 100644 --- a/.github/workflows/cicd.yml +++ b/.github/workflows/cicd.yml @@ -68,11 +68,10 @@ jobs: - name: Install SonarScanner CLI run: | - # download and unpack wget https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.8.0.2856-linux.zip unzip sonar-scanner-cli-4.8.0.2856-linux.zip - # add to PATH - echo "::add-path::${{ runner.workspace }}/sonar-scanner-4.8.0.2856-linux/bin" + echo "${{ runner.workspace }}/sonar-scanner-4.8.0.2856-linux/bin" >> $GITHUB_PATH + - name: Cache SonarCloud packages uses: actions/cache@v3 From d4f2bec28c6b799a0c4c34655e57ea0f9916293f Mon Sep 17 00:00:00 2001 From: devopslearnc Date: Sat, 17 May 2025 18:38:20 -0700 Subject: [PATCH 14/18] sonar stuff added --- .github/workflows/cicd.yml | 37 ++++++++++++------------------------- 1 file changed, 12 insertions(+), 25 deletions(-) diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml index bd123a1..386bff4 100644 --- a/.github/workflows/cicd.yml +++ b/.github/workflows/cicd.yml @@ -66,36 +66,23 @@ jobs: distribution: 'temurin' cache: maven - - name: Install SonarScanner CLI - run: | - wget https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.8.0.2856-linux.zip - unzip sonar-scanner-cli-4.8.0.2856-linux.zip - echo "${{ runner.workspace }}/sonar-scanner-4.8.0.2856-linux/bin" >> $GITHUB_PATH - - - - name: Cache SonarCloud packages - uses: actions/cache@v3 + - name: Cache SonarQube packages + uses: actions/cache@v4 with: path: ~/.sonar/cache - key: ${{ runner.os }}-sonarcloud - restore-keys: | - ${{ runner.os }}-sonarcloud - - - name: SonarCloud Scan + key: ${{ runner.os }}-sonar + restore-keys: ${{ runner.os }}-sonar + - name: Cache Maven packages + uses: actions/cache@v4 + with: + path: ~/.m2 + key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} + restore-keys: ${{ runner.os }}-m2 + - name: Build and analyze env: SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} - run: | - sonar-scanner \ - -Dsonar.organization=your-org \ - -Dsonar.projectKey=your-org_your-repo \ - -Dsonar.host.url=https://sonarcloud.io \ - -Dsonar.login=$SONAR_TOKEN + run: mvn -B verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.projectKey=devopslearnc_Github-Actions-Examples - - name: SonarCloud Quality Gate - uses: SonarSource/sonarcloud-github-action@master - with: - args: > - bash <(curl -s https://raw.githubusercontent.com/SonarSource/sonarcloud-github-action/master/entrypoint.sh) buils_docker_image_and_push: runs-on: ubuntu-latest needs: sonar-quality-gate From 84c2467d2460ed30d1994d6c2e5cc3e17fcb56c8 Mon Sep 17 00:00:00 2001 From: devopslearnc Date: Sat, 17 May 2025 18:41:49 -0700 Subject: [PATCH 15/18] sonar stuff added --- sonar-project.properties | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 sonar-project.properties diff --git a/sonar-project.properties b/sonar-project.properties new file mode 100644 index 0000000..ea440db --- /dev/null +++ b/sonar-project.properties @@ -0,0 +1,3 @@ +sonar.projectKey=devopslearnc_Github-Actions-Examples +sonar.organization=devopslearnc +sonar.host.url=https://sonarcloud.io From d0a3460e19997ab103b8cbe134900d6913f97ef0 Mon Sep 17 00:00:00 2001 From: devopslearnc Date: Sat, 17 May 2025 18:43:51 -0700 Subject: [PATCH 16/18] sonar stuff added --- pom.xml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pom.xml b/pom.xml index 3847054..1e9ed41 100644 --- a/pom.xml +++ b/pom.xml @@ -17,6 +17,8 @@ UTF-8 + murali-sonar-practice + https://sonarcloud.io From a830cc2969d4b1e672ce1aa1eead68c18cbad9a4 Mon Sep 17 00:00:00 2001 From: devopslearnc Date: Sat, 17 May 2025 19:26:51 -0700 Subject: [PATCH 17/18] sonar stuff added --- .github/workflows/cicd.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml index 386bff4..6f5fcc1 100644 --- a/.github/workflows/cicd.yml +++ b/.github/workflows/cicd.yml @@ -86,5 +86,11 @@ jobs: buils_docker_image_and_push: runs-on: ubuntu-latest needs: sonar-quality-gate + steps: + - uses: actions/checkout@v4 + + buils_docker_image_and_pushh: + runs-on: ubuntu-latest + needs: buils_docker_image_and_push steps: - uses: actions/checkout@v4 \ No newline at end of file From 1f3333ac69a7f17061219f3688485ab1f4b8e357 Mon Sep 17 00:00:00 2001 From: devopslearnc Date: Sat, 17 May 2025 19:28:55 -0700 Subject: [PATCH 18/18] sonar stuff added --- .github/workflows/cicd.yml | 6 ------ 1 file changed, 6 deletions(-) diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml index 6f5fcc1..386bff4 100644 --- a/.github/workflows/cicd.yml +++ b/.github/workflows/cicd.yml @@ -86,11 +86,5 @@ jobs: buils_docker_image_and_push: runs-on: ubuntu-latest needs: sonar-quality-gate - steps: - - uses: actions/checkout@v4 - - buils_docker_image_and_pushh: - runs-on: ubuntu-latest - needs: buils_docker_image_and_push steps: - uses: actions/checkout@v4 \ No newline at end of file