For SaaS tools, there is no way to embed a binary in all the builds without altering references in the CI/CD pipeline. Because every CI/CD engine has its own syntax and vocabulary, this topic explains a script-based approach that you must adapt for every solution.
Execute these CLI commands at the end of the build of the default
or main
branch:
...download and extract the advisor CLI…
export GIT_TOKEN_FOR_PRS = **WRITE_GIT_ACCESS_TOKEN**
advisor build-config get
advisor build-config publish --url=${ADVISOR_SERVER}
advisor upgrade-plan apply --push --from-yml –-url=${ADVISOR_SERVER}
The steps for setting this up:
Configure the GIT_TOKEN_FOR_PRS
environment variable. This must be an access token with write access to the analyzed repository. This is to allow creation of automatic pull requests for upgrading your Spring dependencies, if needed. Developers decide if they want to receive these pull requests by adding a file named .spring-app-advisor.yml
in the root directory. For more information, see Enable continuous and incremental upgrades with automatic pull requests.
Replace ${ADVISOR_SERVER}
with the full URL of your server. For example: https://advisor.acme.com.
This section shows how to apply the script-based approach in the context of GitHub Actions. There is no concrete Java version requirement for running Application Advisor. It just needs to be consistent with the project requirements.
name: Spring App Advisor Workflow
on:
push:
branches: [ "main" ]
jobs:
build:
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- uses: actions/checkout@v4
- name: Set up JDK
uses: actions/setup-java@v4
with:
java-version: '17'
distribution: 'temurin'
- name: Generates Maven Settings
uses: 's4u/[email protected]'
with:
servers: '[{"id": "tanzu-spring-release", "username": "${{ secrets.BC_USER }}", "password": "${{ secrets.$BC_PWD }}"}]'
repositories: '[{"id":"tanzu-spring-release", "name":"Spring Commercial Releases","url":"https://packages.broadcom.com/artifactory/spring-enterprise","snapshots":{"enabled":false}}]'
- name: Runs Spring Application Advisor
env:
GIT_TOKEN_FOR_PRS: ${{ secrets.advisor_git_token_for_prs }}
ADVISOR_SERVER: ${{ secrets.advisor_server }}
ARTIFACTORY_TOKEN: ${{ secrets.advisor_artifactory_token }}
run: |
curl -L -H "Authorization: Bearer $ARTIFACTORY_TOKEN" -o advisor-linux.tar -X GET https://packages.broadcom.com/artifactory/spring-enterprise/com/vmware/tanzu/spring/application-advisor-cli-linux/1.0.1/application-advisor-cli-linux-1.0.1.tar
tar -xf advisor-linux.tar --strip-components=1 --exclude=./META-INF
./advisor build-config get
./advisor build-config publish --url=$ADVISOR_SERVER
./advisor upgrade-plan apply --push --from-yml --url=$ADVISOR_SERVER --token=$GIT_TOKEN_FOR_PRS
- name: Get errors if exist
if: ${{ hashFiles('.advisor/errors/') != '' }}
run: |
cat .advisor/errors/*