LMBQ-401: Adapting security scanning URL excludes to OC 2.0 upgrade in UI Testing Toolbox #2153
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build and Test Windows | |
# Windows builds are only run on-demand, to be run once before merging a PR, and for pushes to dev. This is because | |
# Windows builds are much slower and more expensive than Ubuntu ones, and them catching issues that aren't surfaced | |
# under Ubuntu is rare (but does happen). So, not running them for every push of every PR. | |
on: | |
workflow_dispatch: | |
pull_request: | |
types: [labeled] | |
push: | |
branches: | |
- dev | |
pull_request_review: | |
types: [submitted] | |
jobs: | |
remove-run-windows-build-label: | |
if: github.ref_name != github.event.repository.default_branch && | |
github.event.label.name == 'run-windows-build' | |
name: Remove Run Windows Build Label | |
runs-on: ubuntu-22.04 | |
timeout-minutes: 2 | |
steps: | |
- name: Remove Run Windows Build Label | |
uses: Lombiq/GitHub-Actions/.github/actions/add-remove-label@dev | |
with: | |
# The token is necessary to be able to remove the label even if the workflow is triggered by a pull request | |
# coming from a fork. | |
token: ${{ secrets.LOMBIQBOT_GITHUB_PERSONAL_ACCESS_TOKEN }} | |
labels: run-windows-build | |
type: remove | |
build-and-test-larger-runners: | |
if: github.ref_name != github.event.repository.default_branch && | |
(github.event_name == 'workflow_dispatch' || | |
github.event.label.name == 'run-windows-build' || | |
(github.event.review.state == 'APPROVED' && contains(github.event.pull_request.labels.*.name, 'requires-windows-build'))) | |
name: Build and Test Windows - root solution (larger runners) | |
uses: Lombiq/GitHub-Actions/.github/workflows/build-and-test-orchard-core.yml@dev | |
with: | |
parent-job-name: root-solution-larger-runners | |
machine-types: '["windows-2022-8core"]' | |
timeout-minutes: 50 | |
set-up-sql-server: 'true' | |
set-up-azurite: 'true' | |
build-create-binary-log: 'true' | |
dotnet-test-process-timeout: 720000 | |
# Running ZAP for security scans in Docker under GHA Windows runners won't work since such virtualization is not | |
# supported by GHA. | |
# The currently used Elasticsearch setup action (https://github.com/elastic/elastic-github-actions/tree/master/elasticsearch) | |
# can only be used on Linux. | |
test-filter: FullyQualifiedName!~SecurityScanningTests&FullyQualifiedName!~BehaviorElasticsearchTests | |
build-and-test-standard-runners: | |
if: github.ref_name == github.event.repository.default_branch | |
name: Build and Test Windows - root solution (standard runners) | |
uses: Lombiq/GitHub-Actions/.github/workflows/build-and-test-orchard-core.yml@dev | |
with: | |
parent-job-name: root-solution-standard-runners | |
# Since dev builds are not awaited by anyone, they can run on the slower free runners. | |
machine-types: '["windows-2022"]' | |
timeout-minutes: 70 | |
set-up-sql-server: 'true' | |
set-up-azurite: 'true' | |
build-create-binary-log: 'true' | |
dotnet-test-process-timeout: 840000 | |
# Running ZAP for security scans in Docker under GHA Windows runners won't work since such virtualization is not | |
# supported by GHA. | |
# The currently used Elasticsearch setup action (https://github.com/elastic/elastic-github-actions/tree/master/elasticsearch) | |
# can only be used on Linux. | |
test-filter: FullyQualifiedName!~SecurityScanningTests&FullyQualifiedName!~BehaviorElasticsearchTests | |
build-and-test-nuget-test: | |
if: github.ref_name == github.event.repository.default_branch || | |
github.event_name == 'workflow_dispatch' || | |
github.event.label.name == 'run-windows-build' || | |
(github.event.review.state == 'APPROVED' && contains(github.event.pull_request.labels.*.name, 'requires-windows-build')) | |
name: Build and Test Windows - NuGetTest solution | |
uses: Lombiq/GitHub-Actions/.github/workflows/build-and-test-orchard-core.yml@dev | |
with: | |
parent-job-name: nuget-solution | |
machine-types: '["windows-2022"]' | |
build-directory: NuGetTest | |
timeout-minutes: 30 | |
dotnet-test-process-timeout: 540000 | |
# Running ZAP for security scans in Docker under GHA Windows runners won't work since such virtualization is not | |
# supported by GHA. | |
# The currently used Elasticsearch setup action (https://github.com/elastic/elastic-github-actions/tree/master/elasticsearch) | |
# can only be used on Linux. | |
# Without quotes, somehow the value won't be passed properly and the test execution will hang, despite seemingly | |
# every value being the same as with quotes. | |
# yamllint disable-line rule:quoted-strings | |
test-filter: 'FullyQualifiedName!~SecurityScanningTests&FullyQualifiedName!~BehaviorElasticsearchTests' | |
powershell-static-code-analysis: | |
if: github.ref_name == github.event.repository.default_branch || | |
github.event_name == 'workflow_dispatch' || | |
github.event.label.name == 'run-windows-build' || | |
(github.event.review.state == 'APPROVED' && contains(github.event.pull_request.labels.*.name, 'requires-windows-build')) | |
name: PowerShell Static Code Analysis Windows | |
uses: Lombiq/PowerShell-Analyzers/.github/workflows/static-code-analysis.yml@dev | |
with: | |
machine-types: '["windows-2022"]' | |
run-windows-powershell: 'false' | |
post-pull-request-checks-automation: | |
name: Post Pull Request Checks Automation | |
needs: [build-and-test-larger-runners, build-and-test-nuget-test, powershell-static-code-analysis] | |
if: github.event.pull_request != '' | |
uses: Lombiq/GitHub-Actions/.github/workflows/post-pull-request-checks-automation.yml@dev | |
secrets: | |
JIRA_BASE_URL: ${{ secrets.DEFAULT_JIRA_BASE_URL }} | |
JIRA_USER_EMAIL: ${{ secrets.DEFAULT_JIRA_USER_EMAIL }} | |
JIRA_API_TOKEN: ${{ secrets.DEFAULT_JIRA_API_TOKEN }} | |
MERGE_TOKEN: ${{ secrets.LOMBIQBOT_GITHUB_PERSONAL_ACCESS_TOKEN }} | |
remove-windows-build-warning-label: | |
name: Remove Windows Build Warning Label | |
runs-on: ubuntu-22.04 | |
timeout-minutes: 2 | |
needs: [build-and-test-larger-runners, build-and-test-nuget-test, powershell-static-code-analysis] | |
steps: | |
- name: Remove Windows Build Warning Label | |
uses: Lombiq/GitHub-Actions/.github/actions/add-remove-label@dev | |
with: | |
# The token is necessary to be able to remove the label even if the workflow is triggered by a pull request | |
# coming from a fork. | |
token: ${{ secrets.LOMBIQBOT_GITHUB_PERSONAL_ACCESS_TOKEN }} | |
labels: requires-windows-build | |
type: remove |