-
Notifications
You must be signed in to change notification settings - Fork 3
165 lines (160 loc) · 6.84 KB
/
build.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
name: Build
on:
push:
branches:
- main
paths-ignore:
- '.gitignore'
- '.github/**'
- '**/*.md'
pull_request:
types: [opened, synchronize, reopened]
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
jobs:
Test_Build:
name: Run Tests and Deploy
runs-on: ubuntu-latest
environment: ${{ github.ref=='refs/heads/main' && 'build_main' || 'build_pr' }}
timeout-minutes: 20
permissions:
contents: read
packages: write
pull-requests: write
actions: write
statuses: write
checks: write
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
ref: ${{ github.event.pull_request.head.sha }}
- name: Set up JDK 17
uses: actions/setup-java@v3
with:
java-version: 17
distribution: 'temurin'
cache: 'maven'
- name: Set Build Params
run: |
export SKIP_FLAGS_NON_UNIT_TESTS="-Dcheckstyle.skip -Dpmd.skip -Dcpd.skip -Dfindbugs.skip -Dspotbugs.skip"
echo "SKIP_FLAGS_NON_UNIT_TESTS=$SKIP_FLAGS_NON_UNIT_TESTS" >> $GITHUB_ENV
echo "SKIP_FLAGS_ALL_TESTS=$SKIP_FLAGS_NON_UNIT_TESTS -Dmaven.test.skip=true" >> $GITHUB_ENV
echo "$GITHUB_REF_NAME"
echo "$GITHUB_EVENT_NAME"
if [[ $GITHUB_REF_NAME == "main" ]]; then
export WHITESOURCE_SCAN=true
export GITHUB_PACKAGES_DEPLOY=true
export DOCKER_PUSH=true
else
export WHITESOURCE_SCAN=false
export GITHUB_PACKAGES_DEPLOY=false
export DOCKER_PUSH=false
fi
echo "DOCKER_PUSH=$DOCKER_PUSH" >> $GITHUB_ENV
echo "WHITESOURCE_SCAN=$WHITESOURCE_SCAN" >> $GITHUB_ENV
echo "GITHUB_PACKAGES_DEPLOY=$GITHUB_PACKAGES_DEPLOY" >> $GITHUB_ENV
- name: Static Code Analysis
run: mvn -B compile -Pmaas-static-code-analysis --file service/pom.xml
- name: Unit Tests
run: mvn -B test $SKIP_FLAGS_NON_UNIT_TESTS --file service/pom.xml
- name: Generate Artifacts
run: |
mvn install $SKIP_FLAGS_ALL_TESTS --file service/pom.xml
- name: Sonar Scan
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
run: |
mvn -B $SKIP_FLAGS_ALL_TESTS \
org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.projectKey=SolaceProducts_event-management-agent \
--file service/pom.xml
- name: WhiteSource Scan
if: env.WHITESOURCE_SCAN=='true'
env:
unified_agent_url: "https://github.com/whitesource/unified-agent-distribution/releases/latest/download/wss-unified-agent.jar"
unified_agent_sha_url: "https://github.com/whitesource/unified-agent-distribution/releases/latest/download/wss-unified-agent.jar.sha256"
WS_APIKEY: ${{ secrets.WHITESOURCE_API_KEY }}
WS_PROJECTTOKEN: ${{ secrets.WHITESOURCE_PROJECT_TOKEN }}
TARGET_DIR: "service/application/target/lib"
WS_EXCLUDES: "local-storage-plugin*.jar,plugin*.jar,kafka-plugin*.jar,confluent-schema-registry-plugin*.jar"
run: |
echo "Whitesource- Downloading and verifying latest Agent"
curl -LJOs ${{ env.unified_agent_url }}
sha_from_jar=$(sha256sum wss-unified-agent.jar | awk '{print $1}')
curl -LJOs ${{ env.unified_agent_sha_url }}
sha_from_file=$(cat wss-unified-agent.jar.sha256 | awk '{print $1}')
if [[ "$sha_from_file" == "$sha_from_jar" ]]; then
echo "Integrity of the wss-unified-agent.jar file verified .."
else
echo "Integrity check of wss-unified-agent.jar file failed .."
echo "sha_from_jar: $sha_from_jar"
echo "sha_from_file: $sha_from_file"
exit 1
fi
echo "Whitesource- Copying Maven Dependencies"
mvn dependency:copy-dependencies -DincludeScope=runtime -DoutputDirectory=target/lib --file service/pom.xml
echo "Whitesource- Running scan"
java -jar wss-unified-agent.jar -d ${{ env.TARGET_DIR }} -logLevel Info
- name: Configure AWS credentials
if: env.DOCKER_PUSH=='true'
uses: aws-actions/configure-aws-credentials@v2
with:
aws-access-key-id: ${{ secrets.EMA_AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.EMA_AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ secrets.EMA_AWS_DEFAULT_REGION }}
- name: Login to Amazon ECR
if: env.DOCKER_PUSH=='true'
id: login-ecr
uses: aws-actions/[email protected]
- name: Docker Build/Push
if: env.DOCKER_PUSH=='true'
working-directory: service/application/docker
run: |
./buildEventManagementAgentDocker.sh -t main
ECR_DOCKER_IMAGE="${{ steps.login-ecr.outputs.registry }}/${{ github.event.repository.name }}:main"
docker tag "${{ github.event.repository.name }}:main" $ECR_DOCKER_IMAGE
docker push $ECR_DOCKER_IMAGE
#Tag/Push additional Docker image
SHORT_GIT_SHA=${GITHUB_SHA:0:10}
JAR_VERSION=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout --file ../pom.xml)
ADDITIONAL_ECR_DOCKER_IMAGE_TAG="$ECR_DOCKER_IMAGE-$JAR_VERSION-$SHORT_GIT_SHA"
docker tag "${{ github.event.repository.name }}:main" $ADDITIONAL_ECR_DOCKER_IMAGE_TAG
docker push $ADDITIONAL_ECR_DOCKER_IMAGE_TAG
- name: Deploy Artifacts
if: env.GITHUB_PACKAGES_DEPLOY=='true'
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
mvn deploy $SKIP_FLAGS_ALL_TESTS -Dmaven.install.skip=true --file service/pom.xml
- name: Publishing Test Results - Checkstyle
if: always()
uses: jwgmeligmeyling/checkstyle-github-action@master
with:
path: '**/checkstyle-result.xml'
- name: Publishing Test Results - PMD
if: always()
uses: jwgmeligmeyling/pmd-github-action@master
with:
path: '**/pmd.xml'
- name: Publishing Test Results - SpotBugs
if: always()
uses: jwgmeligmeyling/spotbugs-github-action@master
with:
path: '**/spotbugsXml.xml'
- name: Publishing Test Results - Unit Tests Pre-Condition
if: always()
id: unit_test_report_exists
uses: andstor/file-existence-action@v2
with:
files: "**/surefire-reports/**/*.xml"
- name: Publishing Test Results - Unit Tests
uses: dorny/test-reporter@v1
if: always() && steps.unit_test_report_exists.outputs.files_exists == 'true'
with:
name: Unit Tests
path: "**/surefire-reports/**/*.xml"
reporter: java-junit
fail-on-error: true
only-summary: 'true'