Build Agent and Upload To OSS #2140
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This workflow will build a Java project with Maven | |
# For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-maven | |
name: Build Agent and Upload To OSS | |
on: | |
push: | |
branches: | |
- main | |
- beta | |
- develop | |
pull_request: | |
branches: | |
- main | |
- beta | |
- develop | |
paths-ignore: | |
- '.github/**' | |
- 'changes/**' | |
- 'deploy/**' | |
- '**.md' | |
- '**.yml' | |
- '**.xml' | |
- 'LICENSE' | |
- '.gitignore' | |
schedule: | |
- cron: '0 10 * * *' | |
jobs: | |
Cache-Dependencies: | |
name: Cache dependencies | |
if: github.repository == 'HXSecurity/DongTai-agent-java' | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Set up JDK 1.8 | |
uses: actions/setup-java@v1 | |
with: | |
java-version: 1.8 | |
- name: Set up Maven | |
uses: stCarolas/setup-maven@v4 | |
with: | |
maven-version: 3.2.5 | |
- uses: actions/cache@v2 | |
id: mvn-cache # use this to check for `cache-hit` (`steps.mvn-cache.outputs.cache-hit != 'true'`) | |
with: | |
path: ~/.m2 # !WARN does not work if running multiple node versions, instead use https://github.com/actions/cache/blob/master/examples.md#node---yarn | |
key: ${{ runner.os }}-mvn-${{ hashFiles('**/pom.xml') }} | |
restore-keys: | | |
${{ runner.os }}-mvn- | |
- name: Mvn Install | |
if: steps.mvn-cache.outputs.cache-hit != 'true' | |
run: mvn -B compile -Dmaven.test.skip=true | |
Build-Agent: | |
name: Build Java Agent | |
if: github.event_name == 'pull_request' || github.event_name == 'schedule' | |
runs-on: ubuntu-latest | |
needs: [ Cache-Dependencies ] | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Set up JDK 1.8 | |
uses: actions/setup-java@v1 | |
with: | |
java-version: 1.8 | |
- name: Set up Maven | |
uses: stCarolas/setup-maven@v4 | |
with: | |
maven-version: 3.2.5 | |
- name: Restore dependencies from cache | |
uses: actions/cache@v2 | |
with: | |
path: ~/.m2 | |
key: ${{ runner.os }}-mvn-${{ hashFiles('**/pom.xml') }} | |
restore-keys: | | |
${{ runner.os }}-mvn- | |
- name: Build DongTai-Java-Agent With Maven | |
run: | | |
mvn -version | |
mvn -B package -Dmaven.test.skip=true | |
- uses: shogo82148/actions-setup-mysql@v1 | |
with: | |
mysql-version: '8.0' | |
auto-start: true | |
root-password: yuhjnbGYUI | |
user: test | |
password: test | |
# - name: OpenRASP-Vulns-Test | |
# run: bash .github/workflows/scripts/openrasp-test.sh "OpenRASP" "${{ github.event_name }}-${{ github.run_number }}" | |
# | |
# - name: Benchmark-Vulns-Test | |
# run: bash .github/workflows/scripts/benchmark-test.sh "OWASP-Benchmark" "${{ github.event_name }}-${{ github.run_number }}" | |
Upload-To-OSS: | |
name: Upload To TEST OSS | |
if: github.event_name == 'push' | |
runs-on: ubuntu-latest | |
needs: [ Cache-Dependencies ] | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Set up JDK 1.8 | |
uses: actions/setup-java@v1 | |
with: | |
java-version: 1.8 | |
- name: Set up Maven | |
uses: stCarolas/setup-maven@v4 | |
with: | |
maven-version: 3.2.5 | |
- name: Get the release version | |
id: version | |
run: echo ::set-output name=GITHUB_REF::${GITHUB_REF##*/} | |
- name: Restore dependencies from cache | |
uses: actions/cache@v2 | |
with: | |
path: ~/.m2 | |
key: ${{ runner.os }}-mvn-${{ hashFiles('**/pom.xml') }} | |
restore-keys: | | |
${{ runner.os }}-mvn- | |
- name: Build DongTai-Java-Agent With Maven | |
run: | | |
mvn -version | |
mvn -B package -Dmaven.test.skip=true | |
- name: Upload Assets | |
uses: actions/upload-artifact@v3 | |
with: | |
name: dongtai-agent | |
path: | | |
dongtai-agent/target/dongtai-agent.jar | |
dongtai-agent/src/main/resources/bin/* | |
- uses: manyuanrong/setup-ossutil@v2.0 | |
with: | |
endpoint: ${{ secrets.CHART_OSS_ENDPOINT }} | |
access-key-id: ${{ secrets.OSS_KEY_ID }} | |
access-key-secret: ${{ secrets.OSS_KEY_SECRET }} | |
- name: Upload COS | |
if: ${{ steps.version.outputs.GITHUB_REF }} == develop | |
uses: zkqiang/tencent-cos-action@v0.1.0 | |
with: | |
args: upload -rs dongtai-agent/target/dongtai-agent.jar /agent_test/java/latest/dongtai-agent.jar && upload -rs dongtai-agent/src/main/resources/bin/ /agent_test/java/latest/ | |
secret_id: ${{ secrets.TENSECRET_ID }} | |
secret_key: ${{ secrets.TENSECRET_KEY }} | |
bucket: dongtai-helm-charts-1251882848 | |
region: ap-hongkong | |
- name: Upload COS beta | |
if: ${{ steps.version.outputs.GITHUB_REF }} == beta || ${{ steps.version.outputs.GITHUB_REF }} == main | |
uses: zkqiang/tencent-cos-action@v0.1.0 | |
with: | |
args: upload -rs dongtai-agent/target/dongtai-agent.jar /agent_${{ steps.version.outputs.GITHUB_REF }}/java/latest/dongtai-agent.jar && upload -rs dongtai-agent/src/main/resources/bin/ /agent_${{ steps.version.outputs.GITHUB_REF }}/java/latest/ | |
secret_id: ${{ secrets.TENSECRET_ID }} | |
secret_key: ${{ secrets.TENSECRET_KEY }} | |
bucket: dongtai-helm-charts-1251882848 | |
region: ap-hongkong | |
- name: deploy to cluster A | |
uses: tscuite/kubectl-helm-action@main | |
env: | |
MAX: false | |
PROJECT: agent | |
TOKEN_SCA: ${{ secrets.TOKEN_SCA }} | |
KUBE_CONFIG_DATA: ${{ secrets.KUBE_CONFIG_TEST_DATA }} | |
- name: deploy to cluster B | |
uses: tscuite/kubectl-helm-action@main | |
env: | |
MAX: true | |
PROJECT: agent | |
TOKEN_SCA: ${{ secrets.MAX_TOKEN_SCA }} | |
KUBE_CONFIG_DATA: ${{ secrets.KUBE_CONFIG_TEST_DATA }} |