SpringBoot Web 服務 - 部分 Github 操作

GitHub Actions 提供了一種將 CI/CD 整合到儲存庫中的無縫方式，自動執行各種任務，例如執行測試、建置工件和部署專案。

快照的工作流程

此工作流程在非主分支上觸發或透過工作流程排程事件手動觸發。它包括以下步驟：

• 執行測試：確保您的程式碼通過所有測試。
• 建立 JAR 檔案：編譯您的 Spring Boot 應用程式。
• 建立 Docker 映像並將其推送到 GitHub Docker 註冊表：從產生的工件建立 Docker 映像並將其推送到 GitHub 容器註冊表。

name: Test and Build Snapshot

on:
  push:
    branches-ignore:
      - main
  workflow_dispatch:

permissions:
  contents: read
  packages: write

jobs:
  maven-verify:
    if: "!contains(github.event.head_commit.message, '[skip ci]')"

    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@v4

      - name: Set up JDK 21
        uses: actions/setup-java@v4
        with:
          java-version: '21'
          distribution: 'temurin'
          cache: maven
          cache-dependency-path: '**/pom.xml'

      - name: Verify
        run: mvn -B clean verify --file pom.xml

  maven-build:
    needs: maven-verify
    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@v4

      - name: Set up JDK 21
        uses: actions/setup-java@v4
        with:
          java-version: '21'
          distribution: 'temurin'
          cache: maven
          cache-dependency-path: '**/pom.xml'

      - name: Build
        run: mvn -B package --file pom.xml

      - name: Upload artifact
        uses: actions/upload-artifact@v4
        with:
          name: app.jar
          path: target/*.jar

  docker-build-push:
    needs: maven-build
    runs-on: ubuntu-latest
    env:
      CURRENT_VERSION: ''

    steps:
      - uses: actions/checkout@v4

      - name: Download artifact
        uses: actions/download-artifact@v4
        with:
          name: app.jar
          path: target

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3

      - name: Log in to GitHub Container Registry
        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GHCR_PAT }}

      - name: Get Version
        run: echo "CURRENT_VERSION=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)" >> $GITHUB_ENV

      - name: Build Docker image
        uses: docker/build-push-action@v6
        with:
          context: .
          push: true
          tags: ghcr.io/${{ github.repository_owner }}/${{ github.event.repository.name }}:${{ env.CURRENT_VERSION }}-${{ github.run_id }}

發布的工作流程

此工作流程在將變更推送到主分支時運行，包括以下步驟：

• 建置發布版本：編譯專案的發布版本。
• 建立 Docker 映像並將其推送到 GitHub Docker 註冊表：建立 Docker 映像並將其推送到 GitHub 容器註冊表。
• 增加 SNAPSHOT 版本：更新 pom.xml 中的版本以用於未來的快照版本。

name: Build Release

on:
  push:
    branches:
      - main
  workflow_dispatch:

permissions:
  contents: read
  packages: write

jobs:
  maven-build-release:
    if: "!contains(github.event.head_commit.message, '[skip ci]')"

    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@v4

      - name: Set up JDK 21
        uses: actions/setup-java@v4
        with:
          java-version: '21'
          distribution: 'temurin'
          cache: maven
          cache-dependency-path: '**/pom.xml'

      - name: Prepare Release Version
        run: mvn versions:set -DremoveSnapshot

      - name: Build
        run: mvn -B clean package --file pom.xml -DskipTests

      - name: Upload artifact
        uses: actions/upload-artifact@v4
        with:
          name: app.jar
          path: target/*.jar

  docker-build-push:
    needs: maven-build-release
    runs-on: ubuntu-latest
    env:
      CURRENT_VERSION: ''

    steps:
      - uses: actions/checkout@v4

      - name: Download artifact
        uses: actions/download-artifact@v4
        with:
          name: app.jar
          path: target

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3

      - name: Log in to GitHub Container Registry
        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GHCR_PAT }}

      - name: Get Version
        run: |
          mvn versions:set -DremoveSnapshot
          echo "CURRENT_VERSION=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)" >> $GITHUB_ENV

      - name: Build Docker image
        uses: docker/build-push-action@v6
        with:
          context: .
          push: true
          tags: ghcr.io/${{ github.repository_owner }}/${{ github.event.repository.name }}:${{ env.CURRENT_VERSION }}-${{ github.run_id }}

  increment-version:
    needs: docker-build-push
    runs-on: ubuntu-latest
    permissions:
      contents: write

    steps:
      - uses: actions/checkout@v4
        with:
          token: ${{ secrets.GIT_PAT }}

      - name: Configure Git
        run: |
          git config --global user.name "github-actions[bot]"
          git config --global user.email "github-actions[bot]@users.noreply.github.com"

      - name: Increment Snapshot Version
        run: |
          # Extract current version and increment patch version
          CURRENT_VERSION=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)
          MAJOR=$(echo $CURRENT_VERSION | cut -d. -f1)
          MINOR=$(echo $CURRENT_VERSION | cut -d. -f2)
          PATCH=$(echo $CURRENT_VERSION | cut -d. -f3 | cut -d- -f1)
          NEW_PATCH=$((PATCH + 1))
          NEW_VERSION="$MAJOR.$MINOR.$NEW_PATCH-SNAPSHOT"

          # Update version in pom.xml
          mvn versions:set -DnewVersion=$NEW_VERSION
          mvn versions:commit

          # Commit and push the new snapshot version
          git add pom.xml
          git commit -m "Increment version to $NEW_VERSION [skip ci]"
          git push origin $(git rev-parse --abbrev-ref HEAD)

獎金工作流程

CodeQL 工作流程分析您的 Java 程式碼以識別潛在的漏洞和問題。

name: CodeQL

on:
  pull_request:
    branches: [ "main" ]
  workflow_dispatch:

jobs:
  analyze:
    name: Analyze
    runs-on: ubuntu-latest
    permissions:
      actions: read
      contents: read
      security-events: write

    strategy:
      fail-fast: false
      matrix:
        language: [ 'java' ]

    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Setup Java
        uses: actions/setup-java@v4
        with:
          java-version: '21'
          distribution: 'temurin'
          cache: maven
          cache-dependency-path: '**/pom.xml'

      - name: Initialize CodeQL
        uses: github/codeql-action/init@v3
        with:
          languages: ${{ matrix.language }}

      - name: Autobuild
        uses: github/codeql-action/autobuild@v3

      - name: Perform CodeQL Analysis
        uses: github/codeql-action/analyze@v3
        with:
          category: "/language:${{matrix.language}}"

更新的 Dockerfile

### Build stage
FROM eclipse-temurin:21-jre-alpine AS builder

# Set the working directory inside the container
WORKDIR /tmp

# Copy the source code into the container
COPY target/*.jar app.jar

# Extract the layers
RUN java -Djarmode=layertools -jar app.jar extract

### Run stage
# Create a minimal production image
FROM eclipse-temurin:21-jre-alpine

# Set the working directory inside the container
WORKDIR /app

# Set the working directory inside the container
COPY --from=builder /tmp/dependencies/ ./
COPY --from=builder /tmp/snapshot-dependencies/ ./
COPY --from=builder /tmp/spring-boot-loader/ ./
COPY --from=builder /tmp/application/ ./

# Run the binary when the container starts
ENTRYPOINT ["java", "org.springframework.boot.loader.launch.JarLauncher"]

以上是SpringBoot Web 服務 - 部分 Github 操作的詳細內容。更多資訊請關注PHP中文網其他相關文章！