DevSecOpsSamples
diff --git a/‎.github/workflows/build-java.yml‎
Lines changed: 57 additions & 0 deletions b/‎.github/workflows/build-java.yml‎
Lines changed: 57 additions & 0 deletions
diff --git a/‎.gitignore‎
Lines changed: 2 additions & 1 deletion b/‎.gitignore‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎README.md‎
Lines changed: 7 additions & 1 deletion b/‎README.md‎
Lines changed: 7 additions & 1 deletion
diff --git a/‎build-java.yml‎
Lines changed: 40 additions & 0 deletions b/‎build-java.yml‎
Lines changed: 40 additions & 0 deletions
diff --git a/‎java/Dockerfile‎
Lines changed: 12 additions & 0 deletions b/‎java/Dockerfile‎
Lines changed: 12 additions & 0 deletions
diff --git a/‎java/README.md‎
Lines changed: 44 additions & 0 deletions b/‎java/README.md‎
Lines changed: 44 additions & 0 deletions
diff --git a/‎java/build.gradle‎
Lines changed: 45 additions & 0 deletions b/‎java/build.gradle‎
Lines changed: 45 additions & 0 deletions
diff --git a/‎java/gradle/wrapper/gradle-wrapper.properties‎
Lines changed: 5 additions & 0 deletions b/‎java/gradle/wrapper/gradle-wrapper.properties‎
Lines changed: 5 additions & 0 deletions
@@ -0,0 +1,57 @@
+name: Build
+on:
+  push:
+    branches:
+      - master
+      - develop
+  pull_request:
+    types: [opened, synchronize, reopened]
+
+jobs:
+  cache:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          path: java
+      - run: cd java
+      - name: Set up JDK 11
+        uses: actions/setup-java@v1
+        with:
+          java-version: 11
+      # - name: Cache SonarCloud packages
+      #   uses: actions/cache@v1
+      #   with:
+      #     path: ~/.sonar/cache
+      #     key: ${{ runner.os }}-sonar
+      #     restore-keys: ${{ runner.os }}-sonar
+      - name: Cache Gradle packages
+        uses: actions/cache@v1
+        with:
+          path: |
+            ~/.gradle/caches
+            ~/.gradle/wrapper
+          key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle', '**/gradle-wrapper.properties') }}
+          restore-keys: ${{ runner.os }}-gradle
+      - name: Build and analyze
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          # SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+        run: ./gradlew build --info
+          
+  no-cache:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          path: java
+          fetch-depth: 0
+      - name: Set up JDK 11
+        uses: actions/setup-java@v1
+        with:
+          java-version: 11
+      - name: Build and analyze
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          # SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+        run: ./gradlew build --info
@@ -1,4 +1,5 @@
 build
+bin
 .gradle
 .vscode
 .idea
@@ -13,7 +14,7 @@ build
 *.rar
 
 # MAC
-**/.DS_Store
+.DS_Store
 
 # internal
 *internal*
 
@@ -1,2 +1,8 @@
 # githubaction
-githubaction for AWS, GCP, CDK, Terraform
+
+GCP, Docker, Terraform, Python, Sonarqube
+
+[gke-workload-identity](https://github.com/DevSecOpsSamples/gke-workload-identity/blob/master/.github/workflows/build.yml)
+
+
+## Cache
@@ -0,0 +1,40 @@
+name: Build
+on:
+  push:
+    branches:
+      - master
+      - develop
+  pull_request:
+    types: [opened, synchronize, reopened]
+
+jobs:
+  sonarqube:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+      - name: Set up JDK 11
+        uses: actions/setup-java@v1
+        with:
+          java-version: 11
+      - name: Cache SonarCloud packages
+        uses: actions/cache@v1
+        with:
+          path: ~/.sonar/cache
+          key: ${{ runner.os }}-sonar
+          restore-keys: ${{ runner.os }}-sonar
+      - name: Cache Gradle packages
+        uses: actions/cache@v1
+        with:
+          path: |
+            ~/.gradle/caches
+            ~/.gradle/wrapper
+          key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle', '**/gradle-wrapper.properties') }}
+          restore-keys: ${{ runner.os }}-gradle
+      - name: Build and analyze
+        # env:
+        #   GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        #   SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+        run: ./gradlew build --info
+          
@@ -0,0 +1,12 @@
+FROM openjdk:8-jdk-alpine
+
+RUN mkdir -p /opt/build 
+ADD ./ /opt/build
+WORKDIR /opt/build
+
+RUN ./gradlew build --no-daemon \
+    && cp ./build/libs/app.jar app.jar
+
+VOLUME /tmp
+EXPOSE 8080
+ENTRYPOINT ["java","-Djava.security.egd=file:/dev/./urandom","-jar","./app.jar"]
@@ -0,0 +1,44 @@
+# SpringBoot sample docker image
+
+[![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=DevSecOpsSamples_java-gradle&metric=alert_status)](https://sonarcloud.io/summary/new_code?id=DevSecOpsSamples_java-gradle) [![Lines of Code](https://sonarcloud.io/api/project_badges/measure?project=DevSecOpsSamples_java-gradle&metric=ncloc)](https://sonarcloud.io/summary/new_code?id=DevSecOpsSamples_java-gradle)
+
+@RequestMapping(value="/", method=RequestMethod.GET)  
+@RequestMapping(value="/ping", method=RequestMethod.GET)  
+
+## AWS
+
+```bash
+ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text)
+REGION=$(aws configure get default.region)
+
+echo "ACCOUNT_ID: $ACCOUNT_ID"
+echo "REGION: $REGION"
+sleep 1
+
+docker build -t java-gradle . --platform linux/amd64
+
+aws ecr create-repository --repository-name java-gradle --image-scanning-configuration scanOnPush=true --region $REGION
+
+docker tag java-gradle:latest ${ACCOUNT_ID}.dkr.ecr.${REGION}.amazonaws.com/java-gradle:latest
+
+aws ecr get-login-password --region ${REGION} | docker login --username AWS --password-stdin ${ACCOUNT_ID}.dkr.ecr.${REGION}.amazonaws.com
+
+docker push ${ACCOUNT_ID}.dkr.ecr.${REGION}.amazonaws.com/java-gradle:latest
+```
+
+## GCP
+
+```bash
+COMPUTE_ZONE="us-central1"
+PROJECT_ID="sample-project" # replace with your project
+```
+
+```bash
+echo "PROJECT_ID: ${PROJECT_ID}"
+
+docker build -t java-gradle . --platform linux/amd64
+docker tag java-gradle:latest gcr.io/${PROJECT_ID}/java-gradle:latest
+
+gcloud auth configure-docker
+docker push gcr.io/${PROJECT_ID}/java-gradle:latest
+```
@@ -0,0 +1,45 @@
+plugins {
+	id 'org.springframework.boot' version '2.2.1.RELEASE'
+	id 'io.spring.dependency-management' version '1.0.8.RELEASE'
+	id 'java'
+	id 'base'
+  	id "org.sonarqube" version "3.4.0.2513"
+}
+sourceCompatibility = '1.8'
+archivesBaseName = 'app'
+
+repositories {
+	mavenCentral()
+}
+
+dependencies {
+	implementation 'org.springframework.boot:spring-boot-starter-web'
+	testImplementation('org.springframework.boot:spring-boot-starter-test') {
+		exclude group: 'org.junit.vintage', module: 'junit-vintage-engine'
+	}
+}
+
+springBoot {
+    mainClassName = 'com.sample.SampleApplication.java'
+}
+test {
+	useJUnitPlatform()
+}
+
+sonarqube {
+    properties {
+        property "sonar.projectName", "java-gradle"
+        property "sonar.projectKey", "DevSecOpsSamples_java-gradle"
+        property "sonar.organization", "devsecopssamples"
+        // property "sonar.host.url", "http://127.0.0.1:9000"
+        property "sonar.host.url", "https://sonarcloud.io"
+        property "sonar.sourceEncoding", "UTF-8"
+        property "sonar.sources", "."
+        property "sonar.java.binaries", "build"
+        property "sonar.exclusions", "**/node_modules/**, **/cdk.out/**"
+        property "sonar.issue.ignore.multicriteria", "e1"
+        property "sonar.issue.ignore.multicriteria.e1.ruleKey", "typescript:S1848"
+        property "sonar.issue.ignore.multicriteria.e1.resourceKey", "**/*.ts"
+        property "sonar.links.ci", "https://github.com/DevSecOpsSamples/java-gradle"
+    }
+}
@@ -0,0 +1,5 @@
+distributionBase=GRADLE_USER_HOME
+distributionPath=wrapper/dists
+distributionUrl=https\://services.gradle.org/distributions/gradle-6.8.3-bin.zip
+zipStoreBase=GRADLE_USER_HOME
+zipStorePath=wrapper/dists