This repository has been archived by the owner on Jul 23, 2024. It is now read-only.
Temporarily disable security-checks #2079
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: Build | |
on: | |
push: | |
branches: | |
- main | |
- ActionsTest | |
- 'releases/**' | |
pull_request: | |
branches: | |
- '**' | |
permissions: read-all | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/setup-java@v3 | |
with: | |
distribution: 'temurin' | |
java-version: '17' | |
- name: Restore Maven cache | |
uses: skjolber/maven-cache-github-action@v1 | |
with: | |
step: restore | |
- name: Maven Build | |
run: mvn -Dmaven.test.skip=true clean package | |
- name: Maven Validate | |
run: mvn validate | |
- name: Maven Test | |
id: test | |
run: | | |
mvn test --file ./pom.xml | |
mvn jacoco:report-aggregate | |
- name: Check generated files are up to date | |
run: | | |
status="$(git status --porcelain)" | |
if [ -n "${status}" ]; then echo "There are uncommitted changes:"; echo "${status}"; exit 1; fi | |
- name: Upload current-info | |
uses: actions/upload-artifact@v3 | |
with: | |
name: artifacts | |
path: | | |
${{ github.workspace }}/coverage/target/site/jacoco-aggregate/ | |
${{ github.workspace }}/notification-service/target/*.jar | |
${{ github.workspace }}/workflow-service/target/*.jar | |
${{ github.workspace }}/workflow-examples/target/*.jar | |
- name: Save Maven cache | |
uses: skjolber/maven-cache-github-action@v1 | |
with: | |
step: save | |
coverage: | |
runs-on: ubuntu-latest | |
needs: | |
- build | |
steps: | |
- name: Download artifacts | |
uses: actions/download-artifact@v3 | |
with: | |
name: artifacts | |
- name: JaCoCo Code Coverage Report | |
id: jacoco_reporter | |
uses: PavanMudigonda/[email protected] | |
with: | |
coverage_results_path: ${{ github.workspace }}/coverage/target/site/jacoco-aggregate/jacoco.xml | |
coverage_report_name: Coverage | |
coverage_report_title: JaCoCo | |
skip_check_run: true | |
minimum_coverage: 70 | |
fail_below_threshold: true | |
publish_only_summary: true | |
- name: Add Coverage Job Summary | |
run: | | |
cat ${{ github.workspace }}/_TMP/coverage-summary.md >> $GITHUB_STEP_SUMMARY | |
- name: Upload Code Coverage Artifacts | |
uses: actions/upload-artifact@v3 | |
with: | |
name: code-coverage-report-markdown | |
path: "${{ github.workspace }}/_TMP/coverage-results.md" | |
retention-days: 1 | |
containers: | |
runs-on: ubuntu-latest | |
needs: | |
- build | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Download artifacts | |
uses: actions/download-artifact@v3 | |
with: | |
name: artifacts | |
- name: "Build container images to quay ${{ needs.build.outputs.test }}" | |
run: | | |
make build-images | |
- name: Upload image | |
uses: ishworkh/docker-image-artifact-upload@v1 | |
with: | |
image: "docker-compose_workflow-service:latest" | |
- name: Upload image | |
uses: ishworkh/docker-image-artifact-upload@v1 | |
with: | |
image: "docker-compose_notification-service:latest" | |
- name: "finished" | |
id: container-finished | |
run: echo 1 | |
integration: | |
runs-on: ubuntu-latest | |
needs: | |
- build | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: engineerd/[email protected] | |
with: | |
version: "v0.16.0" | |
- uses: actions/setup-java@v3 | |
with: | |
distribution: 'temurin' | |
java-version: '17' | |
- name: Restore Maven cache | |
uses: skjolber/maven-cache-github-action@v1 | |
with: | |
step: restore | |
- name: Waiting for kind to be ready | |
run: | | |
kubectl cluster-info | |
kubectl get pods -n kube-system | |
echo "current-context:" $(kubectl config current-context) | |
echo "environment-kubeconfig:" ${KUBECONFIG} | |
- name: Install kubernetes dependencies | |
run: | | |
make install-kubernetes-dependencies | |
make wait-kubernetes-dependencies | |
- name: Maven Build | |
run: mvn -Dmaven.test.skip=true install | |
- id: wait-for-jobs | |
uses: yogeshlonkar/wait-for-jobs@v0 | |
with: | |
gh-token: ${{ secrets.GITHUB_TOKEN }} | |
jobs: | | |
containers | |
- name: Download images | |
uses: ishworkh/docker-image-artifact-download@v1 | |
with: | |
image: "docker-compose_notification-service:latest" | |
- name: Download images | |
uses: ishworkh/docker-image-artifact-download@v1 | |
with: | |
image: "docker-compose_workflow-service:latest" | |
- name: Load images inside kind | |
run: | | |
make push-images-to-kind | |
- name: Deploy | |
run: | | |
kubectl kustomize hack/manifests/testing| kubectl apply -f - | |
kubectl wait --timeout=600s --for=condition=Ready pods --all -n default || { | |
echo "Timeout waiting for Parodos services to be ready"; | |
kubectl get pods --all-namespaces; | |
echo "************ workflow-service logs ***************"; | |
kubectl logs -l app=workflow-service --tail=40; | |
echo "************ notification-service logs ***************"; | |
kubectl logs -l app=notification-service --tail=40; | |
exit 1; | |
} | |
kubectl get pods --all-namespaces | |
- name: Add hosts | |
run: | | |
export SERVER_IP=$(kubectl get nodes kind-control-plane -o json | jq -r '[.status.addresses[] | select(.type=="InternalIP")] | .[0].address') | |
echo "$SERVER_IP workflow-service.parodos-dev" | sudo tee -a /etc/hosts | |
echo "$SERVER_IP notification-service.parodos-dev" | sudo tee -a /etc/hosts | |
- name: Run integration tests | |
run: | | |
kubectl create ns test | |
kubectl config view --flatten --minify -o json > /tmp/kubeconfig.json | |
sed -i 's/https:\/\/127.0.0.1:[0-9]*/https:\/\/kubernetes.default.svc:443/g' /tmp/kubeconfig.json | |
KUBECONFIG_JSON=/tmp/kubeconfig.json WORKFLOW_SERVICE_HOST=workflow-service.parodos-dev NOTIFICATION_SERVICE_HOST=notification-service.parodos-dev SERVER_PORT=80 mvn verify -pl integration-tests -P integration-test | |
- name: Collect logs | |
if: ${{ failure() }} | |
run: | | |
kubectl get pods --all-namespaces | |
kind export logs dist | |
- name: Archive logs | |
uses: actions/upload-artifact@v3 | |
if: ${{ failure() }} | |
with: | |
name: logs | |
path: | | |
dist | |
- name: Save Maven cache | |
uses: skjolber/maven-cache-github-action@v1 | |
with: | |
step: save | |
# security-checks: | |
# runs-on: ubuntu-latest | |
# needs: | |
# - containers | |
# steps: | |
# - uses: actions/checkout@v3 | |
# | |
# - name: Setup Go environment | |
# uses: actions/[email protected] | |
# with: | |
# go-version: 'stable' | |
# | |
# - name: Download images | |
# uses: ishworkh/docker-image-artifact-download@v1 | |
# with: | |
# image: "docker-compose_notification-service:latest" | |
# | |
# - name: Download images | |
# uses: ishworkh/docker-image-artifact-download@v1 | |
# with: | |
# image: "docker-compose_workflow-service:latest" | |
# | |
# - name: "Security analysis of images" | |
# run: | | |
# make analyse-images stop-local-registry stop-clair | |