Skip to content

add missing Vault policy missing "list" capability (#2000) #47

add missing Vault policy missing "list" capability (#2000)

add missing Vault policy missing "list" capability (#2000) #47

Workflow file for this run

name: UI
on:
pull_request:
branches:
- master
push:
branches:
- master
# This ensures that previous jobs for the PR are canceled when the PR is
# updated.
concurrency:
group: ${{ github.workflow }}-${{ github.head_ref }}
cancel-in-progress: true
jobs:
semgrep-static-code-analysis:
timeout-minutes: 30
name: "semgrep checks"
runs-on: ubuntu-latest
strategy:
matrix:
os: [ ubuntu-latest ]
steps:
- name: Check out source code
uses: actions/checkout@v3
- name: Scanning code on ${{ matrix.os }}
continue-on-error: false
run: |
# Install semgrep rather than using a container due to:
# https://github.com/actions/checkout/issues/334
sudo apt install -y python3-pip || apt install -y python3-pip
pip3 install semgrep
semgrep --config semgrep.yaml $(pwd)/web-app --error
ui-assets:
timeout-minutes: 30
name: "React No Warnings & Prettified"
runs-on: ubuntu-latest
strategy:
matrix:
go-version: [ 1.21.x ]
os: [ ubuntu-latest ]
steps:
- name: Check out code
uses: actions/checkout@v3
- name: Read .nvmrc
id: node_version
run: echo "$(cat .nvmrc)" && echo "NVMRC=$(cat .nvmrc)" >> $GITHUB_ENV
- uses: actions/setup-node@v3
with:
node-version: ${{ env.NVMRC }}
cache: 'yarn'
cache-dependency-path: web-app/yarn.lock
- uses: actions/cache@v3
id: assets-cache
name: Assets Cache
with:
path: |
./web-app/build/
key: ${{ runner.os }}-assets-${{ github.run_id }}
- name: Install Dependencies
working-directory: ./web-app
continue-on-error: false
run: |
yarn install --frozen-lockfile --immutable
- name: Check for Warnings in build output
working-directory: ./web-app
continue-on-error: false
run: |
./check-warnings.sh
- name: Check if Files are Prettified
working-directory: ./web-app
continue-on-error: false
run: |
./check-prettier.sh
- name: Check for dead code
working-directory: ./web-app
continue-on-error: false
run: |
./check-deadcode.sh
reuse-golang-dependencies:
timeout-minutes: 30
name: reuse golang dependencies
runs-on: ubuntu-latest
strategy:
matrix:
go-version: [ 1.21.x ]
os: [ ubuntu-latest ]
steps:
- name: Check out code
uses: actions/checkout@v3
- name: Set up Go ${{ matrix.go-version }} on ${{ matrix.os }}
uses: actions/setup-go@v3
with:
go-version: ${{ matrix.go-version }}
cache: true
id: go
- name: Build on ${{ matrix.os }}
env:
GO111MODULE: on
GOOS: linux
run: |
go mod download
compile-binary:
timeout-minutes: 30
name: Compiles on Go ${{ matrix.go-version }} and ${{ matrix.os }}
needs:
- ui-assets
- reuse-golang-dependencies
- semgrep-static-code-analysis
runs-on: ${{ matrix.os }}
strategy:
matrix:
go-version: [ 1.21.x ]
os: [ ubuntu-latest ]
steps:
- name: Check out code
uses: actions/checkout@v3
- name: Set up Go ${{ matrix.go-version }} on ${{ matrix.os }}
uses: actions/setup-go@v3
with:
go-version: ${{ matrix.go-version }}
cache: true
id: go
- uses: actions/cache@v3
name: Operator Binary Cache
with:
path: |
./minio-operator
key: ${{ runner.os }}-binary-${{ github.run_id }}
- uses: actions/cache@v3
id: assets-cache
name: Assets Cache
with:
path: |
./web-app/build/
key: ${{ runner.os }}-assets-${{ github.run_id }}
- name: Build on ${{ matrix.os }}
env:
GO111MODULE: on
GOOS: linux
run: |
make binary
react-code-known-vulnerabilities:
timeout-minutes: 30
name: "React No Known Vulnerable Deps"
needs:
- ui-assets
runs-on: ubuntu-latest
strategy:
matrix:
go-version: [ 1.21.x ]
os: [ ubuntu-latest ]
steps:
- name: Check out code
uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
node-version: ${{ env.NVMRC }}
cache: 'yarn'
cache-dependency-path: web-app/yarn.lock
- name: Checks for known security issues with the installed packages
working-directory: ./web-app
continue-on-error: false
run: |
yarn audit --groups dependencies
all-operator-tests-1:
timeout-minutes: 30
name: Operator UI Tests Part 1
needs:
- compile-binary
runs-on: ${{ matrix.os }}
strategy:
matrix:
go-version: [ 1.21.x ]
os: [ ubuntu-latest ]
steps:
- name: Check out code
uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
node-version: ${{ env.NVMRC }}
- name: Install MinIO JS
working-directory: ./
continue-on-error: false
run: |
yarn add minio
- uses: actions/cache@v3
name: Operator Binary Cache
with:
path: |
./minio-operator
key: ${{ runner.os }}-binary-${{ github.run_id }}
# Runs a set of commands using the runners shell
- name: Start Kind for Operator UI
run: |
"${GITHUB_WORKSPACE}/web-app/tests/scripts/operator.sh"
- name: Run TestCafe Tests
uses: DevExpress/testcafe-action@latest
with:
args: '"chrome:headless" web-app/tests/operator/login --skip-js-errors -c 3'
all-operator-tests-2:
timeout-minutes: 30
name: Operator UI Tests Part 2
needs:
- compile-binary
runs-on: ${{ matrix.os }}
strategy:
matrix:
go-version: [ 1.21.x ]
os: [ ubuntu-latest ]
steps:
- name: Check out code
uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
node-version: ${{ env.NVMRC }}
- name: Install MinIO JS
working-directory: ./
continue-on-error: false
run: |
yarn add minio
- uses: actions/cache@v3
name: Operator Binary Cache
with:
path: |
./minio-operator
key: ${{ runner.os }}-binary-${{ github.run_id }}
# Runs a set of commands using the runners shell
- name: Start Kind for Operator UI
run: |
"${GITHUB_WORKSPACE}/web-app/tests/scripts/operator.sh"
- name: Run TestCafe Tests
uses: DevExpress/testcafe-action@latest
with:
args: '"chrome:headless" web-app/tests/operator/tenant/test-1 --skip-js-errors -c 3'
test-operatorapi-on-go:
timeout-minutes: 30
name: Test Operatorapi on Go ${{ matrix.go-version }} and ${{ matrix.os }}
needs:
- ui-assets
- reuse-golang-dependencies
- semgrep-static-code-analysis
runs-on: ${{ matrix.os }}
strategy:
matrix:
go-version: [ 1.21.x ]
os: [ ubuntu-latest ]
steps:
- name: Check out code
uses: actions/checkout@v3
- name: Set up Go ${{ matrix.go-version }} on ${{ matrix.os }}
uses: actions/setup-go@v3
with:
go-version: ${{ matrix.go-version }}
cache: true
id: go
- name: Build on ${{ matrix.os }}
env:
GO111MODULE: on
GOOS: linux
run: |
make test-unit-test-operator
- uses: actions/cache@v3
id: coverage-cache-unittest-operatorapi
name: Coverage Cache unit test operatorAPI
with:
path: |
./api/coverage/
key: ${{ runner.os }}-coverage-unittest-operatorapi-2-${{ github.run_id }}
react-tests:
timeout-minutes: 30
name: React Tests
needs:
- ui-assets
- reuse-golang-dependencies
- semgrep-static-code-analysis
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Install modules
working-directory: ./web-app
run: yarn
- name: Run tests
working-directory: ./web-app
run: yarn test
c-operator-api-tests:
timeout-minutes: 30
name: Operator API Tests
needs:
- ui-assets
- reuse-golang-dependencies
- semgrep-static-code-analysis
runs-on: ubuntu-latest
strategy:
matrix:
go-version: [ 1.21.x ]
steps:
- uses: actions/checkout@v3
- name: Set up Go ${{ matrix.go-version }} on ${{ matrix.os }}
uses: actions/setup-go@v3
with:
go-version: ${{ matrix.go-version }}
cache: true
id: go
- name: Operator API Tests
run: |
curl -sLO "https://dl.k8s.io/release/v1.23.1/bin/linux/amd64/kubectl" -o kubectl
chmod +x kubectl
mv kubectl /usr/local/bin
"${GITHUB_WORKSPACE}/tests/start-tests-tenant.sh"
echo "start ---> make test-operator-integration";
make test-operator-integration;
- uses: actions/cache@v3
id: coverage-cache-operator
name: Coverage Cache Operator
with:
path: |
./operator-integration/coverage/
key: ${{ runner.os }}-coverage-2-operator-${{ github.run_id }}
coverage:
timeout-minutes: 30
name: "Coverage Limit Check"
needs:
- test-operatorapi-on-go
- c-operator-api-tests
runs-on: ${{ matrix.os }}
strategy:
matrix:
go-version: [ 1.21.x ]
os: [ ubuntu-latest ]
steps:
- name: Check out code
uses: actions/checkout@v3
- name: Set up Go ${{ matrix.go-version }} on ${{ matrix.os }}
uses: actions/setup-go@v3
with:
go-version: ${{ matrix.go-version }}
cache: true
id: go
- name: Check out gocovmerge as a nested repository
uses: actions/checkout@v3
with:
repository: wadey/gocovmerge
path: gocovmerge
- uses: actions/cache@v3
id: coverage-cache-operator
name: Coverage Cache Operator
with:
path: |
./operator-integration/coverage/
key: ${{ runner.os }}-coverage-2-operator-${{ github.run_id }}
- uses: actions/cache@v3
id: coverage-cache-unittest-operatorapi
name: Coverage Cache unit test operatorAPI
with:
path: |
./api/coverage/
key: ${{ runner.os }}-coverage-unittest-operatorapi-2-${{ github.run_id }}
- name: Get coverage
run: |
echo "change directory to gocovmerge"
cd gocovmerge
echo "download golang x tools"
go mod download golang.org/x/tools
echo "go mod tidy compat mode"
go mod tidy
echo "go build gocoverage.go"
go build gocovmerge.go
echo "put together the outs for final coverage resolution"
./gocovmerge ../operator-integration/coverage/operator-api.out ../api/coverage/coverage-unit-test-operatorapi.out > all.out
echo "Download mc for Ubuntu"
wget -q https://dl.min.io/client/mc/release/linux-amd64/mc
echo "Change the permissions to execute mc command"
chmod +x mc
echo "Only run our test if play is up and running since we require it for replication tests here."
PLAY_IS_ON=`wget --spider --server-response https://play.min.io:9443/login 2>&1 | grep '200\ OK' | wc -l`
if [ $PLAY_IS_ON == 1 ]
then
echo "Play is up and running, we will proceed with the play part for coverage"
echo "Create the folder to put the all.out file"
./mc mb --ignore-existing play/builds/
echo "Copy the all.out file to play bucket"
echo ${{ github.repository }}
echo ${{ github.event.number }}
echo ${{ github.run_id }}
# mc cp can fail due to lack of space: mc: <ERROR> Failed to copy `all.out`.
# Storage backend has reached its minimum free disk threshold. Please delete a few objects to proceed.
./mc cp all.out play/builds/${{ github.repository }}/${{ github.event.number }}/${{ github.run_id }}/ || true
./mc cp all.out play/builds/${{ github.repository }}/${{ github.event.number }}/latest/ || true
go tool cover -html=all.out -o coverage.html
./mc cp coverage.html play/builds/${{ github.repository }}/${{ github.event.number }}/${{ github.run_id }}/ || true
./mc cp coverage.html play/builds/${{ github.repository }}/${{ github.event.number }}/latest/ || true
else
echo "Play is down, please report it on hack channel, no coverage is going to be uploaded!!!"
fi
echo "grep to obtain the result"
go tool cover -func=all.out | grep total > tmp2
result=`cat tmp2 | awk 'END {print $3}'`
result=${result%\%}
threshold=61.2
echo "Result:"
echo "$result%"
if (( $(echo "$result >= $threshold" |bc -l) )); then
echo "It is equal or greater than threshold ($threshold%), passed!"
else
echo "It is smaller than threshold ($threshold%) value, failed!"
exit 1
fi