diff --git a/.circleci/config.yml b/.circleci/config.yml index fe3ade1..c473bed 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -11,6 +11,7 @@ jobs: - image: cimg/openjdk:21.0.2 environment: PGHOST: 127.0.0.1 + - image: cimg/postgres:16.2 environment: POSTGRES_PASSWORD: password # Must not be empty or undefined. It is trust authentication locally (inside the same container) so the password is not actually used. @@ -26,8 +27,10 @@ jobs: path: target/surefire-reports - store_artifacts: # Store the uber jar as an artifact. path: target/the-review-room-0.0.1-SNAPSHOT.jar + publish: # Also known as the build-and-push. executor: docker/docker # Define the execution environment in which the steps of a job will run. + steps: - checkout - setup_remote_docker @@ -38,6 +41,7 @@ jobs: - docker/push: # Pushes the image to the specified account in the environment variables. image: nhkhai/the-review-room tag: latest # Consider setting this dynamically based on the tag using env vars or CircleCI parameters. + scan: docker: - image: cimg/base:current @@ -54,9 +58,11 @@ jobs: docker-image-name: $IMAGE_NAME # The image name, if scanning a container image. fail-on-issues: false # This specifies if builds should be failed or continued based on issues found by Snyk. If false, the failure is hidden and marked as a pass. severity-threshold: high # Only report vulnerabilities of provided level or higher (low/medium/high/critical). If param is not present, the default value is low. + deploy: docker: - image: cimg/base:current + steps: - run: name: Render Deploy Hook @@ -71,12 +77,15 @@ workflows: branches: ignore: - release + - publish: requires: - build_and_test + - scan: requires: - publish + cicd_flow: jobs: - build_and_test: @@ -84,12 +93,15 @@ workflows: branches: only: - release + - publish: requires: - build_and_test + - scan: requires: - publish + - deploy: requires: - publish