Skip to content

navikt/backend-golden-path

BranchesTags

Repository files navigation

backend-golden-path

workflow

Overview

This is a demo repository that offers a golden path for JVM projects. The workflows are defined using GitHub Actions and are located in the .github/workflows directory.

After using this template

  • Look over each TODO in this repository and make appropriate changes.
  • Remember to add the repository to your team in Nais console.
  • Change this README to suit your application. (You can always view the backend-golden-path README by clicking "generated from navikt/backend-golden-path" in your repository's header)
  • Make the rest of your application!

Workflows

1. Run test & build on PRs

This workflow is triggered on pull requests and performs the following steps:

  • Checkout the code: Uses the actions/checkout action to checkout the code.
  • Setup Java: Uses the actions/setup-java action to set up Java 21 with the Temurin distribution and cache Gradle dependencies.
  • Setup Gradle: Uses the gradle/actions/setup-gradle action to set up Gradle & verify the gradle-wrapper.
  • Test & build: Runs the ./gradlew test build command to test and build the project.

Workflow file: .github/workflows/prs.yaml

2. Build and deploy main

This workflow triggers on push to main and when dependabot updates the dependencies.

  • Setup same as test workflow (see above).
  • ...
  • Build & push docker image + SBOM: Uses the nais/docker-build-push action to build and push a Docker image and generate a Software Bill of Materials (SBOM) file.
  • Generate and submit dependency graph: Uses the gradle/actions/dependency-submission action to generate and submit the dependency graph to Github.
  • Scan docker image for secrets: Uses the aquasecurity/trivy-action action to scan the Docker image for secrets and generates a SARIF file.
  • Upload SARIF file: Uses the github/codeql-action/upload-sarif action to upload the SARIF file.

Workflow file: .github/workflows/main.yaml

3. Dependabot auto-merge

This workflow is triggered on pull requests created by Dependabot and performs the following steps:

  • Automerge Dependabot PRs: Uses the navikt/automerge-dependabot action to auto-merge Dependabot pull requests.

Workflow file: .github/workflows/dependabot-automerge.yml

4. CodeQL Analysis

This workflow is triggered on push and pull requests to perform CodeQL analysis.

  • Checkout the code: Uses the actions/checkout action to checkout the code.
  • Initialize CodeQL: Uses the github/codeql-action/init action to initialize the CodeQL analysis.
  • Perform CodeQL analysis: Uses the github/codeql-action/analyze action to perform the CodeQL analysis.

Workflow file: .github/workflows/codeql.yml

License

MIT.

Contact

This project is maintained by @appsec.

Questions and/or feature requests? Please create an issue.

If you work in @navikt you can reach us at the Slack channel #appsec.

About

No description, website, or topics provided.

Resources

Readme

License

MIT license

Security policy

Security policy
Activity
Custom properties

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 6

Languages