Update CI #402

Summary
Jobs
- build
Run details
- Usage
- Workflow file

Workflow file for this run

	name: Continuous Integration

	on: push

	env:
	JAVA_VERSION: 17
	MAVEN_VERSION: 3.9.6

	jobs:
	build:
	runs-on: ubuntu-22.04
	steps:
	- name: Check out repository code
	uses: actions/checkout@v3
	with:
	path: plugin
	- name: Setup Maven Action
	uses: s4u/setup-maven-action@v1.14.0
	with:
	java-version: ${{ env.JAVA_VERSION }}
	java-distribution: temurin
	maven-version: ${{ env.MAVEN_VERSION }}
	- name: Retrieve variables from pom
	id: requestPom
	working-directory: plugin
	run: \|
	echo "GRAYLOG_VERSION=$(mvn help:evaluate -Dexpression=project.parent.version -q -DforceStdout)" >> $GITHUB_OUTPUT

	NAME=$(mvn help:evaluate -Dexpression=project.name -q -DforceStdout)
	VERSION=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)
	echo "VERSION=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)" >> $GITHUB_OUTPUT
	echo "JAR_PATH=target/$NAME-$VERSION.jar" >> $GITHUB_OUTPUT
	echo "RPM_PATH=target/rpm/$NAME/RPMS/noarch/$NAME-$VERSION-1.noarch.rpm" >> $GITHUB_OUTPUT
	echo "DEB_PATH=target/$NAME-$VERSION.deb" >> $GITHUB_OUTPUT
	- name: Cache Graylog
	uses: actions/cache@v3
	id: cache
	with:
	path: graylog2-server
	key: ${{ steps.requestPom.outputs.GRAYLOG_VERSION }}
	- name: Check out Graylog ${{ steps.requestPom.outputs.GRAYLOG_VERSION }}
	if: steps.cache.outputs.cache-hit != 'true'
	uses: actions/checkout@v3
	with:
	repository: Graylog2/graylog2-server
	ref: ${{ steps.requestPom.outputs.GRAYLOG_VERSION }}
	path: graylog2-server
	- name: Build Graylog
	if: steps.cache.outputs.cache-hit != 'true'
	working-directory: graylog2-server
	run: \|
	mvn compile -DskipTests=true --batch-mode
	- name: Cache node_modules
	uses: actions/cache@v3
	with:
	path: plugin/node_modules
	key: ${{ hashFiles('plugin/yarn.lock') }}
	- name: Build plugin
	working-directory: plugin
	run: \|
	mvn package --batch-mode
	- name: Prepare backend tests runtime
	working-directory: plugin
	run: \|
	mkdir runtime/graylog/plugin
	cp ${{ steps.requestPom.outputs.JAR_PATH }} runtime/graylog/plugin
	echo GRAYLOG_VERSION=${{ steps.requestPom.outputs.GRAYLOG_VERSION }} > runtime/.env
	- name: Cache backend tests python dependences
	uses: actions/cache@v3
	with:
	path: plugin/validation/server/venv
	key: ${{ hashFiles('plugin/validation/server/requirements.txt') }}
	- name: Execute backend tests
	working-directory: plugin/validation/server
	run: \|
	python -m venv venv
	source venv/bin/activate
	pip install -r requirements.txt
	docker-compose --project-directory ../../runtime pull
	PYTHONUNBUFFERED=true PYTHONPATH=.. python -m unittest --verbose
	# TODO improve this, see https://playwright.dev/python/docs/ci-intro (in particular, use setup-pyhton?)
	- name: Cache Playwright tests python dependences
	uses: actions/cache@v3
	with:
	path: plugin/validation/server/venv
	key: ${{ hashFiles('plugin/validation/end_to_end/requirements.txt') }}
	- name: Run Playwright tests
	working-directory: plugin/validation/end_to_end
	run: \|
	python -m venv venv
	source venv/bin/activate
	pip install -r requirements.txt
	playwright install chromium
	docker-compose --project-directory ../../runtime pull
	PYTHONPATH=.. pytest --tracing=retain-on-failure
	- uses: actions/upload-artifact@v3
	if: always()
	with:
	name: playwright-report
	path: plugin/validation/end_to_end/test-results/
	- name: Package signed .rpm
	if: endsWith(steps.requestPom.outputs.VERSION,'SNAPSHOT') == false
	working-directory: plugin
	env:
	GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
	PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
	run: \|
	mvn rpm:rpm
	echo -n "$GPG_PRIVATE_KEY" \| gpg2 --batch --allow-secret-key-import --import
	rpm --define "_gpg_name Airbus CyberSecurity" --define "_gpg_sign_cmd_extra_args --pinentry-mode loopback --passphrase $PASSPHRASE" --addsign "${{ steps.requestPom.outputs.RPM_PATH }}"
	- name: Package signed .deb
	if: endsWith(steps.requestPom.outputs.VERSION,'SNAPSHOT') == false
	working-directory: plugin
	env:
	GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
	PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
	run: \|
	echo -n "$GPG_PRIVATE_KEY" \| gpg2 --batch --allow-secret-key-import --import
	gpg2 --export-secret-keys --batch --pinentry-mode loopback --passphrase "$PASSPHRASE" > $HOME/.gnupg/secring.gpg
	mvn jdeb:jdeb --settings deployment/settings.xml
	- name: Check license headers
	working-directory: plugin
	run: \|
	mvn license:check
	- name: Archive .jar
	uses: actions/upload-artifact@v3
	with:
	name: jar
	path: plugin/${{ steps.requestPom.outputs.JAR_PATH }}
	if-no-files-found: error
	- name: Archive .rpm
	if: endsWith(steps.requestPom.outputs.VERSION,'SNAPSHOT') == false
	uses: actions/upload-artifact@v3
	with:
	name: rpm
	path: plugin/${{ steps.requestPom.outputs.RPM_PATH }}
	if-no-files-found: error
	- name: Archive .deb
	if: endsWith(steps.requestPom.outputs.VERSION,'SNAPSHOT') == false
	uses: actions/upload-artifact@v3
	with:
	name: deb
	path: plugin/${{ steps.requestPom.outputs.DEB_PATH }}
	if-no-files-found: error
	- name: Release
	if: startsWith(github.ref, 'refs/tags/')
	uses: softprops/action-gh-release@v1
	with:
	files: \|
	plugin/${{ steps.requestPom.outputs.JAR_PATH }}
	plugin/${{ steps.requestPom.outputs.RPM_PATH }}
	plugin/${{ steps.requestPom.outputs.DEB_PATH }}
	fail_on_unmatched_files: true
	- name: Deploy to Maven Central
	if: startsWith(github.ref, 'refs/tags/') \|\| endsWith(steps.requestPom.outputs.VERSION,'SNAPSHOT')
	working-directory: plugin
	env:
	SONATYPE_USERNAME: ${{ secrets.SONATYPE_USERNAME }}
	SONATYPE_PASSWORD: ${{ secrets.SONATYPE_PASSWORD }}
	GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
	PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
	run: \|
	echo -n "$GPG_PRIVATE_KEY" \| gpg2 --batch --allow-secret-key-import --import
	mvn clean deploy -DskipTests=true --settings deployment/settings.xml

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update CI #402

Workflow file

Update CI #402

Jobs

Run details

Workflow file for this run