Skip to main content

CI / CD

The build and deployment of thb-cc/app is handled by the deploy workflow using GitHub actions. The following major steps are performed by the workflow:

  1. Test and package the application using the Maven Temurin 21 JDK
  2. Build the container image using Buildx
  3. Perform a security scan on the image using Trivy
  4. Push the image to DockerHub
  5. Sign the image with the digest of the push task using Cosign
  6. Transfer the most recent compose file to the EC2 instance using SCP
  7. Deploy the new image to the EC2 instance via SSH by:
    1. Verifying the integrity of the image with Cosign
    2. Saving the full image name in a .env file on-server in the working directory
    3. Performing a restart with docker compose