Example with the project Avenirs-portfolio-security
Key points
- Use standalone composite actions: reusable for other projects (via git submodule).
- Handles cache, and a digest if needed (use of latest key word for versions).
- Debug steps leaved in files but disabled.
- For CAS the docker image could not be used with OIDC. It is rebuilt from CAS repository.
- Main GihtHub actions directory.
- Entrypoint: workflow file.
TODO
- Move cas and ldap directories (contains settings / fixtures) to the folder of the corresponding action.
- Try to use cache for maven dependencies.
- Uses repository secrets, somme of secrets should be moved in environment secrets.
Global diagram
Avenirs-portfolio-security - workflow
