fix: eperusteet-ylops-service/pom.xml to reduce vulnerabilities #1057
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Eperusteet-ylops build | |
on: [workflow_dispatch, push] | |
env: | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
EPERUSTEET_SERVICE_DIR: ${{ github.workspace }}/eperusteet/eperusteet/eperusteet-service | |
AMOSAA_SERVICE_DIR: ${{ github.workspace }}/eperusteet-amosaa/eperusteet-amosaa-service | |
ARTIFACT_NAME: eperusteet-ylops | |
jobs: | |
build-and-test-eperusteet-ylops-ui: | |
runs-on: ubuntu-latest | |
env: | |
EPERUSTEET_YLOPS_SPECFILE: https://raw.githubusercontent.com/Opetushallitus/eperusteet-ylops/${{ github.ref_name }}/generated/ylops.spec.json | |
steps: | |
- name: Checkout source | |
uses: actions/checkout@v4 | |
- name: Set up Node 21 | |
uses: actions/setup-node@v4 | |
with: | |
node-version: '21.7.3' | |
- name: Enable corepack for nodejs | |
run: corepack enable | |
- name: Check if UI has same branch | |
id: ui_branch_status | |
run: | | |
if [ "$(curl -s -o /dev/null -I -w '%{http_code}' https://github.com/Opetushallitus/eperusteet-ylops-ui/tree/${{ github.ref_name }})" == "200" ] | |
then | |
echo branch found | |
echo "EPERUSTEET_YLOPS_UI_GIT_BRANCH=-b ${{ github.ref_name }}" >> $GITHUB_ENV | |
else | |
echo "EPERUSTEET_YLOPS_UI_GIT_BRANCH=" >> $GITHUB_ENV | |
echo branch not found | |
fi | |
- name: Build with Maven | |
run: | | |
git clone ${{ env.EPERUSTEET_YLOPS_UI_GIT_BRANCH }} --recurse-submodules --depth 1 https://github.com/Opetushallitus/eperusteet-ylops-ui.git | |
git clone --depth=1 https://github.com/Opetushallitus/eperusteet | |
git clone --depth=1 https://github.com/Opetushallitus/eperusteet-amosaa | |
cd eperusteet-ylops-ui | |
yarn install --silent | |
cd eperusteet-frontend-utils/vue | |
yarn install --silent | |
yarn gen:api | |
rm -rf node_modules | |
cd ../.. | |
echo "----------ui:n viimeisimman commitin sha----------" | |
git rev-parse HEAD | |
yarn build | |
- name: Upload eperusteet-ylops-ui | |
uses: actions/upload-artifact@v4 | |
with: | |
name: eperusteet-ylops-ui | |
path: eperusteet-ylops-ui/dist/ | |
build-and-test-eperusteet-ylops-service: | |
needs: [build-and-test-eperusteet-ylops-ui] | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout source | |
uses: actions/checkout@v4 | |
- name: Download ui | |
uses: actions/download-artifact@v4 | |
with: | |
name: eperusteet-ylops-ui | |
path: eperusteet-ylops-service/src/main/resources/static/ui | |
- name: Set up JDK 17 | |
uses: actions/setup-java@v4 | |
with: | |
java-version: '17' | |
distribution: 'adopt' | |
cache: 'maven' | |
- name: Build with Maven | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
run: | | |
cd eperusteet-ylops-service | |
mvn clean verify --batch-mode -Pit | |
- name: Upload Coverage to Code Climate | |
if: ${{ github.ref_name == 'master' }} | |
env: | |
CC_TEST_REPORTER_ID: ${{ secrets.CC_TEST_REPORTER_ID }} | |
run: | | |
cd eperusteet-ylops-service/src/main/java | |
curl -L https://codeclimate.com/downloads/test-reporter/test-reporter-latest-linux-amd64 > ./cc-test-reporter | |
chmod +x ./cc-test-reporter | |
./cc-test-reporter before-build | |
./cc-test-reporter format-coverage -t jacoco --add-prefix src/main/java/ ../../../target/jacoco/jacoco.xml | |
./cc-test-reporter upload-coverage | |
- name: Upload eperusteet-ylops-service-jar | |
uses: actions/upload-artifact@v4 | |
with: | |
name: eperusteet-ylops-service-jar | |
path: eperusteet-ylops-service/target/eperusteet-ylops-service.jar | |
build-image: | |
needs: [build-and-test-eperusteet-ylops-service] | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout source | |
uses: actions/checkout@v4 | |
- name: Download service-jar | |
uses: actions/download-artifact@v4 | |
with: | |
name: eperusteet-ylops-service-jar | |
- name: Build Docker Conainer | |
shell: bash | |
run: | | |
git clone https://github.com/Opetushallitus/ci-tools.git | |
source ci-tools/common/setup-tools.sh | |
export BASE_IMAGE="baseimage-fatjar-openjdk17:master" | |
cp ${ARTIFACT_NAME}-service.jar $DOCKER_BUILD_DIR/artifact/${ARTIFACT_NAME}.jar | |
cp -vr src/main/resources/oph-configuration $DOCKER_BUILD_DIR/config/ | |
./ci-tools/common/pull-image.sh | |
./ci-tools/github-build/build-fatjar.sh $ARTIFACT_NAME | |
./ci-tools/github-build/upload-image.sh $ARTIFACT_NAME |