-
Notifications
You must be signed in to change notification settings - Fork 67
142 lines (123 loc) · 5.04 KB
/
github-action-scan.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
# SPDX-License-Identifier: MIT
name: Build SecHub GHA (scan)
on:
push:
branches:
- 'develop'
- 'hotfix'
- 'main'
- 'master'
paths:
- '.github/workflows/github-action-scan.yml'
- 'github-actions/scan/**'
pull_request:
paths:
- '.github/workflows/github-action-scan.yml'
- 'github-actions/scan/**'
# enable manual triggering of workflow
workflow_dispatch:
jobs:
build-scan:
runs-on: ubuntu-latest
# Let's set the scan action folder as the working directory for all "run" steps:
defaults:
run:
working-directory: github-actions/scan
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- name: Cache Node.js modules
uses: actions/cache@v2
with:
path: ~/.npm
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-node-
- name: Use Node.js
uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af
with:
node-version: 22
- name: Install
run: npm install
- name: Build
run: npm run build
- name: Run unit tests
run: npm test
# We store git status - why? Here we see if index.js has been changed - if so, a developer
# forgot to commit the changes - means the action cannot be used productive!
- name: Store git status
run: |
git status
mkdir "${{ github.workspace }}/build" -p
git status >> "${{ github.workspace }}/build/git-status.txt"
- name: Define integration test setup
id : version-selector
run: |
# Make sure that INTEGRATIONTEST_SECHUB_SERVER_VERSION and INTEGRATIONTEST_PDS_VERSION
# are defined in https://github.com/mercedes-benz/sechub/settings/variables/actions
if [ -z "${{ vars.INTEGRATIONTEST_SECHUB_SERVER_VERSION }}" ] ; then
echo "INTEGRATIONTEST_SECHUB_SERVER_VERSION variable is undefined. Exiting."
exit 1
fi
if [ -z "${{ vars.INTEGRATIONTEST_PDS_VERSION }}" ] ; then
echo "INTEGRATIONTEST_PDS_VERSION variable is undefined. Exiting."
exit 1
fi
echo "sechub_server_version=${{ vars.INTEGRATIONTEST_SECHUB_SERVER_VERSION }}" >> "$GITHUB_ENV"
echo "sechub_server_port=8443" >> "$GITHUB_ENV"
echo "pds_version=${{ vars.INTEGRATIONTEST_PDS_VERSION }}" >> "$GITHUB_ENV"
echo "pds_port=8444" >> "$GITHUB_ENV"
- name: Cache SecHub server download
# Cache V4 release: 13aacd865c20de90d75de3b17ebe84f7a17d57d2
uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a
with:
path: ./build/sechub-runtime/server/${{ env.sechub_server_version }}/
key: ${{ runner.os }}-sechub-server-${{ env.sechub_server_version }}
- name: Cache PDS download
# Cache V4 release: 13aacd865c20de90d75de3b17ebe84f7a17d57d2
uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a
with:
path: ./build/sechub-runtime/pds/${{ env.pds_version }}/
key: ${{ runner.os }}-sechub-pds-${{ env.pds_version }}
- name: Set up JDK 17 (to run servers)
uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b
with:
java-version: 17
distribution: temurin
- name: Start integration test servers
working-directory: ./github-actions/scan/__test__/integrationtest/
run: ./01-start.sh $sechub_server_version $sechub_server_port $pds_version $pds_port
- name: Init integration test data
working-directory: ./github-actions/scan/__test__/integrationtest/
run: ./03-init_sechub_data.sh $sechub_server_port $pds_port
- name: Run integration tests
run: npm run integration-test
- name: Cleanup integration tests
working-directory: ./github-actions/scan/__test__/integrationtest/
run: ./05-stop.sh $sechub_server_port $pds_port
# ------------------------------------ Archive git status-------------------
- name: Archive git status
if: always()
uses: actions/upload-artifact@v4
with:
name: git-status
path: "${{ github.workspace }}/build/git-status.txt"
retention-days: 14
# ------------------------------------ Archive runtime logs-------------------
- name: Archive runtime logs
if: always()
uses: actions/upload-artifact@v4
with:
name: sechub-runtime-logiles
path: ./build/sechub-runtime/**/*.log
retention-days: 14
# ------------------------------------ Archive reports -----------------------
- name: Archive reports
if: always()
uses: actions/upload-artifact@v4
with:
name: sechub-reports
path: |
./github-actions/scan/sechub_report*.*
./sechub_report*.*
retention-days: 14