diff --git a/.github/ga-publication.yml b/.github/ga-publication.yml new file mode 100644 index 0000000..b7c63f4 --- /dev/null +++ b/.github/ga-publication.yml @@ -0,0 +1,58 @@ +name: GA Publication + +on: + release: + types: + - created + +env: + ENTANDO_OPT_USE_PPL_TAG: "v1.1.0" + ENTANDO_OPT_FEATURES: "${{ secrets.ENTANDO_OPT_FEATURES }}" + ENTANDO_OPT_GLOBAL_FEATURES: "${{ secrets.ENTANDO_OPT_GLOBAL_FEATURES }}" + ENTANDO_OPT_LOG_LEVEL: "${{ secrets.ENTANDO_OPT_LOG_LEVEL }}" + ENTANDO_OPT_REPO_BOM_URL: "${{ secrets.ENTANDO_OPT_REPO_BOM_URL }}" + PPL_CONTEXT: ${{ toJson(github) }} + GIT_USER_NAME: "${{ secrets.GIT_USER_NAME }}" + GIT_USER_EMAIL: "${{ secrets.GIT_USER_EMAIL }}" + LOCAL_CLONE_DIR: "local-checkout" + +jobs: + ga-publish: + env: + ENTANDO_OPT_MAVEN_REPO_GA: ${{ secrets.ENTANDO_OPT_MAVEN_REPO_GA }} + ENTANDO_BOT_TOKEN: ${{ secrets.ENTANDO_BOT_TOKEN }} + runs-on: ubuntu-latest + steps: + - name: "PR PIPELINE START" + run: | + ${{ secrets.ENTANDO_OPT_PPL_INSTALL_CMD }} + ~/ppl-run status-report + - name: "Checkout" + run: | + ~/ppl-run checkout-branch base \ + --id "CHECKOUT FOR GA PUBLICATION" \ + --lcd "$LOCAL_CLONE_DIR" + - name: "Cache Maven packages" + uses: actions/cache@v2 + with: + path: ~/.m2 + key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} + restore-keys: ${{ runner.os }}-m2 + - name: "Configure GA Repository" + uses: actions/setup-java@v1 + with: + java-version: 11 + server-id: maven-central + server-username: MAVEN_USERNAME + server-password: MAVEN_PASSWORD + gpg-private-key: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }} + gpg-passphrase: MAVEN_GPG_PASSPHRASE + - name: "Publish package to GA" + run: | + ~/ppl-run mvn GA-PUBLICATION \ + --id "GA-PUBLICATION" \ + --lcd "$LOCAL_CLONE_DIR" + env: + MAVEN_USERNAME: ${{ secrets.MAVEN_USERNAME }} + MAVEN_PASSWORD: ${{ secrets.MAVEN_PASSWORD }} + MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }} diff --git a/.github/post-merge.yml b/.github/post-merge.yml new file mode 100644 index 0000000..98f0f82 --- /dev/null +++ b/.github/post-merge.yml @@ -0,0 +1,37 @@ +name: Post-Merge + +on: + push: + branches: + - develop + +env: + ENTANDO_OPT_USE_PPL_TAG: "v1.1.0" + ENTANDO_OPT_FEATURES: "${{ secrets.ENTANDO_OPT_FEATURES }}" + ENTANDO_OPT_GLOBAL_FEATURES: "${{ secrets.ENTANDO_OPT_GLOBAL_FEATURES }}" + ENTANDO_OPT_LOG_LEVEL: "${{ secrets.ENTANDO_OPT_LOG_LEVEL }}" + ENTANDO_OPT_REPO_BOM_URL: "${{ secrets.ENTANDO_OPT_REPO_BOM_URL }}" + PPL_CONTEXT: ${{ toJson(github) }} + GIT_USER_NAME: "${{ secrets.GIT_USER_NAME }}" + GIT_USER_EMAIL: "${{ secrets.GIT_USER_EMAIL }}" + LOCAL_CLONE_DIR: "local-checkout" + + +jobs: + # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + # TAG + add-release-tag: + runs-on: ubuntu-latest + steps: + - name: "ADD RELEASE TAG" + run: | + ${{ secrets.ENTANDO_OPT_PPL_INSTALL_CMD }} + + ~/ppl-run pr-status-report \ + .. checkout-branch base \ + --id "CHECKOUT-BASE" \ + --lcd "$LOCAL_CLONE_DIR" \ + --token "${{ secrets.ENTANDO_BOT_TOKEN }}" \ + .. release tag-snapshot-version \ + --id "TAG-RELEASE" \ + --lcd "$LOCAL_CLONE_DIR" diff --git a/.github/pr.yml b/.github/pr.yml new file mode 100644 index 0000000..d83214b --- /dev/null +++ b/.github/pr.yml @@ -0,0 +1,142 @@ +name: PR-CYCLE + +on: + pull_request: + types: + - opened + - synchronize + - reopened + branches: + - develop + +env: + ENTANDO_OPT_USE_PPL_TAG: "v1.1.0" + ENTANDO_OPT_FEATURES: "${{ secrets.ENTANDO_OPT_FEATURES }}" + ENTANDO_OPT_GLOBAL_FEATURES: "${{ secrets.ENTANDO_OPT_GLOBAL_FEATURES }}" + ENTANDO_OPT_LOG_LEVEL: "${{ secrets.ENTANDO_OPT_LOG_LEVEL }}" + ENTANDO_OPT_REPO_BOM_URL: "${{ secrets.ENTANDO_OPT_REPO_BOM_URL }}" + PPL_CONTEXT: ${{ toJson(github) }} + GIT_USER_NAME: "${{ secrets.GIT_USER_NAME }}" + GIT_USER_EMAIL: "${{ secrets.GIT_USER_EMAIL }}" + LOCAL_CLONE_DIR: "local-checkout" + SNYK_ORG: "entando-ixc" + +jobs: + # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + # PREPARE + + prepare: + runs-on: ubuntu-latest + outputs: + SCAN_MATRIX: ${{ steps.START.outputs.SCAN_MATRIX }} + steps: + #~ + - name: "PR PIPELINE START" + id: START + run: | + ${{ secrets.ENTANDO_OPT_PPL_INSTALL_CMD }} + ~/ppl-run \ + .. status-report \ + .. @checkout-branch pr --lcd "$LOCAL_CLONE_DIR" \ + .. @setup-feature-flags "PR_PREFLIGHT_CHECKS" "BOM_CHECK" "BOM" \ + .. @setup-features-list "SCAN_MATRIX" --prefix "SCAN-NPM-" \ + ; + - name: "PR preflight checks" + if: steps.START.outputs.PR_PREFLIGHT_CHECKS != 'false' + id: pr-preflight-checks + run: | + ~/ppl-run pr-preflight-checks --lcd "$LOCAL_CLONE_DIR" + # BOM + - name: "entando-core-bom check" + if: steps.START.outputs.BOM_CHECK != 'false' && steps.START.outputs.BOM == 'true' + id: pr-bom-check + run: | + ~/ppl-run @pr-labels add "prepared" --id "ADD-LABEL-PREPARED" + + # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + # FULL-BUILD + + full-build: + needs: [ 'prepare' ] + runs-on: ubuntu-latest + steps: + #~ CHECKOUT + - name: "CHECKOUT" + run: | + ${{ secrets.ENTANDO_OPT_PPL_INSTALL_CMD }} + ~/ppl-run checkout-branch pr \ + --lcd "$LOCAL_CLONE_DIR" \ + --token "${{ secrets.ENTANDO_BOT_TOKEN }}" \ + ; + #~ NODE + - uses: actions/setup-node@v2 + with: + node-version: 14.x + #~ NPM CACHE + - name: "Cache NPM Packages" + id: package-cache + uses: actions/cache@v2 + with: + path: ~/.npm + key: ${{ runner.os }}-npm + #~ BUILD CACHE + - name: "Cache Build Dir" + id: build-cache + uses: actions/cache@v2 + with: + path: "${{ env.LOCAL_CLONE_DIR }}/build/" + key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} + #~ BUILD + - name: "FULL BUILD" + run: | + ~/ppl-run \ + .. generic FULL-BUILD --lcd "$LOCAL_CLONE_DIR" \ + .. release tag-snapshot-version --lcd "$LOCAL_CLONE_DIR" \ + ; + + # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + # SCANS + scans: + env: + CI: true + needs: [ 'prepare', 'full-build' ] + runs-on: ubuntu-latest + if: ${{ needs.prepare.outputs.SCAN_MATRIX != '' }} + strategy: + max-parallel: 5 + fail-fast: false + matrix: + scan-type: ${{fromJson(needs.prepare.outputs.SCAN_MATRIX)}} + + steps: + #~ CHECKOUT + - name: "CHECKOUT" + run: | + ${{ secrets.ENTANDO_OPT_PPL_INSTALL_CMD }} + ~/ppl-run checkout-branch pr --lcd "$LOCAL_CLONE_DIR" + #~ NODE + - uses: actions/setup-node@v2 + with: + node-version: 14.x + #~ NPM CACHE + - name: "Cache NPM Packages" + id: package-cache + uses: actions/cache@v2 + with: + path: ~/.npm + key: ${{ runner.os }}-npm + #~ BUILD CACHE + - name: "Cache Build Dir" + id: build-cache + uses: actions/cache@v2 + with: + path: "${{ env.LOCAL_CLONE_DIR }}/build/" + key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} + #~ SCAN + - name: "Run the Scan" + run: | + SCAN_TYPE="${{ matrix.scan-type }}" + ~/ppl-run generic "$SCAN_TYPE" mvn --id "$SCAN_TYPE" --lcd "$LOCAL_CLONE_DIR" diff --git a/.github/publication.yml b/.github/publication.yml new file mode 100644 index 0000000..b260788 --- /dev/null +++ b/.github/publication.yml @@ -0,0 +1,73 @@ +name: Internal Snapshot Publication + +on: + push: + tags: + - 'v*' + +env: + ENTANDO_OPT_USE_PPL_TAG: "v1.1.0" + ENTANDO_OPT_FEATURES: "${{ secrets.ENTANDO_OPT_FEATURES }}" + ENTANDO_OPT_GLOBAL_FEATURES: "${{ secrets.ENTANDO_OPT_GLOBAL_FEATURES }}" + ENTANDO_OPT_LOG_LEVEL: "${{ secrets.ENTANDO_OPT_LOG_LEVEL }}" + ENTANDO_OPT_REPO_BOM_URL: "${{ secrets.ENTANDO_OPT_REPO_BOM_URL }}" + PPL_CONTEXT: ${{ toJson(github) }} + GIT_USER_NAME: "${{ secrets.GIT_USER_NAME }}" + GIT_USER_EMAIL: "${{ secrets.GIT_USER_EMAIL }}" + LOCAL_CLONE_DIR: "local-checkout" + + +jobs: + internal-publication: + runs-on: ubuntu-latest + steps: + - name: "PR PIPELINE START" + id: START + run: | + ${{ secrets.ENTANDO_OPT_PPL_INSTALL_CMD }} + ~/ppl-run status-report \ + .. @setup-feature-flags "PR_FORMAT_CHECK" "BOM_CHECK" "BOM" \ + .. @setup-features-list "SCAN_MATRIX" true SONAR_SCAN OWASP_SCAN SNYK_SCAN \ + ; + #~ CHECKOUT + - name: "Checkout" + run: | + ~/ppl-run checkout-branch base \ + --id "CHECKOUT FOR NEXUS PUBLICATION" \ + --lcd "$LOCAL_CLONE_DIR" \ + ; + #~ NODE + - uses: actions/setup-node@v2 + with: + node-version: 14.x + #~ NPM CACHE + - name: "Cache NPM Packages" + id: package-cache + uses: actions/cache@v2 + with: + path: ~/.npm + key: ${{ runner.os }}-npm + #~ BUILD CACHE + - name: "Cache Build Dir" + id: build-cache + uses: actions/cache@v2 + with: + path: "${{ env.LOCAL_CLONE_DIR }}/build/" + key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} + #~ PUBLISH PACKAGE + - name: "Publish package" + run: | + ~/ppl-run generic PUBLISH \ + --id "PUBLICATION" \ + --lcd "$LOCAL_CLONE_DIR" + #~ PUBLISH TO DOCKER IMAGE + - name: "Publish docker" + env: + ENTANDO_OPT_DOCKER_BUILDS: "${{ secrets.ENTANDO_OPT_DOCKER_BUILDS }}" + ENTANDO_OPT_DOCKER_ORG: "${{ secrets.ENTANDO_OPT_DOCKER_ORG }}" + ENTANDO_OPT_DOCKER_USERNAME: "${{ secrets.ENTANDO_OPT_DOCKER_USERNAME }}" + ENTANDO_OPT_DOCKER_PASSWORD: "${{ secrets.ENTANDO_OPT_DOCKER_PASSWORD }}" + run: | + ~/ppl-run docker publish "$ENTANDO_OPT_DOCKER_BUILDS"\ + --id "PUBLISH-DOCKER" \ + --lcd "$LOCAL_CLONE_DIR"