Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ci: move jenkins operations to GH #10082

Merged
merged 11 commits into from
Nov 14, 2024
Merged

ci: move jenkins operations to GH #10082

merged 11 commits into from
Nov 14, 2024

Conversation

moabu
Copy link
Member

@moabu moabu commented Nov 7, 2024

Prepare


Description

Target issue

closes #10081

Implementation Details

Please check the below before submitting your PR. The PR will not be merged if there are no commits that start with docs: to indicate documentation changes or if the below checklist is not selected.

  • I confirm that there is no impact on the docs due to the code changes in this PR.

Copy link

dryrunsecurity bot commented Nov 7, 2024

DryRun Security Summary

The pull request includes a wide range of updates to the Janssen Project's GitHub Actions workflows, build configurations, and documentation-related processes, focusing on improving the security, reliability, and maintainability of the project's codebase and build infrastructure.

Expand for full summary

Summary:

The code changes in this pull request cover a wide range of updates to the Janssen Project's GitHub Actions workflows, build configurations, and documentation-related processes. The changes focus on improving the security, reliability, and maintainability of the project's codebase and build infrastructure.

Key security-related updates include:

  1. Hardening the GitHub Actions runners using the step-security/harden-runner action, which helps mitigate potential security risks.
  2. Implementing Markdown linting to ensure the quality and consistency of the project's documentation.
  3. Expanding the CodeQL static code analysis to include the Go programming language, which is a new addition to the project.
  4. Securing the storage and management of sensitive credentials, such as GitHub access tokens and GPG keys, using GitHub Secrets.
  5. Enhancing the testing capabilities by adding support for running tests for the SCIM server and Config API components of the Janssen platform.

Additionally, the changes introduce new Maven repository configurations, which should be carefully reviewed to ensure the security and integrity of the project's dependencies.

Files Changed:

  1. .github/workflows/lint-docs.yml: This workflow is responsible for linting the Markdown files in the docs/ directory of the project. The changes focus on hardening the GitHub Actions runner and implementing Markdown linting to maintain the quality of the project's documentation.

  2. .github/maven-settings.xml: This file updates the Maven configuration to use a GitHub Packages repository for the project's dependencies. The changes introduce the use of environment variables to store sensitive credentials, which should be properly secured.

  3. .github/workflows/ops-docs.yml: This workflow manages the documentation-related changes in the project, including commit message checking, pull request verification, and Markdown linting. The changes help ensure the integrity and quality of the project's documentation.

  4. .github/workflows/build-test.yml: This workflow is responsible for building and testing the Janssen Project. The changes include hardening the GitHub Actions runner, importing a GPG key for signing commits, and enabling dependency checking to identify known vulnerabilities.

  5. .github/workflows/scan-codeql.yml: This workflow runs the CodeQL static code analysis tool on the project's codebase. The changes expand the language support to include the Go programming language, which is a positive step towards improving the overall security of the project.

  6. Various other files, such as pom.xml and entrypoint.sh, which include updates to the project's build configurations and testing scripts. These changes should be reviewed to ensure they do not introduce any unintended security risks.

Code Analysis

We ran 9 analyzers against 30 files and 1 analyzer had findings. 8 analyzers had no findings.

Analyzer Findings
Sensitive Files Analyzer 4 findings

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

@mo-auto mo-auto added area-CI Issue or changes required in automatic builds or CI infrastructure comp-agama Touching folder /agama comp-docker-jans-monolith comp-jans-auth-server Component affected by issue or PR comp-jans-bom Component affected by issue or PR comp-jans-casa Touching folder /jans-casa comp-jans-config-api Component affected by issue or PR comp-jans-core Component affected by issue or PR comp-jans-fido2 Component affected by issue or PR comp-jans-keycloak-link Touching folder /jans-keycloak-link comp-jans-link Touching folder /jans-link comp-jans-lock comp-jans-orm Component affected by issue or PR comp-jans-scim Component affected by issue or PR labels Nov 7, 2024
Copy link

sonarqubecloud bot commented Nov 7, 2024

Copy link

sonarqubecloud bot commented Nov 7, 2024

Copy link

sonarqubecloud bot commented Nov 7, 2024

Quality Gate Passed Quality Gate passed for 'keycloak-integration-parent'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

Copy link

Copy link

Copy link

Copy link

Copy link

Copy link

Copy link

@moabu moabu marked this pull request as ready for review November 14, 2024 07:11
@moabu moabu merged commit f1b38fa into main Nov 14, 2024
11 checks passed
@moabu moabu deleted the ci-move-jenkins branch November 14, 2024 08:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area-CI Issue or changes required in automatic builds or CI infrastructure comp-agama Touching folder /agama comp-docker-jans-monolith comp-jans-auth-server Component affected by issue or PR comp-jans-bom Component affected by issue or PR comp-jans-casa Touching folder /jans-casa comp-jans-config-api Component affected by issue or PR comp-jans-core Component affected by issue or PR comp-jans-fido2 Component affected by issue or PR comp-jans-keycloak-link Touching folder /jans-keycloak-link comp-jans-link Touching folder /jans-link comp-jans-lock comp-jans-orm Component affected by issue or PR comp-jans-scim Component affected by issue or PR
Projects
None yet
Development

Successfully merging this pull request may close these issues.

ci: move jenkins operations to GitHub
3 participants