-
Notifications
You must be signed in to change notification settings - Fork 3
145 lines (141 loc) · 5.51 KB
/
ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
name: Continuous Integration
on: push
env:
JAVA_VERSION: 17
jobs:
build:
runs-on: ubuntu-22.04
steps:
- name: Check out repository code
uses: actions/checkout@v3
with:
path: plugin
- name: Setup Java JDK ${{ env.JAVA_VERSION }}
uses: actions/setup-java@v3
with:
java-version: ${{ env.JAVA_VERSION }}
distribution: temurin
cache: maven
- name: Retrieve variables from pom
id: requestPom
working-directory: plugin
run: |
echo "GRAYLOG_VERSION=$(mvn help:evaluate -Dexpression=project.parent.version -q -DforceStdout)" >> $GITHUB_OUTPUT
NAME=$(mvn help:evaluate -Dexpression=project.name -q -DforceStdout)
VERSION=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)
echo "JAR_PATH=target/$NAME-$VERSION.jar" >> $GITHUB_OUTPUT
echo "RPM_PATH=target/rpm/$NAME/RPMS/noarch/$NAME-$VERSION-1.noarch.rpm" >> $GITHUB_OUTPUT
echo "DEB_PATH=target/$NAME-$VERSION.deb" >> $GITHUB_OUTPUT
- name: Cache Graylog
uses: actions/cache@v3
id: cache
with:
path: graylog2-server
key: ${{ steps.requestPom.outputs.GRAYLOG_VERSION }}
- name: Check out Graylog ${{ steps.requestPom.outputs.GRAYLOG_VERSION }}
if: steps.cache.outputs.cache-hit != 'true'
uses: actions/checkout@v3
with:
repository: Graylog2/graylog2-server
ref: ${{ steps.requestPom.outputs.GRAYLOG_VERSION }}
path: graylog2-server
- name: Build Graylog
if: steps.cache.outputs.cache-hit != 'true'
working-directory: graylog2-server
run: |
mvn compile -DskipTests=true --batch-mode
- name: Cache node_modules
uses: actions/cache@v3
with:
path: plugin/node_modules
key: ${{ hashFiles('plugin/yarn.lock') }}
- name: Build plugin
working-directory: plugin
run: |
mvn package --batch-mode
- name: Copy jar to backend tests runtime
working-directory: plugin
run: |
mkdir runtime/graylog/plugin
cp ${{ steps.requestPom.outputs.JAR_PATH }} runtime/graylog/plugin
- name: Execute backend tests
working-directory: plugin/validation
run: |
python -m venv venv
source venv/bin/activate
pip install -r requirements.txt
docker-compose --project-directory ../runtime pull
PYTHONUNBUFFERED=true python -m unittest --verbose
- uses: actions/setup-node@v4
with:
node-version: 18
cache: 'npm'
cache-dependency-path: plugin/end_to_end/package-lock.json
- name: Install dependencies
working-directory: plugin/end_to_end
run: |
npm ci
npx playwright install chromium
- name: Run Playwright tests
working-directory: plugin/end_to_end
run: npx playwright test
- name: Package signed .rpm
working-directory: plugin
env:
GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
run: |
mvn rpm:rpm
echo -n "$GPG_PRIVATE_KEY" | gpg2 --batch --allow-secret-key-import --import
rpm --define "_gpg_name Airbus CyberSecurity" --define "_gpg_sign_cmd_extra_args --pinentry-mode loopback --passphrase $PASSPHRASE" --addsign "${{ steps.requestPom.outputs.RPM_PATH }}"
- name: Package signed .deb
working-directory: plugin
env:
GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
run: |
echo -n "$GPG_PRIVATE_KEY" | gpg2 --batch --allow-secret-key-import --import
gpg2 --export-secret-keys --batch --pinentry-mode loopback --passphrase "$PASSPHRASE" > $HOME/.gnupg/secring.gpg
mvn jdeb:jdeb --settings deployment/settings.xml
- name: Check license headers
working-directory: plugin
run: |
mvn license:check
- name: Archive .jar
uses: actions/upload-artifact@v3
with:
name: jar
path: plugin/${{ steps.requestPom.outputs.JAR_PATH }}
if-no-files-found: error
- name: Archive .rpm
uses: actions/upload-artifact@v3
with:
name: rpm
path: plugin/${{ steps.requestPom.outputs.RPM_PATH }}
if-no-files-found: error
- name: Archive .deb
uses: actions/upload-artifact@v3
with:
name: deb
path: plugin/${{ steps.requestPom.outputs.DEB_PATH }}
if-no-files-found: error
- name: Release
if: startsWith(github.ref, 'refs/tags/')
uses: softprops/action-gh-release@v1
with:
files: |
plugin/${{ steps.requestPom.outputs.JAR_PATH }}
plugin/${{ steps.requestPom.outputs.RPM_PATH }}
plugin/${{ steps.requestPom.outputs.DEB_PATH }}
fail_on_unmatched_files: true
- name: Deploy to Maven Central
if: startsWith(github.ref, 'refs/tags/')
working-directory: plugin
env:
SONATYPE_USERNAME: ${{ secrets.SONATYPE_USERNAME }}
SONATYPE_PASSWORD: ${{ secrets.SONATYPE_PASSWORD }}
GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
run: |
echo -n "$GPG_PRIVATE_KEY" | gpg2 --batch --allow-secret-key-import --import
mvn clean deploy -DskipTests=true --settings deployment/settings.xml