Merge pull request #3761 from mercedes-benz/master #284
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# SPDX-License-Identifier: MIT | |
name: Build SecHub GHA (scan) | |
on: | |
push: | |
branches: | |
- 'develop' | |
- 'hotfix' | |
- 'main' | |
- 'master' | |
paths: | |
- '.github/workflows/github-action-scan.yml' | |
- 'github-actions/scan/**' | |
pull_request: | |
paths: | |
- '.github/workflows/github-action-scan.yml' | |
- 'github-actions/scan/**' | |
# enable manual triggering of workflow | |
workflow_dispatch: | |
jobs: | |
build-scan: | |
runs-on: ubuntu-latest | |
# Let's set the scan action folder as the working directory for all "run" steps: | |
defaults: | |
run: | |
working-directory: github-actions/scan | |
steps: | |
- name: Checkout | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
- name: Cache Node.js modules | |
uses: actions/cache@v2 | |
with: | |
path: ~/.npm | |
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} | |
restore-keys: | | |
${{ runner.os }}-node- | |
- name: Use Node.js | |
uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af | |
with: | |
node-version: 22 | |
- name: Install | |
run: npm install | |
- name: Build | |
run: npm run build | |
- name: Run unit tests | |
run: npm test | |
# We store git status - why? Here we see if index.js has been changed - if so, a developer | |
# forgot to commit the changes - means the action cannot be used productive! | |
- name: Store git status | |
run: | | |
git status | |
mkdir "${{ github.workspace }}/build" -p | |
git status >> "${{ github.workspace }}/build/git-status.txt" | |
- name: Define integration test setup | |
id : version-selector | |
run: | | |
# Make sure that INTEGRATIONTEST_SECHUB_SERVER_VERSION and INTEGRATIONTEST_PDS_VERSION | |
# are defined in https://github.com/mercedes-benz/sechub/settings/variables/actions | |
if [ -z "${{ vars.INTEGRATIONTEST_SECHUB_SERVER_VERSION }}" ] ; then | |
echo "INTEGRATIONTEST_SECHUB_SERVER_VERSION variable is undefined. Exiting." | |
exit 1 | |
fi | |
if [ -z "${{ vars.INTEGRATIONTEST_PDS_VERSION }}" ] ; then | |
echo "INTEGRATIONTEST_PDS_VERSION variable is undefined. Exiting." | |
exit 1 | |
fi | |
echo "sechub_server_version=${{ vars.INTEGRATIONTEST_SECHUB_SERVER_VERSION }}" >> "$GITHUB_ENV" | |
echo "sechub_server_port=8443" >> "$GITHUB_ENV" | |
echo "pds_version=${{ vars.INTEGRATIONTEST_PDS_VERSION }}" >> "$GITHUB_ENV" | |
echo "pds_port=8444" >> "$GITHUB_ENV" | |
- name: Cache SecHub server download | |
# Cache V4 release: 13aacd865c20de90d75de3b17ebe84f7a17d57d2 | |
uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a | |
with: | |
path: ./build/sechub-runtime/server/${{ env.sechub_server_version }}/ | |
key: ${{ runner.os }}-sechub-server-${{ env.sechub_server_version }} | |
- name: Cache PDS download | |
# Cache V4 release: 13aacd865c20de90d75de3b17ebe84f7a17d57d2 | |
uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a | |
with: | |
path: ./build/sechub-runtime/pds/${{ env.pds_version }}/ | |
key: ${{ runner.os }}-sechub-pds-${{ env.pds_version }} | |
- name: Set up JDK 17 (to run servers) | |
uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b | |
with: | |
java-version: 17 | |
distribution: temurin | |
- name: Start integration test servers | |
working-directory: ./github-actions/scan/__test__/integrationtest/ | |
run: ./01-start.sh $sechub_server_version $sechub_server_port $pds_version $pds_port | |
- name: Init integration test data | |
working-directory: ./github-actions/scan/__test__/integrationtest/ | |
run: ./03-init_sechub_data.sh $sechub_server_port $pds_port | |
- name: Run integration tests | |
run: npm run integration-test | |
- name: Cleanup integration tests | |
working-directory: ./github-actions/scan/__test__/integrationtest/ | |
run: ./05-stop.sh $sechub_server_port $pds_port | |
# ------------------------------------ Archive git status------------------- | |
- name: Archive git status | |
if: always() | |
uses: actions/upload-artifact@v4 | |
with: | |
name: git-status | |
path: "${{ github.workspace }}/build/git-status.txt" | |
retention-days: 14 | |
# ------------------------------------ Archive runtime logs------------------- | |
- name: Archive runtime logs | |
if: always() | |
uses: actions/upload-artifact@v4 | |
with: | |
name: sechub-runtime-logiles | |
path: ./build/sechub-runtime/**/*.log | |
retention-days: 14 | |
# ------------------------------------ Archive reports ----------------------- | |
- name: Archive reports | |
if: always() | |
uses: actions/upload-artifact@v4 | |
with: | |
name: sechub-reports | |
path: | | |
./github-actions/scan/sechub_report*.* | |
./sechub_report*.* | |
retention-days: 14 |