From 792fc56ef1e80377d68d8c75ea41994053a2fec9 Mon Sep 17 00:00:00 2001 From: ndr_brt Date: Mon, 13 Feb 2023 09:53:54 +0100 Subject: [PATCH 1/3] update build.yml file to the develop version --- .github/workflows/build.yaml | 98 +++++++----------------------------- 1 file changed, 17 insertions(+), 81 deletions(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 4f51b1f25..3eeece394 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -10,20 +10,21 @@ on: - '[0-9]+.[0-9]+.[0-9]+' release: types: - - released + - published pull_request: paths-ignore: - 'charts/**' + - 'docs/**' + - '**/*.md' branches: - '*' + workflow_dispatch: jobs: secret-presence: runs-on: ubuntu-latest outputs: CXNG_GHCR_PAT: ${{ steps.secret-presence.outputs.CXNG_GHCR_PAT }} - ORG_VERACODE_API_ID: ${{ steps.secret-presence.outputs.ORG_VERACODE_API_ID }} - ORG_VERACODE_API_KEY: ${{ steps.secret-presence.outputs.ORG_VERACODE_API_KEY }} SONAR_TOKEN: ${{ steps.secret-presence.outputs.SONAR_TOKEN }} steps: - @@ -31,22 +32,19 @@ jobs: id: secret-presence run: | [ ! -z "${{ secrets.CXNG_GHCR_PAT }}" ] && echo "::set-output name=CXNG_GHCR_PAT::true" - [ ! -z "${{ secrets.ORG_VERACODE_API_ID }}" ] && echo "::set-output name=ORG_VERACODE_API_ID::true" - [ ! -z "${{ secrets.ORG_VERACODE_API_KEY }}" ] && echo "::set-output name=ORG_VERACODE_API_KEY::true" [ ! -z "${{ secrets.SONAR_TOKEN }}" ] && echo "::set-output name=SONAR_TOKEN::true" exit 0 - verify-formatting: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v3.3.0 with: fetch-depth: 0 - name: Set up JDK 11 - uses: actions/setup-java@v3.5.1 + uses: actions/setup-java@v3.10.0 with: java-version: '11' distribution: 'adopt' @@ -64,23 +62,16 @@ jobs: # Set-Up - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v3.3.0 with: fetch-depth: 0 - name: Set up JDK 11 - uses: actions/setup-java@v3.5.1 + uses: actions/setup-java@v3.10.0 with: java-version: '11' distribution: 'adopt' cache: 'maven' - - - name: Init git submodule - run: git submodule update --init - - - name: Build edc with Gradle to get specific snapshot - run: ./gradlew publishToMavenLocal -Pskip.signing=true -PedcVersion=0.0.1-20220922-SNAPSHOT -xjavadoc - working-directory: edc - name: Cache SonarCloud packages uses: actions/cache@v3 @@ -102,7 +93,6 @@ jobs: -Dsonar.host.url=https://sonarcloud.io \ -Dsonar.coverage.jacoco.xmlReportPaths=${GITHUB_WORKSPACE}/edc-tests/target/site/jacoco-aggregate/jacoco.xml \ -Dsonar.verbose=true - build-extensions: runs-on: ubuntu-latest needs: [ secret-presence, verify-formatting ] @@ -110,22 +100,15 @@ jobs: # Set-Up - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v3.3.0 - name: Set up JDK 11 - uses: actions/setup-java@v3.5.1 + uses: actions/setup-java@v3.10.0 with: java-version: '11' distribution: 'adopt' cache: 'maven' # Build - - - name: Init git submodule - run: git submodule update --init - - - name: Build edc with Gradle to get specific snapshot - run: ./gradlew publishToMavenLocal -Pskip.signing=true -PedcVersion=0.0.1-20220922-SNAPSHOT -xjavadoc - working-directory: edc - name: Build Extensions run: |- @@ -142,13 +125,14 @@ jobs: matrix: name: - edc-controlplane-memory + - edc-controlplane-memory-hashicorp-vault - edc-controlplane-postgresql - edc-controlplane-postgresql-hashicorp-vault steps: # Set-Up - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v3.3.0 - name: Login to GitHub Container Registry if: | @@ -160,19 +144,12 @@ jobs: password: ${{ secrets.CXNG_GHCR_PAT }} - name: Set up JDK 11 - uses: actions/setup-java@v3.5.1 + uses: actions/setup-java@v3.10.0 with: java-version: '11' distribution: 'adopt' cache: 'maven' # Build - - - name: Init git submodule - run: git submodule update --init - - - name: Build edc with Gradle to get specific snapshot - run: ./gradlew publishToMavenLocal -Pskip.signing=true -PedcVersion=0.0.1-20220922-SNAPSHOT -xjavadoc - working-directory: edc - name: Build Controlplane run: |- @@ -195,7 +172,7 @@ jobs: type=sha - name: Build Docker Image - uses: docker/build-push-action@v3 + uses: docker/build-push-action@v4 with: context: . file: edc-controlplane/${{ matrix.name }}/src/main/docker/Dockerfile @@ -206,23 +183,6 @@ jobs: ${{ (needs.secret-presence.outputs.CXNG_GHCR_PAT && github.event_name != 'pull_request' && 'true') || 'false' }} tags: ${{ steps.edc_controlplane_meta.outputs.tags }} labels: ${{ steps.edc_controlplane_meta.outputs.labels }} - - - name: Veracode Upload And Scan - uses: veracode/veracode-uploadandscan-action@v1.0 - if: | - needs.secret-presence.outputs.ORG_VERACODE_API_ID && needs.secret-presence.outputs.ORG_VERACODE_API_KEY && contains(' - refs/heads/develop - refs/heads/release/ - refs/tags/ - refs/heads/main', github.ref) - continue-on-error: true - with: - appname: product-edc/${{ matrix.name }} - createprofile: true - version: ${{ github.ref }}-${{ github.sha }} - filepath: edc-controlplane/${{ matrix.name }}/target/${{ matrix.name }}.jar - vid: ${{ secrets.ORG_VERACODE_API_ID }} - vkey: ${{ secrets.ORG_VERACODE_API_KEY }} build-dataplane: runs-on: ubuntu-latest @@ -237,7 +197,7 @@ jobs: # Set-Up - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v3.3.0 - name: Login to GitHub Container Registry if: | @@ -249,19 +209,12 @@ jobs: password: ${{ secrets.CXNG_GHCR_PAT }} - name: Set up JDK 11 - uses: actions/setup-java@v3.5.1 + uses: actions/setup-java@v3.10.0 with: java-version: '11' distribution: 'adopt' cache: 'maven' # Build - - - name: Init git submodule - run: git submodule update --init - - - name: Build edc with Gradle to get specific snapshot - run: ./gradlew publishToMavenLocal -Pskip.signing=true -PedcVersion=0.0.1-20220922-SNAPSHOT -xjavadoc - working-directory: edc - name: Build Dataplane run: |- @@ -284,7 +237,7 @@ jobs: type=sha - name: Build Docker Image - uses: docker/build-push-action@v3 + uses: docker/build-push-action@v4 with: context: . file: edc-dataplane/${{ matrix.name }}/src/main/docker/Dockerfile @@ -295,20 +248,3 @@ jobs: ${{ (needs.secret-presence.outputs.CXNG_GHCR_PAT && github.event_name != 'pull_request' && 'true') || 'false' }} tags: ${{ steps.edc_dataplane_meta.outputs.tags }} labels: ${{ steps.edc_dataplane_meta.outputs.labels }} - - - name: Veracode Upload And Scan - uses: veracode/veracode-uploadandscan-action@v1.0 - if: | - needs.secret-presence.outputs.ORG_VERACODE_API_ID && needs.secret-presence.outputs.ORG_VERACODE_API_KEY && contains(' - refs/heads/develop - refs/heads/release/ - refs/tags/ - refs/heads/main', github.ref) - continue-on-error: true - with: - appname: product-edc/${{ matrix.name }} - createprofile: true - version: ${{ github.ref }}-${{ github.sha }} - filepath: edc-dataplane/${{ matrix.name }}/target/${{ matrix.name }}.jar - vid: ${{ secrets.ORG_VERACODE_API_ID }} - vkey: ${{ secrets.ORG_VERACODE_API_KEY }} From c188acd53a7b19a94402071fbd7029a948826be6 Mon Sep 17 00:00:00 2001 From: ndr_brt Date: Mon, 13 Feb 2023 09:58:31 +0100 Subject: [PATCH 2/3] Bring in veracode workflow as well --- .github/workflows/veracode.yaml | 138 +++++++++++++++++++++++++++++++- 1 file changed, 136 insertions(+), 2 deletions(-) diff --git a/.github/workflows/veracode.yaml b/.github/workflows/veracode.yaml index f3230f5a2..216a2a546 100644 --- a/.github/workflows/veracode.yaml +++ b/.github/workflows/veracode.yaml @@ -1,2 +1,136 @@ -# file to satisfy check in https://gh-org-checks.core.demo.catena-x.net/ -# veracode runs inside the build.yaml \ No newline at end of file +--- +name: "Veracode" + +on: + schedule: + - cron: '0 2 * * *' + workflow_dispatch: + +jobs: + secret-presence: + runs-on: ubuntu-latest + outputs: + ORG_VERACODE_API_ID: ${{ steps.secret-presence.outputs.ORG_VERACODE_API_ID }} + ORG_VERACODE_API_KEY: ${{ steps.secret-presence.outputs.ORG_VERACODE_API_KEY }} + steps: + - + name: Check whether secrets exist + id: secret-presence + run: | + [ ! -z "${{ secrets.ORG_VERACODE_API_ID }}" ] && echo "::set-output name=ORG_VERACODE_API_ID::true" + [ ! -z "${{ secrets.ORG_VERACODE_API_KEY }}" ] && echo "::set-output name=ORG_VERACODE_API_KEY::true" + exit 0 + verify-formatting: + runs-on: ubuntu-latest + steps: + - + name: Checkout + uses: actions/checkout@v3.3.0 + with: + fetch-depth: 0 + - + name: Set up JDK 11 + uses: actions/setup-java@v3.10.0 + with: + java-version: '11' + distribution: 'adopt' + cache: 'maven' + - + name: Verify proper formatting + run: ./mvnw -s settings.xml -B spotless:check + + build-controlplane: + runs-on: ubuntu-latest + needs: [ secret-presence, verify-formatting ] + strategy: + fail-fast: false + matrix: + name: + - edc-controlplane-memory + - edc-controlplane-memory-hashicorp-vault + - edc-controlplane-postgresql + - edc-controlplane-postgresql-hashicorp-vault + steps: + # Set-Up + - + name: Checkout + uses: actions/checkout@v3.3.0 + - + name: Set up JDK 11 + uses: actions/setup-java@v3.10.0 + with: + java-version: '11' + distribution: 'adopt' + cache: 'maven' + # Build + - + name: Build Controlplane + run: |- + ./mvnw -s settings.xml -B -pl .,edc-controlplane/${{ matrix.name }} -am package + env: + GITHUB_PACKAGE_USERNAME: ${{ github.actor }} + GITHUB_PACKAGE_PASSWORD: ${{ secrets.CXNG_GHCR_PAT }} + - + name: Tar gzip files for veracode upload + run: |- + tar -czvf edc-controlplane/${{ matrix.name }}/target/${{ matrix.name }}.tar.gz edc-controlplane/${{ matrix.name }}/target/${{ matrix.name }}.jar edc-controlplane/${{ matrix.name }}/target/lib/*.jar + - + name: Veracode Upload And Scan + uses: veracode/veracode-uploadandscan-action@v1.0 + if: | + needs.secret-presence.outputs.ORG_VERACODE_API_ID && needs.secret-presence.outputs.ORG_VERACODE_API_KEY + continue-on-error: true + with: + appname: product-edc/${{ matrix.name }} + createprofile: true + version: ${{ matrix.name }}-${{ github.sha }} + filepath: edc-controlplane/${{ matrix.name }}/target/${{ matrix.name }}.tar.gz + vid: ${{ secrets.ORG_VERACODE_API_ID }} + vkey: ${{ secrets.ORG_VERACODE_API_KEY }} + + build-dataplane: + runs-on: ubuntu-latest + needs: [ secret-presence, verify-formatting ] + strategy: + fail-fast: false + matrix: + name: + - edc-dataplane-azure-vault + - edc-dataplane-hashicorp-vault + steps: + # Set-Up + - + name: Checkout + uses: actions/checkout@v3.3.0 + - + name: Set up JDK 11 + uses: actions/setup-java@v3.10.0 + with: + java-version: '11' + distribution: 'adopt' + cache: 'maven' + # Build + - + name: Build Dataplane + run: |- + ./mvnw -s settings.xml -B -pl .,edc-dataplane/${{ matrix.name }} -am package + env: + GITHUB_PACKAGE_USERNAME: ${{ github.actor }} + GITHUB_PACKAGE_PASSWORD: ${{ secrets.CXNG_GHCR_PAT }} + - + name: Tar gzip files for veracode upload + run: |- + tar -czvf edc-dataplane/${{ matrix.name }}/target/${{ matrix.name }}.tar.gz edc-dataplane/${{ matrix.name }}/target/${{ matrix.name }}.jar edc-dataplane/${{ matrix.name }}/target/lib/*.jar + - + name: Veracode Upload And Scan + uses: veracode/veracode-uploadandscan-action@v1.0 + if: | + needs.secret-presence.outputs.ORG_VERACODE_API_ID && needs.secret-presence.outputs.ORG_VERACODE_API_KEY + continue-on-error: true + with: + appname: product-edc/${{ matrix.name }} + createprofile: true + version: ${{ matrix.name }}-${{ github.sha }} + filepath: edc-dataplane/${{ matrix.name }}/target/${{ matrix.name }}.tar.gz + vid: ${{ secrets.ORG_VERACODE_API_ID }} + vkey: ${{ secrets.ORG_VERACODE_API_KEY }} From 9c8759152b56e0c7f744727ad0dc512ccdfe7ef3 Mon Sep 17 00:00:00 2001 From: ndr_brt Date: Mon, 13 Feb 2023 10:01:06 +0100 Subject: [PATCH 3/3] PR remakr --- .github/workflows/build.yaml | 1 - .github/workflows/veracode.yaml | 1 - 2 files changed, 2 deletions(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 3eeece394..b42a6a9d8 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -125,7 +125,6 @@ jobs: matrix: name: - edc-controlplane-memory - - edc-controlplane-memory-hashicorp-vault - edc-controlplane-postgresql - edc-controlplane-postgresql-hashicorp-vault steps: diff --git a/.github/workflows/veracode.yaml b/.github/workflows/veracode.yaml index 216a2a546..e42391c92 100644 --- a/.github/workflows/veracode.yaml +++ b/.github/workflows/veracode.yaml @@ -47,7 +47,6 @@ jobs: matrix: name: - edc-controlplane-memory - - edc-controlplane-memory-hashicorp-vault - edc-controlplane-postgresql - edc-controlplane-postgresql-hashicorp-vault steps: