vaas-ruby-ci #357
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: vaas-ruby-ci | |
on: | |
push: | |
branches: | |
- main | |
paths: | |
- "ruby/**" | |
- ".github/workflows/ci-ruby.yaml" | |
tags: | |
- "rb*" | |
pull_request: | |
branches: | |
- main | |
paths: | |
- "ruby/**" | |
- ".github/workflows/ci-ruby.yaml" | |
workflow_dispatch: | |
inputs: | |
environment: | |
type: choice | |
description: "Test environment" | |
options: | |
- production | |
- staging | |
- develop | |
default: "production" | |
env: | |
CLIENT_ID: ${{ secrets.CLIENT_ID }} | |
CLIENT_SECRET: ${{secrets.CLIENT_SECRET}} | |
VAAS_URL: "wss://gateway.production.vaas.gdatasecurity.de" | |
TOKEN_URL: "https://account.gdata.de/realms/vaas-production/protocol/openid-connect/token" | |
VAAS_CLIENT_ID: ${{ secrets.VAAS_CLIENT_ID }} | |
VAAS_USER_NAME: ${{ secrets.VAAS_USER_NAME }} | |
VAAS_PASSWORD: ${{secrets.VAAS_PASSWORD}} | |
jobs: | |
build-ruby: | |
name: Build & Test Ruby SDK | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Scan for Viruses | |
uses: ./.github/actions/vaas-scan-action | |
with: | |
VAAS_CLIENT_ID: ${{ secrets.VAAS_SCAN_CLIENT_ID }} | |
VAAS_CLIENT_SECRET: ${{ secrets.VAAS_SCAN_CLIENT_SECRET }} | |
- uses: ruby/setup-ruby@v1 | |
with: | |
ruby-version: "3.1" # Not needed with a .ruby-version file | |
bundler-cache: true # runs 'bundle install' and caches installed gems automatically | |
- name: set staging environment | |
if: (inputs.environment == 'staging' || (startsWith(github.ref, 'refs/tags/rb') && endsWith(github.ref, '-beta'))) | |
run: | | |
echo "CLIENT_ID=${{ secrets.STAGING_CLIENT_ID }}" >> $GITHUB_ENV | |
echo "CLIENT_SECRET=${{ secrets.STAGING_CLIENT_SECRET }}" >> $GITHUB_ENV | |
echo "VAAS_URL=wss://gateway.staging.vaas.gdatasecurity.de" >> $GITHUB_ENV | |
echo "TOKEN_URL=https://account-staging.gdata.de/realms/vaas-staging/protocol/openid-connect/token" >> $GITHUB_ENV | |
echo "VAAS_CLIENT_ID=${{ secrets.STAGING_VAAS_CLIENT_ID }}" >> $GITHUB_ENV | |
echo "VAAS_USER_NAME=${{ secrets.STAGING_VAAS_USER_NAME }}" >> $GITHUB_ENV | |
echo "VAAS_PASSWORD=${{ secrets.STAGING_VAAS_PASSWORD }}" >> $GITHUB_ENV | |
- name: set develop environment | |
if: (inputs.environment == 'develop' || (startsWith(github.ref, 'refs/tags/rb') && endsWith(github.ref, '-alpha'))) | |
run: | | |
echo "CLIENT_ID=${{ secrets.DEVELOP_CLIENT_ID }}" >> $GITHUB_ENV | |
echo "CLIENT_SECRET=${{ secrets.DEVELOP_CLIENT_SECRET }}" >> $GITHUB_ENV | |
echo "VAAS_URL=wss://gateway.develop.vaas.gdatasecurity.de" >> $GITHUB_ENV | |
echo "TOKEN_URL=https://account-staging.gdata.de/realms/vaas-develop/protocol/openid-connect/token" >> $GITHUB_ENV | |
echo "VAAS_CLIENT_ID=${{ secrets.DEVELOP_VAAS_CLIENT_ID }}" >> $GITHUB_ENV | |
echo "VAAS_USER_NAME=${{ secrets.DEVELOP_VAAS_USER_NAME }}" >> $GITHUB_ENV | |
echo "VAAS_PASSWORD=${{ secrets.DEVELOP_VAAS_PASSWORD }}" >> $GITHUB_ENV | |
- name: extract version | |
if: startsWith(github.ref, 'refs/tags/rb') | |
run: | | |
echo "RELEASE_VERSION=${GITHUB_REF#refs/*/rb}" >> $GITHUB_ENV | |
echo $RELEASE_VERSION | |
- name: set version | |
if: startsWith(github.ref, 'refs/tags/rb') | |
run: | | |
sed -i "s/VERSION = '0.0.1'/VERSION = '$RELEASE_VERSION'/g" ./ruby/lib/vaas/version.rb | |
- name: set version without tag | |
if: ${{ !startsWith(github.ref, 'refs/tags/rb') }} | |
run: | | |
echo RELEASE_VERSION=$(sed -r -n 's/.*([0-9]+\.[0-9]+\.[0-9]+).*/\1/p' ./ruby/lib/vaas/version.rb) >> $GITHUB_ENV | |
echo $RELEASE_VERSION | |
- name: build gem | |
run: gem build vaas.gemspec | |
working-directory: ruby | |
- name: install dependencies/gem | |
run: | | |
echo $RELEASE_VERSION | |
gem install "vaas-$RELEASE_VERSION.gem" | |
working-directory: ruby | |
- name: Test | |
run: ruby vaas_test.rb | |
working-directory: ruby/test | |
- name: Run simple example | |
env: | |
URL: "https://github.com/GDATASoftwareAG/vaas" | |
run: ruby simple_example.rb | |
working-directory: ruby/examples | |
- name: Run example with reconnect | |
env: | |
URL: "https://github.com/GDATASoftwareAG/vaas" | |
run: ruby example_with_reconnect.rb | |
working-directory: ruby/examples | |
- name: Run authentication example | |
env: | |
URL: "https://github.com/GDATASoftwareAG/vaas" | |
run: ruby authentication.rb | |
working-directory: ruby/examples | |
- name: Push to rubygems.org | |
if: startsWith(github.ref, 'refs/tags/rb') | |
env: | |
RUBY_GEMS_TOKEN: ${{ secrets.RUBY_GEMS_TOKEN }} | |
run: | | |
mkdir -p ~/.gem | |
cat << EOF > ~/.gem/credentials | |
--- | |
:rubygems_api_key: ${RUBY_GEMS_TOKEN} | |
EOF | |
chmod 0600 ~/.gem/credentials | |
set -x | |
gem update --system | |
gem push "vaas-$RELEASE_VERSION.gem" | |
working-directory: ruby | |
- name: Microsoft Teams Notification | |
uses: skitionek/notify-microsoft-teams@master | |
if: failure() | |
with: | |
webhook_url: ${{ secrets.MSTEAMS_WEBHOOK }} | |
title: "`Failed workflow on for VaaS-SDK vaas-ruby-ci`" | |
job: ${{ toJson(job) }} | |
steps: ${{ toJson(steps) }} | |
codeql: | |
runs-on: ubuntu-latest | |
timeout-minutes: 360 | |
permissions: | |
security-events: write | |
actions: read | |
contents: read | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
- name: Initialize CodeQL | |
uses: github/codeql-action/init@v3 | |
with: | |
languages: ruby | |
- name: Autobuild | |
uses: github/codeql-action/autobuild@v3 | |
- name: Perform CodeQL Analysis | |
uses: github/codeql-action/analyze@v3 | |
with: | |
category: "/language:ruby" | |
- name: Microsoft Teams Notification | |
uses: skitionek/notify-microsoft-teams@master | |
if: failure() | |
with: | |
webhook_url: ${{ secrets.MSTEAMS_WEBHOOK }} | |
title: "`Failed codeql on for VaaS-SDK vaas-ruby-ci`" | |
job: ${{ toJson(job) }} | |
steps: ${{ toJson(steps) }} |