For SaaS tools, there is no way to embed a binary in all the builds without altering references in the CI/CD pipeline. Because every CI/CD engine has its own syntax and vocabulary, this topic explains a script-based approach that you must adapt for your solution.
Set up for script execution
The goal is to execute these CLI commands at the end of the build of the default or main branch:
...download and extract the advisor CLI…
export GIT_TOKEN_FOR_PRS = **WRITE_GIT_ACCESS_TOKEN**
advisor build-config get
advisor build-config publish --url=${ADVISOR_SERVER}
advisor upgrade-plan apply --push --from-yml –-url=${ADVISOR_SERVER}
To set this up:
-
Configure the
GIT_TOKEN_FOR_PRSenvironment variable. This must be an access token with write access to the analyzed repository. This is to allow creation of automatic pull requests for upgrading your Spring dependencies, if needed. Developers decide if they want to receive these pull requests by adding a file named.spring-app-advisor.ymlin the root directory. For more information, see Enable continuous and incremental upgrades with automatic pull requests. -
Replace
${ADVISOR_SERVER}with the full URL of your server. For example:https://advisor.acme.com.
GitHub Actions
This section shows how to apply the script-based approach in the context of GitHub Actions. Note that there is no concrete Java version requirement for running Application Advisor. It just needs to be consistent with the project requirements.
name: Spring App Advisor Workflow
on:
push:
branches: [ "main" ]
jobs:
build:
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- uses: actions/checkout@v4
- name: Set up JDK
uses: actions/setup-java@v4
with:
java-version: '17'
distribution: 'temurin'
- name: Generates Maven Settings
uses: 's4u/maven-settings-action@v3.0.0'
with:
servers: '[{"id": "tanzu-spring-release", "username": "${{ secrets.BC_USER }}", "password": "${{ secrets.$BC_PWD }}"}]'
repositories: '[{"id":"tanzu-spring-release", "name":"Spring Enterprise Supported Releases","url":"https://packages.broadcom.com/artifactory/spring-enterprise","snapshots":{"enabled":false}}]'
- name: Runs Spring Application Advisor
env:
GIT_TOKEN_FOR_PRS: ${{ secrets.advisor_git_token_for_prs }}
ADVISOR_SERVER: ${{ secrets.advisor_server }}
ARTIFACTORY_TOKEN: ${{ secrets.advisor_artifactory_token }}
run: |
curl -L -H "Authorization: Bearer $ARTIFACTORY_TOKEN" -o advisor-linux.tar -X GET https://packages.broadcom.com/artifactory/spring-enterprise/com/vmware/tanzu/spring/application-advisor-cli-linux/1.1.3/application-advisor-cli-linux-1.1.3.tar
tar -xf advisor-linux.tar --strip-components=1 --exclude=./META-INF
./advisor build-config get
./advisor build-config publish --url=$ADVISOR_SERVER
./advisor upgrade-plan apply --push --from-yml --url=$ADVISOR_SERVER --token=$GIT_TOKEN_FOR_PRS
- name: Get errors if exist
if: ${{ hashFiles('.advisor/errors/') != '' }}
run: |
cat .advisor/errors/*
Content feedback and comments