build containers for pull requests #1
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build on Pull Request | |
| on: | |
| pull_request: | |
| branches: | |
| - '**' | |
| env: | |
| ## Sets environment variable | |
| DOCKER_HUB_ORGANIZATION: ${{ vars.DOCKER_HUB_ORGANIZATION }} | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| services: | |
| # Label used to access the service container | |
| redis: | |
| # Docker Hub image | |
| image: redis | |
| ports: | |
| # Opens tcp port 6379 on the host and service container | |
| - 6379:6379 | |
| # Set health checks to wait until redis has started | |
| options: >- | |
| --health-cmd "redis-cli ping" | |
| --health-interval 10s | |
| --health-timeout 5s | |
| --health-retries 5 | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Set up JDK 11 | |
| uses: actions/setup-java@v2 | |
| with: | |
| java-version: '11' | |
| distribution: 'adopt' | |
| cache: maven | |
| - name: Build with Maven | |
| run: | | |
| cp obp-api/src/main/resources/props/sample.props.template obp-api/src/main/resources/props/production.default.props | |
| echo connector=star > obp-api/src/main/resources/props/test.default.props | |
| echo starConnector_supported_types=mapped,internal >> obp-api/src/main/resources/props/test.default.props | |
| echo hostname=http://localhost:8016 >> obp-api/src/main/resources/props/test.default.props | |
| echo tests.port=8016 >> obp-api/src/main/resources/props/test.default.props | |
| echo End of minimum settings >> obp-api/src/main/resources/props/test.default.props | |
| echo payments_enabled=false >> obp-api/src/main/resources/props/test.default.props | |
| echo importer_secret=change_me >> obp-api/src/main/resources/props/test.default.props | |
| echo messageQueue.updateBankAccountsTransaction=false >> obp-api/src/main/resources/props/test.default.props | |
| echo messageQueue.createBankAccounts=false >> obp-api/src/main/resources/props/test.default.props | |
| echo allow_sandbox_account_creation=true >> obp-api/src/main/resources/props/test.default.props | |
| echo allow_sandbox_data_import=true >> obp-api/src/main/resources/props/test.default.props | |
| echo sandbox_data_import_secret=change_me >> obp-api/src/main/resources/props/test.default.props | |
| echo allow_account_deletion=true >> obp-api/src/main/resources/props/test.default.props | |
| echo allowed_internal_redirect_urls = /,/oauth/authorize >> obp-api/src/main/resources/props/test.default.props | |
| echo transactionRequests_enabled=true >> obp-api/src/main/resources/props/test.default.props | |
| echo transactionRequests_supported_types=SEPA,SANDBOX_TAN,FREE_FORM,COUNTERPARTY,ACCOUNT,SIMPLE >> obp-api/src/main/resources/props/test.default.props | |
| echo SIMPLE_OTP_INSTRUCTION_TRANSPORT=dummy >> obp-api/src/main/resources/props/test.default.props | |
| echo openredirects.hostname.whitlelist=http://127.0.0.1,http://localhost >> obp-api/src/main/resources/props/test.default.props | |
| echo remotedata.secret = foobarbaz >> obp-api/src/main/resources/props/test.default.props | |
| echo allow_public_views=true >> obp-api/src/main/resources/props/test.default.props | |
| echo SIMPLE_OTP_INSTRUCTION_TRANSPORT=dummy >> obp-api/src/main/resources/props/test.default.props | |
| echo ACCOUNT_OTP_INSTRUCTION_TRANSPORT=dummy >> obp-api/src/main/resources/props/test.default.props | |
| echo SEPA_OTP_INSTRUCTION_TRANSPORT=dummy >> obp-api/src/main/resources/props/test.default.props | |
| echo FREE_FORM_OTP_INSTRUCTION_TRANSPORT=dummy >> obp-api/src/main/resources/props/test.default.props | |
| echo COUNTERPARTY_OTP_INSTRUCTION_TRANSPORT=dummy >> obp-api/src/main/resources/props/test.default.props | |
| echo SEPA_CREDIT_TRANSFERS_OTP_INSTRUCTION_TRANSPORT=dummy >> obp-api/src/main/resources/props/test.default.props | |
| echo kafka.akka.timeout = 9 >> obp-api/src/main/resources/props/test.default.props | |
| echo remotedata.timeout = 10 >> obp-api/src/main/resources/props/test.default.props | |
| echo allow_oauth2_login=true >> obp-api/src/main/resources/props/test.default.props | |
| echo oauth2.jwk_set.url=https://www.googleapis.com/oauth2/v3/certs >> obp-api/src/main/resources/props/test.default.props | |
| echo ResetPasswordUrlEnabled=true >> obp-api/src/main/resources/props/test.default.props | |
| echo consents.allowed=true >> obp-api/src/main/resources/props/test.default.props | |
| MAVEN_OPTS="-Xmx3G -Xss2m" mvn clean package -Pprod | |
| - name: Build the Docker image | |
| run: | | |
| echo "${{ secrets.DOCKER_HUB_TOKEN }}" | docker login -u "${{ secrets.DOCKER_HUB_USERNAME }}" --password-stdin docker.io | |
| docker build . --file .github/Dockerfile_PreBuild --tag docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/obp-api-${{ github.event.pull_request.user.login }}:$GITHUB_SHA --tag docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/obp-api-${{ github.event.pull_request.user.login }}:latest | |
| docker push docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }} --all-tags | |
| echo docker done | |
| - uses: sigstore/cosign-installer@main | |
| - name: Write signing key to disk (only needed for `cosign sign --key`) | |
| run: echo "${{ secrets.COSIGN_PRIVATE_KEY }}" > cosign.key | |
| - name: Sign container image | |
| run: | | |
| cosign sign -y --key cosign.key \ | |
| docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:develop | |
| cosign sign -y --key cosign.key \ | |
| docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/obp-api-${{ github.event.pull_request.user.login }}:latest | |
| cosign sign -y --key cosign.key \ | |
| docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/obp-api-${{ github.event.pull_request.user.login }}:$GITHUB_SHA | |
| env: | |
| COSIGN_PASSWORD: "${{secrets.COSIGN_PASSWORD}}" | |