Skip to content

Merge pull request #377 from cloudfoundry-community/docs/review-varia… #248

Merge pull request #377 from cloudfoundry-community/docs/review-varia…

Merge pull request #377 from cloudfoundry-community/docs/review-varia… #248

Workflow file for this run

name: PCF
on:
push:
branches: [ "develop" ]
pull_request:
branches: [ "develop" ]
workflow_dispatch:
env:
GO_VERSION: '1.18.1'
RUBY_VERSION: '3.3'
jobs:
workflow_approval:
name: Approve workflow
runs-on: ubuntu-latest
environment: workflow-approval
steps:
- name: Approve workflow
run: echo For security reasons, all pull requests need to be approved first before running any automated CI.
fossa-scan:
continue-on-error: true
runs-on: ubuntu-latest
needs:
- workflow_approval
steps:
- name: Checkout
uses: actions/checkout@v3
with:
ref: ${{github.event.pull_request.head.sha}}
repository: ${{github.event.pull_request.head.repo.full_name}}
- name: run fossa anlyze and create report
run: |
curl -H 'Cache-Control: no-cache' https://raw.githubusercontent.com/fossas/fossa-cli/master/install-latest.sh | bash
fossa analyze --include-unused-deps --debug
fossa report attribution --format text > /tmp/THIRDPARTY
env:
FOSSA_API_KEY: ${{ secrets.FOSSA_API_KEY }}
- name: upload THIRDPARTY file
uses: actions/upload-artifact@v4
with:
name: THIRDPARTY
path: /tmp/THIRDPARTY
- name: run fossa test
run: |
fossa test --debug
env:
FOSSA_API_KEY: ${{ secrets.FOSSA_API_KEY }}
semgrep:
runs-on: ubuntu-latest
needs:
- workflow_approval
name: security-sast-semgrep
if: github.actor != 'dependabot[bot]'
steps:
- uses: actions/checkout@v3
- name: Semgrep
id: semgrep
uses: returntocorp/semgrep-action@v1
with:
publishToken: ${{ secrets.SEMGREP_PUBLISH_TOKEN }}
create-env:
needs:
- workflow_approval
runs-on: ubuntu-latest
timeout-minutes: 60
outputs:
API_ENDPOINT: ${{ steps.get-credentials.outputs.API_ENDPOINT }}
API_UAA_ENDPOINT: ${{ steps.get-credentials.outputs.API_UAA_ENDPOINT }}
API_PASSWORD: ${{ steps.get-credentials.outputs.API_PASSWORD }}
API_CLIENT_PASSWORD: ${{ steps.get-credentials.outputs.API_CLIENT_PASSWORD }}
ENV_ID: ${{ steps.get-credentials.outputs.ENV_ID }}
steps:
- name: Install Selfservice
run: |
wget https://github.com/cf-platform-eng/selfservice/releases/download/0.2.9/selfservice
chmod +x selfservice
ls -latr
- name: Get authorization token
run: |
echo "$(./selfservice auth $API_TOKEN | cut -c 8-)" >> "$GITHUB_ENV"
echo "::add-mask::$AUTH_TOKEN"
env:
API_TOKEN: ${{ secrets.API_TOKEN }}
- name: Claim environment and wait
run: |
echo ENV_ID="$(./selfservice claimAndWait isv_ci_tas_srt_4_0 | jq -r '.id')" >> "$GITHUB_ENV"
- name: Set up Go
uses: actions/setup-go@v3
with:
go-version: ${{ env.GO_VERSION }}
- name: Set up Brew
uses: Homebrew/actions/setup-homebrew@master
- name: Install hammer and cf
run: |
brew tap pivotal/hammer https://github.com/pivotal/hammer
brew install hammer
brew tap pivotal-cf/om https://github.com/pivotal-cf/om
brew install om
brew install cloudfoundry/tap/cf-cli
- name: Credentials
id: get-credentials
run: |
./selfservice get $ENV_ID | jq -r '.credentials' > env.json
echo API_ENDPOINT="https://api.$(jq -r '.sys_domain' ./env.json)" >> "$GITHUB_OUTPUT"
echo API_UAA_ENDPOINT="https://uaa.$(jq -r '.sys_domain' ./env.json)" >> "$GITHUB_OUTPUT"
API_PASSWORD="$(hammer -t ./env.json om credentials -- -p cf -t json -c .uaa.admin_credentials | jq -r '.password')"
API_PASSWORD_ENCRYPTED="$(echo $API_PASSWORD | openssl aes-256-cbc -a -pbkdf2 -salt -pass pass:$ENCRYPT_KEY)"
echo API_PASSWORD=$API_PASSWORD_ENCRYPTED >> "$GITHUB_OUTPUT"
API_CLIENT_PASSWORD="$(hammer -t ./env.json om credentials -- -p cf -t json -c .uaa.admin_client_credentials | jq -r '.password')"
API_CLIENT_PASSWORD_ENCRYPTED="$(echo $API_CLIENT_PASSWORD | openssl aes-256-cbc -a -pbkdf2 -salt -pass pass:$ENCRYPT_KEY)"
echo API_CLIENT_PASSWORD=$API_CLIENT_PASSWORD_ENCRYPTED >> "$GITHUB_OUTPUT"
echo ENV_ID=$ENV_ID >> "$GITHUB_OUTPUT"
env:
ENCRYPT_KEY: ${{ secrets.ENCRYPT_KEY }}
build:
runs-on: ubuntu-latest
needs:
- create-env
steps:
- name: Checkout
uses: actions/checkout@v3
with:
ref: ${{github.event.pull_request.head.sha}}
repository: ${{github.event.pull_request.head.repo.full_name}}
- uses: actions/setup-go@v3
with:
go-version: ${{ env.GO_VERSION }}
- run: go version
# Install Dependencies
- name: check-files
run: ls -la
- name: Install Dependencies
run: |
go mod vendor
# Builder
- name: Builder
run: make build
# Run tests
- name: Run tests
run: |
make testall
- uses: actions/upload-artifact@v4
with:
name: splunk-firehose-nozzle
path: splunk-firehose-nozzle
deploy_nozzle:
env:
API_ENDPOINT: ${{ needs.create-env.outputs.API_ENDPOINT }}
API_PASSWORD: ${{ needs.create-env.outputs.API_PASSWORD }}
API_CLIENT_PASSWORD: ${{ needs.create-env.outputs.API_CLIENT_PASSWORD }}
API_UAA_ENDPOINT: ${{ needs.create-env.outputs.API_UAA_ENDPOINT }}
API_USER: ${{ secrets.API_USER }}
CLIENT_ID: ${{ secrets.CLIENT_ID }}
CLIENT_SECRET: ${{ secrets.CLIENT_SECRET }}
SPLUNK_INDEX: ${{ secrets.SPLUNK_INDEX }}
SPLUNK_TOKEN: ${{ secrets.SPLUNK_TOKEN }}
SPLUNK_HOST: ${{ secrets.SPLUNK_HOST }}
SPLUNK_METRIC_INDEX: ${{ secrets.SPLUNK_METRIC_INDEX }}
needs:
- build
- create-env
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
with:
ref: ${{github.event.pull_request.head.sha}}
repository: ${{github.event.pull_request.head.repo.full_name}}
- uses: actions/setup-go@v3
with:
go-version: ${{ env.GO_VERSION }}
- run: go version
- uses: ruby/setup-ruby@v1
with:
ruby-version: ${{ env.RUBY_VERSION }}
- run: ruby -v
- uses: actions/download-artifact@v4
with:
name: splunk-firehose-nozzle
# Install dependencies
- name: Install dependencies
run: |
go mod vendor
# Deploy nozzle
- name: Deploy nozzle
run: |
.github/update_manifest.sh
.github/pre-req.sh
cf push -f scripts/ci_nozzle_manifest.yml -u process --random-route
env:
ENCRYPT_KEY: ${{ secrets.ENCRYPT_KEY }}
# Nozzle Log
- name: Nozzle Log
run: |
cf logs splunk-firehose-nozzle &
tile-builder:
env:
API_ENDPOINT: ${{ needs.create-env.outputs.API_ENDPOINT }}
API_PASSWORD: ${{ needs.create-env.outputs.API_PASSWORD }}
API_CLIENT_PASSWORD: ${{ needs.create-env.outputs.API_CLIENT_PASSWORD }}
API_UAA_ENDPOINT: ${{ needs.create-env.outputs.API_UAA_ENDPOINT }}
API_USER: ${{ secrets.API_USER }}
CLIENT_ID: ${{ secrets.CLIENT_ID }}
CLIENT_SECRET: ${{ secrets.CLIENT_SECRET }}
SPLUNK_INDEX: ${{ secrets.SPLUNK_INDEX }}
SPLUNK_TOKEN: ${{ secrets.SPLUNK_TOKEN }}
SPLUNK_HOST: ${{ secrets.SPLUNK_HOST }}
SPLUNK_METRIC_INDEX: ${{ secrets.SPLUNK_METRIC_INDEX }}
needs:
- deploy_nozzle
- create-env
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
with:
ref: ${{github.event.pull_request.head.sha}}
repository: ${{github.event.pull_request.head.repo.full_name}}
- uses: actions/setup-go@v3
with:
go-version: ${{ env.GO_VERSION }}
- run: go version
- uses: actions/download-artifact@v4
with:
name: splunk-firehose-nozzle
# Tile builder
- name: Tile builder
run: |
.github/tile-builder.sh
- name: Get tile name
run: |
echo "tile_name=$(ls tile/product | grep ".pivotal")" >> "$GITHUB_ENV"
- name: Upload tile
uses: actions/upload-artifact@v4
with:
name: ${{ env.tile_name }}
path: tile/product/${{ env.tile_name }}
# Skip test for now!
execute_tests:
needs:
- tile-builder
- create-env
runs-on: ubuntu-latest
env:
API_ENDPOINT: ${{ needs.create-env.outputs.API_ENDPOINT }}
API_PASSWORD: ${{ needs.create-env.outputs.API_PASSWORD }}
API_CLIENT_PASSWORD: ${{ needs.create-env.outputs.API_CLIENT_PASSWORD }}
API_UAA_ENDPOINT: ${{ needs.create-env.outputs.API_UAA_ENDPOINT }}
API_USER: ${{ secrets.API_USER }}
CLIENT_ID: ${{ secrets.CLIENT_ID }}
CLIENT_SECRET: ${{ secrets.CLIENT_SECRET }}
SPLUNK_INDEX: ${{ secrets.SPLUNK_INDEX }}
SPLUNK_METRIC_INDEX: ${{ secrets.SPLUNK_METRIC_INDEX }}
SPLUNK_TOKEN: ${{ secrets.SPLUNK_TOKEN }}
SPLUNK_URL: ${{ secrets.SPLUNK_URL }}
SPLUNK_USER: ${{ secrets.SPLUNK_USER }}
SPLUNK_PASSWORD: ${{ secrets.SPLUNK_PASSWORD }}
SPLUNK_HOST: ${{ secrets.SPLUNK_HOST }}
steps:
- name: Checkout
uses: actions/checkout@v3
with:
ref: ${{github.event.pull_request.head.sha}}
repository: ${{github.event.pull_request.head.repo.full_name}}
- uses: actions/setup-go@v3
with:
go-version: ${{ env.GO_VERSION }}
- run: go version
- uses: ruby/setup-ruby@v1
with:
ruby-version: ${{ env.RUBY_VERSION }}
- run: ruby -v
- uses: actions/download-artifact@v4
with:
name: splunk-firehose-nozzle
# Install dependencies
- name: Install dependencies
run: |
go mod vendor
chmod +x splunk-firehose-nozzle
# Deploy data-gen
- name: Deploy data-gen
run: |
.github/pre-req.sh
cf push -f scripts/data_gen_manifest.yml -u process -p tools/data_gen --random-route
sleep 10
cf apps
env:
ENCRYPT_KEY: ${{ secrets.ENCRYPT_KEY }}
# Nozzle Log
- name: Nozzle Log
run: |
cf logs splunk-firehose-nozzle &
# Prepare test environment
- name: Prepare test environment
run: |
.github/pre-functional-test.sh
# Executing tests
- name: Executing tests
run: |
.github/functional-test.sh
# Teardown
- name: Teardown
if: always()
run: |
API_PASSWORD_DEC=$(echo "$API_PASSWORD" | openssl aes-256-cbc -d -pbkdf2 -a -pass pass:"$ENCRYPT_KEY")
cf login --skip-ssl-validation -a "$API_ENDPOINT" -u "$API_USER" -p "$API_PASSWORD_DEC"
echo "Teardown deployment env"
cf target -o "splunk-ci-org" -s "splunk-ci-space"
cf delete splunk-firehose-nozzle -f
cf delete data_gen -f
cf delete-org splunk-ci-org -f
env:
ENCRYPT_KEY: ${{ secrets.ENCRYPT_KEY }}
teardown-env:
runs-on: ubuntu-latest
needs:
- create-env
- execute_tests
if: always()
env:
ENV_ID: ${{ needs.create-env.outputs.ENV_ID }}
steps:
- name: install-selfservice
run: |
wget https://github.com/cf-platform-eng/selfservice/releases/download/0.2.9/selfservice
chmod +x selfservice
ls -latr
- name: auth
run: |
echo "$(./selfservice auth $API_TOKEN | cut -c 8-)" >> "$GITHUB_ENV"
env:
API_TOKEN: ${{ secrets.API_TOKEN }}
- name: release environment
run: |
./selfservice release $ENV_ID