Update CI - jdeb version have changed #417
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Continuous Integration | |
on: push | |
env: | |
JAVA_VERSION: 17 | |
jobs: | |
build: | |
runs-on: ubuntu-22.04 | |
steps: | |
- name: Check out repository code | |
uses: actions/checkout@v3 | |
with: | |
path: plugin | |
- name: Setup Java JDK ${{ env.JAVA_VERSION }} | |
uses: actions/setup-java@v3 | |
with: | |
java-version: ${{ env.JAVA_VERSION }} | |
distribution: temurin | |
cache: maven | |
- name: Retrieve variables from pom | |
id: requestPom | |
working-directory: plugin | |
run: | | |
echo "GRAYLOG_VERSION=$(mvn help:evaluate -Dexpression=project.parent.version -q -DforceStdout)" >> $GITHUB_OUTPUT | |
NAME=$(mvn help:evaluate -Dexpression=project.name -q -DforceStdout) | |
VERSION=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout) | |
echo "VERSION=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)" >> $GITHUB_OUTPUT | |
echo "JAR_PATH=target/$NAME-$VERSION.jar" >> $GITHUB_OUTPUT | |
echo "RPM_PATH=target/rpm/$NAME/RPMS/noarch/$NAME-$VERSION-1.noarch.rpm" >> $GITHUB_OUTPUT | |
echo "DEB_PATH=target/$NAME-$VERSION.deb" >> $GITHUB_OUTPUT | |
- name: Cache Graylog | |
uses: actions/cache@v3 | |
id: cache | |
with: | |
path: graylog2-server | |
key: ${{ steps.requestPom.outputs.GRAYLOG_VERSION }} | |
- name: Check out Graylog ${{ steps.requestPom.outputs.GRAYLOG_VERSION }} | |
if: steps.cache.outputs.cache-hit != 'true' | |
uses: actions/checkout@v3 | |
with: | |
repository: Graylog2/graylog2-server | |
ref: ${{ steps.requestPom.outputs.GRAYLOG_VERSION }} | |
path: graylog2-server | |
- name: Build Graylog | |
if: steps.cache.outputs.cache-hit != 'true' | |
working-directory: graylog2-server | |
run: | | |
./mvnw compile -DskipTests=true --batch-mode | |
- name: Cache node_modules | |
uses: actions/cache@v3 | |
with: | |
path: plugin/node_modules | |
key: ${{ hashFiles('plugin/yarn.lock') }} | |
- name: Build plugin | |
working-directory: plugin | |
run: | | |
./mvnw package --batch-mode | |
- name: Prepare backend tests runtime | |
working-directory: plugin | |
run: | | |
mkdir runtime/graylog/plugin | |
cp ${{ steps.requestPom.outputs.JAR_PATH }} runtime/graylog/plugin | |
echo GRAYLOG_VERSION=${{ steps.requestPom.outputs.GRAYLOG_VERSION }} > runtime/.env | |
- name: Cache backend tests python dependencies | |
uses: actions/cache@v3 | |
with: | |
path: plugin/validation/server/venv | |
key: ${{ hashFiles('plugin/validation/server/requirements.txt') }} | |
- name: Execute backend tests | |
working-directory: plugin/validation/server | |
run: | | |
python -m venv venv | |
source venv/bin/activate | |
pip install -r requirements.txt | |
docker compose --project-directory ../../runtime pull | |
PYTHONUNBUFFERED=true PYTHONPATH=.. python -m unittest --verbose | |
# TODO improve this, see https://playwright.dev/python/docs/ci-intro (in particular, use setup-python?) | |
- name: Cache Playwright tests python dependencies | |
uses: actions/cache@v3 | |
with: | |
path: plugin/validation/server/venv | |
key: ${{ hashFiles('plugin/validation/end_to_end/requirements.txt') }} | |
- name: Run Playwright tests | |
working-directory: plugin/validation/end_to_end | |
run: | | |
python -m venv venv | |
source venv/bin/activate | |
pip install -r requirements.txt | |
playwright install chromium | |
docker compose --project-directory ../../runtime pull | |
PYTHONPATH=.. pytest --tracing=retain-on-failure | |
- uses: actions/upload-artifact@v3 | |
if: always() | |
with: | |
name: playwright-report | |
path: plugin/validation/end_to_end/test-results/ | |
- name: Package signed .rpm | |
if: endsWith(steps.requestPom.outputs.VERSION,'SNAPSHOT') == false | |
working-directory: plugin | |
env: | |
GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }} | |
PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} | |
run: | | |
./mvnw rpm:rpm | |
echo -n "$GPG_PRIVATE_KEY" | gpg2 --batch --allow-secret-key-import --import | |
rpm --define "_gpg_name Airbus CyberSecurity" --define "_gpg_sign_cmd_extra_args --pinentry-mode loopback --passphrase $PASSPHRASE" --addsign "${{ steps.requestPom.outputs.RPM_PATH }}" | |
- name: Package signed .deb | |
if: endsWith(steps.requestPom.outputs.VERSION,'SNAPSHOT') == false | |
working-directory: plugin | |
env: | |
GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }} | |
PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} | |
run: | | |
echo -n "$GPG_PRIVATE_KEY" | gpg2 --batch --allow-secret-key-import --import | |
gpg2 --export-secret-keys --batch --pinentry-mode loopback --passphrase "$PASSPHRASE" > $HOME/.gnupg/secring.gpg | |
./mvnw org.vafer:jdeb:jdeb --settings deployment/settings.xml | |
- name: Check license headers | |
working-directory: plugin | |
run: | | |
./mvnw license:check | |
- name: Archive .jar | |
uses: actions/upload-artifact@v3 | |
with: | |
name: jar | |
path: plugin/${{ steps.requestPom.outputs.JAR_PATH }} | |
if-no-files-found: error | |
- name: Archive .rpm | |
if: endsWith(steps.requestPom.outputs.VERSION,'SNAPSHOT') == false | |
uses: actions/upload-artifact@v3 | |
with: | |
name: rpm | |
path: plugin/${{ steps.requestPom.outputs.RPM_PATH }} | |
if-no-files-found: error | |
- name: Archive .deb | |
if: endsWith(steps.requestPom.outputs.VERSION,'SNAPSHOT') == false | |
uses: actions/upload-artifact@v3 | |
with: | |
name: deb | |
path: plugin/${{ steps.requestPom.outputs.DEB_PATH }} | |
if-no-files-found: error | |
- name: Release | |
if: startsWith(github.ref, 'refs/tags/') | |
uses: softprops/action-gh-release@v1 | |
with: | |
files: | | |
plugin/${{ steps.requestPom.outputs.JAR_PATH }} | |
plugin/${{ steps.requestPom.outputs.RPM_PATH }} | |
plugin/${{ steps.requestPom.outputs.DEB_PATH }} | |
fail_on_unmatched_files: true | |
- name: Deploy to Maven Central | |
if: startsWith(github.ref, 'refs/tags/') || endsWith(steps.requestPom.outputs.VERSION,'SNAPSHOT') | |
working-directory: plugin | |
env: | |
SONATYPE_USERNAME: ${{ secrets.SONATYPE_USERNAME }} | |
SONATYPE_PASSWORD: ${{ secrets.SONATYPE_PASSWORD }} | |
GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }} | |
PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} | |
run: | | |
echo -n "$GPG_PRIVATE_KEY" | gpg2 --batch --allow-secret-key-import --import | |
./mvnw clean deploy -DskipTests=true --settings deployment/settings.xml |