Skip to content

Commit

Permalink
Install pipeline 1.1
Browse files Browse the repository at this point in the history
  • Loading branch information
@w-caffiero-entando
w-caffiero-entando committed Oct 25, 2021
1 parent c395d16 commit 1639040
Show file tree
Hide file tree
Showing 4 changed files with 310 additions and 0 deletions.
58 changes: 58 additions & 0 deletions .github/ga-publication.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,58 @@
name: GA Publication

on:
release:
types:
- created

env:
ENTANDO_OPT_USE_PPL_TAG: "v1.1.0"
ENTANDO_OPT_FEATURES: "${{ secrets.ENTANDO_OPT_FEATURES }}"
ENTANDO_OPT_GLOBAL_FEATURES: "${{ secrets.ENTANDO_OPT_GLOBAL_FEATURES }}"
ENTANDO_OPT_LOG_LEVEL: "${{ secrets.ENTANDO_OPT_LOG_LEVEL }}"
ENTANDO_OPT_REPO_BOM_URL: "${{ secrets.ENTANDO_OPT_REPO_BOM_URL }}"
PPL_CONTEXT: ${{ toJson(github) }}
GIT_USER_NAME: "${{ secrets.GIT_USER_NAME }}"
GIT_USER_EMAIL: "${{ secrets.GIT_USER_EMAIL }}"
LOCAL_CLONE_DIR: "local-checkout"

jobs:
ga-publish:
env:
ENTANDO_OPT_MAVEN_REPO_GA: ${{ secrets.ENTANDO_OPT_MAVEN_REPO_GA }}
ENTANDO_BOT_TOKEN: ${{ secrets.ENTANDO_BOT_TOKEN }}
runs-on: ubuntu-latest
steps:
- name: "PR PIPELINE START"
run: |
${{ secrets.ENTANDO_OPT_PPL_INSTALL_CMD }}
~/ppl-run status-report
- name: "Checkout"
run: |
~/ppl-run checkout-branch base \
--id "CHECKOUT FOR GA PUBLICATION" \
--lcd "$LOCAL_CLONE_DIR"
- name: "Cache Maven packages"
uses: actions/cache@v2
with:
path: ~/.m2
key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
restore-keys: ${{ runner.os }}-m2
- name: "Configure GA Repository"
uses: actions/setup-java@v1
with:
java-version: 11
server-id: maven-central
server-username: MAVEN_USERNAME
server-password: MAVEN_PASSWORD
gpg-private-key: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }}
gpg-passphrase: MAVEN_GPG_PASSPHRASE
- name: "Publish package to GA"
run: |
~/ppl-run mvn GA-PUBLICATION \
--id "GA-PUBLICATION" \
--lcd "$LOCAL_CLONE_DIR"
env:
MAVEN_USERNAME: ${{ secrets.MAVEN_USERNAME }}
MAVEN_PASSWORD: ${{ secrets.MAVEN_PASSWORD }}
MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }}
37 changes: 37 additions & 0 deletions .github/post-merge.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
name: Post-Merge

on:
push:
branches:
- develop

env:
ENTANDO_OPT_USE_PPL_TAG: "v1.1.0"
ENTANDO_OPT_FEATURES: "${{ secrets.ENTANDO_OPT_FEATURES }}"
ENTANDO_OPT_GLOBAL_FEATURES: "${{ secrets.ENTANDO_OPT_GLOBAL_FEATURES }}"
ENTANDO_OPT_LOG_LEVEL: "${{ secrets.ENTANDO_OPT_LOG_LEVEL }}"
ENTANDO_OPT_REPO_BOM_URL: "${{ secrets.ENTANDO_OPT_REPO_BOM_URL }}"
PPL_CONTEXT: ${{ toJson(github) }}
GIT_USER_NAME: "${{ secrets.GIT_USER_NAME }}"
GIT_USER_EMAIL: "${{ secrets.GIT_USER_EMAIL }}"
LOCAL_CLONE_DIR: "local-checkout"


jobs:
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# TAG
add-release-tag:
runs-on: ubuntu-latest
steps:
- name: "ADD RELEASE TAG"
run: |
${{ secrets.ENTANDO_OPT_PPL_INSTALL_CMD }}
~/ppl-run pr-status-report \
.. checkout-branch base \
--id "CHECKOUT-BASE" \
--lcd "$LOCAL_CLONE_DIR" \
--token "${{ secrets.ENTANDO_BOT_TOKEN }}" \
.. release tag-snapshot-version \
--id "TAG-RELEASE" \
--lcd "$LOCAL_CLONE_DIR"
142 changes: 142 additions & 0 deletions .github/pr.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,142 @@
name: PR-CYCLE

on:
pull_request:
types:
- opened
- synchronize
- reopened
branches:
- develop

env:
ENTANDO_OPT_USE_PPL_TAG: "v1.1.0"
ENTANDO_OPT_FEATURES: "${{ secrets.ENTANDO_OPT_FEATURES }}"
ENTANDO_OPT_GLOBAL_FEATURES: "${{ secrets.ENTANDO_OPT_GLOBAL_FEATURES }}"
ENTANDO_OPT_LOG_LEVEL: "${{ secrets.ENTANDO_OPT_LOG_LEVEL }}"
ENTANDO_OPT_REPO_BOM_URL: "${{ secrets.ENTANDO_OPT_REPO_BOM_URL }}"
PPL_CONTEXT: ${{ toJson(github) }}
GIT_USER_NAME: "${{ secrets.GIT_USER_NAME }}"
GIT_USER_EMAIL: "${{ secrets.GIT_USER_EMAIL }}"
LOCAL_CLONE_DIR: "local-checkout"
SNYK_ORG: "entando-ixc"

jobs:
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# PREPARE

prepare:
runs-on: ubuntu-latest
outputs:
SCAN_MATRIX: ${{ steps.START.outputs.SCAN_MATRIX }}
steps:
#~
- name: "PR PIPELINE START"
id: START
run: |
${{ secrets.ENTANDO_OPT_PPL_INSTALL_CMD }}
~/ppl-run \
.. status-report \
.. @checkout-branch pr --lcd "$LOCAL_CLONE_DIR" \
.. @setup-feature-flags "PR_PREFLIGHT_CHECKS" "BOM_CHECK" "BOM" \
.. @setup-features-list "SCAN_MATRIX" --prefix "SCAN-NPM-" \
;
- name: "PR preflight checks"
if: steps.START.outputs.PR_PREFLIGHT_CHECKS != 'false'
id: pr-preflight-checks
run: |
~/ppl-run pr-preflight-checks --lcd "$LOCAL_CLONE_DIR"
# BOM
- name: "entando-core-bom check"
if: steps.START.outputs.BOM_CHECK != 'false' && steps.START.outputs.BOM == 'true'
id: pr-bom-check
run: |
~/ppl-run @pr-labels add "prepared" --id "ADD-LABEL-PREPARED"
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# FULL-BUILD

full-build:
needs: [ 'prepare' ]
runs-on: ubuntu-latest
steps:
#~ CHECKOUT
- name: "CHECKOUT"
run: |
${{ secrets.ENTANDO_OPT_PPL_INSTALL_CMD }}
~/ppl-run checkout-branch pr \
--lcd "$LOCAL_CLONE_DIR" \
--token "${{ secrets.ENTANDO_BOT_TOKEN }}" \
;
#~ NODE
- uses: actions/setup-node@v2
with:
node-version: 14.x
#~ NPM CACHE
- name: "Cache NPM Packages"
id: package-cache
uses: actions/cache@v2
with:
path: ~/.npm
key: ${{ runner.os }}-npm
#~ BUILD CACHE
- name: "Cache Build Dir"
id: build-cache
uses: actions/cache@v2
with:
path: "${{ env.LOCAL_CLONE_DIR }}/build/"
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
#~ BUILD
- name: "FULL BUILD"
run: |
~/ppl-run \
.. generic FULL-BUILD --lcd "$LOCAL_CLONE_DIR" \
.. release tag-snapshot-version --lcd "$LOCAL_CLONE_DIR" \
;
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# SCANS
scans:
env:
CI: true
needs: [ 'prepare', 'full-build' ]
runs-on: ubuntu-latest
if: ${{ needs.prepare.outputs.SCAN_MATRIX != '' }}
strategy:
max-parallel: 5
fail-fast: false
matrix:
scan-type: ${{fromJson(needs.prepare.outputs.SCAN_MATRIX)}}

steps:
#~ CHECKOUT
- name: "CHECKOUT"
run: |
${{ secrets.ENTANDO_OPT_PPL_INSTALL_CMD }}
~/ppl-run checkout-branch pr --lcd "$LOCAL_CLONE_DIR"
#~ NODE
- uses: actions/setup-node@v2
with:
node-version: 14.x
#~ NPM CACHE
- name: "Cache NPM Packages"
id: package-cache
uses: actions/cache@v2
with:
path: ~/.npm
key: ${{ runner.os }}-npm
#~ BUILD CACHE
- name: "Cache Build Dir"
id: build-cache
uses: actions/cache@v2
with:
path: "${{ env.LOCAL_CLONE_DIR }}/build/"
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
#~ SCAN
- name: "Run the Scan"
run: |
SCAN_TYPE="${{ matrix.scan-type }}"
~/ppl-run generic "$SCAN_TYPE" mvn --id "$SCAN_TYPE" --lcd "$LOCAL_CLONE_DIR"
73 changes: 73 additions & 0 deletions .github/publication.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,73 @@
name: Internal Snapshot Publication

on:
push:
tags:
- 'v*'

env:
ENTANDO_OPT_USE_PPL_TAG: "v1.1.0"
ENTANDO_OPT_FEATURES: "${{ secrets.ENTANDO_OPT_FEATURES }}"
ENTANDO_OPT_GLOBAL_FEATURES: "${{ secrets.ENTANDO_OPT_GLOBAL_FEATURES }}"
ENTANDO_OPT_LOG_LEVEL: "${{ secrets.ENTANDO_OPT_LOG_LEVEL }}"
ENTANDO_OPT_REPO_BOM_URL: "${{ secrets.ENTANDO_OPT_REPO_BOM_URL }}"
PPL_CONTEXT: ${{ toJson(github) }}
GIT_USER_NAME: "${{ secrets.GIT_USER_NAME }}"
GIT_USER_EMAIL: "${{ secrets.GIT_USER_EMAIL }}"
LOCAL_CLONE_DIR: "local-checkout"


jobs:
internal-publication:
runs-on: ubuntu-latest
steps:
- name: "PR PIPELINE START"
id: START
run: |
${{ secrets.ENTANDO_OPT_PPL_INSTALL_CMD }}
~/ppl-run status-report \
.. @setup-feature-flags "PR_FORMAT_CHECK" "BOM_CHECK" "BOM" \
.. @setup-features-list "SCAN_MATRIX" true SONAR_SCAN OWASP_SCAN SNYK_SCAN \
;
#~ CHECKOUT
- name: "Checkout"
run: |
~/ppl-run checkout-branch base \
--id "CHECKOUT FOR NEXUS PUBLICATION" \
--lcd "$LOCAL_CLONE_DIR" \
;
#~ NODE
- uses: actions/setup-node@v2
with:
node-version: 14.x
#~ NPM CACHE
- name: "Cache NPM Packages"
id: package-cache
uses: actions/cache@v2
with:
path: ~/.npm
key: ${{ runner.os }}-npm
#~ BUILD CACHE
- name: "Cache Build Dir"
id: build-cache
uses: actions/cache@v2
with:
path: "${{ env.LOCAL_CLONE_DIR }}/build/"
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
#~ PUBLISH PACKAGE
- name: "Publish package"
run: |
~/ppl-run generic PUBLISH \
--id "PUBLICATION" \
--lcd "$LOCAL_CLONE_DIR"
#~ PUBLISH TO DOCKER IMAGE
- name: "Publish docker"
env:
ENTANDO_OPT_DOCKER_BUILDS: "${{ secrets.ENTANDO_OPT_DOCKER_BUILDS }}"
ENTANDO_OPT_DOCKER_ORG: "${{ secrets.ENTANDO_OPT_DOCKER_ORG }}"
ENTANDO_OPT_DOCKER_USERNAME: "${{ secrets.ENTANDO_OPT_DOCKER_USERNAME }}"
ENTANDO_OPT_DOCKER_PASSWORD: "${{ secrets.ENTANDO_OPT_DOCKER_PASSWORD }}"
run: |
~/ppl-run docker publish "$ENTANDO_OPT_DOCKER_BUILDS"\
--id "PUBLISH-DOCKER" \
--lcd "$LOCAL_CLONE_DIR"

0 comments on commit 1639040

Please sign in to comment.