DevOps Project Series 7 - Creating Spring Boot Application with Grade and Github Actions

Wed Apr 26, 2023

In this article, we will be creating second workflow named as springbootworkflow which will run only if the terraform workflow succeed.

In this workflow there are 2 jobs .

In the first job , we will be building the SpringBoot application using Gradle tool which is a build automation tool that is primarily used for Java projects, but can also be used for building projects in other languages. It is similar to Apache Maven and Apache Ant, but is considered to be more expressive, more flexible, and easier to use and we will also be doing Code Quality checks using SonarQube.

In the second job , we will be creating a docker image using Dockerfile , and check if the image is vulnerable free or not using Trivy and uploading the trivy reports to s3 and pushing the docker image to ECR. Then we will be do SSH into the EC2 created in AWS and pull the image from ECR and we will then do scanning of yaml files by using terrascan and then deploy the SpringBoot Application into Minikube cluster.

In this DevOps Project Series 7 , we will be only be discussing about First Job – Building application using Gradle and Code Quality checks using SonarQube.

Step by Step Process

This is the workflow for SpringBoot Application

The above code is a Github Actions workflow named as “SpringBoot Application CI and CD” that is triggered when a specific event, “springbootworkflow” is dispatched. So, this workflow is executed only if the previous Terraform workflow completes successfully. The first job name is “build” and this job has the permission of id-token as “write” – as it will help the job to connect to Identity Token of AWS to receive the token and contents as “read” – to get read access to the repository .It sets up an ubuntu-latest runner and does the following tasks:

In the first step , it checks out the repository where this workflow is defined .

In the second step it uses the aws-actions/configure-aws-credentials action to connect the Github Actions workflow to an AWS account and assume the role specified in the secrets. To define the secrets in Github Actions  Go to Settings  Secrets and Variables  Actions  Create secrets and the syntax is {{ secrets.SECRET_NAME }}

In the third step we are installing JDK 17 on the runner as it is required to install Gradle as it is dependent on Java.

In the fourth, fifth and sixth step we are running Gradle commands to execute permission for gradlew and runs gradle clean and gradle build commands to build the SpringBoot Application.

In the next step we get the public IP of the Github Actions runner using haythem/public-ip action and adds this IP to a security group specified in the secrets.

In the next step we are generating the EC2 Instance Security Group ID by using AWS CLI and then adding Github Actions Public IP to the Ingress rule so that the runner can connect with EC2 Instance and then we are setting an output to use “sonarqube_sg_id” in different steps.

To create an output this is the syntax :

echo “::set-output name=output_name::$(echo $command_variable)”

To use the output you should have an ID for the step , as in this step we have the ID as hostname. To use this output in other step, this is the syntax : ${{ steps.id_of_the_step.outputs.output_name }}

In the next step we are caching the SonarQube packages, Gradle packages and run the code scan analysis using SonarQube. Here we are passing the Project Key, Login token and URL of the SonarQube

The Code Quality Analysis Report is seen in SonarQube.

In the next step we are uploading the directory as an artifact . Since we are creating another job for deploying SpringBoot Application, we need build directory which is created by “gradle build” . For creating Docker images by Dockerfile we need build dicrectory which has .jar file in it.

Nandita Sahu

LinkedIn
Launch your GraphyLaunch your Graphy
100K+ creators trust Graphy to teach online
𝕏
DevOpsHub 2024 Privacy policy Terms of use Contact us Refund policy