Skip to content

docs: note for current status of maintainers #828

docs: note for current status of maintainers

docs: note for current status of maintainers #828

Workflow file for this run

name: CI
on:
pull_request:
branches: [ main ]
paths-ignore:
- 'docs/**'
concurrency:
group: ${{ github.head_ref }}
cancel-in-progress: true
jobs:
setup:
timeout-minutes: 5
runs-on: ubuntu-latest
outputs:
branch_name: ${{ steps.get_branch_name.outputs.HEAD_REF }}
steps:
- name: Build branch name
id: get_branch_name
run: |
HEAD_REF=$(echo "${GITHUB_HEAD_REF}" | sed 's_/_\-_g' )
echo ::set-output name=HEAD_REF::"${HEAD_REF}"
style:
needs: [setup]
timeout-minutes: 5
runs-on: ubuntu-latest
strategy:
fail-fast: false
steps:
- uses: actions/checkout@v3
- name: Set up JDK ${{ matrix.java }}
uses: actions/setup-java@v3
with:
distribution: 'temurin'
java-version: '17'
- name: Cache maven packages
uses: actions/[email protected]
with:
path: ~/.m2
key: ${{ runner.os }}-${{ needs.setup.outputs.branch_name }}-style-${{ hashFiles('**/pom.xml') }}
restore-keys: ${{ runner.os }}-${{ needs.setup.outputs.branch_name }}-style-
- name: Run style checks
run: mvn -B checkstyle:check --file pom.xml
static-code-analysis:
needs: [setup, style]
timeout-minutes: 5
runs-on: ubuntu-latest
strategy:
fail-fast: false
steps:
- uses: actions/checkout@v3
- name: Set up JDK ${{ matrix.java }}
uses: actions/setup-java@v3
with:
distribution: 'temurin'
java-version: '17'
- name: Cache maven packages
uses: actions/[email protected]
with:
path: ~/.m2
key: ${{ runner.os }}-${{ needs.setup.outputs.branch_name }}-analysis-${{ hashFiles('**/pom.xml') }}
restore-keys: ${{ runner.os }}-${{ needs.setup.outputs.branch_name }}-analysis-
- name: Run static code analysis
run: mvn -B compile spotbugs:check --file pom.xml
unit-and-integration-tests:
needs: [setup, style]
timeout-minutes: 30
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ubuntu-latest, windows-latest, macos-latest]
java: [17]
steps:
- uses: actions/checkout@v3
- name: Set up JDK ${{ matrix.java }}
uses: actions/setup-java@v3
with:
distribution: 'temurin'
java-version: ${{ matrix.java }}
- name: Cache maven packages
uses: actions/[email protected]
with:
path: ~/.m2
key: ${{ runner.os }}-${{ needs.setup.outputs.branch_name }}-m2-${{ hashFiles('**/pom.xml') }}
restore-keys: ${{ runner.os }}-${{ needs.setup.outputs.branch_name }}-m2-
- name: Unit- and Integrationtests
run: mvn -B -U verify --file pom.xml -Prelease
mutation-tests:
needs: [setup, unit-and-integration-tests]
timeout-minutes: 30
runs-on: ubuntu-latest
strategy:
fail-fast: false
steps:
- uses: actions/checkout@v3
- name: Set up JDK ${{ matrix.java }}
uses: actions/setup-java@v3
with:
distribution: 'temurin'
java-version: '17'
- name: Cache maven packages
uses: actions/[email protected]
with:
path: ~/.m2
key: ${{ runner.os }}-${{ needs.setup.outputs.branch_name }}-m2-${{ hashFiles('**/pom.xml') }}
restore-keys: ${{ runner.os }}-${{ needs.setup.outputs.branch_name }}-m2-
- name: Run Mutation Tests
run: mvn -B -Dmaven.javadoc.skip=true test org.pitest:pitest-maven:mutationCoverage --file pom.xml
linting:
timeout-minutes: 5
runs-on: ubuntu-latest
strategy:
fail-fast: false
steps:
- uses: actions/checkout@v3
- name: Lint Docker
uses: hadolint/[email protected]
with:
dockerfile: Dockerfile
config: .hadolint.yaml
build_test_image:
needs: [linting, unit-and-integration-tests]
timeout-minutes: 15
runs-on: ubuntu-latest
outputs:
image_artifact_name: ${{ steps.get_image_artifact_name.outputs.image_artifact_name }}
image_name: ${{ steps.get_image_name.outputs.image_name }}
steps:
- name: Install SBoM generator
run: |
SYFT_EXPECTED_DIGEST='74a9becd5ccb4c02de99050a632e7bfc72176d5e4e844093b1e2c5bedfb45888'
curl -sSfL https://github.com/anchore/syft/releases/download/v0.29.0/syft_0.29.0_linux_amd64.tar.gz -o syft.tar.gz
SYFT_RESULT_DIGEST=$(sha256sum syft.tar.gz | cut -d' ' -f1);
if [[ $SYFT_RESULT_DIGEST != "${SYFT_EXPECTED_DIGEST}" ]]; then exit 1; fi
mkdir -p syft-install/
tar -zxf syft.tar.gz -C syft-install/
mv syft-install/syft /usr/local/bin/
rm -rf syft.tar.gz syft-install/
- name: Install SBom pusher
run: |
ORAS_EXPECTED_DIGEST='660a4ecd87414d1f29610b2ed4630482f1f0d104431576d37e59752c27de37ed'
curl -sSfL https://github.com/oras-project/oras/releases/download/v0.12.0/oras_0.12.0_linux_amd64.tar.gz -o oras.tar.gz
ORAS_RESULT_DIGEST=$(sha256sum oras.tar.gz | cut -d' ' -f1);
if [[ $ORAS_RESULT_DIGEST != "${ORAS_EXPECTED_DIGEST}" ]]; then exit 1; fi
mkdir -p oras-install/
tar -zxf oras.tar.gz -C oras-install/
mv oras-install/oras /usr/local/bin/
rm -rf oras.tar.gz oras-install/
- name: Checkout Repo
uses: actions/checkout@v3
- name: Build image artifact name
id: get_image_artifact_name
run: |
IMAGE_ARTIFACT_NAME=$(echo "${GITHUB_HEAD_REF}" | sed 's_/_\-_g' )
echo ::set-output name=image_artifact_name::"${IMAGE_ARTIFACT_NAME}"
- name: Build image name
id: get_image_name
run: echo ::set-output name=image_name::"ghcr.io/international-data-spaces-association/dataspace-connector"
- name: Build image
run: |
docker build . -t "${IMAGE}:ci"
env:
IMAGE: ${{ steps.get_image_name.outputs.image_name }}
DOCKER_BUILDKIT: 1
- name: Generate SBoM
run: |
BOM="${ARTIFACT}-sbom.json"
syft "${IMAGE}:ci" -o spdx-json > "${BOM}"
env:
IMAGE: ${{ steps.get_image_name.outputs.image_name }}
ARTIFACT: ${{ steps.get_image_artifact_name.outputs.image_artifact_name }}
- name: Build tar ball
id: build_tar_ball
run: |
docker save --output "${ARTIFACT}.tar" "${IMAGE}:ci"
env:
IMAGE: ${{ steps.get_image_name.outputs.image_name }}
ARTIFACT: ${{ steps.get_image_artifact_name.outputs.image_artifact_name }}
- name: Push image
uses: actions/upload-artifact@v3
with:
name: ${{ steps.get_image_artifact_name.outputs.image_artifact_name }}-image
path: ${{ github.workspace }}/${{ steps.get_image_artifact_name.outputs.image_artifact_name }}.tar
retention-days: 1
- name: Push SBoM
uses: actions/upload-artifact@v3
with:
name: ${{ steps.get_image_artifact_name.outputs.image_artifact_name }}-image-sbom.json
path: ${{ github.workspace }}/${{ steps.get_image_artifact_name.outputs.image_artifact_name }}-sbom.json
retention-days: 1
image-security-scan:
needs: [build_test_image]
timeout-minutes: 10
runs-on: ubuntu-latest
strategy:
fail-fast: false
steps:
- name: Download image
uses: actions/download-artifact@v3
with:
name: ${{ needs.build_test_image.outputs.image_artifact_name }}-image
- name: Load image into docker
run: docker load --input "${GITHUB_WORKSPACE}/${ARTIFACT}.tar"
env:
ARTIFACT: ${{ needs.build_test_image.outputs.image_artifact_name }}
- name: Checkout Repo
uses: actions/checkout@v3
- name: Run vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: '${{ needs.build_test_image.outputs.image_name }}:ci'
format: 'table'
exit-code: '1'
ignore-unfixed: true
vuln-type: 'os,library'
severity: 'UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL'
timeout: "9m0s"
build_test_backend_image:
needs: [linting, unit-and-integration-tests]
timeout-minutes: 10
runs-on: ubuntu-latest
strategy:
fail-fast: false
outputs:
image_artifact_name: ${{ steps.get_image_artifact_name.outputs.image_artifact_name }}
image_name: ${{ steps.get_image_name.outputs.image_name }}
steps:
- name: Checkout Repo
uses: actions/checkout@v3
- name: Build image artifact name
id: get_image_artifact_name
run: |
IMAGE_ARTIFACT_NAME=$(echo "${GITHUB_HEAD_REF}" | sed 's_/_\-_g' )-backend
echo ::set-output name=image_artifact_name::"${IMAGE_ARTIFACT_NAME}"
- name: Build image name
id: get_image_name
run: echo ::set-output name=image_name::"ghcr.io/international-data-spaces-association/dataspace-connector/tests/route-backend"
- name: Build image
run: |
cd ./scripts/tests/route-backend/
docker build . -t "${IMAGE}" -f route-backend.dockerfile
env:
IMAGE: ${{ steps.get_image_name.outputs.image_name }}
DOCKER_BUILDKIT: 1
- name: Build tar ball
id: build_tar_ball
run: |
docker save --output "${BACKEND_ARTIFACT}.tar" "${BACKEND_IMAGE}"
env:
BACKEND_IMAGE: ${{ steps.get_image_name.outputs.image_name }}
BACKEND_ARTIFACT: ${{ steps.get_image_artifact_name.outputs.image_artifact_name }}
- name: Push image
uses: actions/upload-artifact@v3
with:
name: ${{ steps.get_image_artifact_name.outputs.image_artifact_name }}-image
path: ${{ github.workspace }}/${{ steps.get_image_artifact_name.outputs.image_artifact_name }}.tar
retention-days: 1
build_test_runner_image:
needs: [linting, unit-and-integration-tests]
timeout-minutes: 10
runs-on: ubuntu-latest
strategy:
fail-fast: false
outputs:
image_artifact_name: ${{ steps.get_image_artifact_name.outputs.image_artifact_name }}
image_name: ${{ steps.get_image_name.outputs.image_name }}
steps:
- name: Checkout Repo
uses: actions/checkout@v3
- name: Build image artifact name
id: get_image_artifact_name
run: |
IMAGE_ARTIFACT_NAME=$(echo "${GITHUB_HEAD_REF}" | sed 's_/_\-_g' )-runner
echo ::set-output name=image_artifact_name::"${IMAGE_ARTIFACT_NAME}"
- name: Build image name
id: get_image_name
run: echo ::set-output name=image_name::"ghcr.io/international-data-spaces-association/dataspace-connector/tests/runner"
- name: Build image
run: |
cd ./scripts/tests/runner/
docker build . -t "${IMAGE}" -f runner.dockerfile
env:
IMAGE: ${{ steps.get_image_name.outputs.image_name }}
DOCKER_BUILDKIT: 1
- name: Build tar ball
id: build_tar_ball
run: |
docker save --output "${BACKEND_ARTIFACT}.tar" "${BACKEND_IMAGE}"
env:
BACKEND_IMAGE: ${{ steps.get_image_name.outputs.image_name }}
BACKEND_ARTIFACT: ${{ steps.get_image_artifact_name.outputs.image_artifact_name }}
- name: Push image
uses: actions/upload-artifact@v3
with:
name: ${{ steps.get_image_artifact_name.outputs.image_artifact_name }}-image
path: ${{ github.workspace }}/${{ steps.get_image_artifact_name.outputs.image_artifact_name }}.tar
retention-days: 1
e2e-test:
needs: [build_test_image, build_test_backend_image, build_test_runner_image]
timeout-minutes: 30
runs-on: ubuntu-latest
steps:
- name: Checkout Repo
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Setup environment
run: |
curl -sfL https://get.k3s.io | K3S_KUBECONFIG_MODE=666 sh -
cat /etc/rancher/k3s/k3s.yaml
mkdir -p ~/.kube
cp /etc/rancher/k3s/k3s.yaml ~/.kube/config
chmod 600 ~/.kube/config
- name: Download image
uses: actions/download-artifact@v3
with:
name: ${{ needs.build_test_image.outputs.image_artifact_name }}-image
- name: Download backend image
uses: actions/download-artifact@v3
with:
name: ${{ needs.build_test_backend_image.outputs.image_artifact_name }}-image
- name: Download test runner image
uses: actions/download-artifact@v3
with:
name: ${{ needs.build_test_runner_image.outputs.image_artifact_name }}-image
- name: Load image into cluster
run: sudo k3s ctr images import "${GITHUB_WORKSPACE}/${ARTIFACT}.tar"
env:
ARTIFACT: ${{ needs.build_test_image.outputs.image_artifact_name }}
- name: Load backend image into cluster
run: sudo k3s ctr images import "${GITHUB_WORKSPACE}/${BACKEND_ARTIFACT}.tar"
env:
BACKEND_ARTIFACT: ${{ needs.build_test_backend_image.outputs.image_artifact_name }}
- name: Load backend image into cluster
run: sudo k3s ctr images import "${GITHUB_WORKSPACE}/${RUNNER_ARTIFACT}.tar"
env:
RUNNER_ARTIFACT: ${{ needs.build_test_runner_image.outputs.image_artifact_name }}
- name: Test environment
run: |
kubectl cluster-info
- name: Run scripts
run: |
./scripts/ci/e2e/test-provider-consumer.sh