Merge pull request #3 from DevSecOpsSamples/develop

Dockerfile build with Github Action

Author: engel80

.github/workflows/build.yml

@@ -0,0 +1,37 @@
+name: Build
+on:
+  push:
+    branches:
+      - master
+      - develop
+  pull_request:
+    types: [opened, synchronize, reopened]
+jobs:
+  build:
+    name: Build
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+        with:
+          fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
+      - name: Set up JDK 11
+        uses: actions/setup-java@v1
+        with:
+          java-version: 11
+      - name: Cache SonarCloud packages
+        uses: actions/cache@v1
+        with:
+          path: ~/.sonar/cache
+          key: ${{ runner.os }}-sonar
+          restore-keys: ${{ runner.os }}-sonar
+      - name: Cache Gradle packages
+        uses: actions/cache@v1
+        with:
+          path: ~/.gradle/caches
+          key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle') }}
+          restore-keys: ${{ runner.os }}-gradle
+      - name: Build and analyze
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}  # Needed to get PR information, if any
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+        run: ./gradlew build sonarqube --info

.github/workflows/docker-image.yml

@@ -0,0 +1,16 @@
+name: Docker Image CI
+
+on:
+  push:
+    branches: [ "master",  "develop"  ]
+  pull_request:
+    branches: [ "master",  "develop" ]
+
+jobs:
+
+  build:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v3
+    - name: Build the Docker image
+      run: docker build . --file Dockerfile --tag java-gradle:$(date +%s)

.gitignore

@@ -1,16 +1,10 @@
-# Compiled class file
-*.class
 
-# Log file
-*.log
-
-# BlueJ files
-*.ctxt
 
-# Mobile Tools for Java (J2ME)
-.mtj.tmp/
+.gradle
+.vscode
+**/logs
 
-# Package Files #
+*.log
 *.jar
 *.war
 *.nar
@@ -19,5 +13,141 @@
 *.tar.gz
 *.rar
 
-# virtual machine crash logs, see http://www.java.com/en/download/help/error_hotspot.xml
-hs_err_pid*
+# internal
+*internal*
+
+# MAC
+**/.DS_Store
+
+#-------------------
+
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[cod]
+*$py.class
+
+# C extensions
+*.so
+
+# Distribution / packaging
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+# CDK
+#lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+pip-wheel-metadata/
+share/python-wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+MANIFEST
+
+# PyInstaller
+#  Usually these files are written by a python script from a template
+#  before PyInstaller builds the exe, so as to inject date/other infos into it.
+*.manifest
+*.spec
+
+# Installer logs
+pip-log.txt
+pip-delete-this-directory.txt
+
+# Unit test / coverage reports
+htmlcov/
+.tox/
+.nox/
+.coverage
+.coverage.*
+.cache
+nosetests.xml
+coverage.xml
+*.cover
+*.py,cover
+.hypothesis/
+.pytest_cache/
+
+# Translations
+*.mo
+*.pot
+
+# Django stuff:
+*.log
+local_settings.py
+db.sqlite3
+db.sqlite3-journal
+
+# Flask stuff:
+instance/
+.webassets-cache
+
+# Scrapy stuff:
+.scrapy
+
+# Sphinx documentation
+docs/_build/
+
+# PyBuilder
+target/
+
+# Jupyter Notebook
+.ipynb_checkpoints
+
+# IPython
+profile_default/
+ipython_config.py
+
+# pyenv
+.python-version
+
+# pipenv
+#   According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
+#   However, in case of collaboration, if having platform-specific dependencies or dependencies
+#   having no cross-platform support, pipenv may install dependencies that don't work, or not
+#   install all needed dependencies.
+#Pipfile.lock
+
+# PEP 582; used by e.g. github.com/David-OConnor/pyflow
+__pypackages__/
+
+# Celery stuff
+celerybeat-schedule
+celerybeat.pid
+
+# SageMath parsed files
+*.sage.py
+
+# Environments
+.env
+.venv
+env/
+venv/
+ENV/
+env.bak/
+venv.bak/
+
+# Spyder project settings
+.spyderproject
+.spyproject
+
+# Rope project settings
+.ropeproject
+
+# mkdocs documentation
+/site
+
+# mypy
+.mypy_cache/
+.dmypy.json
+dmypy.json
+
+# Pyre type checker
+.pyre/

Dockerfile

@@ -4,11 +4,8 @@ RUN mkdir -p /opt/build
 ADD ./ /opt/build
 WORKDIR /opt/build
 
-RUN pwd \
-    && ls -alh \
-    && ./gradlew build --no-daemon \
-    && ls -alh ./build/libs/ \
-    && cp ./build/libs/devopssample-java-gradle-0.0.1.jar app.jar
+RUN ./gradlew build --no-daemon \
+    && cp ./build/libs/app.jar app.jar
 
 VOLUME /tmp
 EXPOSE 8080

README.md

@@ -1,5 +1,44 @@
-# SpringBoot sample docker
+# SpringBoot sample docker image
+
+[![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=DevSecOpsSamples_java-gradle&metric=alert_status)](https://sonarcloud.io/summary/new_code?id=DevSecOpsSamples_java-gradle) [![Lines of Code](https://sonarcloud.io/api/project_badges/measure?project=DevSecOpsSamples_java-gradle&metric=ncloc)](https://sonarcloud.io/summary/new_code?id=DevSecOpsSamples_java-gradle)
 
 @RequestMapping(value="/", method=RequestMethod.GET)  
 @RequestMapping(value="/ping", method=RequestMethod.GET)  
-@RequestMapping(value="/serviceid/monitoring/v1/ping", method=RequestMethod.GET) 
+
+## AWS
+
+```bash
+ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text)
+REGION=$(aws configure get default.region)
+
+echo "ACCOUNT_ID: $ACCOUNT_ID"
+echo "REGION: $REGION"
+sleep 1
+
+docker build -t java-gradle . --platform linux/amd64
+
+aws ecr create-repository --repository-name java-gradle --image-scanning-configuration scanOnPush=true --region $REGION
+
+docker tag java-gradle:latest ${ACCOUNT_ID}.dkr.ecr.${REGION}.amazonaws.com/java-gradle:latest
+
+aws ecr get-login-password --region ${REGION} | docker login --username AWS --password-stdin ${ACCOUNT_ID}.dkr.ecr.${REGION}.amazonaws.com
+
+docker push ${ACCOUNT_ID}.dkr.ecr.${REGION}.amazonaws.com/java-gradle:latest
+```
+
+## GCP
+
+```bash
+COMPUTE_ZONE="us-central1"
+PROJECT_ID="sample-project" # replace with your project
+```
+
+```bash
+echo "PROJECT_ID: ${PROJECT_ID}"
+
+docker build -t java-gradle . --platform linux/amd64
+docker tag java-gradle:latest gcr.io/${PROJECT_ID}/java-gradle:latest
+
+gcloud auth configure-docker
+docker push gcr.io/${PROJECT_ID}/java-gradle:latest
+```

build.gradle

@@ -2,11 +2,11 @@ plugins {
 	id 'org.springframework.boot' version '2.2.1.RELEASE'
 	id 'io.spring.dependency-management' version '1.0.8.RELEASE'
 	id 'java'
+	id 'base'
+  	id "org.sonarqube" version "3.4.0.2513"
 }
-
-group = 'devopssample'
-version = '0.0.1'
 sourceCompatibility = '1.8'
+archivesBaseName = 'app'
 
 repositories {
 	mavenCentral()
@@ -19,6 +19,27 @@ dependencies {
 	}
 }
 
+springBoot {
+    mainClassName = 'com.sample.SampleApplication.java'
+}
 test {
 	useJUnitPlatform()
 }
+
+sonarqube {
+    properties {
+        property "sonar.projectName", "java-gradle"
+        property "sonar.projectKey", "DevSecOpsSamples_java-gradle"
+        property "sonar.organization", "devsecopssamples"
+        // property "sonar.host.url", "http://127.0.0.1:9000"
+        property "sonar.host.url", "https://sonarcloud.io"
+        property "sonar.sourceEncoding", "UTF-8"
+        property "sonar.sources", "."
+        property "sonar.java.binaries", "build"
+        property "sonar.exclusions", "**/node_modules/**, **/cdk.out/**"
+        property "sonar.issue.ignore.multicriteria", "e1"
+        property "sonar.issue.ignore.multicriteria.e1.ruleKey", "typescript:S1848"
+        property "sonar.issue.ignore.multicriteria.e1.resourceKey", "**/*.ts"
+        property "sonar.links.ci", "https://github.com/DevSecOpsSamples/java-gradle"
+    }
+}

buildspec.yaml

@@ -0,0 +1,22 @@
+version: 0.2
+phases:
+  pre_build:
+    commands:
+      - env
+      - 'export TAG=${CODEBUILD_RESOLVED_SOURCE_VERSION}'
+      - 'echo TAG: ${TAG}'
+    finally:
+      - ls -alh
+  build:
+    commands:
+      - 'docker build -t $ECR_REPO_URI:$TAG .'
+      - aws --version
+      - 'aws ecr get-login-password --region ${AWS_REGION} | docker login --username AWS --password-stdin ${ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com'
+      - 'docker push $ECR_REPO_URI:$TAG'
+  post_build:
+    commands:
+      - echo "[{'name':'fargate-restapi-container','imageUri':'$ECR_REPO_URI:$TAG'}]" > imagedefinitions.json
+      - pwd; ls -al; cat imagedefinitions.json
+artifacts:
+  files:
+    - imagedefinitions.json