Skip to content

Merge pull request #3761 from mercedes-benz/master #284

Merge pull request #3761 from mercedes-benz/master

Merge pull request #3761 from mercedes-benz/master #284

# SPDX-License-Identifier: MIT
name: Build SecHub GHA (scan)
on:
push:
branches:
- 'develop'
- 'hotfix'
- 'main'
- 'master'
paths:
- '.github/workflows/github-action-scan.yml'
- 'github-actions/scan/**'
pull_request:
paths:
- '.github/workflows/github-action-scan.yml'
- 'github-actions/scan/**'
# enable manual triggering of workflow
workflow_dispatch:
jobs:
build-scan:
runs-on: ubuntu-latest
# Let's set the scan action folder as the working directory for all "run" steps:
defaults:
run:
working-directory: github-actions/scan
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- name: Cache Node.js modules
uses: actions/cache@v2
with:
path: ~/.npm
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-node-
- name: Use Node.js
uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af
with:
node-version: 22
- name: Install
run: npm install
- name: Build
run: npm run build
- name: Run unit tests
run: npm test
# We store git status - why? Here we see if index.js has been changed - if so, a developer
# forgot to commit the changes - means the action cannot be used productive!
- name: Store git status
run: |
git status
mkdir "${{ github.workspace }}/build" -p
git status >> "${{ github.workspace }}/build/git-status.txt"
- name: Define integration test setup
id : version-selector
run: |
# Make sure that INTEGRATIONTEST_SECHUB_SERVER_VERSION and INTEGRATIONTEST_PDS_VERSION
# are defined in https://github.com/mercedes-benz/sechub/settings/variables/actions
if [ -z "${{ vars.INTEGRATIONTEST_SECHUB_SERVER_VERSION }}" ] ; then
echo "INTEGRATIONTEST_SECHUB_SERVER_VERSION variable is undefined. Exiting."
exit 1
fi
if [ -z "${{ vars.INTEGRATIONTEST_PDS_VERSION }}" ] ; then
echo "INTEGRATIONTEST_PDS_VERSION variable is undefined. Exiting."
exit 1
fi
echo "sechub_server_version=${{ vars.INTEGRATIONTEST_SECHUB_SERVER_VERSION }}" >> "$GITHUB_ENV"
echo "sechub_server_port=8443" >> "$GITHUB_ENV"
echo "pds_version=${{ vars.INTEGRATIONTEST_PDS_VERSION }}" >> "$GITHUB_ENV"
echo "pds_port=8444" >> "$GITHUB_ENV"
- name: Cache SecHub server download
# Cache V4 release: 13aacd865c20de90d75de3b17ebe84f7a17d57d2
uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a
with:
path: ./build/sechub-runtime/server/${{ env.sechub_server_version }}/
key: ${{ runner.os }}-sechub-server-${{ env.sechub_server_version }}
- name: Cache PDS download
# Cache V4 release: 13aacd865c20de90d75de3b17ebe84f7a17d57d2
uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a
with:
path: ./build/sechub-runtime/pds/${{ env.pds_version }}/
key: ${{ runner.os }}-sechub-pds-${{ env.pds_version }}
- name: Set up JDK 17 (to run servers)
uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b
with:
java-version: 17
distribution: temurin
- name: Start integration test servers
working-directory: ./github-actions/scan/__test__/integrationtest/
run: ./01-start.sh $sechub_server_version $sechub_server_port $pds_version $pds_port
- name: Init integration test data
working-directory: ./github-actions/scan/__test__/integrationtest/
run: ./03-init_sechub_data.sh $sechub_server_port $pds_port
- name: Run integration tests
run: npm run integration-test
- name: Cleanup integration tests
working-directory: ./github-actions/scan/__test__/integrationtest/
run: ./05-stop.sh $sechub_server_port $pds_port
# ------------------------------------ Archive git status-------------------
- name: Archive git status
if: always()
uses: actions/upload-artifact@v4
with:
name: git-status
path: "${{ github.workspace }}/build/git-status.txt"
retention-days: 14
# ------------------------------------ Archive runtime logs-------------------
- name: Archive runtime logs
if: always()
uses: actions/upload-artifact@v4
with:
name: sechub-runtime-logiles
path: ./build/sechub-runtime/**/*.log
retention-days: 14
# ------------------------------------ Archive reports -----------------------
- name: Archive reports
if: always()
uses: actions/upload-artifact@v4
with:
name: sechub-reports
path: |
./github-actions/scan/sechub_report*.*
./sechub_report*.*
retention-days: 14