Skip to content

Commit

Permalink
Merge branch 'develop' into feature-3521-templates-and-assets
Browse files Browse the repository at this point in the history
  • Loading branch information
@de-jcup
de-jcup committed Nov 6, 2024
2 parents f5b6559 + e10a194 commit d5795e6
Show file tree
Hide file tree
Showing 320 changed files with 60,397 additions and 10,150 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/documentation-build.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ jobs:
cache-read-only: false

- name: Set up Go
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32
uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed
with:
go-version: 1.21.6

Expand Down
25 changes: 18 additions & 7 deletions .github/workflows/github-action-scan.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,15 +31,15 @@ jobs:
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871

- name: Use Node.js
# We do not define a dedicated node version here, we just use the default environment
# which should be the default environment for the github actions runtime as well
uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b
uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6
with:
node-version: 22

- name: Clean install
run: npm ci

- name: Build
run: npm run build --if-present
run: npm run build

- name: Run unit tests
run: npm test
Expand All @@ -51,12 +51,23 @@ jobs:
git status
mkdir "${{ github.workspace }}/build" -p
git status >> "${{ github.workspace }}/build/git-status.txt"
- name: Define integration test setup
id : version-selector
run: |
echo "sechub_server_version=1.9.0" >> "$GITHUB_ENV"
# Make sure that INTEGRATIONTEST_SECHUB_SERVER_VERSION and INTEGRATIONTEST_PDS_VERSION
# are defined in https://github.com/mercedes-benz/sechub/settings/variables/actions
if [ -z "${{ vars.INTEGRATIONTEST_SECHUB_SERVER_VERSION }}" ] ; then
echo "INTEGRATIONTEST_SECHUB_SERVER_VERSION variable is undefined. Exiting."
exit 1
fi
if [ -z "${{ vars.INTEGRATIONTEST_PDS_VERSION }}" ] ; then
echo "INTEGRATIONTEST_PDS_VERSION variable is undefined. Exiting."
exit 1
fi
echo "sechub_server_version=${{ vars.INTEGRATIONTEST_SECHUB_SERVER_VERSION }}" >> "$GITHUB_ENV"
echo "sechub_server_port=8443" >> "$GITHUB_ENV"
echo "pds_version=1.6.0" >> "$GITHUB_ENV"
echo "pds_version=${{ vars.INTEGRATIONTEST_PDS_VERSION }}" >> "$GITHUB_ENV"
echo "pds_port=8444" >> "$GITHUB_ENV"
- name: Cache SecHub server download
Expand All @@ -71,7 +82,7 @@ jobs:
uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8
with:
path: ./build/sechub-runtime/pds/${{ env.pds_version }}/
key: ${{ runner.os }}-pds-${{ env.pds_version }}
key: ${{ runner.os }}-sechub-pds-${{ env.pds_version }}

- name: Set up JDK 17 (to run servers)
uses: actions/setup-java@b36c23c0d998641eff861008f374ee103c25ac73
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/gradle.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@ jobs:
cache-read-only: false

- name: Set up Go
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32
uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed
with:
go-version: 1.21.6

Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/release-client-server-pds.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ permissions:
pull-requests: write

env:
ACTIONS_BASE_IMAGE_ALPINE: alpine:3.17
ACTIONS_BASE_IMAGE_ALPINE: alpine:3.20
ACTIONS_BASE_IMAGE_DEBIAN: debian:12-slim
ACTIONS_SECHUB_REGISTRY: ghcr.io/mercedes-benz/sechub
ACTIONS_HELM_REGISTRY: "oci://ghcr.io/mercedes-benz/sechub/helm-charts"
Expand Down Expand Up @@ -102,7 +102,7 @@ jobs:
cache-read-only: false

- name: Set up Go
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32
uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed
with:
go-version: 1.21.6

Expand Down
11 changes: 7 additions & 4 deletions .github/workflows/release-github-action.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,9 @@ permissions:
issues: write
pull-requests: write

env:
GHACTION: github-actions/scan

jobs:
release-version:
name: Create Github Action release
Expand Down Expand Up @@ -46,9 +49,9 @@ jobs:
# Setup + Caching
# ----------------------
- name: Use Node.js
# We do not define a dedicated node version here, we just use the default environment
# which should be the default environment for the github actions runtime as well
uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b
uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6
with:
node-version: 22

- name: Git setup
run: |
Expand Down Expand Up @@ -91,7 +94,6 @@ jobs:
# ----------------------
- name: Build github-actions/scan and set package version to v${{ inputs.ghaction-version }}
run: |
GHACTION="github-actions/scan"
cd $GHACTION
echo "# $GHACTION - Update package version to ${{ inputs.ghaction-version }}"
echo "$( jq --arg a "${{ inputs.ghaction-version }}" '.version = $a' package.json )" > package.json
Expand Down Expand Up @@ -123,6 +125,7 @@ jobs:
- name: Commit build artifacts from above steps
id: github-actions_commit
run: |
git add -f "$GHACTION"/dist/*
git commit -am "SecHub release job @github-actions for Github Action ${{ inputs.ghaction-version }} #${{ steps.release-issue.outputs.number }}" || true
COMMITS=`git log --oneline --branches --not --remotes`
echo "commits=$COMMITS" >> $GITHUB_OUTPUT
Expand Down
118 changes: 59 additions & 59 deletions .github/workflows/release-webui.yml → .github/workflows/release-web-server.yml
View file
Original file line number Diff line number Diff line change
@@ -1,17 +1,17 @@
# SPDX-License-Identifier: MIT
name: Release WebUI
name: Release Web Server

on:
workflow_dispatch:
inputs:
actor-email:
description: Insert your email address here. It will be used in the generated pull requests
required: true
webui-version:
description: WebUI Version (e.g. 0.1.0)
web-server-version:
description: Web Server Version (e.g. 0.1.0)
required: true
webui-milestone-number:
description: WebUI Milestone number (e.g. 70)
web-server-milestone-number:
description: Web Server Milestone number (e.g. 70)
required: true

permissions:
Expand All @@ -21,27 +21,27 @@ permissions:
pull-requests: write

env:
ACTIONS_BASE_IMAGE_ALPINE: alpine:3.17
ACTIONS_BASE_IMAGE_ALPINE: alpine:3.20
ACTIONS_BASE_IMAGE_DEBIAN: debian:12-slim
ACTIONS_SECHUB_REGISTRY: ghcr.io/mercedes-benz/sechub
ACTIONS_HELM_REGISTRY: "oci://ghcr.io/mercedes-benz/sechub/helm-charts"

jobs:
release-version:
name: Create WebUI release
name: Create Web Server release
runs-on: ubuntu-latest
steps:

- name: "Show Inputs"
run: |
echo "actor-email: '${{ inputs.actor-email }}'"
echo "WebUI '${{ inputs.webui-version }}' - Milestone '${{ inputs.webui-milestone-number }}'"
echo "Web Server '${{ inputs.web-server-version }}' - Milestone '${{ inputs.web-server-milestone-number }}'"
# Check inputs:
- name: "Verify Input for WebUI release"
if: (inputs.webui-version == '') || (inputs.webui-milestone-number == '')
- name: "Verify Input for Web Server release"
if: (inputs.web-server-version == '') || (inputs.web-server-milestone-number == '')
run: |
echo "For WebUI release, webui-version and webui-milestone-number must be provided!"
echo "For Web Server release, web-server-version and web-server-milestone-number must be provided!"
exit 1
- name: Checkout master
Expand All @@ -51,8 +51,8 @@ jobs:

# Create temporary local tag, so we build for this tag...
# The final tag on git server side will be done automatically by the release when the draft is saved as "real" release
- name: "Temporary tag server version: v${{ inputs.webui-version }}-webui"
run: git tag v${{ inputs.webui-version }}-webui
- name: "Temporary tag server version: v${{ inputs.web-server-version }}-web-server"
run: git tag v${{ inputs.web-server-version }}-web-server

# ----------------------
# Setup + Caching
Expand Down Expand Up @@ -96,11 +96,11 @@ jobs:
branch: release-spdx-headers
branch-suffix: short-commit-hash
delete-branch: true
title: '0 - Before webui release: Add missing SPDX license headers [auto-generated]'
title: '0 - Before web-server release: Add missing SPDX license headers [auto-generated]'
body: |
Auto-generated by Github Actions webui release job.
Auto-generated by Github Actions web-server release job.
-> Please review and merge **before** publishing the webui release.
-> Please review and merge **before** publishing the web-server release.
- name: Print PR infos
if: steps.apply-headers.outputs.commits != ''
Expand All @@ -109,10 +109,10 @@ jobs:
echo "Pull Request URL - ${{ steps.pr_spdx_headers.outputs.pull-request-url }}"
# ----------------------
# Build SecHub WebUI
# Build SecHub Web Server
# ----------------------
- name: Build WebUI jar files
run: ./gradlew ensureLocalhostCertificate :sechub-api-java:build :sechub-webui:build -Dsechub.build.stage=api-necessary --console=plain
- name: Build Web Server jar files
run: ./gradlew ensureLocalhostCertificate :sechub-api-java:build :sechub-web-server:build -Dsechub.build.stage=api-necessary --console=plain

# To identifiy parts not in git history
- name: Collect GIT status
Expand All @@ -133,12 +133,12 @@ jobs:
path: build/reports/git-status.txt
retention-days: 14

- name: Archive WebUI artifacts
- name: Archive Web Server artifacts
if: always()
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3
with:
name: sechub-webui
path: sechub-webui/build/libs
name: sechub-web-server
path: sechub-web-server/build/libs
retention-days: 14

# -----------------------------------------
Expand All @@ -149,83 +149,83 @@ jobs:
git status
./gradlew assertReleaseable
- name: Create WebUI release
id: create_webui_release
- name: Create Web Server release
id: create_web-server_release
uses: actions/create-release@0cb9c9b65d5d1901c1f53e5e66eaf4afd303e70e
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token
with:
tag_name: v${{ inputs.webui-version }}-webui
tag_name: v${{ inputs.web-server-version }}-web-server
commitish: master
release_name: WebUI Version ${{ inputs.webui-version }}
release_name: web-server Version ${{ inputs.web-server-version }}
body: |
Changes in this Release
- Some minor changes on WebUI implementation
- Some minor changes on Web Server implementation
For more details please look at [Milestone ${{inputs.webui-milestone-number}}]( https://github.com/mercedes-benz/sechub/milestone/${{inputs.webui-milestone-number}}?closed=1)
For more details please look at [Milestone ${{inputs.web-server-milestone-number}}]( https://github.com/mercedes-benz/sechub/milestone/${{inputs.web-server-milestone-number}}?closed=1)
draft: true
prerelease: false

- name: Create sha256 checksum file for WebUI jar
- name: Create sha256 checksum file for Web Server jar
run: |
cd sechub-webui/build/libs
sha256sum sechub-webui-${{ inputs.webui-version }}.jar > sechub-webui-${{ inputs.webui-version }}.jar.sha256sum
cd sechub-web-server/build/libs
sha256sum sechub-web-server-${{ inputs.web-server-version }}.jar > sechub-web-server-${{ inputs.web-server-version }}.jar.sha256sum
- name: Upload WebUI release asset sechub-webui-${{ inputs.webui-version }}.jar
- name: Upload Web Server release asset sechub-web-server-${{ inputs.web-server-version }}.jar
uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_webui_release.outputs.upload_url }}
asset_path: sechub-webui/build/libs/sechub-webui-${{ inputs.webui-version }}.jar
asset_name: sechub-webui-${{ inputs.webui-version }}.jar
upload_url: ${{ steps.create_web-server_release.outputs.upload_url }}
asset_path: sechub-web-server/build/libs/sechub-web-server-${{ inputs.web-server-version }}.jar
asset_name: sechub-web-server-${{ inputs.web-server-version }}.jar
asset_content_type: application/zip

- name: Upload WebUI release asset sechub-webui-${{ inputs.webui-version }}.jar.sha256sum
- name: Upload Web Server release asset sechub-web-server-${{ inputs.web-server-version }}.jar.sha256sum
uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_webui_release.outputs.upload_url }}
asset_path: sechub-webui/build/libs/sechub-webui-${{ inputs.webui-version }}.jar.sha256sum
asset_name: sechub-webui-${{ inputs.webui-version }}.jar.sha256sum
upload_url: ${{ steps.create_web-server_release.outputs.upload_url }}
asset_path: sechub-web-server/build/libs/sechub-web-server-${{ inputs.web-server-version }}.jar.sha256sum
asset_name: sechub-web-server-${{ inputs.web-server-version }}.jar.sha256sum
asset_content_type: text/plain

# -----------------------------------------
# Create release issue
# -----------------------------------------
- name: Create SecHub WebUI ${{ inputs.webui-version }} release issue
- name: Create SecHub Web Server ${{ inputs.web-server-version }} release issue
uses: dacbd/create-issue-action@main
with:
token: ${{ github.token }}
title: Release SecHub WebUI ${{ inputs.webui-version }}
title: Release SecHub Web Server ${{ inputs.web-server-version }}
body: |
See [Milestone ${{inputs.webui-milestone-number}}]( https://github.com/mercedes-benz/sechub/milestone/${{inputs.webui-milestone-number}}?closed=1) for details.
See [Milestone ${{inputs.web-server-milestone-number}}]( https://github.com/mercedes-benz/sechub/milestone/${{inputs.web-server-milestone-number}}?closed=1) for details.
Please close this issue after the release.
milestone: ${{ inputs.webui-milestone-number }}
milestone: ${{ inputs.web-server-milestone-number }}

# Build SecHub WebUI container image + push to ghcr
- name: Build sechub-webui ${{ inputs.webui-version }} container image + push to ghcr
# Build SecHub Web Server container image + push to ghcr
- name: Build sechub-web-server ${{ inputs.web-server-version }} container image + push to ghcr
run: |
WEBUI_VERSION="${{ inputs.webui-version }}"
DOCKER_REGISTRY="$ACTIONS_SECHUB_REGISTRY/sechub-webui"
VERSION_TAG="${WEBUI_VERSION}"
cp sechub-webui/build/libs/sechub-webui-${WEBUI_VERSION}.jar sechub-webui-solution/docker/copy/
cd sechub-webui-solution
WEB_SERVER_VERSION="${{ inputs.web-server-version }}"
DOCKER_REGISTRY="$ACTIONS_SECHUB_REGISTRY/sechub-web-server"
VERSION_TAG="${WEB_SERVER_VERSION}"
cp sechub-web-server/build/libs/sechub-web-server-${WEB_SERVER_VERSION}.jar sechub-web-server-solution/docker/copy/
cd sechub-web-server-solution
echo "# Building image $DOCKER_REGISTRY:$VERSION_TAG"
echo " from $ACTIONS_BASE_IMAGE_DEBIAN"
./10-create-image.sh "$DOCKER_REGISTRY" "$VERSION_TAG" "$WEBUI_VERSION" "$ACTIONS_BASE_IMAGE_DEBIAN" copy
./10-create-image.sh "$DOCKER_REGISTRY" "$VERSION_TAG" "WEB_SERVER_VERSION" "$ACTIONS_BASE_IMAGE_DEBIAN" copy
echo "# Pushing image $DOCKER_REGISTRY:$VERSION_TAG (latest)"
./20-push-image.sh "$DOCKER_REGISTRY" "$VERSION_TAG" yes
- name: Build sechub-webui Helm chart + push to ghcr
- name: Build sechub-web-server Helm chart + push to ghcr
shell: bash
run: |
cd sechub-webui-solution/helm
echo "# Building Helm chart for SecHub WebUI"
helm package sechub-webui
helm push sechub-webui-*.tgz $ACTIONS_HELM_REGISTRY
cd sechub-web-server-solution/helm
echo "# Building Helm chart for SecHub Web Server"
helm package sechub-web-server
helm push sechub-web-server-*.tgz $ACTIONS_HELM_REGISTRY
# -----------------------------------------
# Create a pull request for merging back `master` into `develop`
Expand All @@ -239,10 +239,10 @@ jobs:
source_branch: "master"
destination_branch: "develop"
pr_allow_empty: true # should allow an empty PR, but seems not to work
pr_title: '2 - After webui release: Merge master back into develop [auto-generated]'
pr_title: '2 - After web-server release: Merge master back into develop [auto-generated]'
pr_body: |
After SecHub WebUI release
- WebUI '${{ inputs.webui-version }}'
After SecHub Web Server release
- Web Server '${{ inputs.web-server-version }}'
Merge master branch back into develop
Expand Down
Loading

0 comments on commit d5795e6

Please sign in to comment.