Skip to content

Commit

Permalink
Merge pull request #3589 from mercedes-benz/feature-3581-release-work…
Browse files Browse the repository at this point in the history 
…flow-for-sechub-web-ui-frontend

Feature 3581 release workflow for sechub web UI frontend
  • Loading branch information
@sven-dmlr
sven-dmlr authored Nov 6, 2024
2 parents aab0336 + 5cc08cc commit c5edf7f
Show file tree
Hide file tree
Showing 12 changed files with 95 additions and 86 deletions.
95 changes: 45 additions & 50 deletions .github/workflows/release-web-ui.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ on:
description: Insert your email address here. It will be used in the generated pull requests
required: true
web-ui-version:
description: Web-UI Version (e.g. 0.1.0)
description: Web-UI Version (e.g. 1.0.0)
required: true
web-ui-milestone-number:
description: Web-UI Milestone number (e.g. 70)
Expand All @@ -24,6 +24,7 @@ env:
ACTIONS_BASE_IMAGE_DEBIAN: debian:12-slim
ACTIONS_SECHUB_REGISTRY: ghcr.io/mercedes-benz/sechub
ACTIONS_HELM_REGISTRY: "oci://ghcr.io/mercedes-benz/sechub/helm-charts"
WEB_UI_RELEASE_ZIPFILE: "sechub-web-ui_htdocs.zip"

jobs:
release-version:
Expand Down Expand Up @@ -53,19 +54,13 @@ jobs:
- name: "Temporary tag server version: v${{ inputs.web-ui-version }}-web-ui"
run: git tag v${{ inputs.web-ui-version }}-web-ui

# ----------------------
# Setup + Caching
# ----------------------
- name: Set up JDK 17
uses: actions/setup-java@b36c23c0d998641eff861008f374ee103c25ac73
with:
java-version: 17
distribution: temurin

- name: Set up Gradle
uses: gradle/actions/setup-gradle@d156388eb19639ec20ade50009f3d199ce1e2808
# ------------------------------
# Node.js is needed for building
# ------------------------------
- name: Use Node.js
uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6
with:
cache-read-only: false
node-version: 22

- name: Docker login to ghcr.io
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567
Expand Down Expand Up @@ -110,7 +105,14 @@ jobs:
# ----------------------
# Build SecHub Web-UI
# ----------------------
# tbd
- name: Build SecHub web-ui
run: |
cd sechub-web-ui && \
npm install && \
npx nuxi generate && \
cd .output/public && \
echo '${{ inputs.web-ui-version }}' > sechub-web-ui_version.txt && \
zip -r ../../../$WEB_UI_RELEASE_ZIPFILE *
- name: Collect GIT status
if: always()
Expand All @@ -128,64 +130,54 @@ jobs:
with:
name: git-status.txt
path: build/reports/git-status.txt
retention-days: 14
retention-days: 7

- name: Archive Web-UI artifacts
if: always()
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3
with:
name: sechub-web-ui
path: sechub-web-ui/build/libs
retention-days: 14

# -----------------------------------------
# Assert releaseable: Check for uncommitted changes
# -----------------------------------------
- name: Assert releasable
run: |
git status
./gradlew assertReleaseable
name: sechub-web-ui_htdocs
path: sechub-web-ui/.output/
retention-days: 7

- name: Create Web-UI release
id: create_web-ui_release
uses: actions/create-release@0cb9c9b65d5d1901c1f53e5e66eaf4afd303e70e
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own
with:
tag_name: v${{ inputs.web-ui-version }}-web-ui
commitish: master
release_name: web-ui Version ${{ inputs.web-ui-version }}
release_name: web-ui frontend Version ${{ inputs.web-ui-version }}
body: |
Changes in this Release
- Some minor changes on Web-UI implementation
Changes in this release:
- New shiny Web-UI features
For more details please look at [Milestone ${{inputs.web-ui-milestone-number}}]( https://github.com/mercedes-benz/sechub/milestone/${{inputs.web-ui-milestone-number}}?closed=1)
draft: true
prerelease: false

- name: Create sha256 checksum file for Web-UI jar
run: |
cd sechub-web-ui/build/libs
sha256sum sechub-web-ui-${{ inputs.web-ui-version }}.jar > sechub-web-ui-${{ inputs.web-ui-version }}.jar.sha256sum
- name: Create sha256 checksum file for Web-UI zip file
run: sha256sum $WEB_UI_RELEASE_ZIPFILE > $WEB_UI_RELEASE_ZIPFILE.sha256sum

- name: Upload Web-UI release asset sechub-web-ui-${{ inputs.web-ui-version }}.jar
- name: Upload Web-UI release asset ${{ env.WEB_UI_RELEASE_ZIPFILE }}
uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_web-ui_release.outputs.upload_url }}
asset_path: sechub-web-ui/build/libs/sechub-web-ui-${{ inputs.web-ui-version }}.jar
asset_name: sechub-web-ui-${{ inputs.web-ui-version }}.jar
asset_path: ${{ env.WEB_UI_RELEASE_ZIPFILE }}
asset_name: ${{ env.WEB_UI_RELEASE_ZIPFILE }}
asset_content_type: application/zip

- name: Upload Web-UI release asset sechub-web-ui-${{ inputs.web-ui-version }}.jar.sha256sum
- name: Upload Web-UI release asset ${{ env.WEB_UI_RELEASE_ZIPFILE }}.sha256sum
uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_web-ui_release.outputs.upload_url }}
asset_path: sechub-web-ui/build/libs/sechub-web-ui-${{ inputs.web-ui-version }}.jar.sha256sum
asset_name: sechub-web-ui-${{ inputs.web-ui-version }}.jar.sha256sum
asset_path: ${{ env.WEB_UI_RELEASE_ZIPFILE }}.sha256sum
asset_name: ${{ env.WEB_UI_RELEASE_ZIPFILE }}.sha256sum
asset_content_type: text/plain

# -----------------------------------------
Expand All @@ -203,26 +195,29 @@ jobs:
milestone: ${{ inputs.web-ui-milestone-number }}

# Build SecHub Web-UI container image + push to ghcr
- name: Build sechub-web-ui ${{ inputs.web-ui-version }} container image + push to ghcr
- name: Build SecHub web-ui ${{ inputs.web-ui-version }} container image + push to ghcr
run: |
WEB_SERVER_VERSION="${{ inputs.web-ui-version }}"
DOCKER_REGISTRY="$ACTIONS_SECHUB_REGISTRY/sechub-web-ui"
VERSION_TAG="${WEB_SERVER_VERSION}"
cp sechub-web-ui/build/libs/sechub-web-ui-${WEB_SERVER_VERSION}.jar sechub-web-ui-solution/docker/copy/
cd sechub-web-ui-solution
WEB_UI_VERSION="${{ inputs.web-ui-version }}"
DOCKER_REGISTRY="$ACTIONS_SECHUB_REGISTRY/web-ui"
VERSION_TAG="${WEB_UI_VERSION}"
echo "# Building image $DOCKER_REGISTRY:$VERSION_TAG"
echo " from $ACTIONS_BASE_IMAGE_DEBIAN"
./10-create-image.sh "$DOCKER_REGISTRY" "$VERSION_TAG" "WEB_SERVER_VERSION" "$ACTIONS_BASE_IMAGE_DEBIAN" copy
cp -r sechub-web-ui/.output sechub-web-ui-solution/docker/copy
cd sechub-web-ui-solution
export BASE_IMAGE="$ACTIONS_BASE_IMAGE_DEBIAN"
export BUILD_TYPE=copy
./10-create-image.sh "$DOCKER_REGISTRY" "$VERSION_TAG" "$WEB_UI_VERSION"
echo "# Pushing image $DOCKER_REGISTRY:$VERSION_TAG (latest)"
./20-push-image.sh "$DOCKER_REGISTRY" "$VERSION_TAG" yes
- name: Build sechub-web-ui Helm chart + push to ghcr
- name: Build SecHub web-ui Helm chart + push to ghcr
shell: bash
run: |
cd sechub-web-ui-solution/helm
rm -f *.tgz
echo "# Building Helm chart for SecHub Web-UI"
helm package sechub-web-ui
helm push sechub-web-ui-*.tgz $ACTIONS_HELM_REGISTRY
helm package web-ui
helm push web-ui-*.tgz $ACTIONS_HELM_REGISTRY
# -----------------------------------------
# Create a pull request for merging back `master` into `develop`
Expand Down
10 changes: 8 additions & 2 deletions sechub-web-ui-solution/docker/Web-UI-Debian.dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ ARG WEB_UI_ARTIFACTS="/artifacts"
ARG WEB_UI_VERSION
ARG BUILD_TYPE


#-------------------
# Builder Build
#-------------------
Expand Down Expand Up @@ -42,22 +43,25 @@ RUN cd "${WEB_UI_BUILD_FOLDER}" && \
npx nuxi generate && \
cp -r .output "${WEB_UI_ARTIFACTS}"


#-------------------
# Builder Copy Build
#-------------------
FROM ${NODE_BASE_IMAGE} AS builder-copy
FROM ${BASE_IMAGE} AS builder-copy
ARG WEB_UI_ARTIFACTS

RUN mkdir --parent "${WEB_UI_ARTIFACTS}"

COPY ./copy "${WEB_UI_ARTIFACTS}"
COPY copy/ "${WEB_UI_ARTIFACTS}"


#-------------------
# Builder
#-------------------
FROM builder-${BUILD_TYPE} AS builder
RUN echo "build stage"


#-------------------
# WebUI Server Image
#-------------------
Expand Down Expand Up @@ -127,4 +131,6 @@ RUN touch /var/run/nginx.pid && \
# Switch from root to non-root user
USER "$USER"

WORKDIR "$HTDOCS_FOLDER"

CMD ["/run.sh"]
7 changes: 7 additions & 0 deletions sechub-web-ui-solution/docker/copy/README.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
<!-- SPDX-License-Identifier: MIT --->
# Purpose of this directory
The purpose of this directory is to place web-ui content here.

When the build is started with "copy" as BUILD_TYPE then the
.output/public folder
will be copied into the container.
24 changes: 14 additions & 10 deletions sechub-web-ui-solution/docker/nginx.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,6 @@ events {
}

http {

access_log /dev/stdout;
error_log /dev/stderr;
sendfile on;
Expand All @@ -17,12 +16,18 @@ http {
types_hash_max_size 2048;

server {
listen 8443 ssl http2;
listen 4443 ssl http2;
server_name _;

root /var/www/html;

location / {
index index.html index.htm;
index index.html;
}

location /health {
# no access logging of health checks
access_log off;
}

ssl_certificate /etc/nginx/certificates/sechub-web-ui.cert;
Expand All @@ -40,11 +45,10 @@ http {
resolver 127.0.0.11 valid=5s;
}

include /etc/nginx/mime.types;
default_type application/octet-stream;

log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
include /etc/nginx/mime.types;
default_type application/octet-stream;

}
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
}
0 ...i-solution/helm/sechub-web-ui/.helmignore → ...b-web-ui-solution/helm/web-ui/.helmignore
View file
File renamed without changes.
6 changes: 3 additions & 3 deletions ...ui-solution/helm/sechub-web-ui/Chart.yaml → ...ub-web-ui-solution/helm/web-ui/Chart.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
# SPDX-License-Identifier: MIT

apiVersion: v2
name: sechub-web-ui
description: SecHub Web UI Helm chart for Kubernetes to deploy a vue.js web application
name: web-ui
description: SecHub Web UI Frontend Helm chart for Kubernetes to deploy SecHub's vue.js web application
home: https://github.com/mercedes-benz/sechub

type: application
Expand All @@ -11,4 +11,4 @@ type: application
# This version number should be incremented each time you make changes to the chart and its templates.
# Versions are expected to follow Semantic Versioning (https://semver.org/)

version: 0.2.0
version: 1.0.0
0 ...eb-ui-solution/helm/sechub-web-ui/LICENSE → sechub-web-ui-solution/helm/web-ui/LICENSE
View file
File renamed without changes.
0 ...-ui-solution/helm/sechub-web-ui/README.md → sechub-web-ui-solution/helm/web-ui/README.md
View file
File renamed without changes.
18 changes: 8 additions & 10 deletions ...m/sechub-web-ui/templates/deployment.yaml → ...ion/helm/web-ui/templates/deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ .Values.name }}
name: web-ui
spec:
replicas: {{ .Values.replicaCount }}
strategy:
Expand All @@ -13,11 +13,11 @@ spec:
maxUnavailable: 49%
selector:
matchLabels:
name: {{ .Values.name }}
name: web-ui
template:
metadata:
labels:
name: {{ .Values.name }}
name: web-ui
{{- if .Values.templateMetadataAnnotations }}
annotations:
{{ .Values.templateMetadataAnnotations | indent 8 | trim }}
Expand Down Expand Up @@ -71,19 +71,17 @@ spec:
{{- end }}

# Web-UI container
- name: {{ .Values.name }}
- name: web-ui
image: {{ .Values.image }}
imagePullPolicy: {{ .Values.imagePullPolicy }}
labels:
name: {{ .Values.name }}
ports:
- name: {{ .Values.name }}-https
containerPort: 8443
- name: web-ui-https
containerPort: 4443
startupProbe:
httpGet:
scheme: HTTPS
path: /health/alive.html
port: {{ .Values.name }}-https
port: web-ui-https
failureThreshold: 24
periodSeconds: 2
successThreshold: 1
Expand All @@ -93,7 +91,7 @@ spec:
httpGet:
scheme: HTTPS
path: /health/alive.html
port: {{ .Values.name }}-https
port: web-ui-https
failureThreshold: 2
periodSeconds: 5
successThreshold: 1
Expand Down
6 changes: 3 additions & 3 deletions ...echub-web-ui/templates/networkpolicy.yaml → .../helm/web-ui/templates/networkpolicy.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,16 +3,16 @@
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: {{ .Values.name }}-policy
name: web-ui-policy
spec:
ingress:
- ports:
{{- if .Values.go_mmproxy.enabled }}
- port: 8080
{{- else }}
- port: 8443
- port: 4443
{{- end }}
protocol: TCP
podSelector:
matchLabels:
name: {{ .Values.name }}
name: web-ui
Loading

0 comments on commit c5edf7f

Please sign in to comment.