-
Notifications
You must be signed in to change notification settings - Fork 3
163 lines (159 loc) · 6.76 KB
/
ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
name: Continuous Integration
on: push
env:
JAVA_VERSION: 17
jobs:
build:
runs-on: ubuntu-22.04
steps:
- name: Check out repository code
uses: actions/checkout@v3
with:
path: plugin
- name: Setup Java JDK ${{ env.JAVA_VERSION }}
uses: actions/setup-java@v3
with:
java-version: ${{ env.JAVA_VERSION }}
distribution: temurin
cache: maven
- name: Retrieve variables from pom
id: requestPom
working-directory: plugin
run: |
echo "GRAYLOG_VERSION=$(mvn help:evaluate -Dexpression=project.parent.version -q -DforceStdout)" >> $GITHUB_OUTPUT
NAME=$(mvn help:evaluate -Dexpression=project.name -q -DforceStdout)
VERSION=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)
echo "VERSION=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)" >> $GITHUB_OUTPUT
echo "JAR_PATH=target/$NAME-$VERSION.jar" >> $GITHUB_OUTPUT
echo "RPM_PATH=target/rpm/$NAME/RPMS/noarch/$NAME-$VERSION-1.noarch.rpm" >> $GITHUB_OUTPUT
echo "DEB_PATH=target/$NAME-$VERSION.deb" >> $GITHUB_OUTPUT
- name: Cache Graylog
uses: actions/cache@v3
id: cache
with:
path: graylog2-server
key: ${{ steps.requestPom.outputs.GRAYLOG_VERSION }}
- name: Check out Graylog ${{ steps.requestPom.outputs.GRAYLOG_VERSION }}
if: steps.cache.outputs.cache-hit != 'true'
uses: actions/checkout@v3
with:
repository: Graylog2/graylog2-server
ref: ${{ steps.requestPom.outputs.GRAYLOG_VERSION }}
path: graylog2-server
- name: Build Graylog
if: steps.cache.outputs.cache-hit != 'true'
working-directory: graylog2-server
run: |
./mvnw compile -DskipTests=true --batch-mode
- name: Cache node_modules
uses: actions/cache@v3
with:
path: plugin/node_modules
key: ${{ hashFiles('plugin/yarn.lock') }}
- name: Build plugin
working-directory: plugin
run: |
./mvnw package --batch-mode
- name: Prepare backend tests runtime
working-directory: plugin
run: |
mkdir runtime/graylog/plugin
cp ${{ steps.requestPom.outputs.JAR_PATH }} runtime/graylog/plugin
echo GRAYLOG_VERSION=${{ steps.requestPom.outputs.GRAYLOG_VERSION }} > runtime/.env
- name: Cache backend tests python dependencies
uses: actions/cache@v3
with:
path: plugin/validation/server/venv
key: ${{ hashFiles('plugin/validation/server/requirements.txt') }}
- name: Execute backend tests
working-directory: plugin/validation/server
run: |
python -m venv venv
source venv/bin/activate
pip install -r requirements.txt
docker compose --project-directory ../../runtime pull
PYTHONUNBUFFERED=true PYTHONPATH=.. python -m unittest --verbose
# TODO improve this, see https://playwright.dev/python/docs/ci-intro (in particular, use setup-python?)
- name: Cache Playwright tests python dependencies
uses: actions/cache@v3
with:
path: plugin/validation/server/venv
key: ${{ hashFiles('plugin/validation/end_to_end/requirements.txt') }}
- name: Run Playwright tests
working-directory: plugin/validation/end_to_end
run: |
python -m venv venv
source venv/bin/activate
pip install -r requirements.txt
playwright install chromium
docker compose --project-directory ../../runtime pull
PYTHONPATH=.. pytest --tracing=retain-on-failure
- uses: actions/upload-artifact@v3
if: always()
with:
name: playwright-report
path: plugin/validation/end_to_end/test-results/
- name: Package signed .rpm
if: endsWith(steps.requestPom.outputs.VERSION,'SNAPSHOT') == false
working-directory: plugin
env:
GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
run: |
./mvnw rpm:rpm
echo -n "$GPG_PRIVATE_KEY" | gpg2 --batch --allow-secret-key-import --import
rpm --define "_gpg_name Airbus CyberSecurity" --define "_gpg_sign_cmd_extra_args --pinentry-mode loopback --passphrase $PASSPHRASE" --addsign "${{ steps.requestPom.outputs.RPM_PATH }}"
- name: Package signed .deb
if: endsWith(steps.requestPom.outputs.VERSION,'SNAPSHOT') == false
working-directory: plugin
env:
GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
run: |
echo -n "$GPG_PRIVATE_KEY" | gpg2 --batch --allow-secret-key-import --import
gpg2 --export-secret-keys --batch --pinentry-mode loopback --passphrase "$PASSPHRASE" > $HOME/.gnupg/secring.gpg
./mvnw org.vafer:jdeb:jdeb --settings deployment/settings.xml
- name: Check license headers
working-directory: plugin
run: |
./mvnw license:check
- name: Archive .jar
uses: actions/upload-artifact@v3
with:
name: jar
path: plugin/${{ steps.requestPom.outputs.JAR_PATH }}
if-no-files-found: error
- name: Archive .rpm
if: endsWith(steps.requestPom.outputs.VERSION,'SNAPSHOT') == false
uses: actions/upload-artifact@v3
with:
name: rpm
path: plugin/${{ steps.requestPom.outputs.RPM_PATH }}
if-no-files-found: error
- name: Archive .deb
if: endsWith(steps.requestPom.outputs.VERSION,'SNAPSHOT') == false
uses: actions/upload-artifact@v3
with:
name: deb
path: plugin/${{ steps.requestPom.outputs.DEB_PATH }}
if-no-files-found: error
- name: Release
if: startsWith(github.ref, 'refs/tags/')
uses: softprops/action-gh-release@v1
with:
files: |
plugin/${{ steps.requestPom.outputs.JAR_PATH }}
plugin/${{ steps.requestPom.outputs.RPM_PATH }}
plugin/${{ steps.requestPom.outputs.DEB_PATH }}
fail_on_unmatched_files: true
- name: Deploy to Maven Central
if: startsWith(github.ref, 'refs/tags/') || endsWith(steps.requestPom.outputs.VERSION,'SNAPSHOT')
working-directory: plugin
env:
SONATYPE_USERNAME: ${{ secrets.SONATYPE_USERNAME }}
SONATYPE_PASSWORD: ${{ secrets.SONATYPE_PASSWORD }}
GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
run: |
echo -n "$GPG_PRIVATE_KEY" | gpg2 --batch --allow-secret-key-import --import
./mvnw clean deploy -DskipTests=true --settings deployment/settings.xml