diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml new file mode 100644 index 00000000..47722de3 --- /dev/null +++ b/.github/workflows/cicd.yml @@ -0,0 +1,53 @@ +name: CI/CD Pipeline + +on: + push: + branches: + - master + +jobs: + compile: + runs-on: ubuntu-latest + + steps: + - name: Checkout Code + uses: actions/checkout@v4 + + - name: Set up JDK 17 + uses: actions/setup-java@v4 + with: + distribution: temurin + java-version: '17' + + - name: Check Repository Structure + run: | + pwd + ls -R + + - name: Build with Maven + working-directory: Java-App + run: mvn clean package + + - name: Build with Maven + run: mvn clean compile + + security-check: + runs-on: ubuntu-latest + needs: compile + + steps: + - uses: actions/checkout@v4 + + - name: Install Trivy + run: | + sudo apt-get update + sudo apt-get install -y wget apt-transport-https gnupg lsb-release + wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | \ + gpg --dearmor | sudo tee /usr/share/keyrings/trivy.gpg > /dev/null + echo "deb [signed-by=/usr/share/keyrings/trivy.gpg] https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main" | \ + sudo tee /etc/apt/sources.list.d/trivy.list + sudo apt-get update + sudo apt-get install -y trivy + + - name: Scan Filesystem + run: trivy fs .