This project utilizes GitHub Actions for automating various stages of the development workflow. It consists of five jobs: build-testing, mend-scanning, sonarqube-scanning, deploy, and zap-scanning. The jobs are organized in a sequential and parallel manner to ensure efficient and reliable deployment.
The workflow is designed as follows:
-
Build & Testing
- The
build-testingjob compiles and tests the code. - It runs in parallel with the
mend-scanningandsonarqube-scanningjobs. - Upon completion of all parallel jobs, the workflow proceeds to the next step.
- The
-
Mend Scanning
- The
mend-scanningjob uses the "Mend" tool for security scanning, using the Unified Agent method. CheckMend.Unified-Agent.txtfor more details. - It runs in parallel with the
build-testingandsonarqube-scanningjobs. - Upon completion of all parallel jobs, the workflow proceeds to the next step.
- The
-
SonarQube Scanning
- The
sonarqube-scanningjob analyzes code quality using SonarQube. - It runs in parallel with the
build-testingandmend-scanningjobs. - Upon completion of all parallel jobs, the workflow proceeds to the next step.
- The
-
Deployment
- The
deployjob deploys the application. - It runs sequentially after the completion of the
build-testing,mend-scanning, andsonarqube-scanningjobs. - The deployment step requires the successful completion of the previous jobs.
- The
-
ZAP Scanning
- The
zap-scanningjob performs security scanning using the OWASP ZAP tool. - It runs sequentially after the completion of the
deployjob. - The ZAP scanning step depends on a successful deployment.
- The
You can customize the GitHub Actions workflow by modifying the .github/workflows/dev.yml file. This file defines the workflow configuration and job dependencies. Feel free to adjust the steps, add new jobs, or incorporate additional tools as required by your project's needs.
For more information about GitHub Actions and workflow customization, refer to the GitHub Actions documentation.