diff --git a/.github/workflows/build-test-deploy.yml b/.github/workflows/build-test-deploy.yml
new file mode 100644
index 00000000..0db42c79
--- /dev/null
+++ b/.github/workflows/build-test-deploy.yml
@@ -0,0 +1,44 @@
+name: Build, Test and Deploy
+
+on:
+ push:
+ branches:
+ - main
+ pull_request:
+ branches:
+ - main
+
+jobs:
+
+ build-test-and-push:
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout@v2
+ - name: Set up JDK 11
+ uses: actions/setup-java@v2
+ with:
+ java-version: 11
+ distribution: adopt
+ - name: Docker Login
+ uses: Azure/docker-login@v1
+ with:
+ username: ${{ secrets.REGISTRY_USERNAME }}
+ password: ${{ secrets.REGISTRY_PASSWORD }}
+ - name: Build application
+ run: mvn -B package jib:dockerBuild -Dimage=porscheinformatik/angular-spring-heroes
+ - name: Build acceptance tests
+ run: docker build -t heroes-acceptence-tests heroes-acceptence-tests
+ - name: Run app for tests
+ run: |
+ docker run --name ash -d --rm -p 8080:8080 porscheinformatik/angular-spring-heroes
+ sleep 30
+ docker run -i --rm --link ash heroes-acceptence-tests --config baseUrl=http://ash:8080
+ - name: Push image to Docker Hub
+ if: github.ref == 'refs/heads/main' && github.event_name == 'push'
+ run: docker push porscheinformatik/angular-spring-heroes
+ - name: Push image to ghcr.io
+ if: github.ref == 'refs/heads/main' && github.event_name == 'push'
+ run: |
+ echo ${{ secrets.GHCR_PASSWORD }} | docker login ghcr.io -u ${{ secrets.GHCR_USERNAME }} --password-stdin
+ docker tag porscheinformatik/angular-spring-heroes ghcr.io/porscheinformatik/angular-spring-heroes
+ docker push ghcr.io/porscheinformatik/angular-spring-heroes
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
new file mode 100644
index 00000000..a05a691c
--- /dev/null
+++ b/.github/workflows/codeql-analysis.yml
@@ -0,0 +1,54 @@
+name: "CodeQL"
+
+on:
+ push:
+ branches:
+ - main
+ pull_request:
+ branches:
+ - main
+ schedule:
+ - cron: '41 21 * * 6'
+
+jobs:
+ analyze:
+ name: Analyze
+ runs-on: ubuntu-latest
+
+ strategy:
+ fail-fast: false
+ matrix:
+ language: [ 'java', 'javascript' ]
+
+ steps:
+ - name: Checkout repository
+ uses: actions/checkout@v2
+
+ # Initializes the CodeQL tools for scanning.
+ - name: Initialize CodeQL
+ uses: github/codeql-action/init@v1
+ with:
+ languages: ${{ matrix.language }}
+ # If you wish to specify custom queries, you can do so here or in a config file.
+ # By default, queries listed here will override any specified in a config file.
+ # Prefix the list here with "+" to use these queries and those in the config file.
+ # queries: ./path/to/local/query, your-org/your-repo/queries@main
+
+ # Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
+ # If this step fails, then you should remove it and run the build manually (see below)
+ - name: Autobuild
+ uses: github/codeql-action/autobuild@v1
+
+ # âšī¸ Command-line programs to run using the OS shell.
+ # đ https://git.io/JvXDl
+
+ # âī¸ If the Autobuild fails above, remove it and uncomment the following three lines
+ # and modify them (or add more) to build your code if your project
+ # uses a compiled language
+
+ #- run: |
+ # make bootstrap
+ # make release
+
+ - name: Perform CodeQL Analysis
+ uses: github/codeql-action/analyze@v1
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 3ccb4883..0eaac1c8 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -18,7 +18,7 @@ build:
variables:
MAVEN_CLI_OPTS: "--batch-mode --errors --fail-at-end --show-version -Djib.from.auth.username=$DOCKER_REGISTRY_USER -Djib.from.auth.password=$DOCKER_REGISTRY_PASSWORD -Djib.to.auth.username=$DOCKER_REGISTRY_USER -Djib.to.auth.password=$DOCKER_REGISTRY_PASSWORD"
script:
- - mvn $MAVEN_CLI_OPTS package jib:build -Djib.container.creationTime=`git show -s --format=%cI $CI_COMMIT_SHA` -DimageTag=$CI_COMMIT_REF_SLUG
+ - mvn $MAVEN_CLI_OPTS package jib:build -DfromImage=docker.porscheinformatik.com/eenv/openjdk:11-jre -Dentrypoint=/usr/local/bin/run-java.sh -Djib.container.creationTime=`git show -s --format=%cI $CI_COMMIT_SHA` -DimageTag=$CI_COMMIT_REF_SLUG
build-sonarqube:
rules:
diff --git a/heroes-acceptence-tests/.dockerignore b/heroes-acceptence-tests/.dockerignore
new file mode 100644
index 00000000..e3f4a471
--- /dev/null
+++ b/heroes-acceptence-tests/.dockerignore
@@ -0,0 +1,2 @@
+node_modules/
+Dockerfile
\ No newline at end of file
diff --git a/heroes-acceptence-tests/Dockerfile b/heroes-acceptence-tests/Dockerfile
new file mode 100644
index 00000000..dfb86f9a
--- /dev/null
+++ b/heroes-acceptence-tests/Dockerfile
@@ -0,0 +1,9 @@
+FROM cypress/base:14
+
+COPY . /tmp/heroes-acceptence-tests/
+
+WORKDIR /tmp/heroes-acceptence-tests
+
+RUN CI=true npm install
+
+ENTRYPOINT [ "./node_modules/.bin/cypress", "run" ]
diff --git a/heroes-webapp/pom.xml b/heroes-webapp/pom.xml
index a607dc5e..fe8eb7a7 100644
--- a/heroes-webapp/pom.xml
+++ b/heroes-webapp/pom.xml
@@ -57,6 +57,9 @@
false
+ gcr.io/distroless/java:11
+ latest
+
@@ -80,7 +83,7 @@
jib-maven-plugin
- docker.porscheinformatik.com/eenv/openjdk:11-jre
+ ${fromImage}
docker.porscheinformatik.com/koc/angular-spring-heroes:${imageTag}
@@ -89,7 +92,7 @@
heroes.HeroesApplication
- /usr/local/bin/run-java.sh
+ ${entrypoint}
diff --git a/pom.xml b/pom.xml
index bdb0bf93..c02ab816 100644
--- a/pom.xml
+++ b/pom.xml
@@ -17,7 +17,6 @@
true
1.12.0
2.31.861
- latest
diff --git a/renovate.json b/renovate.json
index ffbc06c9..e34d6ba4 100644
--- a/renovate.json
+++ b/renovate.json
@@ -1,6 +1,6 @@
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
- "extends": ["local>eenv/renovate/renovate-config", "group:allNonMajor"],
+ "extends": ["github>porscheinformatik/renovate-config", "group:allNonMajor"],
"packageRules": [
{
"matchPackageNames": ["rxjs"],