Skip to content

feat(auth): remove auth negotiation and JMX credentials passthrough #2229

feat(auth): remove auth negotiation and JMX credentials passthrough

feat(auth): remove auth negotiation and JMX credentials passthrough #2229

Workflow file for this run

name: CI build and push (PR)
concurrency:
group: ci-${{ github.run_id }}
cancel-in-progress: true
on:
issue_comment:
types:
- created
jobs:
check-before-build:
runs-on: ubuntu-latest
permissions:
pull-requests: write
if: github.repository_owner == 'cryostatio' && github.event.issue.pull_request && startsWith(github.event.comment.body, '/build_test')
steps:
- name: Fail if needs-triage label applied
if: ${{ contains(github.event.issue.labels.*.name, 'needs-triage') }}
run: exit 1
- name: Show warning if permission is denied
if: |
!(github.event.comment.author_association == 'MEMBER' || github.event.comment.author_association == 'OWNER')
&& (!contains(github.event.issue.labels.*.name, 'safe-to-test') || github.event.issue.user.name != github.event.comment.user.name)
uses: thollander/actions-comment-pull-request@v2
with:
message: |-
You do not have permission to run the /build_test command. Please ask @cryostatio/reviewers
to resolve the issue.
- name: Fail if command permission is denied
if: |
!(github.event.comment.author_association == 'MEMBER' || github.event.comment.author_association == 'OWNER')
&& (!contains(github.event.issue.labels.*.name, 'safe-to-test') || github.event.issue.user.name != github.event.comment.user.name)
run: exit 1
- name: React to comment
uses: actions/github-script@v4
with:
script: |
const {owner, repo} = context.issue
github.reactions.createForIssueComment({
owner,
repo,
comment_id: context.payload.comment.id,
content: "+1",
});
checkout-branch:
runs-on: ubuntu-latest
needs: [check-before-build]
permissions:
pull-requests: read
outputs:
PR_head_sha: ${{ fromJSON(steps.comment-branch.outputs.result).head_sha }}
PR_num: ${{ fromJSON(steps.comment-branch.outputs.result).num }}
steps:
- uses: actions/github-script@v4
id: comment-branch
with:
script: |
const result = await github.pulls.get ({
owner: context.repo.owner,
repo: context.repo.repo,
pull_number: context.issue.number
})
return { num: result.data.number, head_sha: result.data.head.sha }
get-pom-properties:
runs-on: ubuntu-latest
needs: [checkout-branch]
steps:
- uses: actions/checkout@v2
with:
repository: cryostatio/cryostat
- id: query-pom
name: Get properties from POM
run: |
CORE_VERSION="$(mvn help:evaluate -Dexpression=io.cryostat.core.version -q -DforceStdout)"
echo "core-version=v$CORE_VERSION" >> $GITHUB_OUTPUT
IMAGE_VERSION="$(mvn validate help:evaluate -Dexpression=cryostat.imageVersionLower -q -DforceStdout)"
echo "image-version=$IMAGE_VERSION" >> $GITHUB_OUTPUT
outputs:
core-version: ${{ steps.query-pom.outputs.core-version }}
image-version: ${{ steps.query-pom.outputs.image-version }}
build-deps:
runs-on: ubuntu-latest
needs: [get-pom-properties]
steps:
- uses: actions/checkout@v3
with:
repository: cryostatio/cryostat-core
ref: ${{ needs.get-pom-properties.outputs.core-version }}
- uses: actions/setup-java@v3
with:
java-version: '17'
distribution: 'adopt'
cache: maven
- run: mvn -B -U -DskipTests=true clean install
- uses: actions/upload-artifact@v3
with:
name: cryostat-core
path: /home/runner/.m2/repository/io/cryostat/cryostat-core/
build-image-and-push:
runs-on: ubuntu-latest
permissions:
packages: write
pull-requests: write
needs: [get-pom-properties, build-deps, checkout-branch]
env:
PR_num: ${{ needs.checkout-branch.outputs.PR_num }}
head_sha: ${{ needs.checkout-branch.outputs.PR_head_sha }}
steps:
- uses: actions/checkout@v3
with:
repository: cryostatio/cryostat
submodules: true
fetch-depth: 0
- uses: actions/setup-java@v3
with:
java-version: '17'
distribution: 'adopt'
cache: maven
- uses: actions/download-artifact@v3
with:
name: cryostat-core
path: /home/runner/.m2/repository/io/cryostat/cryostat-core/
- run: git submodule init
- run: git submodule update --remote
- run: cd web-client && git fetch origin pull/${{ env.PR_num }}/head:pr-${{ env.PR_num }} && git checkout pr-${{ env.PR_num }}
- run: cd ..
- run: mvn -B -U -Dmaven.test.skip=true clean package
- name: Tag cryostat image
run: podman tag cryostat ghcr.io/${{ github.repository_owner }}/cryostat-web:pr-${{ env.PR_num }}-${{ env.head_sha }}
- name: Push PR test image to ghcr.io
id: push-to-ghcr
uses: redhat-actions/push-to-registry@v2
with:
image: cryostat-web
tags: pr-${{ env.PR_num }}-${{ env.head_sha }}
registry: ghcr.io/${{ github.repository_owner }}
username: ${{ github.event.comment.user.login }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Comment test image link
uses: thollander/actions-comment-pull-request@v1
with:
message: |-
Test image available:
```
CRYOSTAT_IMAGE=${{ steps.push-to-ghcr.outputs.registry-path }} sh smoketest.sh
```