-
Notifications
You must be signed in to change notification settings - Fork 7
144 lines (140 loc) · 5.78 KB
/
ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
name: Continuous Integration
on: push
env:
JAVA_VERSION: 17
jobs:
build:
runs-on: ubuntu-22.04
steps:
- name: Check out repository code
uses: actions/checkout@v4
with:
path: plugin
- name: Setup Java JDK ${{ env.JAVA_VERSION }}
uses: actions/setup-java@v4
with:
java-version: ${{ env.JAVA_VERSION }}
distribution: temurin
cache: maven
- name: Retrieve variables from pom
id: requestPom
working-directory: plugin
run: |
echo "GRAYLOG_VERSION=$(mvn help:evaluate -Dexpression=project.parent.version -q -DforceStdout)" >> $GITHUB_OUTPUT
NAME=$(mvn help:evaluate -Dexpression=project.name -q -DforceStdout)
VERSION=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)
echo "VERSION=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)" >> $GITHUB_OUTPUT
echo "JAR_PATH=target/$NAME-$VERSION.jar" >> $GITHUB_OUTPUT
echo "RPM_PATH=target/rpm/$NAME/RPMS/noarch/$NAME-$VERSION-1.noarch.rpm" >> $GITHUB_OUTPUT
echo "DEB_PATH=target/$NAME-$VERSION.deb" >> $GITHUB_OUTPUT
- name: Cache Graylog
uses: actions/cache@v4
id: cache
with:
path: graylog2-server
key: ${{ steps.requestPom.outputs.GRAYLOG_VERSION }}
- name: Check out Graylog ${{ steps.requestPom.outputs.GRAYLOG_VERSION }}
if: steps.cache.outputs.cache-hit != 'true'
uses: actions/checkout@v4
with:
repository: Graylog2/graylog2-server
ref: ${{ steps.requestPom.outputs.GRAYLOG_VERSION }}
path: graylog2-server
- name: Build Graylog
if: steps.cache.outputs.cache-hit != 'true'
working-directory: graylog2-server
run: |
./mvnw compile -DskipTests=true --batch-mode
- name: Cache node_modules
uses: actions/cache@v4
with:
path: plugin/node_modules
key: ${{ hashFiles('plugin/yarn.lock') }}
- name: Build plugin
working-directory: plugin
run: |
./mvnw package --batch-mode
- name: Copy jar to backend tests runtime
working-directory: plugin
run: |
mkdir runtime/graylog/plugin
cp ${{ steps.requestPom.outputs.JAR_PATH }} runtime/graylog/plugin
- name: Preparing backend tests
working-directory: plugin/validation
run: |
python -m venv venv
source venv/bin/activate
pip install -r requirements.txt
docker compose --project-directory ../runtime pull
- name: Execute brittle tests
working-directory: plugin/validation
run: |
PYTHONUNBUFFERED=true python -m unittest test_brittle --verbose
- name: Execute backend tests
working-directory: plugin/validation
run: |
PYTHONUNBUFFERED=true python -m unittest --verbose
- name: Package signed .rpm
if: endsWith(steps.requestPom.outputs.VERSION,'SNAPSHOT') == false
working-directory: plugin
env:
GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
run: |
./mvnw rpm:rpm
echo -n "$GPG_PRIVATE_KEY" | gpg2 --batch --allow-secret-key-import --import
rpm --define "_gpg_name Airbus CyberSecurity" --define "_gpg_sign_cmd_extra_args --pinentry-mode loopback --passphrase $PASSPHRASE" --addsign "${{ steps.requestPom.outputs.RPM_PATH }}"
- name: Package signed .deb
if: endsWith(steps.requestPom.outputs.VERSION,'SNAPSHOT') == false
working-directory: plugin
env:
GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
run: |
echo -n "$GPG_PRIVATE_KEY" | gpg2 --batch --allow-secret-key-import --import
gpg2 --export-secret-keys --batch --pinentry-mode loopback --passphrase "$PASSPHRASE" > $HOME/.gnupg/secring.gpg
./mvnw org.vafer:jdeb:jdeb --settings deployment/settings.xml
- name: Check license headers
working-directory: plugin
run: |
mvn license:check
- name: Archive .jar
uses: actions/upload-artifact@v4
with:
name: jar
path: plugin/${{ steps.requestPom.outputs.JAR_PATH }}
if-no-files-found: error
- name: Archive .rpm
if: endsWith(steps.requestPom.outputs.VERSION,'SNAPSHOT') == false
uses: actions/upload-artifact@v4
with:
name: rpm
path: plugin/${{ steps.requestPom.outputs.RPM_PATH }}
if-no-files-found: error
- name: Archive .deb
if: endsWith(steps.requestPom.outputs.VERSION,'SNAPSHOT') == false
uses: actions/upload-artifact@v4
with:
name: deb
path: plugin/${{ steps.requestPom.outputs.DEB_PATH }}
if-no-files-found: error
- name: Release
if: startsWith(github.ref, 'refs/tags/')
uses: softprops/action-gh-release@v1
with:
files: |
plugin/${{ steps.requestPom.outputs.JAR_PATH }}
plugin/${{ steps.requestPom.outputs.RPM_PATH }}
plugin/${{ steps.requestPom.outputs.DEB_PATH }}
fail_on_unmatched_files: true
- name: Deploy to Maven Central
if: startsWith(github.ref, 'refs/tags/')
working-directory: plugin
env:
SONATYPE_USERNAME: ${{ secrets.SONATYPE_USERNAME }}
SONATYPE_PASSWORD: ${{ secrets.SONATYPE_PASSWORD }}
GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
run: |
echo -n "$GPG_PRIVATE_KEY" | gpg2 --batch --allow-secret-key-import --import
./mvnw clean deploy -DskipTests=true --settings deployment/settings.xml