corrections violations Sonar #220
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI - native snapshot apps | |
| # Controls when the action will run. | |
| on: | |
| # Triggers the workflow on push or pull request events but only for the master branch | |
| push: | |
| branches: [ master ] | |
| pull_request: | |
| branches: [ master ] | |
| # Allows you to run this workflow manually from the Actions tab | |
| workflow_dispatch: | |
| jobs: | |
| # BUILD COMMUNS | |
| build-communs: | |
| name: Build Communs | |
| # The type of runner that the job will run on | |
| runs-on: ubuntu-latest | |
| environment: QUA | |
| permissions: | |
| contents: read | |
| packages: write | |
| steps: | |
| # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it | |
| - name: Checkout sources | |
| uses: actions/checkout@v4 | |
| - name: Set up JDK 21 | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: 21 | |
| distribution: 'temurin' | |
| cache: 'maven' | |
| - name: Cache Maven packages | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.m2 | |
| key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} | |
| restore-keys: ${{ runner.os }}-m2 | |
| # Runs the Build with Maven | |
| - name: Build Communs with Maven | |
| run: mvn clean install -B --file communs/pom.xml | |
| # Publish | |
| - name: Publish to GitHub Packages Apache Maven | |
| run: mvn --batch-mode deploy -DskipTests=true | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Find and Replace in Serverless Application Manager Config | |
| run: sed "s/__ENV__/QUA/g" /home/runner/work/gestion-budget-serverless/gestion-budget-serverless/communs/src/aws-deploy/samconfig.template.toml > /home/runner/work/gestion-budget-serverless/gestion-budget-serverless/communs/src/aws-deploy/samconfig.toml | |
| - name: Find and Replace in Serverless Application Manager | |
| run: sed -e "s/__ENV__/QUA/g" -e "s/__VERSION__/SNAPSHOT/g" -e "s/__DATABASE_URL__/${{ secrets.DATABASE_URL }}/g" -e "s/__DATABASE_NAME__/${{ secrets.DATABASE_NAME }}/g" -e "s/__APP_CONFIG_URL_IHM__/${{ vars.APP_CONFIG_URL_IHM }}/g" -e "s/__APP_CONFIG_URL_BACKENDS__/${{ vars.APP_CONFIG_URL_BACKENDS }}/g" -e "s/__OIDC_JWT_ID_APPUSERCONTENT__/${{ secrets.OIDC_JWT_ID_APPUSERCONTENT }}/g" -e "s/__QUARKUS_LOG_LEVEL__/${{ vars.QUARKUS_LOG_LEVEL }}/g" -e "s/__MONGODB_LOG_LEVEL__/${{ vars.MONGODB_LOG_LEVEL }}/g" /home/runner/work/gestion-budget-serverless/gestion-budget-serverless/communs/src/aws-deploy/sam.native.template.yaml > /home/runner/work/gestion-budget-serverless/gestion-budget-serverless/communs/src/aws-deploy/sam.native.yaml | |
| - uses: actions/upload-artifact@v4 | |
| name: Upload SAM Function Configuration | |
| with: | |
| name: function-sam | |
| path: /home/runner/work/gestion-budget-serverless/gestion-budget-serverless/communs/src/aws-deploy/sam.native.yaml | |
| - uses: actions/upload-artifact@v4 | |
| name: Upload SAM Configuration | |
| with: | |
| name: sam | |
| path: /home/runner/work/gestion-budget-serverless/gestion-budget-serverless/communs/src/aws-deploy/samconfig.toml | |
| # SONAR | |
| sonar-scan: | |
| name: Scan Sonar | |
| # The type of runner that the job will run on | |
| runs-on: ubuntu-latest | |
| # Steps represent a sequence of tasks that will be executed as part of the job | |
| steps: | |
| # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it | |
| - uses: actions/checkout@v4 | |
| - name: Set up JDK 21 | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: 21 | |
| distribution: 'temurin' | |
| cache: 'maven' | |
| - name: Cache SonarCloud packages | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.sonar/cache | |
| key: ${{ runner.os }}-sonar | |
| restore-keys: ${{ runner.os }}-sonar | |
| - name: Cache Maven packages | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.m2 | |
| key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} | |
| restore-keys: ${{ runner.os }}-m2 | |
| # Runs a single command using the runners shell | |
| - name: Build with Maven | |
| run: mvn -B verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -P sonar -Dsonar.host.url=${{ vars.SONAR_HOST }} -Dsonar.login=${{ secrets.SONAR_TOKEN }} -Dsonar.organization=${{ vars.SONAR_ORG }} -Dsonar.projectKey=vzwingma_gestion-budget-serverless --file pom.xml | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
| ########################### | |
| # BUILD # | |
| ########################### | |
| # Paramétrages | |
| build-quarkus-parametrages: | |
| name: Build µS Paramétrages | |
| # The type of runner that the job will run on | |
| runs-on: ubuntu-latest | |
| needs: build-communs | |
| steps: | |
| # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it | |
| - uses: actions/checkout@v4 | |
| - name: Set up JDK 21 | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: 21 | |
| distribution: 'temurin' | |
| cache: 'maven' | |
| # Step that does that actual cache save and restore | |
| - uses: actions/cache@v4 | |
| with: | |
| path: ~/.m2/repository | |
| key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} | |
| restore-keys: | | |
| ${{ runner.os }}-maven- | |
| # Runs a single command using the runners shell | |
| - name: Build Parametrage Native App with Maven | |
| run: mvn install -B -P native -Dnative -Dquarkus.native.container-build=true -Dquarkus.native.builder-image=quay.io/quarkus/ubi-quarkus-mandrel-builder-image:24.0-jdk-22 --file parametrages/pom.xml | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| # Upload Releases Snapshot | |
| - uses: actions/upload-artifact@v4 | |
| name: Upload Fonction serverless Paramétrages | |
| with: | |
| name: parametrages-function | |
| path: /home/runner/work/gestion-budget-serverless/gestion-budget-serverless/parametrages/target/function.zip | |
| # Utilisateurs | |
| build-quarkus-utilisateurs: | |
| name: Build µS Utilisateurs | |
| # The type of runner that the job will run on | |
| runs-on: ubuntu-latest | |
| needs: build-communs | |
| steps: | |
| # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it | |
| - uses: actions/checkout@v4 | |
| - name: Set up JDK 21 | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: 21 | |
| distribution: 'temurin' | |
| cache: 'maven' | |
| # Step that does that actual cache save and restore | |
| - uses: actions/cache@v4 | |
| with: | |
| path: ~/.m2/repository | |
| key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} | |
| restore-keys: | | |
| ${{ runner.os }}-maven- | |
| # Runs a single command using the runners shell | |
| - name: Build Utilisateurs Native App with Maven | |
| run: mvn install -B -P native -Dnative -Dquarkus.native.container-build=true -Dquarkus.native.builder-image=quay.io/quarkus/ubi-quarkus-mandrel-builder-image:24.0-jdk-22 --file utilisateurs/pom.xml | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| # Upload Releases Snapshot | |
| - uses: actions/upload-artifact@v4 | |
| name: Upload Fonction serverless Utilisateurs | |
| with: | |
| name: utilisateurs-function | |
| path: /home/runner/work/gestion-budget-serverless/gestion-budget-serverless/utilisateurs/target/function.zip | |
| # Paramétrages | |
| build-quarkus-comptes: | |
| name: Build µS Comptes | |
| # The type of runner that the job will run on | |
| runs-on: ubuntu-latest | |
| needs: build-communs | |
| steps: | |
| # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it | |
| - uses: actions/checkout@v4 | |
| - name: Set up JDK 21 | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: 21 | |
| distribution: 'temurin' | |
| cache: 'maven' | |
| # Step that does that actual cache save and restore | |
| - uses: actions/cache@v4 | |
| with: | |
| path: ~/.m2/repository | |
| key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} | |
| restore-keys: | | |
| ${{ runner.os }}-maven- | |
| # Runs a single command using the runners shell | |
| - name: Build Comptes Native App with Maven | |
| run: mvn install -B -P native -Dnative -Dquarkus.native.container-build=true -Dquarkus.native.builder-image=quay.io/quarkus/ubi-quarkus-mandrel-builder-image:24.0-jdk-22 --file comptes/pom.xml | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| # Upload Releases Snapshot | |
| - uses: actions/upload-artifact@v4 | |
| name: Upload Fonction serverless Comptes | |
| with: | |
| name: comptes-function | |
| path: /home/runner/work/gestion-budget-serverless/gestion-budget-serverless/comptes/target/function.zip | |
| # Paramétrages | |
| build-quarkus-operations: | |
| name: Build µS Opérations | |
| # The type of runner that the job will run on | |
| runs-on: ubuntu-latest | |
| needs: build-communs | |
| steps: | |
| # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it | |
| - uses: actions/checkout@v4 | |
| - name: Set up JDK 21 | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: 21 | |
| distribution: 'temurin' | |
| cache: 'maven' | |
| # Step that does that actual cache save and restore | |
| - uses: actions/cache@v4 | |
| with: | |
| path: ~/.m2/repository | |
| key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} | |
| restore-keys: | | |
| ${{ runner.os }}-maven- | |
| # Runs a single command using the runners shell | |
| - name: Build Opérations Native App with Maven | |
| run: mvn install -B -P native -Dnative -Dquarkus.native.container-build=true -Dquarkus.native.builder-image=quay.io/quarkus/ubi-quarkus-mandrel-builder-image:24.0-jdk-22 --file operations/pom.xml | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| # Upload Releases Snapshot | |
| - uses: actions/upload-artifact@v4 | |
| name: Upload Fonction serverless Opérations | |
| with: | |
| name: operations-function | |
| path: /home/runner/work/gestion-budget-serverless/gestion-budget-serverless/operations/target/function.zip | |
| ########################### | |
| # DEPLOY # | |
| ########################### | |
| deploy-lambdas-apps: | |
| name: Deploy Lambda on QUA | |
| # The type of runner that the job will run on | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build-quarkus-parametrages | |
| - build-quarkus-utilisateurs | |
| - build-quarkus-comptes | |
| - build-quarkus-operations | |
| steps: | |
| - uses: aws-actions/setup-sam@v2 | |
| name: Configure SAM | |
| with: | |
| use-installer: true | |
| - uses: aws-actions/configure-aws-credentials@v4 | |
| name: Configure AWS Access | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: eu-west-3 | |
| - uses: actions/download-artifact@v4 | |
| id: downloadServiceParametrage | |
| name: Download Service Paramétrages | |
| with: | |
| name: parametrages-function | |
| path: parametrages | |
| - uses: actions/download-artifact@v4 | |
| id: downloadServiceUtilisateurs | |
| name: Download Service Utilisateurs | |
| with: | |
| name: utilisateurs-function | |
| path: utilisateurs | |
| - uses: actions/download-artifact@v4 | |
| id: downloadServiceComptes | |
| name: Download Service Comptes | |
| with: | |
| name: comptes-function | |
| path: comptes | |
| - uses: actions/download-artifact@v4 | |
| id: downloadServiceOperations | |
| name: Download Service Opérations | |
| with: | |
| name: operations-function | |
| path: operations | |
| - uses: actions/download-artifact@v4 | |
| id: downloadSAMFunction | |
| name: Download SAM Function | |
| with: | |
| name: function-sam | |
| - uses: actions/download-artifact@v4 | |
| id: downloadSAM | |
| name: Download SAM Config | |
| with: | |
| name: sam | |
| - name: Display structure of downloaded files | |
| run: ls -R | |
| # Build inside Docker containers | |
| - run: sam build --use-container -t sam.native.yaml --config-file samconfig.toml | |
| name: SAM Build | |
| # Prevent prompts and failure when the stack is unchanged | |
| - run: sam deploy --no-confirm-changeset --no-fail-on-empty-changeset -t sam.native.yaml --config-file samconfig.toml | |
| name: SAM Deploy |