Skip to content

Commit

Permalink
Merge pull request #698 from RADAR-base/release-0.8.2
Browse files Browse the repository at this point in the history 
Release 0.8.2
  • Loading branch information
@mpgxvii
mpgxvii authored Feb 23, 2023
2 parents 12fd1a1 + 81065e0 commit b51f736
Show file tree
Hide file tree
Showing 10 changed files with 179 additions and 102 deletions.
108 changes: 67 additions & 41 deletions .github/workflows/main.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,7 @@ name: Main
on:
push:
branches: [ master, dev ]
pull_request:
branches: [ master, dev ]
pull_request: {}

env:
DOCKER_IMAGE: radarbase/management-portal
Expand All @@ -20,29 +19,30 @@ jobs:
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- uses: actions/checkout@v2
- uses: actions/checkout@v3

- name: Use Node.js 15
uses: actions/setup-node@v1
uses: actions/setup-node@v3
with:
node-version: 15

- name: Get yarn cache directory path
id: yarn-cache-dir-path
run: echo "::set-output name=dir::$(yarn cache dir)"
run: echo "dir=.yarn/cache" >> $GITHUB_OUTPUT

- uses: actions/setup-java@v1
- uses: actions/setup-java@v3
with:
distribution: temurin
java-version: 11

- name: Cache
uses: actions/cache@v2
uses: actions/cache@v3
with:
path: |
${{ steps.yarn-cache-dir-path.outputs.dir }}
~/.gradle/caches
~/.gradle/wrapper
key: ${{ runner.os }}-java-${{ hashFiles('**/build.gradle', '**/gradle.properties', '**/yarn.lock') }}
key: ${{ runner.os }}-java-${{ hashFiles('**/build.gradle', '**/gradle.properties', '**/yarn.lock', '.yarnrc.yml') }}
restore-keys: |
${{ runner.os }}-java-
Expand All @@ -65,34 +65,15 @@ jobs:
if: always()
run: ./gradlew check

- name: Codacy
if: steps.gradle-check.outcome != 'cancelled'
env:
CODACY_PROJECT_TOKEN: ${{ secrets.CODACY_PROJECT_TOKEN }}
run: ./gradlew sendCoverageToCodacy

- name: End to end tests
id: e2e
run: |
cp src/test/resources/config/keystore.p12 src/main/resources/config/keystore.p12
./gradlew bootRun &>mp.log </dev/null &
BOOTRUN_PROCESS=$!
yarn run wait-for-managementportal
./gradlew generateOpenApiSpec
yarn e2e
kill $BOOTRUN_PROCESS
- uses: actions/upload-artifact@v2
if: steps.e2e.outcome == 'success' || steps.e2e.outcome == 'failure'
with:
name: openapi-spec
path: build/swagger-spec/swagger.json

- uses: actions/upload-artifact@v2
if: steps.e2e.outcome == 'success' || steps.e2e.outcome == 'failure'
with:
name: managementportal-logs
path: mp.log
./gradlew --stop
- name: Has SNAPSHOT version
id: is-snapshot
Expand Down Expand Up @@ -120,51 +101,87 @@ jobs:
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- uses: actions/checkout@v2
- uses: actions/checkout@v3

- name: Check whether unity activation requests should be done
id: docker_check_secret
run: |
echo "IS_DOCKER_SECRET_SET: ${{ secrets.DOCKERHUB_USERNAME != '' && secrets.DOCKERHUB_TOKEN != '' }}"
echo "::set-output name=IS_DOCKER_SECRET_SET::${{ secrets.DOCKERHUB_USERNAME != '' && secrets.DOCKERHUB_TOKEN != '' }}"
echo "IS_DOCKER_SECRET_SET=${{ secrets.DOCKERHUB_USERNAME != '' && secrets.DOCKERHUB_TOKEN != '' }}" >> $GITHUB_OUTPUT
- name: Login to Docker Hub
if: steps.docker_check_secret.outputs.IS_DOCKER_SECRET_SET == 'true'
uses: docker/login-action@v1
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}

- name: Get yarn cache directory path
id: yarn-cache-dir-path
run: echo "dir=.yarn/cache" >> $GITHUB_OUTPUT

- name: Cache Docker layers
id: cache-buildx
uses: actions/cache@v3
with:
path: |
${{ steps.yarn-cache-dir-path.outputs.dir }}
/tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ hashFiles('Dockerfile', '**/*.gradle', 'gradle.properties', 'src/main/**', 'radar-auth/src/**', 'yarn.lock', '*.json', '.yarnrc.yml') }}
restore-keys: |
${{ runner.os }}-buildx-
- name: Cache parameters
id: cache-parameters
run: |
if [ "${{ steps.cache-buildx.outputs.cache-hit }}" = "true" ]; then
echo "cache-to=" >> $GITHUB_OUTPUT
else
echo "cache-to=type=local,dest=/tmp/.buildx-cache-new,mode=max" >> $GITHUB_OUTPUT
fi
- name: Use Node.js 15
uses: actions/setup-node@v3
with:
node-version: 15

- name: Prime yarn cache
run: yarn install --mode=skip-build

# Add Docker labels and tags
- name: Docker meta
id: docker_meta
uses: crazy-max/ghaction-docker-meta@v2
uses: docker/metadata-action@v4
with:
images: ${{ env.DOCKER_IMAGE }}

# Setup docker build environment
- name: Set up QEMU
uses: docker/setup-qemu-action@v1
uses: docker/setup-qemu-action@v2

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
uses: docker/setup-buildx-action@v2

- name: Docker build parameters
id: docker_params
run: |
if [ "${{ github.event_name == 'pull_request' }}" = "true" ]; then
echo "::set-output name=push::false"
echo "::set-output name=load::true"
echo "::set-output name=platforms::linux/amd64"
echo "push=false" >> $GITHUB_OUTPUT
echo "load=true" >> $GITHUB_OUTPUT
echo "platforms=linux/amd64" >> $GITHUB_OUTPUT
else
echo "::set-output name=push::true"
echo "::set-output name=load::false"
echo "::set-output name=platforms::linux/amd64,linux/arm64"
echo "push=true" >> $GITHUB_OUTPUT
echo "load=false" >> $GITHUB_OUTPUT
echo "platforms=linux/amd64,linux/arm64" >> $GITHUB_OUTPUT
fi
- name: Build docker
uses: docker/build-push-action@v2
uses: docker/build-push-action@v3
with:
# Do not load context from Github but from local path
context: .
cache-from: type=local,src=/tmp/.buildx-cache
cache-to: ${{ steps.cache-parameters.outputs.cache-to }}
load: ${{ steps.docker_params.outputs.load }}
push: ${{ steps.docker_params.outputs.push }}
platforms: ${{ steps.docker_params.outputs.platforms }}
Expand All @@ -177,6 +194,15 @@ jobs:
org.opencontainers.image.vendor=RADAR-base
org.opencontainers.image.licenses=Apache-2.0
# Temp fix
# https://github.com/docker/build-push-action/issues/252
# https://github.com/moby/buildkit/issues/1896
- name: Move docker build cache
if: steps.cache-buildx.outputs.cache-hit != 'true'
run: |
rm -rf /tmp/.buildx-cache
mv /tmp/.buildx-cache-new /tmp/.buildx-cache
- name: Pull docker image
if: steps.docker_params.outputs.load == 'false'
run: docker pull ${{ env.DOCKER_IMAGE }}:${{ steps.docker_meta.outputs.version }}
Expand Down
21 changes: 14 additions & 7 deletions .github/workflows/pre-release.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,23 +17,24 @@ jobs:
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- uses: actions/checkout@v2
- uses: actions/checkout@v3

- name: Use Node.js 15
uses: actions/setup-node@v1
uses: actions/setup-node@v3
with:
node-version: 15

- name: Get yarn cache directory path
id: yarn-cache-dir-path
run: echo "::set-output name=dir::$(yarn cache dir)"
run: echo "dir=.yarn/cache" >> $GITHUB_OUTPUT

- uses: actions/setup-java@v1
- uses: actions/setup-java@v3
with:
distribution: temurin
java-version: 11

- name: Cache
uses: actions/cache@v2
uses: actions/cache@v3
with:
path: |
${{ steps.yarn-cache-dir-path.outputs.dir }}
Expand All @@ -48,9 +49,15 @@ jobs:
run: |
yarn install
- name: Run full end to end tests
- name: End to end tests
id: e2e
run: |
./src/test/bash/run-prod-e2e.sh
cp src/test/resources/config/keystore.p12 src/main/resources/config/keystore.p12
./gradlew bootRun &>mp.log </dev/null &
yarn run wait-for-managementportal
./gradlew generateOpenApiSpec
yarn e2e
./gradlew --stop
- name: Generate github pages
run: ./gradlew ghPages
Expand Down
32 changes: 21 additions & 11 deletions .github/workflows/release.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,23 +16,24 @@ jobs:
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- uses: actions/checkout@v2
- uses: actions/checkout@v3

- name: Use Node.js 15
uses: actions/setup-node@v1
uses: actions/setup-node@v3
with:
node-version: 15

- name: Get yarn cache directory path
id: yarn-cache-dir-path
run: echo "::set-output name=dir::$(yarn cache dir)"
run: echo "dir=.yarn/cache" >> $GITHUB_OUTPUT

- uses: actions/setup-java@v1
- uses: actions/setup-java@v3
with:
distribution: temurin
java-version: 11

- name: Cache
uses: actions/cache@v2
uses: actions/cache@v3
with:
path: |
${{ steps.yarn-cache-dir-path.outputs.dir }}
Expand Down Expand Up @@ -70,34 +71,43 @@ jobs:

# Steps represent a sequence of tasks that will be executed as part of the job
steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v3

- name: Use Node.js 15
uses: actions/setup-node@v3
with:
node-version: 15

- name: Prime yarn cache
run: yarn install --check-cache --mode=skip-build

# Setup docker build environment
- name: Set up QEMU
uses: docker/setup-qemu-action@v1
uses: docker/setup-qemu-action@v2

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
uses: docker/setup-buildx-action@v2

- name: Login to DockerHub
uses: docker/login-action@v1
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}

# Add Docker labels and tags
- name: Docker meta
id: docker_meta
uses: crazy-max/ghaction-docker-meta@v2
uses: docker/metadata-action@v4
with:
images: ${{ env.DOCKER_IMAGE }}
tags: |
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
- name: Build docker
uses: docker/build-push-action@v2
uses: docker/build-push-action@v3
with:
context: .
# Allow running the image on the architectures supported by openjdk:11-jre-slim
platforms: linux/amd64,linux/arm64
push: true
Expand Down
45 changes: 22 additions & 23 deletions .github/workflows/scheduled-snyk.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,37 +9,36 @@ jobs:
runs-on: ubuntu-latest

steps:
- uses: actions/checkout@master
- uses: actions/checkout@v3
- uses: snyk/actions/setup@master
with:
snyk-version: v1.996.0

- name: Run Snyk to check for Kotlin vulnerabilities
uses: snyk/actions/gradle-jdk11@master
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
- uses: actions/setup-node@v3
with:
command: test
json: true
args: --all-sub-projects --policy-path=.snyk
if: ${{ !cancelled() }}
node-version: '15'
cache: npm

- name: Report new Kotlin vulnerabilities
uses: thehyve/report-vulnerability@master
- uses: actions/setup-java@v3
with:
report-file: snyk.json
env:
TOKEN: ${{ secrets.GITHUB_TOKEN }}
if: ${{ failure() }}
distribution: temurin
java-version: 11

- name: Run Snyk to check for Node vulnerabilities
uses: snyk/actions/node@master
- name: Setup Gradle
uses: gradle/gradle-build-action@v2

- name: Run Snyk to check for vulnerabilities
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
command: test
args: . --policy-path=.snyk
json: true
if: ${{ !cancelled() }}
run: >
snyk test
--all-projects
--configuration-matching="^compileClasspath$|^runtimeClasspath$"
--org=radar-base
--policy-path=.snyk
--json-file-output=snyk.json
- name: Report new Node vulnerabilities
- name: Report new vulnerabilities
uses: thehyve/report-vulnerability@master
with:
report-file: snyk.json
Expand Down
Loading

0 comments on commit b51f736

Please sign in to comment.