Merge pull request #716 from Alfresco/dependabot/maven/org.wiremock-w… #4584
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Alfresco Connector for Hyland Experience Insight CI | |
on: | |
pull_request: | |
branches: | |
- feature/** | |
- fix/** | |
- master | |
- release/** | |
push: | |
branches: | |
- feature/** | |
- fix/** | |
- master | |
- release/** | |
env: | |
# Both variables are required to be set before the release process starts . | |
# As the release is triggered by a commit message with "[release]" keyword on a release branch, | |
# setting these variables to new values can be done in the same commit and will indicate the release and the dev versions in it. | |
DEVELOPMENT_VERSION: "1.0.1-SNAPSHOT" # The version that will be set in pom files after the release (next dev version) | |
RELEASE_VERSION: "1.0.1-A1" # The version of the release (tag). | |
GITHUB_ACTIONS_DEPLOY_TIMEOUT: 60 | |
MAVEN_CLI_OPTS: "-B -e -fae -V -DinstallAtEnd=true -DfailIfNoTests=false -U -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn -Pdistribution " | |
MAVEN_PASSWORD: ${{ secrets.NEXUS_PASSWORD }} | |
MAVEN_USERNAME: ${{ secrets.NEXUS_USERNAME }} | |
JAVA_VERSION: "17" | |
JAVA_VERSION_SUPPORTED_BY_REPO: "11" | |
S3_BUCKET_REGION: "eu-west-1" | |
jobs: | |
pre_commit: | |
runs-on: ubuntu-latest | |
outputs: | |
java_version: ${{ env.JAVA_VERSION }} | |
java_version_supported_by_repo: ${{ env.JAVA_VERSION_SUPPORTED_BY_REPO }} | |
steps: | |
- uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v8.2.0 | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- id: changed-files | |
uses: Alfresco/alfresco-build-tools/.github/actions/github-list-changes@v8.2.0 | |
with: | |
write-list-to-env: true | |
- uses: Alfresco/alfresco-build-tools/.github/actions/pre-commit@v8.2.0 | |
veracode_sca: | |
name: "Veracode - Source Clear Scan (SCA)" | |
runs-on: ubuntu-latest | |
needs: | |
- pre_commit | |
if: > | |
(github.ref_name == 'master' || startsWith(github.ref_name, 'release/') || github.event_name == 'pull_request') && | |
!contains(github.event.head_commit.message, '[skip build]') | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: Alfresco/alfresco-build-tools/.github/actions/free-hosted-runner-disk-space@v8.2.0 | |
- uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v8.2.0 | |
- uses: Alfresco/alfresco-build-tools/.github/actions/veracode@v8.2.0 | |
continue-on-error: true | |
with: | |
srcclr-api-token: ${{ secrets.SRCCLR_API_TOKEN }} | |
veracode_sast: | |
name: "Pipeline SAST Scan" | |
runs-on: ubuntu-latest | |
needs: | |
- pre_commit | |
if: > | |
(github.ref_name == 'master' || startsWith(github.ref_name, 'release/') || github.event_name == 'pull_request') && | |
github.actor != 'dependabot[bot]' && | |
!contains(github.event.head_commit.message, '[skip build]') | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v8.2.0 | |
- uses: Alfresco/alfresco-build-tools/.github/actions/github-download-file@v8.2.0 | |
with: | |
token: ${{ secrets.BOT_GITHUB_TOKEN }} | |
repository: "Alfresco/veracode-baseline-archive" | |
file-path: "hxinsight-connector/hxinsight-connector-baseline.json" | |
target: "baseline.json" | |
- name: "Build application" | |
run: mvn ${{ env.MAVEN_CLI_OPTS }} clean install -DskipTests | |
- name: "Run SAST Scan" | |
uses: veracode/Veracode-pipeline-scan-action@v1.0.16 | |
with: | |
vid: ${{ secrets.VERACODE_API_ID }} | |
vkey: ${{ secrets.VERACODE_API_KEY }} | |
file: "distribution/target/alfresco-hxinsight-connector-distribution-*.zip" | |
fail_build: true | |
project_name: hxinsight-connector | |
issue_details: true | |
veracode_policy_name: Alfresco Default | |
summary_output: true | |
summary_output_file: results.json | |
summary_display: true | |
baseline_file: baseline.json | |
- name: "Clean Maven cache" | |
run: bash ./scripts/ci/cleanup_cache.sh | |
pmd_scan: | |
name: "PMD Scan" | |
runs-on: ubuntu-latest | |
if: > | |
github.event_name == 'pull_request' && | |
!contains(github.event.head_commit.message, '[skip pmd]') && | |
!contains(github.event.head_commit.message, '[skip tests]') | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: Alfresco/alfresco-build-tools/.github/actions/free-hosted-runner-disk-space@v8.2.0 | |
- uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v8.2.0 | |
- uses: Alfresco/ya-pmd-scan@v4.1.0 | |
test_application: | |
name: "Build and test application" | |
runs-on: ubuntu-latest | |
needs: | |
- pre_commit | |
if: > | |
(github.event_name == 'push' || github.actor == 'dependabot[bot]') && | |
!contains(github.event.head_commit.message, '[skip tests]') && | |
!contains(github.event.head_commit.message, '[skip build]') | |
strategy: | |
fail-fast: false | |
matrix: | |
subproject: [ "bulk-ingester", "common", "common-authentication", "common-test", | |
"live-ingester", "prediction-applier", "hxinsight-extension" ] | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: Alfresco/alfresco-build-tools/.github/actions/free-hosted-runner-disk-space@v8.2.0 | |
- name: "Login to Quay.io" | |
uses: docker/login-action@v3 | |
with: | |
registry: quay.io | |
username: ${{ secrets.QUAY_USERNAME }} | |
password: ${{ secrets.QUAY_PASSWORD }} | |
- uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v8.2.0 | |
- name: "Test application" | |
run: mvn ${{ env.MAVEN_CLI_OPTS }} clean verify -pl '${{ matrix.subproject }}' -am | |
test_distribution: | |
name: "Build application with distribution profile" | |
runs-on: ubuntu-latest | |
needs: | |
- pre_commit | |
if: > | |
(github.event_name == 'push' || github.actor == 'dependabot[bot]') && | |
!contains(github.event.head_commit.message, '[skip tests]') && | |
!contains(github.event.head_commit.message, '[skip build]') | |
strategy: | |
fail-fast: false | |
matrix: | |
repoVersion: [ 7.3.2, 7.4.2, 23.3.0 ] | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: Alfresco/alfresco-build-tools/.github/actions/free-hosted-runner-disk-space@v8.2.0 | |
- name: "Login to Quay.io" | |
uses: docker/login-action@v3 | |
with: | |
registry: quay.io | |
username: ${{ secrets.QUAY_USERNAME }} | |
password: ${{ secrets.QUAY_PASSWORD }} | |
- uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v8.2.0 | |
- name: "Build application with distribution profile" | |
run: mvn ${{ env.MAVEN_CLI_OPTS }} clean install -DskipTests -Dalfresco-platform.version=${{ matrix.repoVersion }} | |
run_e2e_test: | |
name: "Run e2e tests using ACS ${{ matrix.repoVersion }}" | |
runs-on: ubuntu-latest | |
needs: | |
- pre_commit | |
if: > | |
(github.event_name == 'push' || github.actor == 'dependabot[bot]') && | |
!contains(github.event.head_commit.message, '[skip build]') && | |
!contains(github.event.head_commit.message, '[skip tests]') && | |
!contains(github.event.head_commit.message, '[skip e2es]') | |
strategy: | |
fail-fast: false | |
matrix: | |
repoVersion: [ 7.3.2, 7.4.2, 23.3.0 ] | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: Alfresco/alfresco-build-tools/.github/actions/free-hosted-runner-disk-space@v8.2.0 | |
- name: "Login to Quay.io" | |
uses: docker/login-action@v3 | |
with: | |
registry: quay.io | |
username: ${{ secrets.QUAY_USERNAME }} | |
password: ${{ secrets.QUAY_PASSWORD }} | |
- uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v8.2.0 | |
- name: "Build application" | |
run: mvn ${{ env.MAVEN_CLI_OPTS }} clean install -DskipTests -Dalfresco-platform.version=${{ matrix.repoVersion }} | |
- name: "Build docker images" | |
run: bash ./scripts/ci/buildDockerImages.sh | |
- name: "Run e2e tests" | |
run: mvn ${{ env.MAVEN_CLI_OPTS }} verify -pl 'hxinsight-extension,e2e-test' -am -DskipUnitTests -DskipIntegrationTests -Dalfresco-platform.version=${{ matrix.repoVersion }} | |
run_e2e_test_using_older_java: | |
name: "Run e2e tests using ACS ${{ matrix.repoVersion }} on Java ${{ needs.pre_commit.outputs.java_version_supported_by_repo }}" | |
runs-on: ubuntu-latest | |
needs: | |
- pre_commit | |
if: > | |
needs.pre_commit.outputs.java_version_supported_by_repo != needs.pre_commit.outputs.java_version && | |
github.event_name != 'pull_request' && | |
(github.ref_name == 'master' || startsWith(github.ref_name, 'release/')) && | |
!contains(github.event.head_commit.message, '[skip build]') && | |
!contains(github.event.head_commit.message, '[skip tests]') && | |
!contains(github.event.head_commit.message, '[skip e2es]') | |
strategy: | |
fail-fast: false | |
matrix: | |
repoVersion: [ 7.3.2, 7.4.2 ] | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: Alfresco/alfresco-build-tools/.github/actions/free-hosted-runner-disk-space@v8.2.0 | |
- name: "Login to Quay.io" | |
uses: docker/login-action@v3 | |
with: | |
registry: quay.io | |
username: ${{ secrets.QUAY_USERNAME }} | |
password: ${{ secrets.QUAY_PASSWORD }} | |
- uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v8.2.0 | |
- name: "Build application" | |
run: mvn ${{ env.MAVEN_CLI_OPTS }} clean install -DskipTests -Dalfresco-platform.version=${{ matrix.repoVersion }} -Dalfresco-platform.java.version=${{ env.JAVA_VERSION_SUPPORTED_BY_REPO }} | |
- name: "Build docker images" | |
run: JAVA_VERSION=${{ env.JAVA_VERSION_SUPPORTED_BY_REPO }} && bash ./scripts/ci/buildDockerImages.sh | |
- name: "Run e2e tests" | |
run: mvn ${{ env.MAVEN_CLI_OPTS }} verify -pl 'hxinsight-extension,e2e-test' -am -DskipUnitTests -DskipIntegrationTests -Dalfresco-platform.version=${{ matrix.repoVersion }} -Dalfresco-platform.java.version=${{ env.JAVA_VERSION_SUPPORTED_BY_REPO }} | |
push_docker_images: | |
name: "Push docker images" | |
runs-on: ubuntu-latest | |
needs: | |
- test_application | |
- test_distribution | |
- run_e2e_test | |
if: > | |
github.event_name == 'push' && | |
(github.ref_name == 'master' || startsWith(github.ref_name, 'release/')) && | |
!(failure() || cancelled()) && | |
!contains(github.event.head_commit.message, '[skip build]') | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: docker/setup-qemu-action@v3 | |
- uses: docker/setup-buildx-action@v3 | |
- name: "Login to Quay.io" | |
uses: docker/login-action@v3 | |
with: | |
registry: quay.io | |
username: ${{ secrets.QUAY_USERNAME }} | |
password: ${{ secrets.QUAY_PASSWORD }} | |
- uses: Alfresco/alfresco-build-tools/.github/actions/free-hosted-runner-disk-space@v8.2.0 | |
- uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v8.2.0 | |
- name: "Build application" | |
run: mvn ${{ env.MAVEN_CLI_OPTS }} clean install -DskipTests -Dalfresco-platform.java.version=${{ env.JAVA_VERSION_SUPPORTED_BY_REPO }} | |
- name: "Push docker images" | |
run: bash ./scripts/ci/buildDockerImages.sh -p | |
env: | |
COMMIT_MESSAGE: ${{ github.sha }} | |
- name: "Clean Maven cache" | |
run: bash ./scripts/ci/cleanup_cache.sh | |
publish_snapshot_artifacts: | |
name: "Publish SNAPSHOT artifacts" | |
runs-on: ubuntu-latest | |
needs: | |
- test_application | |
- test_distribution | |
- run_e2e_test | |
if: > | |
!(failure() || cancelled()) && | |
(github.ref_name == 'master' || startsWith(github.ref_name, 'release/')) && | |
github.event_name != 'pull_request' && | |
!contains(github.event.head_commit.message, '[skip build]') | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v8.2.0 | |
- uses: Alfresco/alfresco-build-tools/.github/actions/free-hosted-runner-disk-space@v8.2.0 | |
- uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v8.2.0 | |
- name: "Publish SNAPSHOT artifacts" | |
timeout-minutes: ${{ fromJSON(env.GITHUB_ACTIONS_DEPLOY_TIMEOUT) }} | |
run: mvn ${{ env.MAVEN_CLI_OPTS }} deploy -DskipTests -Dalfresco-platform.java.version=${{ env.JAVA_VERSION_SUPPORTED_BY_REPO }} | |
- name: "Clean Maven cache" | |
run: bash ./scripts/ci/cleanup_cache.sh | |
release_and_deploy_to_nexus_and_s3: | |
name: "Make release and deploy to Nexus and S3 Staging Bucket" | |
runs-on: ubuntu-latest | |
needs: | |
- test_application | |
- test_distribution | |
- run_e2e_test | |
if: > | |
!(failure() || cancelled()) && | |
(github.ref_name == 'master' || startsWith(github.ref_name, 'release/')) && | |
github.event_name != 'pull_request' && | |
contains(github.event.head_commit.message, '[release]') | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
persist-credentials: false | |
- uses: Alfresco/alfresco-build-tools/.github/actions/free-hosted-runner-disk-space@v8.2.0 | |
- uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v8.2.0 | |
- uses: Alfresco/alfresco-build-tools/.github/actions/configure-git-author@v8.2.0 | |
with: | |
username: ${{ secrets.BOT_GITHUB_USERNAME }} | |
email: ${{ secrets.BOT_GITHUB_EMAIL }} | |
- name: "Build application" | |
run: mvn ${{ env.MAVEN_CLI_OPTS }} clean install -DskipTests -Dproject.revision.key=${{ github.sha }} -Dalfresco-platform.java.version=${{ env.JAVA_VERSION_SUPPORTED_BY_REPO }} | |
- name: "Make release and deploy to Nexus" | |
timeout-minutes: ${{ fromJSON(env.GITHUB_ACTIONS_DEPLOY_TIMEOUT) }} | |
run: mvn ${{ env.MAVEN_CLI_OPTS }} -DreleaseVersion="${{ env.RELEASE_VERSION }}" -DdevelopmentVersion="${{ env.DEVELOPMENT_VERSION }}" -Dtag="${{ env.RELEASE_VERSION }}" -Dusername="${{ secrets.BOT_GITHUB_USERNAME }}" -Dpassword="${{ secrets.BOT_GITHUB_TOKEN }}" -DscmCommentPrefix="[maven-release-plugin][skip ci]" -DskipTests -Dproject.revision.key=${{ github.sha }} "-Darguments=-DskipTests -Dadditionalparam=-Xdoclint:none -Dproject.revision.key=${{ github.sha }} -Dalfresco-platform.java.version=${{ env.JAVA_VERSION_SUPPORTED_BY_REPO }}" release:prepare release:perform | |
- run: mkdir -p deploy_dir/community/hxinsight-connector/${{ env.RELEASE_VERSION }} | |
- name: "Move the final artifacts to a single folder (deploy_dir) to be copied to S3" | |
run: mv "distribution/target/alfresco-hxinsight-connector-distribution-${{ env.RELEASE_VERSION }}.zip" "deploy_dir/community/hxinsight-connector/${{ env.RELEASE_VERSION }}/" | |
- name: "Clone Alfresco/third-party-license-overrides" | |
run: git clone --depth=1 https://github.com/Alfresco/third-party-license-overrides.git | |
- uses: actions/setup-python@v5 | |
- name: "Create third party license csv file and add it to the deploy directory" | |
run: python3 ./third-party-license-overrides/thirdPartyLicenseCSVCreator.py --project "${{ github.workspace }}" --version "${{ env.RELEASE_VERSION }}" --combined --output "deploy_dir/community/hxinsight-connector/${{ env.RELEASE_VERSION }}" | |
- name: "Configure AWS credentials" | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_S3_STAGING_ACCESS_KEY }} | |
aws-secret-access-key: ${{ secrets.AWS_S3_STAGING_SECRET_KEY }} | |
aws-region: ${{ env.S3_BUCKET_REGION }} | |
- name: "Deploy to S3 Staging Bucket" | |
run: aws s3 cp --recursive --acl private ./deploy_dir s3://alfresco-artefacts-staging | |
- name: "Clean Maven cache" | |
run: bash ./scripts/ci/cleanup_cache.sh | |
deploy_release_version_to_quay: | |
name: "Deploy release version to quay.io" | |
runs-on: ubuntu-latest | |
needs: | |
- test_application | |
- test_distribution | |
- run_e2e_test | |
if: > | |
!(failure() || cancelled()) && | |
(github.ref_name == 'master' || startsWith(github.ref_name, 'release/')) && | |
github.event_name != 'pull_request' && | |
contains(github.event.head_commit.message, '[release]') | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: docker/setup-qemu-action@v3 | |
- uses: docker/setup-buildx-action@v3 | |
- name: "Login to Quay.io" | |
uses: docker/login-action@v3 | |
with: | |
registry: quay.io | |
username: ${{ secrets.QUAY_USERNAME }} | |
password: ${{ secrets.QUAY_PASSWORD }} | |
- uses: Alfresco/alfresco-build-tools/.github/actions/free-hosted-runner-disk-space@v8.2.0 | |
- uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v8.2.0 | |
- name: "Build application" | |
run: mvn ${{ env.MAVEN_CLI_OPTS }} clean install -DskipTests -Dproject.revision.key=${{ github.sha }} -Dalfresco-platform.java.version=${{ env.JAVA_VERSION_SUPPORTED_BY_REPO }} | |
- name: "Deploy release version to quay.io" | |
run: bash ./scripts/ci/releaseDockerImage.sh -v ${{ env.RELEASE_VERSION }} | |
env: | |
COMMIT_MESSAGE: ${{ github.sha }} | |
- name: "Clean Maven cache" | |
run: bash ./scripts/ci/cleanup_cache.sh | |
deploy_release: | |
name: "Copy to S3 Downloads Bucket" | |
runs-on: ubuntu-latest | |
needs: | |
- deploy_release_version_to_quay | |
- release_and_deploy_to_nexus_and_s3 | |
- publish_snapshot_artifacts | |
- push_docker_images | |
if: > | |
!(failure() || cancelled()) && | |
(github.ref_name == 'master' || startsWith(github.ref_name, 'release/')) && | |
github.event_name != 'pull_request' && | |
contains(github.event.head_commit.message, '[release]') | |
steps: | |
- uses: actions/checkout@v4 | |
- name: "Configure AWS credentials" | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_S3_RELEASE_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_S3_RELEASE_SECRET_ACCESS_KEY }} | |
aws-region: ${{ env.S3_BUCKET_REGION }} | |
- run: set -x | |
- name: "Check release version and copy to S3 Downloads Bucket" | |
run: | | |
if [[ ${{ env.RELEASE_VERSION }} =~ ^[0-9]+\.[0-9]+\.[0-9]+(\.[0-9]+)?$ ]]; then | |
aws s3 cp --recursive --acl private --copy-props none "s3://alfresco-artefacts-staging/community/hxinsight-connector/${{ env.RELEASE_VERSION }}/" "s3://eu.dl.alfresco.com/release/community/hxinsight-connector/${{ env.RELEASE_VERSION }}/" | |
fi |