Skip to content
This repository has been archived by the owner on Jul 23, 2024. It is now read-only.

Temporarily disable security-checks #2079

Temporarily disable security-checks

Temporarily disable security-checks #2079

Workflow file for this run

---
name: Build
on:
push:
branches:
- main
- ActionsTest
- 'releases/**'
pull_request:
branches:
- '**'
permissions: read-all
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/setup-java@v3
with:
distribution: 'temurin'
java-version: '17'
- name: Restore Maven cache
uses: skjolber/maven-cache-github-action@v1
with:
step: restore
- name: Maven Build
run: mvn -Dmaven.test.skip=true clean package
- name: Maven Validate
run: mvn validate
- name: Maven Test
id: test
run: |
mvn test --file ./pom.xml
mvn jacoco:report-aggregate
- name: Check generated files are up to date
run: |
status="$(git status --porcelain)"
if [ -n "${status}" ]; then echo "There are uncommitted changes:"; echo "${status}"; exit 1; fi
- name: Upload current-info
uses: actions/upload-artifact@v3
with:
name: artifacts
path: |
${{ github.workspace }}/coverage/target/site/jacoco-aggregate/
${{ github.workspace }}/notification-service/target/*.jar
${{ github.workspace }}/workflow-service/target/*.jar
${{ github.workspace }}/workflow-examples/target/*.jar
- name: Save Maven cache
uses: skjolber/maven-cache-github-action@v1
with:
step: save
coverage:
runs-on: ubuntu-latest
needs:
- build
steps:
- name: Download artifacts
uses: actions/download-artifact@v3
with:
name: artifacts
- name: JaCoCo Code Coverage Report
id: jacoco_reporter
uses: PavanMudigonda/[email protected]
with:
coverage_results_path: ${{ github.workspace }}/coverage/target/site/jacoco-aggregate/jacoco.xml
coverage_report_name: Coverage
coverage_report_title: JaCoCo
skip_check_run: true
minimum_coverage: 70
fail_below_threshold: true
publish_only_summary: true
- name: Add Coverage Job Summary
run: |
cat ${{ github.workspace }}/_TMP/coverage-summary.md >> $GITHUB_STEP_SUMMARY
- name: Upload Code Coverage Artifacts
uses: actions/upload-artifact@v3
with:
name: code-coverage-report-markdown
path: "${{ github.workspace }}/_TMP/coverage-results.md"
retention-days: 1
containers:
runs-on: ubuntu-latest
needs:
- build
steps:
- uses: actions/checkout@v3
- name: Download artifacts
uses: actions/download-artifact@v3
with:
name: artifacts
- name: "Build container images to quay ${{ needs.build.outputs.test }}"
run: |
make build-images
- name: Upload image
uses: ishworkh/docker-image-artifact-upload@v1
with:
image: "docker-compose_workflow-service:latest"
- name: Upload image
uses: ishworkh/docker-image-artifact-upload@v1
with:
image: "docker-compose_notification-service:latest"
- name: "finished"
id: container-finished
run: echo 1
integration:
runs-on: ubuntu-latest
needs:
- build
steps:
- uses: actions/checkout@v3
- uses: engineerd/[email protected]
with:
version: "v0.16.0"
- uses: actions/setup-java@v3
with:
distribution: 'temurin'
java-version: '17'
- name: Restore Maven cache
uses: skjolber/maven-cache-github-action@v1
with:
step: restore
- name: Waiting for kind to be ready
run: |
kubectl cluster-info
kubectl get pods -n kube-system
echo "current-context:" $(kubectl config current-context)
echo "environment-kubeconfig:" ${KUBECONFIG}
- name: Install kubernetes dependencies
run: |
make install-kubernetes-dependencies
make wait-kubernetes-dependencies
- name: Maven Build
run: mvn -Dmaven.test.skip=true install
- id: wait-for-jobs
uses: yogeshlonkar/wait-for-jobs@v0
with:
gh-token: ${{ secrets.GITHUB_TOKEN }}
jobs: |
containers
- name: Download images
uses: ishworkh/docker-image-artifact-download@v1
with:
image: "docker-compose_notification-service:latest"
- name: Download images
uses: ishworkh/docker-image-artifact-download@v1
with:
image: "docker-compose_workflow-service:latest"
- name: Load images inside kind
run: |
make push-images-to-kind
- name: Deploy
run: |
kubectl kustomize hack/manifests/testing| kubectl apply -f -
kubectl wait --timeout=600s --for=condition=Ready pods --all -n default || {
echo "Timeout waiting for Parodos services to be ready";
kubectl get pods --all-namespaces;
echo "************ workflow-service logs ***************";
kubectl logs -l app=workflow-service --tail=40;
echo "************ notification-service logs ***************";
kubectl logs -l app=notification-service --tail=40;
exit 1;
}
kubectl get pods --all-namespaces
- name: Add hosts
run: |
export SERVER_IP=$(kubectl get nodes kind-control-plane -o json | jq -r '[.status.addresses[] | select(.type=="InternalIP")] | .[0].address')
echo "$SERVER_IP workflow-service.parodos-dev" | sudo tee -a /etc/hosts
echo "$SERVER_IP notification-service.parodos-dev" | sudo tee -a /etc/hosts
- name: Run integration tests
run: |
kubectl create ns test
kubectl config view --flatten --minify -o json > /tmp/kubeconfig.json
sed -i 's/https:\/\/127.0.0.1:[0-9]*/https:\/\/kubernetes.default.svc:443/g' /tmp/kubeconfig.json
KUBECONFIG_JSON=/tmp/kubeconfig.json WORKFLOW_SERVICE_HOST=workflow-service.parodos-dev NOTIFICATION_SERVICE_HOST=notification-service.parodos-dev SERVER_PORT=80 mvn verify -pl integration-tests -P integration-test
- name: Collect logs
if: ${{ failure() }}
run: |
kubectl get pods --all-namespaces
kind export logs dist
- name: Archive logs
uses: actions/upload-artifact@v3
if: ${{ failure() }}
with:
name: logs
path: |
dist
- name: Save Maven cache
uses: skjolber/maven-cache-github-action@v1
with:
step: save
# security-checks:
# runs-on: ubuntu-latest
# needs:
# - containers
# steps:
# - uses: actions/checkout@v3
#
# - name: Setup Go environment
# uses: actions/[email protected]
# with:
# go-version: 'stable'
#
# - name: Download images
# uses: ishworkh/docker-image-artifact-download@v1
# with:
# image: "docker-compose_notification-service:latest"
#
# - name: Download images
# uses: ishworkh/docker-image-artifact-download@v1
# with:
# image: "docker-compose_workflow-service:latest"
#
# - name: "Security analysis of images"
# run: |
# make analyse-images stop-local-registry stop-clair