From 1fbfeb6733a86a643c710915f1b79d653970bfad Mon Sep 17 00:00:00 2001 From: Derek Roberts Date: Mon, 22 Jul 2024 14:07:18 -0700 Subject: [PATCH 1/4] fix(ci): consolidate and fix scheduled jobs (#1429) --- .github/workflows/cypress-nightly.yml | 15 --------------- .../{scheduled.yml => job-nightly.yml} | 18 ++++++++++-------- .../workflows/{sync-job.yml => job-sync.yml} | 0 README.md | 6 +++--- 4 files changed, 13 insertions(+), 26 deletions(-) delete mode 100644 .github/workflows/cypress-nightly.yml rename .github/workflows/{scheduled.yml => job-nightly.yml} (85%) rename .github/workflows/{sync-job.yml => job-sync.yml} (100%) diff --git a/.github/workflows/cypress-nightly.yml b/.github/workflows/cypress-nightly.yml deleted file mode 100644 index 003422ee3..000000000 --- a/.github/workflows/cypress-nightly.yml +++ /dev/null @@ -1,15 +0,0 @@ -name: Cypress Nightly - -on: - workflow_dispatch: - schedule: - # runs e2e tests every day at 4am - - cron: '0 4 * * *' - -jobs: - tests: - name: Tests - secrets: inherit - uses: ./.github/workflows/.tests.yml - with: - target: test diff --git a/.github/workflows/scheduled.yml b/.github/workflows/job-nightly.yml similarity index 85% rename from .github/workflows/scheduled.yml rename to .github/workflows/job-nightly.yml index 44daa407f..dac4f28bc 100644 --- a/.github/workflows/scheduled.yml +++ b/.github/workflows/job-nightly.yml @@ -1,4 +1,4 @@ -name: Scheduled +name: Nightly on: schedule: [cron: "0 11 * * 6"] # 3 AM PST = 12 PM UDT, Saturdays @@ -14,7 +14,7 @@ jobs: env: # https://tecadmin.net/getting-yesterdays-date-in-bash/ DATE: "1 week ago" - TYPE: "po,image,pvc" + TYPE: "all,secret,pvc,cm" runs-on: ubuntu-latest timeout-minutes: 10 steps: @@ -27,16 +27,18 @@ jobs: awk '$2 <= "'$(date -d '${{ env.DATE }}' -Ins --utc | sed 's/+0000/Z/')'" { print $1 }' | \ xargs --no-run-if-empty oc delete ${{ env.TYPE }} - # tests: - # name: Tests - # secrets: inherit - # uses: ./.github/workflows/.tests.yml - # with: - # target: test + tests: + name: Tests + secrets: inherit + uses: ./.github/workflows/.tests.yml + with: + target: test zap_scan: runs-on: ubuntu-latest name: Penetration Tests + # Run after other tests to avoid rate limiting + needs: [tests] env: DOMAIN: apps.silver.devops.gov.bc.ca PREFIX: ${{ github.event.repository.name }}-test diff --git a/.github/workflows/sync-job.yml b/.github/workflows/job-sync.yml similarity index 100% rename from .github/workflows/sync-job.yml rename to .github/workflows/job-sync.yml diff --git a/README.md b/README.md index 93c7e6b37..f9d89014d 100644 --- a/README.md +++ b/README.md @@ -4,10 +4,10 @@ [![Lifecycle](https://img.shields.io/badge/Lifecycle-Maturing-007EC6)](https://github.com/bcgov/repomountie/blob/master/doc/lifecycle-badges.md) #### Workflows -[![Merge](https://github.com/bcgov/nr-spar/actions/workflows/merge.yml/badge.svg)](https://github.com/bcgov/nr-spar/actions/workflows/merge.yml) [![Analysis](https://github.com/bcgov/nr-spar/actions/workflows/analysis.yml/badge.svg)](https://github.com/bcgov/nr-spar/actions/workflows/analysis.yml) -[![Cypress Nightly](https://github.com/bcgov/nr-spar/actions/workflows/cypress-nightly.yml/badge.svg)](https://github.com/bcgov/nr-spar/actions/workflows/cypress-nightly.yml) -[![Scheduled](https://github.com/bcgov/nr-spar/actions/workflows/scheduled.yml/badge.svg)](https://github.com/bcgov/nr-spar/actions/workflows/scheduled.yml) +[![ETL Sync](https://github.com/bcgov/nr-spar/actions/workflows/sync-job.yml/badge.svg)](https://github.com/bcgov/nr-spar/actions/workflows/sync-job.yml) +[![Merge](https://github.com/bcgov/nr-spar/actions/workflows/merge.yml/badge.svg)](https://github.com/bcgov/nr-spar/actions/workflows/merge.yml) +[![Nightly](https://github.com/bcgov/nr-spar/actions/workflows/nightly.yml/badge.svg)](https://github.com/bcgov/nr-spar/actions/workflows/nightly.yml) #### Frontend [![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=nr-spar_frontend&metric=alert_status)](https://sonarcloud.io/summary/new_code?id=nr-spar_frontend) From 011af8c401ed245d60ba7490fc56f6846f06ecc7 Mon Sep 17 00:00:00 2001 From: Derek Roberts Date: Mon, 22 Jul 2024 15:32:53 -0700 Subject: [PATCH 2/4] fix(ci): scheduled cleanup deployements only, keep 4 days (#1430) --- .github/workflows/job-nightly.yml | 6 ++++-- README.md | 4 ++-- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/.github/workflows/job-nightly.yml b/.github/workflows/job-nightly.yml index dac4f28bc..42bd3da44 100644 --- a/.github/workflows/job-nightly.yml +++ b/.github/workflows/job-nightly.yml @@ -3,6 +3,7 @@ name: Nightly on: schedule: [cron: "0 11 * * 6"] # 3 AM PST = 12 PM UDT, Saturdays workflow_dispatch: + pull_request: concurrency: group: ${{ github.workflow }}-${{ github.ref }} @@ -13,8 +14,8 @@ jobs: name: PR Env Purge env: # https://tecadmin.net/getting-yesterdays-date-in-bash/ - DATE: "1 week ago" - TYPE: "all,secret,pvc,cm" + DATE: "4 days ago" + TYPE: "deployments" runs-on: ubuntu-latest timeout-minutes: 10 steps: @@ -24,6 +25,7 @@ jobs: oc project ${{ vars.OC_NAMESPACE }} # Safeguard! oc get ${{ env.TYPE }} -o go-template --template '{{range .items}}{{.metadata.name}} {{.metadata.creationTimestamp}}{{"\n"}}{{end}}' | \ + grep -v workspace | \ awk '$2 <= "'$(date -d '${{ env.DATE }}' -Ins --utc | sed 's/+0000/Z/')'" { print $1 }' | \ xargs --no-run-if-empty oc delete ${{ env.TYPE }} diff --git a/README.md b/README.md index f9d89014d..250462908 100644 --- a/README.md +++ b/README.md @@ -5,9 +5,9 @@ #### Workflows [![Analysis](https://github.com/bcgov/nr-spar/actions/workflows/analysis.yml/badge.svg)](https://github.com/bcgov/nr-spar/actions/workflows/analysis.yml) -[![ETL Sync](https://github.com/bcgov/nr-spar/actions/workflows/sync-job.yml/badge.svg)](https://github.com/bcgov/nr-spar/actions/workflows/sync-job.yml) +[![ETL Sync](https://github.com/bcgov/nr-spar/actions/workflows/job-sync.yml/badge.svg)](https://github.com/bcgov/nr-spar/actions/workflows/job-sync.yml) [![Merge](https://github.com/bcgov/nr-spar/actions/workflows/merge.yml/badge.svg)](https://github.com/bcgov/nr-spar/actions/workflows/merge.yml) -[![Nightly](https://github.com/bcgov/nr-spar/actions/workflows/nightly.yml/badge.svg)](https://github.com/bcgov/nr-spar/actions/workflows/nightly.yml) +[![Nightly](https://github.com/bcgov/nr-spar/actions/workflows/job-nightly.yml/badge.svg)](https://github.com/bcgov/nr-spar/actions/workflows/job-nightly.yml) #### Frontend [![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=nr-spar_frontend&metric=alert_status)](https://sonarcloud.io/summary/new_code?id=nr-spar_frontend) From af5c4112bca37f9b48187132ceb8192cbaaccb8e Mon Sep 17 00:00:00 2001 From: Derek Roberts Date: Mon, 22 Jul 2024 15:52:01 -0700 Subject: [PATCH 3/4] chore(ci): switch to GH default CodeQL (#1431) --- .github/workflows/analysis.yml | 36 ------------------------------- .github/workflows/job-nightly.yml | 1 - 2 files changed, 37 deletions(-) diff --git a/.github/workflows/analysis.yml b/.github/workflows/analysis.yml index a15e80bba..8eb56dad4 100644 --- a/.github/workflows/analysis.yml +++ b/.github/workflows/analysis.yml @@ -40,42 +40,6 @@ jobs: -Dsonar.exclusions=**/config/**,*/dto/**,**/entity/**,**/exception/**,**/filter/**,**/interceptor/**,**/response/**,**/**Builder*,**/RestExceptionEndpoint.*,**/BackendStartApiApplication.* sonar_token: ${{ secrets[matrix.token] }} - codeql: - name: Semantic Code Analysis - if: ${{ ! github.event.pull_request.draft }} - runs-on: ubuntu-22.04 - permissions: - actions: read - contents: read - security-events: write - steps: - - uses: actions/checkout@v4 - - - name: Initialize - uses: github/codeql-action/init@v3 - with: - debug: true - languages: java,javascript - - - name: Set up JDK 17 - uses: actions/setup-java@v4 - with: - java-version: "17" - distribution: "temurin" - - # Build Java apps, JavaScript doesn't require - - name: Backend Build - working-directory: backend - run: mvn --update-snapshots -P prod clean package -Dmaven.test.skip - - # Build Java apps, JavaScript doesn't require - - name: Oracle API Build - working-directory: oracle-api - run: mvn --update-snapshots package -Dmaven.test.skip - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3 - # https://github.com/marketplace/actions/aqua-security-trivy trivy: name: Security Scan diff --git a/.github/workflows/job-nightly.yml b/.github/workflows/job-nightly.yml index 42bd3da44..5adb83c61 100644 --- a/.github/workflows/job-nightly.yml +++ b/.github/workflows/job-nightly.yml @@ -3,7 +3,6 @@ name: Nightly on: schedule: [cron: "0 11 * * 6"] # 3 AM PST = 12 PM UDT, Saturdays workflow_dispatch: - pull_request: concurrency: group: ${{ github.workflow }}-${{ github.ref }} From c34d40987969876ade2ae761cb5f638bef34ada4 Mon Sep 17 00:00:00 2001 From: Derek Roberts Date: Mon, 22 Jul 2024 15:59:36 -0700 Subject: [PATCH 4/4] docs: remove Analysis badge, overly noisy (PR) (#1432) --- .github/workflows/analysis.yml | 2 +- README.md | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/analysis.yml b/.github/workflows/analysis.yml index 8eb56dad4..3f6d629bc 100644 --- a/.github/workflows/analysis.yml +++ b/.github/workflows/analysis.yml @@ -65,7 +65,7 @@ jobs: results: name: Analysis Results if: always() && (!failure()) && (!cancelled()) - needs: [tests, codeql, trivy] + needs: [tests, trivy] runs-on: ubuntu-22.04 steps: - run: echo "Workflow completed successfully!" diff --git a/README.md b/README.md index 250462908..6e0ae6fb7 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,6 @@ [![Lifecycle](https://img.shields.io/badge/Lifecycle-Maturing-007EC6)](https://github.com/bcgov/repomountie/blob/master/doc/lifecycle-badges.md) #### Workflows -[![Analysis](https://github.com/bcgov/nr-spar/actions/workflows/analysis.yml/badge.svg)](https://github.com/bcgov/nr-spar/actions/workflows/analysis.yml) [![ETL Sync](https://github.com/bcgov/nr-spar/actions/workflows/job-sync.yml/badge.svg)](https://github.com/bcgov/nr-spar/actions/workflows/job-sync.yml) [![Merge](https://github.com/bcgov/nr-spar/actions/workflows/merge.yml/badge.svg)](https://github.com/bcgov/nr-spar/actions/workflows/merge.yml) [![Nightly](https://github.com/bcgov/nr-spar/actions/workflows/job-nightly.yml/badge.svg)](https://github.com/bcgov/nr-spar/actions/workflows/job-nightly.yml)