Alfresco Transform Core CI #779
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Alfresco Transform Core CI | |
on: | |
push: | |
branches: | |
- master | |
- feature/** | |
- fix/** | |
- SP/** | |
- HF/** | |
- ATS-** | |
- ACS-** | |
- MNT-** | |
pull_request: | |
branches: | |
- master | |
- feature/** | |
- fix/** | |
- SP/** | |
- HF/** | |
schedule: | |
- cron: '0 5 * * 1' | |
workflow_dispatch: | |
env: | |
DOCKERHUB_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} | |
DOCKERHUB_USERNAME: ${{ secrets.DOCKER_USERNAME }} | |
NEXUS_PASSWORD: ${{ secrets.NEXUS_PASSWORD }} | |
NEXUS_USERNAME: ${{ secrets.NEXUS_USERNAME }} | |
QUAY_PASSWORD: ${{ secrets.QUAY_PASSWORD }} | |
QUAY_USERNAME: ${{ secrets.QUAY_USERNAME }} | |
GIT_USERNAME: ${{ secrets.BOT_GITHUB_USERNAME }} | |
GIT_EMAIL: ${{ secrets.BOT_GITHUB_EMAIL }} | |
GIT_PASSWORD: ${{ secrets.BOT_GITHUB_TOKEN }} | |
GITHUB_ACTIONS_DEPLOY_TIMEOUT: 60 | |
jobs: | |
veracode_sca: | |
name: "Veracode - Source Clear Scan (SCA)" | |
runs-on: ubuntu-latest | |
if: > | |
github.ref_name == 'master' || | |
github.event_name == 'pull_request' | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
- name: "Clean-up SNAPSHOT artifacts" | |
run: find "${HOME}/.m2/repository/" -type d -name "*-SNAPSHOT*" | xargs -r -l rm -rf | |
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
continue-on-error: true | |
with: | |
srcclr-api-token: ${{ secrets.SRCCLR_API_TOKEN }} | |
veracode_sast: | |
name: "Pipeline SAST Scan" | |
runs-on: ubuntu-latest | |
if: > | |
(github.ref_name == 'master' || startsWith(github.ref_name, 'SP/') || startsWith(github.ref_name, 'HF/') || github.event_name == 'pull_request') && | |
github.actor != 'dependabot[bot]' && | |
!contains(github.event.head_commit.message, '[skip tests]') | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
- name: "Login to Docker Hub" | |
uses: docker/[email protected] | |
with: | |
username: ${{ secrets.DOCKER_USERNAME }} | |
password: ${{ secrets.DOCKER_PASSWORD }} | |
- name: "Login to Quay.io" | |
uses: docker/[email protected] | |
with: | |
registry: quay.io | |
username: ${{ secrets.QUAY_USERNAME }} | |
password: ${{ secrets.QUAY_PASSWORD }} | |
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
with: | |
token: ${{ secrets.BOT_GITHUB_TOKEN }} | |
repository: "Alfresco/veracode-baseline-archive" | |
file-path: "alfresco-transform-core/alfresco-transform-core-baseline.json" | |
target: "baseline.json" | |
- name: "Build" | |
run: mvn -B -U install -DskipTests | |
- name: "Create zip" | |
run: zip -r to-scan.zip engines/aio/target/alfresco-transform-core-aio-*.jar engines/base/target/alfresco-base-t-engine-*.jar model/target/alfresco-transform-model-*.jar | |
- name: "Run SAST Scan" | |
uses: veracode/[email protected] | |
with: | |
vid: ${{ secrets.VERACODE_API_ID }} | |
vkey: ${{ secrets.VERACODE_API_KEY }} | |
file: "to-scan.zip" | |
fail_build: true | |
project_name: alfresco-transform-core | |
issue_details: true | |
veracode_policy_name: Alfresco Default | |
summary_output: true | |
summary_output_file: results.json | |
summary_display: true | |
baseline_file: baseline.json | |
- name: Upload scan result | |
if: success() || failure() | |
run: zip readable_output.zip results.json | |
- name: Upload Artifact | |
if: success() || failure() | |
uses: actions/upload-artifact@v3 | |
with: | |
name: Veracode Pipeline-Scan Results (Human Readable) | |
path: readable_output.zip | |
build_and_test: | |
name: "Core & Base Snapshot deployment" | |
runs-on: ubuntu-latest | |
if: > | |
github.ref_name == 'master' && | |
github.event_name != 'pull_request' | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
- name: "Login to Docker Hub" | |
uses: docker/[email protected] | |
with: | |
username: ${{ secrets.DOCKER_USERNAME }} | |
password: ${{ secrets.DOCKER_PASSWORD }} | |
- name: "Login to Quay.io" | |
uses: docker/[email protected] | |
with: | |
registry: quay.io | |
username: ${{ secrets.QUAY_USERNAME }} | |
password: ${{ secrets.QUAY_PASSWORD }} | |
- name: "Enable experimental docker features" | |
run: | | |
echo '{"experimental":true}' | sudo tee /etc/docker/daemon.json | |
sudo service docker restart | |
- name: "Clean-up SNAPSHOT artifacts" | |
run: find "${HOME}/.m2/repository/" -type d -name "*-SNAPSHOT*" | xargs -r -l rm -rf | |
- name: "Build" | |
timeout-minutes: ${{ fromJSON(env.GITHUB_ACTIONS_DEPLOY_TIMEOUT) }} | |
run: mvn -B -U -q clean install -DadditionalOption=-Xdoclint:none -DskipTests -Dmaven.javadoc.skip=true -Dmaven.wagon.http.pool=false -Pbase | |
- name: "Cache LibreOffice" | |
run: bash _ci/cache_artifacts.sh | |
- name: "Run tests" | |
timeout-minutes: ${{ fromJSON(env.GITHUB_ACTIONS_DEPLOY_TIMEOUT) }} | |
run: mvn -B -U clean deploy -DadditionalOption=-Xdoclint:none -Dmaven.javadoc.skip=true -Dmaven.wagon.http.pool=false -Pbase | |
all_tests_matrix: | |
name: ${{ matrix.testName }} | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- testName: ImageMagick | |
buildProfile: imagemagick | |
testProfile: imagemagick | |
- testName: LibreOffice | |
buildProfile: libreoffice | |
testProfile: libreoffice | |
- testName: Transform Misc | |
buildProfile: misc | |
testProfile: misc | |
- testName: PDF Renderer | |
buildProfile: pdf-renderer | |
testProfile: pdf-renderer | |
- testName: Tika | |
buildProfile: tika | |
testProfile: tika | |
- testName: All in One Transformer | |
buildProfile: full-build | |
testProfile: aio-test | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
- name: "Login to Docker Hub" | |
uses: docker/[email protected] | |
with: | |
username: ${{ secrets.DOCKER_USERNAME }} | |
password: ${{ secrets.DOCKER_PASSWORD }} | |
- name: "Login to Quay.io" | |
uses: docker/[email protected] | |
with: | |
registry: quay.io | |
username: ${{ secrets.QUAY_USERNAME }} | |
password: ${{ secrets.QUAY_PASSWORD }} | |
- name: "Enable experimental docker features" | |
run: | | |
echo '{"experimental":true}' | sudo tee /etc/docker/daemon.json | |
sudo service docker restart | |
- name: "Clean-up SNAPSHOT artifacts" | |
run: find "${HOME}/.m2/repository/" -type d -name "*-SNAPSHOT*" | xargs -r -l rm -rf | |
- name: "Build local docker image" | |
timeout-minutes: ${{ fromJSON(env.GITHUB_ACTIONS_DEPLOY_TIMEOUT) }} | |
run: bash _ci/build.sh ${{ matrix.buildProfile }} | |
- name: "Cache LibreOffice" | |
run: bash _ci/cache_artifacts.sh | |
- name: "Run tests" | |
timeout-minutes: ${{ fromJSON(env.GITHUB_ACTIONS_DEPLOY_TIMEOUT) }} | |
run: bash _ci/test.sh ${{ matrix.testProfile }} | |
release: | |
name: "Release" | |
runs-on: ubuntu-latest | |
needs: [veracode_sca, build_and_test, all_tests_matrix] | |
if: > | |
!(failure() || cancelled()) && | |
contains(github.event.head_commit.message, '[release]') && | |
github.event_name != 'pull_request' && | |
(github.ref_name == 'master' || startsWith(github.ref_name, 'SP/') || startsWith(github.ref_name, 'HF/')) | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
persist-credentials: false | |
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v2 | |
with: | |
platforms: linux/amd64,linux/arm64 | |
- name: "Login to Docker Hub" | |
uses: docker/[email protected] | |
with: | |
username: ${{ secrets.DOCKER_USERNAME }} | |
password: ${{ secrets.DOCKER_PASSWORD }} | |
- name: "Login to Quay.io" | |
uses: docker/[email protected] | |
with: | |
registry: quay.io | |
username: ${{ secrets.QUAY_USERNAME }} | |
password: ${{ secrets.QUAY_PASSWORD }} | |
- name: "Enable experimental docker features" | |
run: | | |
echo '{"experimental":true}' | sudo tee /etc/docker/daemon.json | |
sudo service docker restart | |
- name: "Clean-up SNAPSHOT artifacts" | |
run: find "${HOME}/.m2/repository/" -type d -name "*-SNAPSHOT*" | xargs -r -l rm -rf | |
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
with: | |
username: ${{ env.GIT_USERNAME }} | |
email: ${{ env.GIT_EMAIL }} | |
global: true | |
- name: "Cache LibreOffice" | |
run: bash _ci/cache_artifacts.sh | |
- name: "Release" | |
timeout-minutes: ${{ fromJSON(env.GITHUB_ACTIONS_DEPLOY_TIMEOUT) }} | |
run: bash _ci/release.sh |