Update CHANGELOG.md #1142
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Continuous Integration | |
on: push | |
env: | |
JAVA_VERSION: 17 | |
jobs: | |
build: | |
runs-on: ubuntu-22.04 | |
steps: | |
- name: Check out repository code | |
uses: actions/checkout@v4 | |
with: | |
path: plugin | |
- name: Setup Java JDK ${{ env.JAVA_VERSION }} | |
uses: actions/setup-java@v4 | |
with: | |
java-version: ${{ env.JAVA_VERSION }} | |
distribution: temurin | |
cache: maven | |
- name: Retrieve variables from pom | |
id: requestPom | |
working-directory: plugin | |
run: | | |
echo "GRAYLOG_VERSION=$(mvn help:evaluate -Dexpression=project.parent.version -q -DforceStdout)" >> $GITHUB_OUTPUT | |
NAME=$(mvn help:evaluate -Dexpression=project.name -q -DforceStdout) | |
VERSION=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout) | |
echo "VERSION=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)" >> $GITHUB_OUTPUT | |
echo "JAR_PATH=target/$NAME-$VERSION.jar" >> $GITHUB_OUTPUT | |
echo "RPM_PATH=target/rpm/$NAME/RPMS/noarch/$NAME-$VERSION-1.noarch.rpm" >> $GITHUB_OUTPUT | |
echo "DEB_PATH=target/$NAME-$VERSION.deb" >> $GITHUB_OUTPUT | |
- name: Cache Graylog | |
uses: actions/cache@v4 | |
id: cache | |
with: | |
path: graylog2-server | |
key: ${{ steps.requestPom.outputs.GRAYLOG_VERSION }} | |
- name: Check out Graylog ${{ steps.requestPom.outputs.GRAYLOG_VERSION }} | |
if: steps.cache.outputs.cache-hit != 'true' | |
uses: actions/checkout@v4 | |
with: | |
repository: Graylog2/graylog2-server | |
ref: ${{ steps.requestPom.outputs.GRAYLOG_VERSION }} | |
path: graylog2-server | |
- name: Build Graylog | |
if: steps.cache.outputs.cache-hit != 'true' | |
working-directory: graylog2-server | |
run: | | |
./mvnw compile -DskipTests=true --batch-mode | |
- name: Cache node_modules | |
uses: actions/cache@v4 | |
with: | |
path: plugin/node_modules | |
key: ${{ hashFiles('plugin/yarn.lock') }} | |
- name: Build plugin | |
working-directory: plugin | |
run: | | |
./mvnw package --batch-mode | |
- name: Copy jar to backend tests runtime | |
working-directory: plugin | |
run: | | |
mkdir runtime/graylog/plugin | |
cp ${{ steps.requestPom.outputs.JAR_PATH }} runtime/graylog/plugin | |
- name: Preparing backend tests | |
working-directory: plugin/validation | |
run: | | |
python -m venv venv | |
source venv/bin/activate | |
pip install -r requirements.txt | |
docker compose --project-directory ../runtime pull | |
- name: Execute brittle tests | |
working-directory: plugin/validation | |
run: | | |
PYTHONUNBUFFERED=true python -m unittest test_brittle --verbose | |
- name: Execute backend tests | |
working-directory: plugin/validation | |
run: | | |
PYTHONUNBUFFERED=true python -m unittest --verbose | |
- name: Start development server | |
working-directory: plugin/runtime | |
run: | | |
docker compose up --detach --wait | |
- name: Install e2e dependencies | |
working-directory: plugin/e2e | |
run: npm ci | |
- name: Install playwright dependencies | |
working-directory: plugin/e2e | |
run: npx playwright install chromium firefox | |
- name: Run end to end tests | |
working-directory: plugin/e2e | |
run: npx playwright test | |
- name: Stop development server | |
working-directory: plugin/runtime | |
run: | | |
docker compose down | |
- uses: actions/upload-artifact@v4 | |
if: ${{ always() }} | |
with: | |
name: playwright-report | |
path: e2e/playwright-report/ | |
- name: Package signed .rpm | |
if: endsWith(steps.requestPom.outputs.VERSION,'SNAPSHOT') == false | |
working-directory: plugin | |
env: | |
GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }} | |
PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} | |
run: | | |
./mvnw rpm:rpm | |
echo -n "$GPG_PRIVATE_KEY" | gpg2 --batch --allow-secret-key-import --import | |
rpm --define "_gpg_name Airbus CyberSecurity" --define "_gpg_sign_cmd_extra_args --pinentry-mode loopback --passphrase $PASSPHRASE" --addsign "${{ steps.requestPom.outputs.RPM_PATH }}" | |
- name: Package signed .deb | |
if: endsWith(steps.requestPom.outputs.VERSION,'SNAPSHOT') == false | |
working-directory: plugin | |
env: | |
GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }} | |
PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} | |
run: | | |
echo -n "$GPG_PRIVATE_KEY" | gpg2 --batch --allow-secret-key-import --import | |
gpg2 --export-secret-keys --batch --pinentry-mode loopback --passphrase "$PASSPHRASE" > $HOME/.gnupg/secring.gpg | |
./mvnw org.vafer:jdeb:jdeb --settings deployment/settings.xml | |
- name: Check license headers | |
working-directory: plugin | |
run: | | |
mvn license:check | |
- name: Archive .jar | |
uses: actions/upload-artifact@v4 | |
with: | |
name: jar | |
path: plugin/${{ steps.requestPom.outputs.JAR_PATH }} | |
if-no-files-found: error | |
- name: Archive .rpm | |
if: endsWith(steps.requestPom.outputs.VERSION,'SNAPSHOT') == false | |
uses: actions/upload-artifact@v4 | |
with: | |
name: rpm | |
path: plugin/${{ steps.requestPom.outputs.RPM_PATH }} | |
if-no-files-found: error | |
- name: Archive .deb | |
if: endsWith(steps.requestPom.outputs.VERSION,'SNAPSHOT') == false | |
uses: actions/upload-artifact@v4 | |
with: | |
name: deb | |
path: plugin/${{ steps.requestPom.outputs.DEB_PATH }} | |
if-no-files-found: error | |
- name: Release | |
if: startsWith(github.ref, 'refs/tags/') | |
uses: softprops/action-gh-release@v1 | |
with: | |
files: | | |
plugin/${{ steps.requestPom.outputs.JAR_PATH }} | |
plugin/${{ steps.requestPom.outputs.RPM_PATH }} | |
plugin/${{ steps.requestPom.outputs.DEB_PATH }} | |
fail_on_unmatched_files: true | |
- name: Deploy to Maven Central | |
if: startsWith(github.ref, 'refs/tags/') | |
working-directory: plugin | |
env: | |
SONATYPE_USERNAME: ${{ secrets.SONATYPE_USERNAME }} | |
SONATYPE_PASSWORD: ${{ secrets.SONATYPE_PASSWORD }} | |
GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }} | |
PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} | |
run: | | |
echo -n "$GPG_PRIVATE_KEY" | gpg2 --batch --allow-secret-key-import --import | |
./mvnw clean deploy -DskipTests=true --settings deployment/settings.xml |