Skip to content

feat(security): activate Structurizr DSL restricted parsing #3886

feat(security): activate Structurizr DSL restricted parsing

feat(security): activate Structurizr DSL restricted parsing #3886

Workflow file for this run

name: CI
on:
push:
paths-ignore:
- 'docs/**'
branches:
- main
pull_request:
paths-ignore:
- 'docs/**'
branches:
- '*'
workflow_call:
inputs:
build_multiarch:
default: false
required: true
type: boolean
jobs:
test-containers:
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
- name: Free up disk space
#if: ${{ inputs.build_multiarch }}
shell: bash
# workaround: https://github.com/jlumbroso/free-disk-space/issues/9
# copied from https://github.com/hirnidrin/free-disk-space/blob/4bacba7c412c8ace26b87b5b79977da05137e69d/action.yml
run: |
# ======
# MACROS
# ======
# macro to print a line of equals
# (silly but works)
printSeparationLine() {
str=${1:=}
num=${2:-80}
counter=1
output=""
while [ $counter -le $num ]
do
output="${output}${str}"
counter=$((counter+1))
done
echo "${output}"
}
# macro to compute available space
# REF: https://unix.stackexchange.com/a/42049/60849
# REF: https://stackoverflow.com/a/450821/408734
getAvailableSpace() { echo $(df -a $1 | awk 'NR > 1 {avail+=$4} END {print avail}'); }
# macro to make Kb human readable (assume the input is Kb)
# REF: https://unix.stackexchange.com/a/44087/60849
formatByteCount() { echo $(numfmt --to=iec-i --suffix=B --padding=7 $1'000'); }
# macro to output saved space
printSavedSpace() {
saved=${1}
title=${2:-}
echo ""
printSeparationLine '*' 80
if [ ! -z "${title}" ]; then
echo "=> ${title}: Saved $(formatByteCount $saved)"
else
echo "=> Saved $(formatByteCount $saved)"
fi
printSeparationLine '*' 80
echo ""
}
# macro to print output of dh with caption
printDH() {
caption=${1:-}
printSeparationLine '=' 80
echo "${caption}"
echo ""
echo "$ dh -h /"
echo ""
df -h /
echo "$ dh -a /"
echo ""
df -a /
echo "$ dh -a"
echo ""
df -a
printSeparationLine '=' 80
}
# ======
# SCRIPT
# ======
# Display initial disk space stats
AVAILABLE_INITIAL=$(getAvailableSpace)
AVAILABLE_ROOT_INITIAL=$(getAvailableSpace '/')
printDH "BEFORE CLEAN-UP:"
echo ""
# Remove Android library
BEFORE=$(getAvailableSpace)
sudo rm -rf /usr/local/lib/android
AFTER=$(getAvailableSpace)
SAVED=$((AFTER-BEFORE))
printSavedSpace $SAVED "Android library"
BEFORE=$(getAvailableSpace)
# https://github.community/t/bigger-github-hosted-runners-disk-space/17267/11
sudo rm -rf /usr/share/dotnet
AFTER=$(getAvailableSpace)
SAVED=$((AFTER-BEFORE))
printSavedSpace $SAVED ".NET runtime"
BEFORE=$(getAvailableSpace)
sudo rm -rf /opt/ghc
AFTER=$(getAvailableSpace)
SAVED=$((AFTER-BEFORE))
printSavedSpace $SAVED "Haskell runtime"
# Remove large packages
# REF: https://github.com/apache/flink/blob/master/tools/azure-pipelines/free_disk_space.sh
BEFORE=$(getAvailableSpace)
sudo apt-get remove -y '^aspnetcore-.*'
sudo apt-get remove -y '^dotnet-.*'
sudo apt-get remove -y '^llvm-.*'
sudo apt-get remove -y 'php.*'
sudo apt-get remove -y '^mongodb-.*'
sudo apt-get remove -y '^mysql-.*'
sudo apt-get remove -y azure-cli google-chrome-stable firefox powershell mono-devel libgl1-mesa-dri
sudo apt-get autoremove -y
sudo apt-get clean
AFTER=$(getAvailableSpace)
SAVED=$((AFTER-BEFORE))
printSavedSpace $SAVED "Large misc. packages"
# Remove Docker images
BEFORE=$(getAvailableSpace)
sudo docker image prune --all --force
AFTER=$(getAvailableSpace)
SAVED=$((AFTER-BEFORE))
printSavedSpace $SAVED "Docker images"
# Remove Swap storage
BEFORE=$(getAvailableSpace)
sudo swapoff -a
sudo rm -f /mnt/swapfile
free -h
AFTER=$(getAvailableSpace)
SAVED=$((AFTER-BEFORE))
printSavedSpace $SAVED "Swap storage"
# Output saved space statistic
AVAILABLE_END=$(getAvailableSpace)
AVAILABLE_ROOT_END=$(getAvailableSpace '/')
echo ""
printDH "AFTER CLEAN-UP:"
echo ""
echo ""
echo "/dev/root:"
printSavedSpace $((AVAILABLE_ROOT_END - AVAILABLE_ROOT_INITIAL))
echo "overall:"
printSavedSpace $((AVAILABLE_END - AVAILABLE_INITIAL))
- name: Install GraphViz
run: sudo apt-get install graphviz -y
- name: Set up JDK 17
uses: actions/setup-java@v4
with:
java-version: 17
distribution: temurin
- name: Build Java server
run: make buildServer
- name: Set up QEMU
if: ${{ inputs.build_multiarch }}
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
config-inline: |
[worker.oci]
max-parallelism = 2
- name: Cache Docker layers
uses: actions/cache@v4
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ github.sha }}
restore-keys: |
${{ runner.os }}-buildx-
- name: Build container images
run: make buildDockerImages
env:
BUILD_MULTIARCH: ${{ inputs.build_multiarch }}
CACHE_FROM: 'type=local,src=/tmp/.buildx-cache'
CACHE_TO: 'type=local,dest=/tmp/.buildx-cache-new'
- name: 'Setup Node.js 20'
uses: actions/setup-node@v4
with:
node-version: 20
- name: Install Node dependencies
run: npm install
- name: Run smoke tests
run: make smokeTests
# This ugly bit is necessary if you don't want your cache to grow forever until it hits GitHub's limit of 5GB.
# Temp fix
# https://github.com/docker/build-push-action/issues/252
# https://github.com/moby/buildkit/issues/1896
- name: Move cache
run: |
rm -rf /tmp/.buildx-cache
mv /tmp/.buildx-cache-new /tmp/.buildx-cache