Skip to content

ACS-9044 POC - Remove excluded files from alfresco.war before Veracod… #3620

ACS-9044 POC - Remove excluded files from alfresco.war before Veracod…

ACS-9044 POC - Remove excluded files from alfresco.war before Veracod… #3620

Workflow file for this run

name: ACS Packaging CI
on:
pull_request:
branches:
- feature/**
- fix/**
- master
- release/**
push:
branches:
- feature/**
- fix/**
workflow_call:
workflow_dispatch:
env:
AZURE_AUTHENTICATION_MODE: sharedKey
AZURE_STORAGE_ACCOUNT_NAME: acspackagingci
AZURE_STORAGE_ACCOUNT_KEY: ${{ secrets.AZURE_PACKAGING_STORAGE_ACCOUNT_KEY }}
DOCKERHUB_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
DOCKERHUB_USERNAME: ${{ secrets.DOCKER_USERNAME }}
GITHUB_ACTIONS_DEPLOY_TIMEOUT: 60
GIT_USERNAME: ${{ secrets.BOT_GITHUB_USERNAME }}
GIT_EMAIL: ${{ secrets.BOT_GITHUB_EMAIL }}
GIT_PASSWORD: ${{ secrets.BOT_GITHUB_TOKEN }}
MAVEN_PASSWORD: ${{ secrets.NEXUS_PASSWORD }}
MAVEN_USERNAME: ${{ secrets.NEXUS_USERNAME }}
QUAY_PASSWORD: ${{ secrets.QUAY_PASSWORD }}
QUAY_USERNAME: ${{ secrets.QUAY_USERNAME }}
CI_WORKSPACE: ${{ github.workspace }}
AWS_REGION: eu-west-1
TAS_ENVIRONMENT: ./tests/environment
TAS_SCRIPTS: ../alfresco-community-repo/packaging/tests/scripts
ALF_LICENCE_S3_PATH: s3://acs-license/acs/alf25-allenabled.lic
ALF_LICENCE_LOCAL_PATH: /tmp/licence.lic
PYTHON_VERSION: 3.7.15
DTAS_VERSION: v1.5.5
jobs:
veracode_sca:
name: "Source Clear Scan (SCA)"
runs-on: ubuntu-latest
if: >
(github.ref_name == 'master' || startsWith(github.ref_name, 'release/') || github.event_name == 'pull_request') &&
!contains(github.event.head_commit.message, '[skip tests]')
steps:
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
- uses: actions/checkout@v4
with:
persist-credentials: false
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
- name: "Init"
run: bash ./scripts/ci/init.sh
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
continue-on-error: true
with:
srcclr-api-token: ${{ secrets.SRCCLR_API_TOKEN }}
- name: "Clean Maven cache"
run: bash ./scripts/ci/cleanup_cache.sh
veracode_sast_acs:
name: "Pipeline SAST Scan - ACS"
runs-on: ubuntu-latest
if: >
(github.ref_name == 'master' || startsWith(github.ref_name, 'release/') || github.event_name == 'pull_request') &&
github.actor != 'dependabot[bot]' &&
!contains(github.event.head_commit.message, '[skip tests]')
steps:
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
- uses: actions/checkout@v4
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
with:
token: ${{ secrets.BOT_GITHUB_TOKEN }}
repository: "Alfresco/veracode-baseline-archive"
file-path: "acs-packaging/acs-packaging-acs-baseline.json"
target: "baseline.json"
- name: "Build"
timeout-minutes: ${{ fromJSON(env.GITHUB_ACTIONS_DEPLOY_TIMEOUT) }}
run: |
bash ./scripts/ci/init.sh
bash ./scripts/ci/build.sh
- name: "Remove excluded files"
run: bash ./scripts/ci/remove-sast-exclusions.sh
- name: "Run SAST Scan"
uses: veracode/[email protected]
with:
vid: '${{ secrets.VERACODE_API_ID }}'
vkey: '${{ secrets.VERACODE_API_KEY }}'
file: "distribution/target/alfresco-reduced.war"
fail_build: true
project_name: acs-packaging-acs
issue_details: true
veracode_policy_name: Alfresco Default
summary_output: true
summary_output_file: results.json
summary_display: true
baseline_file: baseline.json
- name: Upload scan result
if: success() || failure()
run: zip readable_output.zip results.json
- name: Upload Artifact
if: success() || failure()
uses: actions/upload-artifact@v4
with:
name: Veracode Pipeline-Scan Results - ACS (Human Readable)
path: readable_output.zip
- name: "Clean Maven cache"
run: bash ./scripts/ci/cleanup_cache.sh
### TODO: Implement SAST scan for Share when it starts working, since currently scanning Share crashes the Veracode engine
pmd_scan:
name: "PMD Scan"
runs-on: ubuntu-latest
if: >
github.event_name == 'pull_request' &&
!contains(github.event.head_commit.message, '[skip pmd]') &&
!contains(github.event.head_commit.message, '[skip tests]')
steps:
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
- uses: Alfresco/[email protected]
with:
classpath-build-command: "bash ./scripts/ci/init.sh && bash ./scripts/ci/build.sh"
tas_tests:
name: ${{ matrix.testSuite }} TAS tests
runs-on: ubuntu-latest
if: >
contains(github.event.head_commit.message, '[tas]') &&
!contains(github.event.head_commit.message, '[skip tests]')
strategy:
fail-fast: false
matrix:
include:
- testSuite: REST API part1
pom-dir: tests/tas-restapi
profiles: all-tas-tests,run-restapi-part1
compose-file: docker-compose-rest-api-tests.yml
deploy-timeout: 60
- testSuite: REST API part2
pom-dir: tests/tas-restapi
profiles: all-tas-tests,run-restapi-part2
compose-file: docker-compose-rest-api-tests.yml
deploy-timeout: 60
- testSuite: REST API part3
pom-dir: tests/tas-restapi
profiles: all-tas-tests,run-restapi-part3
compose-file: docker-compose-rest-api-tests.yml
deploy-timeout: 60
- testSuite: CMIS (BROWSER binding)
pom-dir: tests/tas-cmis
profiles: all-tas-tests,run-cmis-browser
compose-file: docker-compose-cmis-tests.yml
deploy-timeout: 60
- testSuite: CMIS (ATOM binding)
pom-dir: tests/tas-cmis
profiles: all-tas-tests,run-cmis-atom
compose-file: docker-compose-cmis-tests.yml
deploy-timeout: 60
- testSuite: CMIS (WEBSERVICES binding)
pom-dir: tests/tas-cmis
profiles: all-tas-tests,run-cmis-webservices
compose-file: docker-compose-cmis-tests.yml
deploy-timeout: 60
- testSuite: Email
pom-dir: tests/tas-email
profiles: all-tas-tests
compose-file: docker-compose-email-tests.yml
deploy-timeout: 30
- testSuite: WebDAV
pom-dir: tests/tas-webdav
profiles: all-tas-tests
compose-file: docker-compose-minimal.yml
deploy-timeout: 20
- testSuite: Integration
pom-dir: tests/tas-integration
profiles: all-tas-tests
compose-file: docker-compose-integration-tests.yml
deploy-timeout: 30
- testSuite: LDAP
pom-dir: tests/tas-integration
profiles: run-ldap
compose-file: docker-compose-with-ldap.yml
deploy-timeout: 10
steps:
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
- uses: actions/checkout@v4
with:
persist-credentials: false
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
- name: "Build"
timeout-minutes: ${{ fromJSON(env.GITHUB_ACTIONS_DEPLOY_TIMEOUT) }}
run: |
bash ./scripts/ci/init.sh
bash ./scripts/ci/build.sh
- name: "Set up the environment"
run: |
${{ env.TAS_SCRIPTS }}/start-compose.sh ${{ env.TAS_ENVIRONMENT }}/${{ matrix.compose-file }}
${{ env.TAS_SCRIPTS }}/wait-for-alfresco-start.sh "http://localhost:8082/alfresco"
- name: "Run tests"
id: tests
timeout-minutes: ${{ matrix.deploy-timeout }}
run: mvn -B install -ntp -f ${{ matrix.pom-dir }}/pom.xml -P${{ matrix.profiles }} -Denvironment=default -DrunBugs=false
- name: "Print output after failure"
if: ${{ always() && steps.tests.outcome == 'failure' }}
run: ${TAS_SCRIPTS}/output_logs_for_failures.sh "${{ matrix.pom-dir }}"
- name: "Clean Maven cache"
run: bash ./scripts/ci/cleanup_cache.sh
tas_tests_with_aims:
name: ${{ matrix.testSuite }} TAS tests with AIMS
runs-on: ubuntu-latest
if: >
!contains(github.event.head_commit.message, '[skip tas]') &&
!contains(github.event.head_commit.message, '[skip tests]')
strategy:
fail-fast: false
matrix:
include:
- testSuite: REST API
pom: tests/tas-restapi/pom.xml
profiles: all-tas-tests,run-restapi-aims
log-folder: tests/tas-restapi
deploy-timeout: 60
- testSuite: CMIS - BROWSER binding
pom: tests/tas-cmis/pom.xml
profiles: all-tas-tests,run-cmis-browser-with-aims
log-folder: tests/tas-cmis
deploy-timeout: 40
- testSuite: CMIS - ATOM binding
pom: tests/tas-cmis/pom.xml
profiles: all-tas-tests,run-cmis-atom-with-aims
log-folder: tests/tas-cmis
deploy-timeout: 40
steps:
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
- uses: actions/checkout@v4
with:
persist-credentials: false
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
- name: "Build"
timeout-minutes: ${{ fromJSON(env.GITHUB_ACTIONS_DEPLOY_TIMEOUT) }}
run: |
bash ./scripts/ci/init.sh
bash ./scripts/ci/build.sh
- name: "Set up the environment"
id: env
run: |
${{ env.TAS_SCRIPTS }}/start-compose.sh ${{ env.TAS_ENVIRONMENT }}/docker-compose-aims.yml
${{ env.TAS_SCRIPTS }}/wait-for-alfresco-start.sh "http://localhost:8082/alfresco" 180
- name: "Run tests"
id: tests
timeout-minutes: ${{ matrix.deploy-timeout }}
run: |
HOST_IP=$(hostname -I | cut -f1 -d' ')
mvn -B install -ntp -f ${{ matrix.pom }} -P${{ matrix.profiles }} -Denvironment=aims-environment -DrunBugs=false "-Didentity-service.auth-server-url=http://${HOST_IP}:8999/auth"
- name: "Print output after failure"
if: ${{ always() && steps.tests.outcome == 'failure' }}
run: ${TAS_SCRIPTS}/output_logs_for_failures.sh ${{ matrix.log-folder }}
- name: "Dump all Docker containers logs"
uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
if: failure() && (steps.tests.outcome == 'failure' || steps.env.outcome == 'failure')
- name: "Clean Maven cache"
run: bash ./scripts/ci/cleanup_cache.sh
cmis_tas_tests_elasticsearch:
name: CMIS TAS tests - Elastic Search | ${{ matrix.testSuite }} (CMIS API)
runs-on: ubuntu-latest
if: >
!contains(github.event.head_commit.message, '[skip search]') &&
!contains(github.event.head_commit.message, '[skip tests]')
strategy:
fail-fast: false
matrix:
include:
- testSuite: postgreSQL
db-properties: -Ddb.driver=org.postgresql.Driver -Ddb.username=alfresco -Ddb.password=alfresco -Ddb.url=jdbc:postgresql://database:5432/alfresco
compose-file: docker-compose-postgres.yml
- testSuite: MySQL
db-properties: -Ddb.driver=com.mysql.cj.jdbc.Driver -Ddb.username=alfresco -Ddb.password=alfresco -Ddb.url=jdbc:mysql://database:3306/alfresco
compose-file: docker-compose-mysql.yml
- testSuite: MariaDB 10.6
db-properties: -Ddb.driver=org.mariadb.jdbc.Driver -Ddb.username=alfresco -Ddb.password=alfresco -Ddb.url=jdbc:mariadb://database:3306/alfresco
compose-file: docker-compose-mariadb.yml
- testSuite: MS SQL
db-properties: -Ddb.driver=com.microsoft.sqlserver.jdbc.SQLServerDriver -Ddb.username=sa -Ddb.password=Alfresco1 -Ddb.url=jdbc:sqlserver://database:1433 -Ddb.txn.isolation=4096 -Ddb.pool.max=275
compose-file: docker-compose-mssql.yml
- testSuite: Oracle 19.3.0-ee
db-properties: -Ddb.driver=oracle.jdbc.OracleDriver -Ddb.name=alfresco -Ddb.url=jdbc:oracle:thin:@database:1521/PDB1 -Ddb.username=alfresco -Ddb.password=alfresco
compose-file: docker-compose-oracle.yml
steps:
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
with:
merge-disk-volumes: true
root-reserve-mb: 16384
remove-android: 'true'
remove-codeql: 'true'
- uses: actions/checkout@v4
with:
persist-credentials: false
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
- name: "Build"
timeout-minutes: ${{ fromJSON(env.GITHUB_ACTIONS_DEPLOY_TIMEOUT) }}
run: |
bash ./scripts/ci/init.sh
bash ./scripts/ci/build.sh
- name: "Set up the environment configuration"
run: |
echo "CMIS_ALFRESCO_IMAGE=alfresco-repository-databases:latest" >> $GITHUB_ENV
echo "DATABASE_ENV_PROPERTIES=${{matrix.db-properties}}" >> $GITHUB_ENV
- name: "Run the environment"
id: env
run: |
${{ env.TAS_SCRIPTS }}/start-compose.sh ${{ env.TAS_ENVIRONMENT }}/docker-compose-cmis-elastic-tests.yml ${{ env.TAS_ENVIRONMENT }}/${{matrix.compose-file}}
${{ env.TAS_SCRIPTS }}/wait-for-alfresco-start.sh "http://localhost:8082/alfresco"
- name: "Run tests"
id: tests
timeout-minutes: 40
run: mvn -B install -ntp -f tests/tas-cmis/pom.xml -Pall-tas-tests,run-cmis-with-elastic -Denvironment=default -DrunBugs=false
- name: "Print output after failure"
if: failure() && (steps.tests.outcome == 'failure' || steps.env.outcome == 'failure')
run: ${TAS_SCRIPTS}/output_logs_for_failures.sh "tests/tas-cmis"
- name: "Dump all Docker containers logs"
uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
if: failure() && (steps.tests.outcome == 'failure' || steps.env.outcome == 'failure')
- name: "Clean Maven cache"
run: bash ./scripts/ci/cleanup_cache.sh
cmis_tas_tests_opensearch:
name: "CMIS TAS tests - Open Search (CMIS API)"
runs-on: ubuntu-latest
if: >
!contains(github.event.head_commit.message, '[skip search]') &&
!contains(github.event.head_commit.message, '[skip tests]')
steps:
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
- uses: actions/checkout@v4
with:
persist-credentials: false
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
- name: "Build"
timeout-minutes: ${{ fromJSON(env.GITHUB_ACTIONS_DEPLOY_TIMEOUT) }}
run: |
bash ./scripts/ci/init.sh
bash ./scripts/ci/build.sh
- name: "Set up the environment"
run: |
${{ env.TAS_SCRIPTS }}/start-compose.sh ${{ env.TAS_ENVIRONMENT }}/docker-compose-cmis-opensearch-tests.yml
${{ env.TAS_SCRIPTS }}/wait-for-alfresco-start.sh "http://localhost:8082/alfresco"
- name: "Run tests"
id: tests
timeout-minutes: 40
run: mvn -B install -ntp -f tests/tas-cmis/pom.xml -Pall-tas-tests,run-cmis-with-elastic -Denvironment=default -DrunBugs=false
- name: "Print output after failure"
if: ${{ always() && steps.tests.outcome == 'failure' }}
run: ${TAS_SCRIPTS}/output_logs_for_failures.sh "tests/tas-cmis"
- name: "Clean Maven cache"
run: bash ./scripts/ci/cleanup_cache.sh
tas_tests_search_api:
name: ${{ matrix.testSuite }} | TAS tests (Search API)
runs-on: alfrescoPub-ubuntu2204-16G-4CPU
if: >
(github.ref_name == 'master' || startsWith(github.ref_name, 'release/') || github.event_name == 'pull_request') &&
!contains(github.event.head_commit.message, '[skip search]') &&
!contains(github.event.head_commit.message, '[skip tests]')
strategy:
fail-fast: false
matrix:
include:
- testSuite: Elasticsearch postgreSQL
profiles: all-tas-tests,elastic
search-engine-type: elasticsearch
db-type: postgresql
- testSuite: Elasticsearch MySQL
profiles: all-tas-tests,elastic
search-engine-type: elasticsearch
db-type: mysql
- testSuite: Elasticsearch Maria DB 10.6
profiles: all-tas-tests,elastic
search-engine-type: elasticsearch
db-type: mariadb
- testSuite: Elasticsearch MS SQL
profiles: all-tas-tests,elastic
search-engine-type: elasticsearch
db-type: mssql
- testSuite: Elasticsearch Oracle 19.3.0-ee
profiles: all-tas-tests,elastic
search-engine-type: elasticsearch
db-type: oracle
- testSuite: Opensearch
profiles: all-tas-tests,elastic
search-engine-type: opensearch
db-type: postgresql
- testSuite: Elasticsearch Basic Auth postgreSQL
profiles: all-tas-tests,elastic-basic-auth
search-engine-type: elasticsearch
db-type: postgresql
- testSuite: Elasticsearch Basic Auth MySQL
profiles: all-tas-tests,elastic-basic-auth
search-engine-type: elasticsearch
db-type: mysql
- testSuite: Elasticsearch Basic Auth MariaDB 10.6
profiles: all-tas-tests,elastic-basic-auth
search-engine-type: elasticsearch
db-type: mariadb
- testSuite: Elasticsearch Basic Auth MS SQL
profiles: all-tas-tests,elastic-basic-auth
search-engine-type: elasticsearch
db-type: mssql
- testSuite: Elasticsearch Basic Auth Oracle 19.3.0-ee
profiles: all-tas-tests,elastic-basic-auth
search-engine-type: elasticsearch
db-type: oracle
- testSuite: Opensearch Basic Auth
profiles: all-tas-tests,elastic-basic-auth
search-engine-type: opensearch
db-type: postgresql
steps:
- uses: actions/checkout@v4
with:
persist-credentials: false
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
- name: "Build"
timeout-minutes: ${{ fromJSON(env.GITHUB_ACTIONS_DEPLOY_TIMEOUT) }}
run: |
bash ./scripts/ci/init.sh
bash ./scripts/ci/build.sh
- name: "Run tests"
id: tests
timeout-minutes: ${{ fromJSON(env.GITHUB_ACTIONS_DEPLOY_TIMEOUT) }}
run: mvn -B install -ntp -pl ":content-repository-elasticsearch-test" -am -P${{ matrix.profiles }} -Denvironment=default -DrunBugs=false "-Dsearch.engine.type=${{ matrix.search-engine-type }}" "-Ddatabase.type=${{ matrix.db-type }}" -Dindeximage="alfresco-es-indexing-jdbc:latest" -Dreindeximage="alfresco-es-reindexing-jdbc:latest" -Drepoimage="alfresco-repository-databases:latest"
- name: "Dump all Docker containers logs"
uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
if: failure() && steps.tests.outcome == 'failure'
- name: "Clean Maven cache"
run: bash ./scripts/ci/cleanup_cache.sh
upgrade_tas_tests:
name: ${{ matrix.testSuite }} Upgrade TAS tests
runs-on: alfrescoPub-ubuntu2204-16G-4CPU
if: >
(github.ref_name == 'master' || startsWith(github.ref_name, 'release/') || github.event_name == 'pull_request') &&
!contains(github.event.head_commit.message, '[skip search]') &&
!contains(github.event.head_commit.message, '[skip tests]')
strategy:
fail-fast: false
matrix:
include:
- testSuite: Elasticsearch
search-engine-type: elasticsearch
- testSuite: Opensearch
search-engine-type: opensearch
steps:
- uses: actions/checkout@v4
with:
persist-credentials: false
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
- name: "Build"
timeout-minutes: ${{ fromJSON(env.GITHUB_ACTIONS_DEPLOY_TIMEOUT) }}
run: |
bash ./scripts/ci/init.sh
bash ./scripts/ci/build.sh
- name: "Configure AWS credentials"
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_S3_ACSLICENSE_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_S3_ACSLICENSE_SECRET_ACCESS_KEY }}
aws-region: ${{ env.AWS_REGION }}
- name: "Copy Licence"
run: aws s3 cp ${ALF_LICENCE_S3_PATH} ${ALF_LICENCE_LOCAL_PATH}
- name: "Run tests"
id: tests
timeout-minutes: 30
run: mvn -B install -ntp -pl ":content-repository-elasticsearch-test" -am -Pall-tas-tests,elastic-upgrade -Denvironment=default -DrunBugs=false "-Dsearch.engine.type=${{ matrix.search-engine-type }}" "-Ddatabase.type=postgresql" "-Dindeximage=alfresco-es-indexing-jdbc:latest" "-Dreindeximage=alfresco-es-reindexing-jdbc:latest" "-Drepoimage=alfresco-repository-databases:latest"
- name: "Dump all Docker containers logs"
uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
if: failure() && steps.tests.outcome == 'failure'
- name: "Clean Maven cache"
run: bash ./scripts/ci/cleanup_cache.sh
all_amps_tests:
name: "All AMPs tests"
runs-on: ubuntu-latest
if: >
!contains(github.event.head_commit.message, '[skip tests]')
steps:
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
- uses: actions/checkout@v4
with:
persist-credentials: false
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
- name: "Build"
timeout-minutes: ${{ fromJSON(env.GITHUB_ACTIONS_DEPLOY_TIMEOUT) }}
run: |
bash ./scripts/ci/init.sh
bash ./scripts/ci/build.sh
- name: "Set up the environment"
run: mvn -B -q install -ntp -f tests/tas-all-amps/pom.xml -DskipTests -Pall-tas-tests,prepare-wars-with-amps
- name: "Check duplicate libraries"
run: ./tests/scripts/checkLibraryDuplicates.sh ./tests/tas-all-amps/target/war/alfresco/WEB-INF/lib
- name: "Run the environment"
id: env
env:
AWS_ACCESS_KEY: ${{ secrets.AWS_S3_PIPELINE_AMPS_ACCESS_KEY_ID }}
AWS_SECRET_KEY: ${{ secrets.AWS_S3_PIPELINE_AMPS_SECRET_ACCESS_KEY }}
run: |
${{ env.TAS_SCRIPTS }}/start-compose.sh ${{ env.TAS_ENVIRONMENT }}/docker-compose-all-amps-test.yml
${{ env.TAS_SCRIPTS }}/wait-for-alfresco-start.sh "http://localhost:8082/alfresco"
- name: "Run tests"
id: tests
timeout-minutes: 20
run: mvn -B install -ntp -f tests/tas-all-amps/pom.xml -Pall-tas-tests -Denvironment=default -DrunBugs=false
- name: "Print output after failure"
if: failure() && steps.tests.outcome == 'failure'
run: ${TAS_SCRIPTS}/output_logs_for_failures.sh "tests/tas-all-amps"
- name: "Dump all Docker containers logs"
uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
if: failure() && (steps.tests.outcome == 'failure' || steps.env.outcome == 'failure')
- name: "Clean Maven cache"
run: bash ./scripts/ci/cleanup_cache.sh
tas_test_with_mtls:
name: ${{ matrix.testSuite }} TAS tests with mutal TLS
runs-on: ubuntu-latest
if: >
!contains(github.event.head_commit.message, '[skip mtls]') &&
!contains(github.event.head_commit.message, '[skip tests]')
strategy:
fail-fast: false
matrix:
include:
- testSuite: Transform Service Mutal TLS
pom-dir: tests/tas-mtls
profiles: run-mtls
compose-file: docker-compose-mtls.yml
mtls: true
disabledHostnameVerification: false
deploy-timeout: 10
- testSuite: Transform Service Mutal TLS Disabled Hostname Verification
pom-dir: tests/tas-mtls
profiles: run-mtls
compose-file: docker-compose-mtls.yml
mtls: true
disabledHostnameVerification: true
deploy-timeout: 10
steps:
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
- uses: actions/checkout@v4
with:
persist-credentials: false
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
- name: "Generate Keystores and Truststores for Mutual TLS configuration"
if: ${{ matrix.mtls }}
run: |
git clone -b "master" --depth=1 "https://${{ secrets.BOT_GITHUB_USERNAME }}:${{ secrets.BOT_GITHUB_TOKEN }}@github.com/Alfresco/alfresco-ssl-generator.git"
if ${{ matrix.disabledHostnameVerification }} ; then
bash ${{ env.CI_WORKSPACE }}/alfresco-ssl-generator/scripts/ci/generate_keystores_wrong_hostnames.sh
echo "HOSTNAME_VERIFICATION_DISABLED=true" >> "$GITHUB_ENV"
else
bash ${{ env.CI_WORKSPACE }}/alfresco-ssl-generator/scripts/ci/generate_keystores.sh
echo "HOSTNAME_VERIFICATION_DISABLED=false" >> "$GITHUB_ENV"
fi
bash ${{ env.CI_WORKSPACE }}/alfresco-ssl-generator/scripts/ci/convert_testclient_keystore_to_pem.sh "${{ env.CI_WORKSPACE }}"
- name: "Build"
timeout-minutes: ${{ fromJSON(env.GITHUB_ACTIONS_DEPLOY_TIMEOUT) }}
run: |
bash ./scripts/ci/init.sh
bash ./scripts/ci/build.sh
- name: "Set up the environment"
run: |
${{ env.TAS_SCRIPTS }}/start-compose.sh ${{ env.TAS_ENVIRONMENT }}/${{ matrix.compose-file }}
${{ env.TAS_SCRIPTS }}/wait-for-alfresco-start.sh "https://localhost:8443/alfresco"
- name: "Run tests"
id: tests
timeout-minutes: ${{ matrix.deploy-timeout }}
run: mvn -B install -ntp -f ${{ matrix.pom-dir }}/pom.xml -P${{ matrix.profiles }} -Denvironment=default -DrunBugs=false
- name: "Print output after failure"
if: ${{ always() && steps.tests.outcome == 'failure' }}
run: ${TAS_SCRIPTS}/output_logs_for_failures.sh "${{ matrix.pom-dir }}"
- name: "Clean Maven cache"
run: bash ./scripts/ci/cleanup_cache.sh
distribution_zip_content_tests:
name: "Distribution Zip content tests (Java ${{ matrix.java-version }})"
runs-on: ubuntu-latest
if: >
!contains(github.event.head_commit.message, '[skip tests]')
strategy:
fail-fast: false
matrix:
java-version: [17, 21]
steps:
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
- uses: actions/checkout@v4
with:
persist-credentials: false
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
- name: "Build"
timeout-minutes: ${{ fromJSON(env.GITHUB_ACTIONS_DEPLOY_TIMEOUT) }}
run: |
bash ./scripts/ci/init.sh
bash ./scripts/ci/build.sh
- name: "Set up the environment"
run: mvn -B -V clean install -ntp -Pags -DskipTests -Dmaven.javadoc.skip=true
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
with:
java-version: ${{ matrix.java-version }}
- name: "Run tests"
id: tests
timeout-minutes: 20
run: mvn -B install -ntp -f tests/tas-distribution-zip/pom.xml -Prun-distribution-zip-contents-check -DrunBugs=false
- name: "Print output after failure"
if: ${{ always() && steps.tests.outcome == 'failure' }}
run: ${TAS_SCRIPTS}/output_logs_for_failures.sh "tests/tas-distribution-zip"
- name: "Clean Maven cache"
run: bash ./scripts/ci/cleanup_cache.sh
single_pipeline_image_tests:
name: "Single Pipeline image tests (Java ${{ matrix.java-version }})"
runs-on: ubuntu-latest
if: >
github.event_name != 'pull_request' &&
!contains(github.event.head_commit.message, '[skip tests]')
strategy:
fail-fast: false
matrix:
java-version: [DEFAULT, 21]
steps:
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
- uses: actions/checkout@v4
with:
persist-credentials: false
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
- uses: actions/setup-python@v5
with:
python-version: ${{ env.PYTHON_VERSION }}
- name: "Build"
timeout-minutes: ${{ fromJSON(env.GITHUB_ACTIONS_DEPLOY_TIMEOUT) }}
run: |
bash ./scripts/ci/init.sh
bash ./scripts/ci/build.sh
- name: "Set up the environment"
timeout-minutes: ${{ fromJSON(env.GITHUB_ACTIONS_DEPLOY_TIMEOUT) }}
env:
AWS_ACCESS_KEY: ${{ secrets.AWS_S3_PIPELINE_AMPS_ACCESS_KEY_ID }}
AWS_SECRET_KEY: ${{ secrets.AWS_S3_PIPELINE_AMPS_SECRET_ACCESS_KEY }}
run: |
mvn -B clean install -ntp -Ppipeline,build-docker-images \
$(mvn -B -q help:evaluate "-Dexpression=dependency.alfresco-enterprise-repo.version" -DforceStdout | grep -q '\-SNAPSHOT$' && echo '-Drepo.image.tag=latest') $(mvn -B -q help:evaluate "-Dexpression=dependency.alfresco-enterprise-share.version" -DforceStdout | grep -q '\-SNAPSHOT$' && echo '-Dshare.image.tag=latest') \
-Dimage.java.version=${{ matrix.java-version }}
cat tests/pipeline-all-amps/repo/target/dtas/dtas-config.json
pip install requests pytest==6.2.4 pytest-testinfra==6.3.0 jmespath==0.10.0
git clone --depth 1 --branch $DTAS_VERSION https://${GIT_USERNAME}:${GIT_PASSWORD}@github.com/Alfresco/alfresco-deployment-test-automation-scripts.git dtas
docker images | grep pipeline
${TAS_SCRIPTS}/start-compose.sh ${TAS_ENVIRONMENT}/docker-compose-pipeline-all-amps.yml
${TAS_SCRIPTS}/wait-for-alfresco-start.sh "http://localhost:8080/alfresco/" 180
docker ps
curl -v --user [email protected]:admin http://localhost:8080/alfresco/api/discovery
- name: "Run tests"
run: |
cd dtas
pytest --configuration ../tests/pipeline-all-amps/repo/target/dtas/dtas-config.json tests/ -s
- name: "Clean Maven cache"
run: bash ./scripts/ci/cleanup_cache.sh
test_tomcat_deployment:
name: "Test Tomcat deployment"
runs-on: ubuntu-latest
if: >
!contains(github.event.head_commit.message, '[skip tests]')
steps:
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
- uses: actions/checkout@v4
with:
persist-credentials: false
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
- name: "Build"
timeout-minutes: ${{ fromJSON(env.GITHUB_ACTIONS_DEPLOY_TIMEOUT) }}
run: |
bash ./scripts/ci/init.sh
bash ./scripts/ci/build.sh
- name: "Set up the environment"
run: |
${{ env.TAS_SCRIPTS }}/start-compose.sh ./dev/docker-compose.yml
${{ env.TAS_SCRIPTS }}/wait-for-alfresco-start.sh "http://localhost:8983/solr"
- name: "Run tomcat, verify it starts"
id: tests
run: |
(mvn -B clean install -Prun -rf dev &)
curl --retry 60 --retry-max-time 300 --retry-delay 5 --retry-all-errors --fail "http://localhost:8080/alfresco/api/-default-/public/alfresco/versions/1/probes/-ready-"
echo "Test Alfresco Repository availability"
curl -Ls -o /dev/null --fail "http://localhost:8080/alfresco"
echo "Test Share availability"
curl -Ls -o /dev/null --fail "http://localhost:8080/share"
pipeline_test_docker_release:
name: "Upload docker images needed for pipeline tests: <acs.version>-<PIPELINE_TAG_TEXT_INSERT>-<build>"
runs-on: ubuntu-latest
if: >
contains(github.event.head_commit.message, '[pipeline_docker]')
services:
registry:
image: registry:2
ports:
- 5000:5000
steps:
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
- uses: actions/checkout@v4
with:
persist-credentials: false
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
with:
platforms: linux/amd64,linux/arm64
- name: Pipeline Tag text insert (modify for your needs)
run: |
echo "PIPELINE_TAG_TEXT_INSERT=INSERT-TEXT" >> $GITHUB_ENV
- name: Compute final build number
run: |
echo "COMPUTED_BUILD_NUMBER=$(( $BASE_BUILD_NUMBER + $BUILD_NUMBER ))" >> $GITHUB_ENV
- name: Determine ACS Image Tag
run: |
ACS_VERSION=23.1.0
echo "IMAGE_TAG=${ACS_VERSION}-${PIPELINE_TAG_TEXT_INSERT}-${COMPUTED_BUILD_NUMBER}" >> $GITHUB_ENV
- name: "Build: uses IMAGE_TAG variable, requires Repo and Share snapshot versions in main pom.xml"
timeout-minutes: ${{ fromJSON(env.GITHUB_ACTIONS_DEPLOY_TIMEOUT) }}
run: |
bash ./scripts/ci/init.sh
bash ./scripts/ci/build.sh -m
- name: "Update images"
timeout-minutes: ${{ fromJSON(env.GITHUB_ACTIONS_DEPLOY_TIMEOUT) }}
run: mvn -B -V clean install -ntp -DskipTests -Dmaven.javadoc.skip=true -Ppush-docker-images,pipeline,release-branch -Drepo.image.tag=latest -Dshare.image.tag=latest -Dimage.tag=${IMAGE_TAG} -Ddocker.quay-expires.value=1w -Drepo.skipDockerImage=false -Dshare.skipDockerImage=false
- name: "Clean Maven cache"
run: bash ./scripts/ci/cleanup_cache.sh