feat: Add image scan, use temurin in image and for compile (#12)

* revert testing dependencies
triplem · Feb 15, 2022 · 9468303 · 9468303
1 parent 5daf763
commit 9468303
Show file tree

Hide file tree

Showing 4 changed files with 24 additions and 24 deletions.
diff --git a/.github/workflows/continuous-integration.yml b/.github/workflows/continuous-integration.yml
@@ -13,7 +13,7 @@ jobs:
       - name: Set up JDK 11
         uses: actions/setup-java@v2
         with:
-          distribution: 'liberica'
+          distribution: 'temurin'
           java-version: '11'
           java-package: jdk
 
@@ -32,7 +32,7 @@ jobs:
       - name: Set up JDK 11
         uses: actions/setup-java@v2
         with:
-          distribution: 'liberica'
+          distribution: 'temurin'
           java-version: '11'
           java-package: jdk
       - name: Run tests
@@ -59,7 +59,7 @@ jobs:
       - name: Set up JDK 11
         uses: actions/setup-java@v2
         with:
-          distribution: 'liberica'
+          distribution: 'temurin'
           java-version: '11'
           java-package: jdk
       - name: Check OWASP
@@ -71,6 +71,22 @@ jobs:
         with:
           name: owasp-reports
           path: build/reports/owasp
+      - name: Build package
+        uses: gradle/gradle-build-action@v2
+        with:
+          arguments: clean assemble dockerCreateDockerfile -x test -x integrationTest
+      - name: Build Image
+        uses: docker/build-push-action@v2
+        with:
+          context: ./modules/app/build/docker/
+          file: ./modules/app/build/docker/Dockerfile
+          push: false
+          tags: ghcr.io/triplem/gradle-by-example:latest
+      - name: Scan container using trivy
+        id: scan
+        uses: azure/container-scan@v0
+        with:
+          image-name: ghcr.io/triplem/gradle-by-example:latest
 
   release:
     name: Release
@@ -85,7 +101,7 @@ jobs:
       - name: Set up JDK 11
         uses: actions/setup-java@v2
         with:
-          distribution: 'liberica'
+          distribution: 'temurin'
           java-version: '11'
           java-package: jdk
       - name: Build package
@@ -117,7 +133,7 @@ jobs:
       - name: Setup JDK 11
         uses: actions/setup-java@v2
         with:
-          distribution: 'liberica'
+          distribution: 'temurin'
           java-version: '11'
           java-package: jdk
       - name: Build package
@@ -139,20 +155,6 @@ jobs:
           tags: |
             ghcr.io/triplem/gradle-by-example:latest
             ghcr.io/triplem/gradle-by-example:${{ needs.release.outputs.revnumber }}
-      - name: scan container using trivy
-        id: scan
-        uses: azure/container-scan@v0
-        with:
-          image-name: ghcr.io/triplem/gradle-by-example:latest
-      - name: Convert Container Scan Report to SARIF
-        id: scan-to-sarif
-        uses: rm3l/container-scan-to-sarif-action@v1
-        with:
-          input-file: ${{ steps.scan.outputs.scan-report-path }}
-      - name: Upload SARIF reports to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v1
-        with:
-          sarif_file: ${{ steps.scan-to-sarif.outputs.sarif-report-path }}
 
   publish-docs:
     name: Publish Docs
@@ -164,7 +166,7 @@ jobs:
       - name: Setup JDK 11
         uses: actions/setup-java@v2
         with:
-          distribution: 'liberica'
+          distribution: 'temurin'
           java-version: '11'
           java-package: jdk
       - name: Download documentation reports

diff --git a/buildSrc/src/main/kotlin/org.javafreedom.aggregation-conventions.gradle.kts b/buildSrc/src/main/kotlin/org.javafreedom.aggregation-conventions.gradle.kts
@@ -62,7 +62,7 @@ subprojects {
 }
 
 dependencyCheck {
-    failBuildOnCVSS = 11F
+    failBuildOnCVSS = 3F
     formats = listOf(ReportGenerator.Format.HTML,
         ReportGenerator.Format.JUNIT, ReportGenerator.Format.XML, ReportGenerator.Format.SARIF)
     suppressionFile = "${rootProject.rootDir}/config/owasp/owasp-supression.xml"

diff --git a/buildSrc/src/main/kotlin/org.javafreedom.kotlin-application-conventions.gradle.kts b/buildSrc/src/main/kotlin/org.javafreedom.kotlin-application-conventions.gradle.kts
@@ -11,7 +11,7 @@ val dockerTag = System.getenv()["revnumber"] ?: "latest"
 
 docker {
     javaApplication {
-        baseImage.set("openjdk:11-jdk-slim")
+        baseImage.set("eclipse-temurin:11-jre")
         maintainer.set("Gradle-By-Example-Team 'gbex@somewhere.com'")
         jvmArgs.set(listOf("-server", "-XX:+UnlockExperimentalVMOptions", "-XX:InitialRAMFraction=2",
             "-XX:MinRAMFraction=2", "-XX:MaxRAMFraction=2", "-XX:+UseG1GC",

diff --git a/modules/list/list.gradle.kts b/modules/list/list.gradle.kts
@@ -3,7 +3,5 @@ plugins {
 }
 
 dependencies {
-    implementation("org.apache.logging.log4j:log4j-core:2.16.0")
-
     testIntegrationImplementation("org.slf4j:slf4j-api:1.7.30")
 }