diff --git a/.github/workflows/gradle.yml b/.github/workflows/gradle.yml index 39d35e4..68e4dc0 100644 --- a/.github/workflows/gradle.yml +++ b/.github/workflows/gradle.yml @@ -1,10 +1,6 @@ name: PR Test & Analysis on: - push: - branches: - - main - - dev pull_request: types: [ opened, reopened, synchronize ] branches: @@ -18,6 +14,8 @@ concurrency: jobs: fetch-and-diff: runs-on: ubuntu-latest + env: + MODULES: demo demo1 outputs: modified_modules: ${{ steps.determine_modules.outputs.modules }} @@ -28,12 +26,9 @@ jobs: with: fetch-depth: 0 - - name: Set Modules - run: | - echo "MODULES=demo demo1" >> $GITHUB_ENV - - name: Fetch Base Branch - run: git fetch origin +refs/heads/${{ github.ref_name }}:refs/remotes/origin/${{ github.ref_name }} + run: | + git fetch origin +refs/heads/${{ github.head_ref }}:refs/remotes/origin/${{ github.base_ref }} - name: Get Modified Files run: | @@ -87,10 +82,55 @@ jobs: MODULES=$(echo "$RAW_MODULES" | sed 's/\[//g; s/\]//g') IFS=',' read -ra MODIFIED_MODULES <<< "$MODULES" for MODULE in "${MODIFIED_MODULES[@]}"; do - docker build -f ${MODULE}/Dockerfile -t jerryworld/${MODULE}-${{ github.ref_name }}:${{ github.sha }} . - docker push jerryworld/${MODULE}-${{ github.ref_name }}:${{ github.sha }} + docker build -f ${MODULE}/Dockerfile -t jerryworld/${MODULE}-${{ github.base_ref }}:${{ github.sha }} . + docker push jerryworld/${MODULE}-${{ github.base_ref }}:${{ github.sha }} done - + scan: + needs: fetch-and-diff + runs-on: ubuntu-latest + strategy: + matrix: + module: ${{ fromJSON(needs.fetch-and-diff.outputs.modified_modules) }} + steps: + - name: Install Trivy + run: | + curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sudo sh -s -- -b /usr/local/bin + - name: Run Trivy vulnerability scanner + run: | + echo "CHECK Target : ${{ matrix.module }}" + MODULE=${{ matrix.module }} + trivy image \ + --format table \ + --ignore-unfixed \ + --vuln-type os,library \ + --severity CRITICAL,HIGH,MEDIUM \ + --output ${MODULE}_trivy-results.sarif \ + jerryworld/${{ matrix.module }}-${{ github.base_ref }}:${{ github.sha }} + - name: check sarif + id: save_sarif + run: | + ls -al + MODULE=${{ matrix.module }} + DATA=$(cat ${MODULE}_trivy-results.sarif) + echo -e "trivy-results<> $GITHUB_OUTPUT + echo -e "$DATA" >> $GITHUB_OUTPUT + echo "EOF" >> $GITHUB_OUTPUT + - name: Add comment + uses: actions/github-script@v6 + env: + TRIVY_RESULTS: ${{ steps.save_sarif.outputs.trivy-results }} + with: + github-token: ${{ secrets.GIT_TOKEN }} + script: | + const { owner, repo } = context.repo; + const pr_number = context.payload.pull_request.number; + + github.rest.issues.createComment({ + owner: owner, + repo: repo, + issue_number: pr_number, + body: process.env.TRIVY_RESULTS + }); push-manifest: name: Push Manifest needs: fetch-and-diff @@ -112,13 +152,16 @@ jobs: git config --global user.name "jerry-world" echo "UPDATE Target : ${{ matrix.module }}" - IFS=' ' read -r -a MODIFIED_MODULES <<< "${{ matrix.module }}" - for MODULE in "${MODIFIED_MODULES[@]}"; do - cd apps/${MODULE}/overlay/${{ github.ref_name }} - after_sha="${{ github.sha }}" - echo "this revision : ${after_sha}" - sed -i "s|\(image:[[:space:]]*[^:]*:\)[^[:space:]]*$|\1${after_sha}|g" ${MODULE}-deployment-patch.yaml - git add -A - git commit -m "update manifest demo" - done - git push \ No newline at end of file + MODULE=${{ matrix.module }} + cd apps/${MODULE}/overlay/${{ github.base_ref }} + after_sha="${{ github.sha }}" + echo "this revision : ${after_sha}" + sed -i "s|\(image:[[:space:]]*[^:]*:\)[^[:space:]]*$|\1${after_sha}|g" ${MODULE}-deployment-patch.yaml + git add -A + git commit -m "update manifest demo" + git push + + +#env: +# SLACK_VULNERABILITY_WEBHOOK_URL: ${{secrets.SLACK_VULNERABILITY_WEBHOOK_URL}} +# SLACK_PR_NOTIFICATION_WEBHOOK_URL: ${{secret.SLACK_PR_NOTIFICATION_WEBHOOK_URL}} \ No newline at end of file diff --git a/demo/build.gradle b/demo/build.gradle index 8442059..3b5233d 100644 --- a/demo/build.gradle +++ b/demo/build.gradle @@ -23,6 +23,45 @@ dependencies { testImplementation 'org.springframework.boot:spring-boot-starter-test' testRuntimeOnly 'org.junit.platform:junit-platform-launcher' implementation 'org.springframework.boot:spring-boot-starter-web' + + implementation 'org.springframework.boot:spring-boot-starter' + implementation 'org.springframework.boot:spring-boot-starter-web' + implementation 'org.springframework.boot:spring-boot-starter-webflux' + implementation 'org.springframework.boot:spring-boot-starter-data-jpa' + implementation 'org.springframework.boot:spring-boot-starter-validation' + implementation 'org.springframework.cloud:spring-cloud-starter' + implementation 'org.springframework.cloud:spring-cloud-starter-config' + implementation 'org.springframework.boot:spring-boot-starter-actuator' + + // KMS + implementation 'com.github.ulisesbocchio:jasypt-spring-boot-starter:3.0.5' + + // Jpa - JSON + implementation 'io.hypersistence:hypersistence-utils-hibernate-63:3.7.6' + + // queryDSL + implementation 'com.querydsl:querydsl-jpa:5.1.0:jakarta' + implementation 'com.querydsl:querydsl-sql-spatial:5.1.0' + annotationProcessor "com.querydsl:querydsl-apt:5.1.0:jakarta" + annotationProcessor "jakarta.annotation:jakarta.annotation-api" + annotationProcessor "jakarta.persistence:jakarta.persistence-api" + + // Swagger + implementation 'org.springdoc:springdoc-openapi-starter-webmvc-ui:2.5.0' + + // Geo + implementation 'org.hibernate.orm:hibernate-spatial:6.5.0.Final' + + // MapStruct + implementation 'org.mapstruct:mapstruct:1.5.5.Final' + annotationProcessor 'org.mapstruct:mapstruct-processor:1.5.5.Final' + + //poi + implementation "org.apache.poi:poi:5.4.0" + implementation "org.apache.poi:poi-ooxml:5.4.0" + + // Slack + implementation 'com.slack.api:slack-api-client:1.43.1' } tasks.named('test') { diff --git a/demo/src/main/java/com/example/demo/DemoApplication.java b/demo/src/main/java/com/example/demo/DemoApplication.java index 1ef4920..1f9ab53 100644 --- a/demo/src/main/java/com/example/demo/DemoApplication.java +++ b/demo/src/main/java/com/example/demo/DemoApplication.java @@ -9,5 +9,5 @@ public class DemoApplication { public static void main(String[] args) { SpringApplication.run(DemoApplication.class, args); } - //수정테스트3 - DIFF + //수정테스트3 - DIFF12 } diff --git a/demo/src/main/java/com/example/demo/home/HomeController.java b/demo/src/main/java/com/example/demo/home/HomeController.java index 848f0a4..30b77f4 100644 --- a/demo/src/main/java/com/example/demo/home/HomeController.java +++ b/demo/src/main/java/com/example/demo/home/HomeController.java @@ -10,7 +10,8 @@ public class HomeController { @GetMapping @RequestMapping(value = "/home") public String home() { - System.out.println("home Chkeck"); + System.out.println("home Check"); + System.out.println("Trivy 테스트10"); return "Welcome home"; } } diff --git a/demo1/src/main/java/com/example/demo/home1/Home1Controller.java b/demo1/src/main/java/com/example/demo/home1/Home1Controller.java index 05a4d33..56f493d 100644 --- a/demo1/src/main/java/com/example/demo/home1/Home1Controller.java +++ b/demo1/src/main/java/com/example/demo/home1/Home1Controller.java @@ -9,7 +9,7 @@ public class Home1Controller { @GetMapping public String home1(){ - System.out.println("home1"); + System.out.println("home1_11"); return "home1"; } }