Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merge develop into master for release #3756

Merged
merged 11 commits into from
Dec 18, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 11 additions & 3 deletions .github/workflows/github-action-scan.yml
Original file line number Diff line number Diff line change
Expand Up @@ -29,14 +29,22 @@ jobs:
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683


- name: Cache Node.js modules
uses: actions/cache@v2
with:
path: ~/.npm
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-node-

- name: Use Node.js
uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af
with:
node-version: 22

- name: Clean install
run: npm ci
- name: Install
run: npm install

- name: Build
run: npm run build
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/gradle.yml
Original file line number Diff line number Diff line change
Expand Up @@ -69,7 +69,7 @@ jobs:
run: ./gradlew :sechub-cli:buildGo :sechub-cli:testGo

- name: Build Server, DAUI and generate OpenAPI file
run: ./gradlew ensureLocalhostCertificate build generateOpenapi buildDeveloperAdminUI -x :sechub-cli:build
run: ./gradlew ensureLocalhostCertificate build generateOpenapi -x :sechub-cli:build

- name: Generate and build Java projects related to SecHub Java API
run: ./gradlew :sechub-api-java:build :sechub-systemtest:build :sechub-pds-tools:buildPDSToolsCLI -Dsechub.build.stage=api-necessary
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/release-client-server-pds.yml
Original file line number Diff line number Diff line change
Expand Up @@ -173,7 +173,7 @@ jobs:
# Build SecHub Server + PDS
# ----------------------
- name: Build Server and PDS artifacts
run: ./gradlew ensureLocalhostCertificate build generateOpenapi buildDeveloperAdminUI -x :sechub-cli:build
run: ./gradlew ensureLocalhostCertificate build generateOpenapi -x :sechub-cli:build

# ----------------------
# Build API Java publish
Expand Down Expand Up @@ -330,7 +330,7 @@ jobs:
mkdir server-release-artifacts
# Collect release artifacts
cp sechub-server/build/libs/sechub-server-${{ inputs.server-version }}.jar \
sechub-developertools/build/libs/sechub-developer-admin-ui-${{ inputs.server-version }}.jar \
sechub-developertools/build/libs/sechub-developertools-${{ inputs.server-version }}.jar \
server-release-artifacts/
cp sechub-doc/build/docs/asciidoc/sechub-architecture.pdf \
server-release-artifacts/sechub-architecture-${{ inputs.server-version }}.pdf
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/release-pds-tools.yml
Original file line number Diff line number Diff line change
Expand Up @@ -96,7 +96,7 @@ jobs:
# Build SecHub PDS-Tools
# ----------------------
- name: Build Server, DAUI and generate OpenAPI file
run: ./gradlew ensureLocalhostCertificate build generateOpenapi buildDeveloperAdminUI -x :sechub-integrationtest:test -x :sechub-cli:build
run: ./gradlew ensureLocalhostCertificate build generateOpenapi -x :sechub-integrationtest:test -x :sechub-cli:build

- name: Generate and build Java projects related to SecHub Java API
run: ./gradlew :sechub-api-java:build :sechub-systemtest:build :sechub-pds-tools:buildPDSToolsCLI -Dsechub.build.stage=api-necessary
Expand Down
2 changes: 1 addition & 1 deletion continous-integration-multibranch-pipeline.jenkins
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,7 @@ pipeline {
// We do NOT build sechub-integrationtest
// Reason: because we do NOT want to have the integration tests executed, otherwise gradle will not execute them
// on integration phase again (because nothing has changed, so gradle will cache the results which are ignored ...
callGradleWrapper("ensureLocalhostCertificate build generateOpenapi buildDeveloperAdminUI -x :sechub-cli:build -Psechub.test.wiremock.https_port=${env.SECHUB_TEST_WIREMOCK_HTTPS_PORT} -Psechub.test.wiremock.http_port=${env.SECHUB_TEST_WIREMOCK_HTTP_PORT} --console=plain")
callGradleWrapper("ensureLocalhostCertificate build generateOpenapi -x :sechub-cli:build -Psechub.test.wiremock.https_port=${env.SECHUB_TEST_WIREMOCK_HTTPS_PORT} -Psechub.test.wiremock.http_port=${env.SECHUB_TEST_WIREMOCK_HTTP_PORT} --console=plain")
callGradleWrapper(":sechub-api-java:build :sechub-systemtest:build :sechub-pds-tools:buildPDSToolsCLI -Dsechub.build.stage=api-necessary --console=plain")
}
}
Expand Down
2 changes: 1 addition & 1 deletion docs/latest/sechub-developer-quickstart-guide.html
Original file line number Diff line number Diff line change
Expand Up @@ -1939,7 +1939,7 @@ <h3 id="run-integration-tests-from-intellij-ide">5.2. Run Integration Tests From
</div>
<div class="listingblock">
<div class="content">
<pre>./gradlew ensureLocalhostCertificate build generateOpenapi buildDeveloperAdminUI -x :sechub-cli:build</pre>
<pre>./gradlew ensureLocalhostCertificate build generateOpenapi -x :sechub-cli:build</pre>
</div>
</div>
<div class="listingblock">
Expand Down
51 changes: 38 additions & 13 deletions github-actions/scan/README.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -94,25 +94,29 @@ The following variables take priority over the configuration file:
If no custom `sechub.json` is provided, it will be generated from the remaining specified variables and used. However, if a custom `sechub.json` is provided, no separate configuration will be created, meaning the remaining set variables will essentially be ignored.
====

=== Outputs
=== Use SecHub results in GitHub workflows

The following table lists the output variables available after this SecHub GitHub Action has completed:
==== GitHub Output
Because of problems with GitHub outputs (see https://github.com/mercedes-benz/sechub/issues/3481 ) SecHub no longer supports outputs but provides environment variables instead.

==== Environment variables
The following table lists the environment variables containing result data after this SecHub GitHub Action has completed:

[cols="20%,40%,40%"]
|===
| Output Name | Description | Expected Values
| Environment variable | Description | Expected Values

| scan-trafficlight | The color of the traffic light reported by SecHub if the scan ran successfully, otherwise `FAILURE`. | One of `GREEN`, `YELLOW`, `RED`, or `FAILURE`.
| scan-findings-count | The total number of findings reported by SecHub. Returns 0 if the scan didn't complete. | 0
| scan-findings-high | The number of high-level findings reported by SecHub. | 0
| scan-findings-medium | The number of medium-level findings reported by SecHub. | 0
| scan-findings-low | The number of low-level findings reported by SecHub. | 0
| scan-readable-summary| A human-readable summary of the scan outcome, including the traffic light color, findings count, and their distribution. | For example, `SecHub scan could not be executed` if an error occurred. Otherwise, i.e. `SecHub reported traffic light color YELLOW with 15 findings, categorized as follows: MEDIUM (8), LOW (7)`
| SECHUB_OUTPUT_SCAN_TRAFFICLIGHT | The color of the traffic light reported by SecHub if the scan ran successfully, otherwise `FAILURE`. | One of `GREEN`, `YELLOW`, `RED`, or `FAILURE`.
| SECHUB_OUTPUT_SCAN_FINDINGS_COUNT | The total number of findings reported by SecHub. Returns 0 if the scan didn't complete. | 0
| SECHUB_OUTPUT_SCAN_FINDINGS_HIGH | The number of high-level findings reported by SecHub. | 0
| SECHUB_OUTPUT_SCAN_FINDINGS_MEDIUM | The number of medium-level findings reported by SecHub. | 0
| SECHUB_OUTPUT_SCAN_FINDINGS_LOW | The number of low-level findings reported by SecHub. | 0
| SECHUB_OUTPUT_SCAN_READABLE_SUMMARY| A human-readable summary of the scan outcome, including the traffic light color, findings count, and their distribution. | For example, `SecHub scan could not be executed` if an error occurred. Otherwise, i.e. `SecHub reported traffic light color YELLOW with 15 findings, categorized as follows: MEDIUM (8), LOW (7)`

|===


You can access them after the action has run with `${{ steps.<step-id>.outputs.<output-name> }}`
You can access them after the action has run with `${{ env.<environment-variable-name> }}`

=== Build

Expand All @@ -129,6 +133,16 @@ npm run build

This runs the ncc compiler and transpiles the files from the src folder into the `dist/` folder.

=== Deployment
A GitHub action needs a transpiled `index.js` to be used as an action from workflows.

As long as we do not provide a new index.js the old action is still in usage, even when the source code has
changed. If we do not build the file and commit and push it to git repository, the action will not
be available!

The complete deployment process is automated by `.github/workflows/release-github-action.yml` which will create a
PR which will do all necessary steps.

=== Test

==== Unit tests
Expand All @@ -142,10 +156,19 @@ npm run test

==== Integration-Test
As a precondition to run the integration tests locally you have to
execute `01-start.sh $secHubServerVersion $sechubServerPortNr $pdsVersion $pdsPortN`
inside the integration test folder.

- execute `__test__/01-start.sh $secHubServerVersion $sechubServerPortNr $pdsVersion $pdsPortNr`
An example:

[source,bash]
----
# Next lines will start a SecHub server of version 2.4.0 and a PDS with version 2.1.0
cd ./github-actions/scan/__test__/integrationtest
./01-start.sh 2.4.0 8443 2.1.0 8444
----

TIP: You can also start a SecHub server and a PDS (both in integration test mode) instead of using the `01-start` script.
TIP: You can also start a SecHub server and a PDS from IDE (both in integration test mode) instead of using the `01-start` script.

After the script has been executed, you can execute integration tests multiple times via following command:

Expand Down Expand Up @@ -176,7 +199,9 @@ In this setup the tests can be executed from sidebar and from links created insi

[TIP]
====
Unfortunately, the Jest UI integration works only for npm script "test". But to handle integration tests different (the tests shall only be executed when all is build and servers are started) they are not executed by "test" script.
Unfortunately, the Jest UI integration works only for npm script "test".
But to handle integration tests different (the tests shall only be executed
when all is built and servers are started) they are not executed by "test" script.

If you want to **debug an integration test**, there is a temporary workaround necessary while you debug the test:

Expand Down
16 changes: 16 additions & 0 deletions github-actions/scan/__test__/client-version-helper.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,22 @@
import { getClientVersion } from '../src/client-version-helper';
import axios from 'axios';
import MockAdapter from 'axios-mock-adapter';
import * as core from '@actions/core';

jest.mock('@actions/core');

const mockDebug = core.debug as jest.MockedFunction<typeof core.debug>;

const debugEnabled = false;

beforeEach(() => {
mockDebug.mockImplementation((message: string | Error) => {
if (debugEnabled) {
console.log(`Debug: ${message}`);
}
});
mockDebug.mockClear();
});

describe('getClientVersion', function () {

Expand Down
21 changes: 13 additions & 8 deletions github-actions/scan/__test__/configuration-builder.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,12 @@ import { SecHubConfigurationModelBuilderData } from '../src/configuration-builde

jest.mock('@actions/core');

function dumpModel(model: SecHubConfigurationModel){
const debugEnabled = false;

function logDebug(model: SecHubConfigurationModel){
if (! debugEnabled){
return;
}
const json = JSON.stringify(model, null, 2); // pretty printed output

console.log('json='+json);
Expand Down Expand Up @@ -34,7 +39,7 @@ describe('configuration-builder', function() {
const model= configBuilder.createSecHubConfigurationModel(builderData);

/* test */
dumpModel(model);
logDebug(model);

expect(model.apiVersion).toEqual('1.0');

Expand Down Expand Up @@ -66,7 +71,7 @@ describe('configuration-builder', function() {
const model= configBuilder.createSecHubConfigurationModel(builderData);

/* test */
dumpModel(model);
logDebug(model);

expect(model.apiVersion).toEqual('1.0');

Expand Down Expand Up @@ -101,7 +106,7 @@ describe('configuration-builder', function() {
const model= configBuilder.createSecHubConfigurationModel(builderData);

/* test */
dumpModel(model);
logDebug(model);

expect(model.apiVersion).toEqual('1.0');

Expand Down Expand Up @@ -138,7 +143,7 @@ describe('configuration-builder', function() {
const model= configBuilder.createSecHubConfigurationModel(builderData);

/* test */
dumpModel(model);
logDebug(model);

expect(model.apiVersion).toEqual('1.0');

Expand Down Expand Up @@ -172,7 +177,7 @@ describe('configuration-builder', function() {
const model= configBuilder.createSecHubConfigurationModel(builderData);

/* test */
dumpModel(model);
logDebug(model);

expect(model.apiVersion).toEqual('1.0');

Expand Down Expand Up @@ -206,7 +211,7 @@ describe('configuration-builder', function() {
const model= configBuilder.createSecHubConfigurationModel(builderData);

/* test */
dumpModel(model);
logDebug(model);

expect(model.apiVersion).toEqual('1.0');

Expand Down Expand Up @@ -241,7 +246,7 @@ describe('configuration-builder', function() {
const model= configBuilder.createSecHubConfigurationModel(builderData);

/* test */
dumpModel(model);
logDebug(model);

expect(model.apiVersion).toEqual('1.0');

Expand Down
16 changes: 16 additions & 0 deletions github-actions/scan/__test__/init-scan.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,22 @@ import {initReportFormats, initSecHubJson} from '../src/init-scan';
jest.mock('./../src/configuration-builder');
import {SecHubConfigurationModelBuilderData, createSecHubConfigJsonFile} from '../src/configuration-builder';

import * as core from '@actions/core';

jest.mock('@actions/core');

const mockInfo = core.info as jest.MockedFunction<typeof core.info>;

const debugEnabled = false;

beforeEach(() => {
mockInfo.mockImplementation((message: string | Error) => {
if (debugEnabled) {
console.log(`Info: ${message}`);
}
});
mockInfo.mockClear();
});

describe('initSecHubJson', function () {
it('throws error if configPath is set, but file does not exist', function () {
Expand Down
18 changes: 18 additions & 0 deletions github-actions/scan/__test__/output-helper.test.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
// SPDX-License-Identifier: MIT
import * as outputHelper from '../src/output-helper';
import * as core from '@actions/core';

jest.mock('@actions/core');

describe('storeOutput', () => {
const mockedCore = core as jest.Mocked<typeof core>;

it('test-key shall set SECHUB_OUTPUT_TEST_KEY', () => {
/* execute */
outputHelper.storeOutput('test-key', 'test value1');

/* test */
expect(mockedCore.exportVariable).toBeCalledWith('SECHUB_OUTPUT_TEST_KEY', 'test value1');
});

});
Loading
Loading