[Snyk] Fix for 1 vulnerabilities #1299
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Integration tests | |
| on: | |
| push: | |
| branches: | |
| # - 'master' | |
| - "release-*" | |
| - "!release-1.4" | |
| - "!release-1.5" | |
| pull_request: | |
| branches: | |
| # - 'master' | |
| - "release-*" # Codefresh change instead of `master` | |
| env: | |
| # Golang version to use across CI steps | |
| GOLANG_VERSION: "1.16.5" | |
| jobs: | |
| build-docker: | |
| name: Build Docker image | |
| runs-on: ubuntu-latest | |
| if: github.head_ref != '' | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v2 | |
| - name: Build Docker image | |
| run: | | |
| make image | |
| check-go: | |
| name: Ensure Go modules synchronicity | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v2 | |
| - name: Setup Golang | |
| uses: actions/setup-go@v1 | |
| with: | |
| go-version: ${{ env.GOLANG_VERSION }} | |
| - name: Download all Go modules | |
| run: | | |
| go mod download | |
| - name: Check for tidyness of go.mod and go.sum | |
| run: | | |
| go mod tidy | |
| git diff --exit-code -- . | |
| build-go: | |
| name: Build & cache Go code | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v2 | |
| - name: Setup Golang | |
| uses: actions/setup-go@v1 | |
| with: | |
| go-version: ${{ env.GOLANG_VERSION }} | |
| - name: Restore go build cache | |
| uses: actions/cache@v1 | |
| with: | |
| path: ~/.cache/go-build | |
| key: ${{ runner.os }}-go-build-v1-${{ github.run_id }} | |
| - name: Download all Go modules | |
| run: | | |
| go mod download | |
| - name: Compile all packages | |
| run: make build-local | |
| lint-go: | |
| name: Lint Go code | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/setup-go@v3 | |
| with: | |
| go-version: ${{ env.GOLANG_VERSION }} | |
| - name: Checkout code | |
| uses: actions/checkout@v2 | |
| - name: Run golangci-lint | |
| uses: golangci/golangci-lint-action@v3 | |
| with: | |
| version: v1.38.0 | |
| args: --timeout 10m --exclude SA5011 | |
| test-go: | |
| name: Run unit tests for Go packages | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build-go | |
| steps: | |
| - name: Create checkout directory | |
| run: mkdir -p ~/go/src/github.com/argoproj | |
| - name: Checkout code | |
| uses: actions/checkout@v2 | |
| - name: Create symlink in GOPATH | |
| run: ln -s $(pwd) ~/go/src/github.com/argoproj/argo-cd | |
| - name: Setup Golang | |
| uses: actions/setup-go@v1 | |
| with: | |
| go-version: ${{ env.GOLANG_VERSION }} | |
| - name: Install required packages | |
| run: | | |
| sudo apt-get install git -y | |
| - name: Switch to temporal branch so we re-attach head | |
| run: | | |
| git switch -c temporal-pr-branch | |
| git status | |
| - name: Fetch complete history for blame information | |
| run: | | |
| git fetch --prune --no-tags --depth=1 origin +refs/heads/*:refs/remotes/origin/* | |
| - name: Add ~/go/bin to PATH | |
| run: | | |
| echo "/home/runner/go/bin" >> $GITHUB_PATH | |
| - name: Add /usr/local/bin to PATH | |
| run: | | |
| echo "/usr/local/bin" >> $GITHUB_PATH | |
| - name: Restore go build cache | |
| uses: actions/cache@v1 | |
| with: | |
| path: ~/.cache/go-build | |
| key: ${{ runner.os }}-go-build-v1-${{ github.run_id }} | |
| - name: Install all tools required for building & testing | |
| run: | | |
| make install-test-tools-local | |
| - name: Setup git username and email | |
| run: | | |
| git config --global user.name "John Doe" | |
| git config --global user.email "[email protected]" | |
| - name: Download and vendor all required packages | |
| run: | | |
| go mod download | |
| - name: Run all unit tests | |
| run: make test-local | |
| - name: Generate code coverage artifacts | |
| uses: actions/upload-artifact@v2 | |
| with: | |
| name: code-coverage | |
| path: coverage.out | |
| - name: Generate test results artifacts | |
| uses: actions/upload-artifact@v2 | |
| with: | |
| name: test-results | |
| path: test-results/ | |
| test-go-race: | |
| name: Run unit tests with -race, for Go packages | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build-go | |
| steps: | |
| - name: Create checkout directory | |
| run: mkdir -p ~/go/src/github.com/argoproj | |
| - name: Checkout code | |
| uses: actions/checkout@v2 | |
| - name: Create symlink in GOPATH | |
| run: ln -s $(pwd) ~/go/src/github.com/argoproj/argo-cd | |
| - name: Setup Golang | |
| uses: actions/setup-go@v1 | |
| with: | |
| go-version: ${{ env.GOLANG_VERSION }} | |
| - name: Install required packages | |
| run: | | |
| sudo apt-get install git -y | |
| - name: Switch to temporal branch so we re-attach head | |
| run: | | |
| git switch -c temporal-pr-branch | |
| git status | |
| - name: Fetch complete history for blame information | |
| run: | | |
| git fetch --prune --no-tags --depth=1 origin +refs/heads/*:refs/remotes/origin/* | |
| - name: Add ~/go/bin to PATH | |
| run: | | |
| echo "/home/runner/go/bin" >> $GITHUB_PATH | |
| - name: Add /usr/local/bin to PATH | |
| run: | | |
| echo "/usr/local/bin" >> $GITHUB_PATH | |
| - name: Restore go build cache | |
| uses: actions/cache@v1 | |
| with: | |
| path: ~/.cache/go-build | |
| key: ${{ runner.os }}-go-build-v1-${{ github.run_id }} | |
| - name: Install all tools required for building & testing | |
| run: | | |
| make install-test-tools-local | |
| - name: Setup git username and email | |
| run: | | |
| git config --global user.name "John Doe" | |
| git config --global user.email "[email protected]" | |
| - name: Download and vendor all required packages | |
| run: | | |
| go mod download | |
| - name: Run all unit tests | |
| run: make test-race-local | |
| - name: Generate test results artifacts | |
| uses: actions/upload-artifact@v2 | |
| with: | |
| name: race-results | |
| path: test-results/ | |
| codegen: | |
| name: Check changes to generated code | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v2 | |
| - name: Setup Golang | |
| uses: actions/setup-go@v1 | |
| with: | |
| go-version: ${{ env.GOLANG_VERSION }} | |
| - name: Create symlink in GOPATH | |
| run: | | |
| mkdir -p ~/go/src/github.com/argoproj | |
| cp -a ../argo-cd ~/go/src/github.com/argoproj | |
| - name: Add ~/go/bin to PATH | |
| run: | | |
| echo "/home/runner/go/bin" >> $GITHUB_PATH | |
| - name: Add /usr/local/bin to PATH | |
| run: | | |
| echo "/usr/local/bin" >> $GITHUB_PATH | |
| - name: Download & vendor dependencies | |
| run: | | |
| # We need to vendor go modules for codegen yet | |
| go mod download | |
| go mod vendor -v | |
| working-directory: /home/runner/go/src/github.com/argoproj/argo-cd | |
| - name: Install toolchain for codegen | |
| run: | | |
| make install-codegen-tools-local | |
| make install-go-tools-local | |
| working-directory: /home/runner/go/src/github.com/argoproj/argo-cd | |
| - name: Initialize local Helm | |
| run: | | |
| helm2 init --client-only | |
| - name: Run codegen | |
| run: | | |
| set -x | |
| export GOPATH=$(go env GOPATH) | |
| git checkout -- go.mod go.sum | |
| make codegen-local | |
| working-directory: /home/runner/go/src/github.com/argoproj/argo-cd | |
| - name: Check nothing has changed | |
| run: | | |
| set -xo pipefail | |
| git diff --exit-code -- . ':!go.sum' ':!go.mod' ':!assets/swagger.json' | tee codegen.patch | |
| working-directory: /home/runner/go/src/github.com/argoproj/argo-cd | |
| build-ui: | |
| name: Build, test & lint UI code | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v2 | |
| - name: Setup NodeJS | |
| uses: actions/setup-node@v1 | |
| with: | |
| node-version: "12.18.4" | |
| - name: Restore node dependency cache | |
| id: cache-dependencies | |
| uses: actions/cache@v1 | |
| with: | |
| path: ui/node_modules | |
| key: ${{ runner.os }}-node-dep-v2-${{ hashFiles('**/yarn.lock') }} | |
| - name: Install node dependencies | |
| run: | | |
| cd ui && yarn install --frozen-lockfile --ignore-optional --non-interactive | |
| - name: Build UI code | |
| run: | | |
| yarn test | |
| yarn build | |
| env: | |
| NODE_ENV: production | |
| NODE_ONLINE_ENV: online | |
| working-directory: ui/ | |
| - name: Run ESLint | |
| run: yarn lint | |
| working-directory: ui/ | |
| analyze: | |
| name: Process & analyze test artifacts | |
| runs-on: ubuntu-latest | |
| needs: | |
| - test-go | |
| - build-ui | |
| env: | |
| sonar_secret: ${{ secrets.SONAR_TOKEN }} | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v2 | |
| with: | |
| fetch-depth: 0 | |
| - name: Restore node dependency cache | |
| id: cache-dependencies | |
| uses: actions/cache@v1 | |
| with: | |
| path: ui/node_modules | |
| key: ${{ runner.os }}-node-dep-v2-${{ hashFiles('**/yarn.lock') }} | |
| - name: Remove other node_modules directory | |
| run: | | |
| rm -rf ui/node_modules/argo-ui/node_modules | |
| - name: Create test-results directory | |
| run: | | |
| mkdir -p test-results | |
| - name: Get code coverage artifiact | |
| uses: actions/download-artifact@v2 | |
| with: | |
| name: code-coverage | |
| - name: Get test result artifact | |
| uses: actions/download-artifact@v2 | |
| with: | |
| name: test-results | |
| path: test-results | |
| - name: Upload code coverage information to codecov.io | |
| uses: codecov/codecov-action@v1 | |
| with: | |
| file: coverage.out | |
| - name: Perform static code analysis using SonarCloud | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
| SCANNER_VERSION: 4.2.0.1873 | |
| SCANNER_PATH: /tmp/cache/scanner | |
| OS: linux | |
| run: | | |
| # We do not use the provided action, because it does contain an old | |
| # version of the scanner, and also takes time to build. | |
| set -e | |
| mkdir -p ${SCANNER_PATH} | |
| export SONAR_USER_HOME=${SCANNER_PATH}/.sonar | |
| if [[ ! -x "${SCANNER_PATH}/sonar-scanner-${SCANNER_VERSION}-${OS}/bin/sonar-scanner" ]]; then | |
| curl -Ol https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-${SCANNER_VERSION}-${OS}.zip | |
| unzip -qq -o sonar-scanner-cli-${SCANNER_VERSION}-${OS}.zip -d ${SCANNER_PATH} | |
| fi | |
| chmod +x ${SCANNER_PATH}/sonar-scanner-${SCANNER_VERSION}-${OS}/bin/sonar-scanner | |
| chmod +x ${SCANNER_PATH}/sonar-scanner-${SCANNER_VERSION}-${OS}/jre/bin/java | |
| # Explicitly set NODE_MODULES | |
| export NODE_MODULES=${PWD}/ui/node_modules | |
| export NODE_PATH=${PWD}/ui/node_modules | |
| ${SCANNER_PATH}/sonar-scanner-${SCANNER_VERSION}-${OS}/bin/sonar-scanner | |
| if: env.sonar_secret != '' | |
| test-e2e: | |
| name: Run end-to-end tests | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| k3s-version: [v1.21.2, v1.20.2, v1.19.2, v1.18.9, v1.17.11] | |
| needs: | |
| - build-go | |
| env: | |
| ARGOCD_E2E_SKIP_HELM: "true" | |
| GOPATH: /home/runner/go | |
| ARGOCD_FAKE_IN_CLUSTER: "true" | |
| ARGOCD_SSH_DATA_PATH: "/tmp/argo-e2e/app/config/ssh" | |
| ARGOCD_TLS_DATA_PATH: "/tmp/argo-e2e/app/config/tls" | |
| ARGOCD_E2E_SSH_KNOWN_HOSTS: "../fixture/certs/ssh_known_hosts" | |
| ARGOCD_E2E_K3S: "true" | |
| ARGOCD_IN_CI: "true" | |
| ARGOCD_E2E_APISERVER_PORT: "8088" | |
| ARGOCD_SERVER: "127.0.0.1:8088" | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v2 | |
| - name: Setup Golang | |
| uses: actions/setup-go@v1 | |
| with: | |
| go-version: ${{ env.GOLANG_VERSION }} | |
| - name: GH actions workaround - Kill XSP4 process | |
| run: | | |
| sudo pkill mono || true | |
| - name: Install K3S | |
| env: | |
| INSTALL_K3S_VERSION: ${{ matrix.k3s-version }}+k3s1 | |
| run: | | |
| set -x | |
| curl -sfL https://get.k3s.io | sh - | |
| sudo chmod -R a+rw /etc/rancher/k3s | |
| sudo mkdir -p $HOME/.kube && sudo chown -R runner $HOME/.kube | |
| sudo k3s kubectl config view --raw > $HOME/.kube/config | |
| sudo chown runner $HOME/.kube/config | |
| kubectl version | |
| - name: Restore go build cache | |
| uses: actions/cache@v1 | |
| with: | |
| path: ~/.cache/go-build | |
| key: ${{ runner.os }}-go-build-v1-${{ github.run_id }} | |
| - name: Add ~/go/bin to PATH | |
| run: | | |
| echo "/home/runner/go/bin" >> $GITHUB_PATH | |
| - name: Add /usr/local/bin to PATH | |
| run: | | |
| echo "/usr/local/bin" >> $GITHUB_PATH | |
| - name: Download Go dependencies | |
| run: | | |
| go mod download | |
| go get github.com/mattn/goreman | |
| - name: Install all tools required for building & testing | |
| run: | | |
| make install-test-tools-local | |
| - name: Setup git username and email | |
| run: | | |
| git config --global user.name "John Doe" | |
| git config --global user.email "[email protected]" | |
| - name: Pull Docker image required for tests | |
| run: | | |
| docker pull quay.io/dexidp/dex:v2.25.0 | |
| docker pull argoproj/argo-cd-ci-builder:v1.0.0 | |
| docker pull redis:6.2.4-alpine | |
| - name: Create target directory for binaries in the build-process | |
| run: | | |
| mkdir -p dist | |
| chown runner dist | |
| - name: Run E2E server and wait for it being available | |
| timeout-minutes: 30 | |
| run: | | |
| set -x | |
| # Something is weird in GH runners -- there's a phantom listener for | |
| # port 8080 which is not visible in netstat -tulpen, but still there | |
| # with a HTTP listener. We have API server listening on port 8088 | |
| # instead. | |
| make start-e2e-local 2>&1 | sed -r "s/[[:cntrl:]]\[[0-9]{1,3}m//g" > /tmp/e2e-server.log & | |
| count=1 | |
| until curl -f http://127.0.0.1:8088/healthz; do | |
| sleep 10; | |
| if test $count -ge 60; then | |
| echo "Timeout" | |
| exit 1 | |
| fi | |
| count=$((count+1)) | |
| done | |
| - name: Run E2E testsuite | |
| run: | | |
| set -x | |
| make test-e2e-local | |
| - name: Upload e2e-server logs | |
| uses: actions/upload-artifact@v2 | |
| with: | |
| name: e2e-server-k8s${{ matrix.k3s-version }}.log | |
| path: /tmp/e2e-server.log | |
| # if: ${{ failure() }} # Codefresh change |