DATAGO-77217 EMA dynamic configuration for scan jobs #595
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build | |
on: | |
push: | |
branches: | |
- main | |
paths-ignore: | |
- '.gitignore' | |
- '.github/**' | |
- '**/*.md' | |
pull_request: | |
types: [opened, synchronize, reopened] | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} | |
cancel-in-progress: true | |
jobs: | |
Test_Build: | |
name: Run Tests and Deploy | |
runs-on: ubuntu-latest | |
environment: ${{ github.ref=='refs/heads/main' && 'build_main' || 'build_pr' }} | |
timeout-minutes: 20 | |
permissions: | |
contents: read | |
packages: write | |
pull-requests: write | |
actions: write | |
statuses: write | |
checks: write | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
ref: ${{ github.event.pull_request.head.sha }} | |
- name: Set up JDK 17 | |
uses: actions/setup-java@v3 | |
with: | |
java-version: 17 | |
distribution: 'temurin' | |
cache: 'maven' | |
- name: Set Build Params | |
run: | | |
export SKIP_FLAGS_NON_UNIT_TESTS="-Dcheckstyle.skip -Dpmd.skip -Dcpd.skip -Dfindbugs.skip -Dspotbugs.skip" | |
echo "SKIP_FLAGS_NON_UNIT_TESTS=$SKIP_FLAGS_NON_UNIT_TESTS" >> $GITHUB_ENV | |
echo "SKIP_FLAGS_ALL_TESTS=$SKIP_FLAGS_NON_UNIT_TESTS -Dmaven.test.skip=true" >> $GITHUB_ENV | |
echo "$GITHUB_REF_NAME" | |
echo "$GITHUB_EVENT_NAME" | |
if [[ $GITHUB_REF_NAME == "main" ]]; then | |
export WHITESOURCE_SCAN=true | |
export GITHUB_PACKAGES_DEPLOY=true | |
export DOCKER_PUSH=true | |
else | |
export WHITESOURCE_SCAN=false | |
export GITHUB_PACKAGES_DEPLOY=false | |
export DOCKER_PUSH=false | |
fi | |
echo "DOCKER_PUSH=$DOCKER_PUSH" >> $GITHUB_ENV | |
echo "WHITESOURCE_SCAN=$WHITESOURCE_SCAN" >> $GITHUB_ENV | |
echo "GITHUB_PACKAGES_DEPLOY=$GITHUB_PACKAGES_DEPLOY" >> $GITHUB_ENV | |
- name: Static Code Analysis | |
run: mvn -B compile -Pmaas-static-code-analysis --file service/pom.xml | |
- name: Unit Tests | |
run: mvn -B test $SKIP_FLAGS_NON_UNIT_TESTS --file service/pom.xml | |
- name: Generate Artifacts | |
run: | | |
mvn install $SKIP_FLAGS_ALL_TESTS --file service/pom.xml | |
- name: Sonar Scan | |
env: | |
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }} | |
run: | | |
mvn -B $SKIP_FLAGS_ALL_TESTS \ | |
org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.projectKey=SolaceProducts_event-management-agent \ | |
--file service/pom.xml | |
- name: WhiteSource Scan | |
if: env.WHITESOURCE_SCAN=='true' | |
env: | |
unified_agent_url: "https://github.com/whitesource/unified-agent-distribution/releases/latest/download/wss-unified-agent.jar" | |
unified_agent_sha_url: "https://github.com/whitesource/unified-agent-distribution/releases/latest/download/wss-unified-agent.jar.sha256" | |
WS_APIKEY: ${{ secrets.WHITESOURCE_API_KEY }} | |
WS_PROJECTTOKEN: ${{ secrets.WHITESOURCE_PROJECT_TOKEN }} | |
TARGET_DIR: "service/application/target/lib" | |
WS_EXCLUDES: "local-storage-plugin*.jar,plugin*.jar,kafka-plugin*.jar,confluent-schema-registry-plugin*.jar" | |
run: | | |
echo "Whitesource- Downloading and verifying latest Agent" | |
curl -LJOs ${{ env.unified_agent_url }} | |
sha_from_jar=$(sha256sum wss-unified-agent.jar | awk '{print $1}') | |
curl -LJOs ${{ env.unified_agent_sha_url }} | |
sha_from_file=$(cat wss-unified-agent.jar.sha256 | awk '{print $1}') | |
if [[ "$sha_from_file" == "$sha_from_jar" ]]; then | |
echo "Integrity of the wss-unified-agent.jar file verified .." | |
else | |
echo "Integrity check of wss-unified-agent.jar file failed .." | |
echo "sha_from_jar: $sha_from_jar" | |
echo "sha_from_file: $sha_from_file" | |
exit 1 | |
fi | |
echo "Whitesource- Copying Maven Dependencies" | |
mvn dependency:copy-dependencies -DincludeScope=runtime -DoutputDirectory=target/lib --file service/pom.xml | |
echo "Whitesource- Running scan" | |
java -jar wss-unified-agent.jar -d ${{ env.TARGET_DIR }} -logLevel Info | |
- name: Configure AWS credentials | |
if: env.DOCKER_PUSH=='true' | |
uses: aws-actions/configure-aws-credentials@v2 | |
with: | |
aws-access-key-id: ${{ secrets.EMA_AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.EMA_AWS_SECRET_ACCESS_KEY }} | |
aws-region: ${{ secrets.EMA_AWS_DEFAULT_REGION }} | |
- name: Login to Amazon ECR | |
if: env.DOCKER_PUSH=='true' | |
id: login-ecr | |
uses: aws-actions/[email protected] | |
- name: Docker Build/Push | |
if: env.DOCKER_PUSH=='true' | |
working-directory: service/application/docker | |
run: | | |
./buildEventManagementAgentDocker.sh -t main | |
ECR_DOCKER_IMAGE="${{ steps.login-ecr.outputs.registry }}/${{ github.event.repository.name }}:main" | |
docker tag "${{ github.event.repository.name }}:main" $ECR_DOCKER_IMAGE | |
docker push $ECR_DOCKER_IMAGE | |
#Tag/Push additional Docker image | |
SHORT_GIT_SHA=${GITHUB_SHA:0:10} | |
JAR_VERSION=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout --file ../pom.xml) | |
ADDITIONAL_ECR_DOCKER_IMAGE_TAG="$ECR_DOCKER_IMAGE-$JAR_VERSION-$SHORT_GIT_SHA" | |
docker tag "${{ github.event.repository.name }}:main" $ADDITIONAL_ECR_DOCKER_IMAGE_TAG | |
docker push $ADDITIONAL_ECR_DOCKER_IMAGE_TAG | |
- name: Deploy Artifacts | |
if: env.GITHUB_PACKAGES_DEPLOY=='true' | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
run: | | |
mvn deploy $SKIP_FLAGS_ALL_TESTS -Dmaven.install.skip=true --file service/pom.xml | |
- name: Publishing Test Results - Checkstyle | |
if: always() | |
uses: jwgmeligmeyling/checkstyle-github-action@master | |
with: | |
path: '**/checkstyle-result.xml' | |
- name: Publishing Test Results - PMD | |
if: always() | |
uses: jwgmeligmeyling/pmd-github-action@master | |
with: | |
path: '**/pmd.xml' | |
- name: Publishing Test Results - SpotBugs | |
if: always() | |
uses: jwgmeligmeyling/spotbugs-github-action@master | |
with: | |
path: '**/spotbugsXml.xml' | |
- name: Publishing Test Results - Unit Tests Pre-Condition | |
if: always() | |
id: unit_test_report_exists | |
uses: andstor/file-existence-action@v2 | |
with: | |
files: "**/surefire-reports/**/*.xml" | |
- name: Publishing Test Results - Unit Tests | |
uses: dorny/test-reporter@v1 | |
if: always() && steps.unit_test_report_exists.outputs.files_exists == 'true' | |
with: | |
name: Unit Tests | |
path: "**/surefire-reports/**/*.xml" | |
reporter: java-junit | |
fail-on-error: true | |
only-summary: 'true' |