mirror of
https://github.com/Alfresco/alfresco-transform-core.git
synced 2026-04-23 22:30:28 +00:00
331 lines
13 KiB
YAML
331 lines
13 KiB
YAML
name: Alfresco Transform Core CI
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- master
|
|
- feature/**
|
|
- fix/**
|
|
- SP/**
|
|
- HF/**
|
|
- ATS-**
|
|
- ACS-**
|
|
- MNT-**
|
|
pull_request:
|
|
branches:
|
|
- master
|
|
- feature/**
|
|
- fix/**
|
|
- SP/**
|
|
- HF/**
|
|
schedule:
|
|
- cron: '0 5 * * 1'
|
|
workflow_dispatch:
|
|
|
|
env:
|
|
DOCKERHUB_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
|
|
DOCKERHUB_USERNAME: ${{ secrets.DOCKER_USERNAME }}
|
|
NEXUS_PASSWORD: ${{ secrets.NEXUS_PASSWORD }}
|
|
NEXUS_USERNAME: ${{ secrets.NEXUS_USERNAME }}
|
|
QUAY_PASSWORD: ${{ secrets.QUAY_PASSWORD }}
|
|
QUAY_USERNAME: ${{ secrets.QUAY_USERNAME }}
|
|
GIT_USERNAME: ${{ secrets.BOT_GITHUB_USERNAME }}
|
|
GIT_EMAIL: ${{ secrets.BOT_GITHUB_EMAIL }}
|
|
GIT_PASSWORD: ${{ secrets.BOT_GITHUB_TOKEN }}
|
|
GITHUB_ACTIONS_DEPLOY_TIMEOUT: 120
|
|
|
|
jobs:
|
|
pre_commit:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: Alfresco/alfresco-build-tools/.github/actions/pre-commit@v9.3.1
|
|
|
|
veracode_sca:
|
|
name: "Veracode - Source Clear Scan (SCA)"
|
|
runs-on: ubuntu-latest
|
|
needs:
|
|
- pre_commit
|
|
if: >
|
|
github.ref_name == 'master' ||
|
|
github.event_name == 'pull_request'
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v9.3.1
|
|
- uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v9.3.1
|
|
- name: "Clean-up SNAPSHOT artifacts"
|
|
run: find "${HOME}/.m2/repository/" -type d -name "*-SNAPSHOT*" | xargs -r -l rm -rf
|
|
- uses: Alfresco/alfresco-build-tools/.github/actions/veracode@v9.3.1
|
|
continue-on-error: true
|
|
with:
|
|
srcclr-api-token: ${{ secrets.SRCCLR_API_TOKEN }}
|
|
|
|
veracode_sast:
|
|
name: "Pipeline SAST Scan"
|
|
runs-on: ubuntu-latest
|
|
needs:
|
|
- pre_commit
|
|
if: >
|
|
(github.ref_name == 'master' || startsWith(github.ref_name, 'SP/') || startsWith(github.ref_name, 'HF/') || github.event_name == 'pull_request') &&
|
|
github.actor != 'dependabot[bot]' &&
|
|
!contains(github.event.head_commit.message, '[skip tests]')
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v9.3.1
|
|
- uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v9.3.1
|
|
- name: "Login to Docker Hub"
|
|
uses: docker/login-action@v3
|
|
with:
|
|
username: ${{ secrets.DOCKER_USERNAME }}
|
|
password: ${{ secrets.DOCKER_PASSWORD }}
|
|
- name: "Login to Quay.io"
|
|
uses: docker/login-action@v3
|
|
with:
|
|
registry: quay.io
|
|
username: ${{ secrets.QUAY_USERNAME }}
|
|
password: ${{ secrets.QUAY_PASSWORD }}
|
|
- uses: Alfresco/alfresco-build-tools/.github/actions/github-download-file@v9.3.1
|
|
with:
|
|
token: ${{ secrets.BOT_GITHUB_TOKEN }}
|
|
repository: "Alfresco/veracode-baseline-archive"
|
|
file-path: "alfresco-transform-core/alfresco-transform-core-baseline.json"
|
|
target: "baseline.json"
|
|
- name: "Build"
|
|
run: mvn -B -U install -DskipTests
|
|
- name: "Create zip"
|
|
run: |
|
|
mkdir -p to-scan
|
|
for file in engines/aio/target/alfresco-transform-core-aio-*.jar engines/base/target/alfresco-base-t-engine-*.jar model/target/alfresco-transform-model-*.jar
|
|
do
|
|
if [[ $file != *javadoc.jar ]] && [[ $file != *sources.jar ]] && [[ $file != *tests.jar ]]; then
|
|
mv "$file" to-scan/
|
|
fi
|
|
done
|
|
# Removing the aspectjweaver and bouncycastle jars from the scan, since Veracode detects them as 1st party code and fails the scan. TO BE REVERTED ONCE VERACODE FIXES THE ISSUE
|
|
zip -d to-scan/alfresco-transform*.jar "BOOT-INF/lib/bcmail-jdk18on-*.jar" "BOOT-INF/lib/bcprov-jdk18on-*.jar" "BOOT-INF/lib/aspectjweaver*.jar"
|
|
zip -r to-scan.zip to-scan
|
|
- name: "Run SAST Scan"
|
|
uses: veracode/Veracode-pipeline-scan-action@v1.0.16
|
|
with:
|
|
vid: ${{ secrets.VERACODE_API_ID }}
|
|
vkey: ${{ secrets.VERACODE_API_KEY }}
|
|
file: "to-scan.zip"
|
|
fail_build: true
|
|
project_name: alfresco-transform-core
|
|
issue_details: true
|
|
veracode_policy_name: Alfresco Default
|
|
summary_output: true
|
|
summary_output_file: results.json
|
|
summary_display: true
|
|
baseline_file: baseline.json
|
|
include: "to-scan/alfresco*"
|
|
- name: Upload scan result
|
|
if: success() || failure()
|
|
run: zip readable_output.zip results.json
|
|
- name: Upload Artifact
|
|
if: success() || failure()
|
|
uses: actions/upload-artifact@v4
|
|
with:
|
|
name: Veracode Pipeline-Scan Results (Human Readable)
|
|
path: readable_output.zip
|
|
|
|
pmd_scan:
|
|
name: "PMD Scan"
|
|
runs-on: ubuntu-latest
|
|
if: >
|
|
github.event_name == 'pull_request' &&
|
|
!contains(github.event.head_commit.message, '[skip pmd]') &&
|
|
!contains(github.event.head_commit.message, '[skip tests]')
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- uses: Alfresco/alfresco-build-tools/.github/actions/free-hosted-runner-disk-space@v9.3.1
|
|
- uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v9.3.1
|
|
- uses: Alfresco/ya-pmd-scan@v4.1.0
|
|
with:
|
|
classpath-build-command: "mvn -ntp package -DskipTests"
|
|
|
|
build_and_test:
|
|
name: "Core & Base Snapshot deployment"
|
|
runs-on: ubuntu-latest
|
|
needs:
|
|
- pre_commit
|
|
if: >
|
|
github.ref_name == 'master' &&
|
|
github.event_name != 'pull_request'
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v9.3.1
|
|
- uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v9.3.1
|
|
- name: "Login to Docker Hub"
|
|
uses: docker/login-action@v3
|
|
with:
|
|
username: ${{ secrets.DOCKER_USERNAME }}
|
|
password: ${{ secrets.DOCKER_PASSWORD }}
|
|
- name: "Login to Quay.io"
|
|
uses: docker/login-action@v3
|
|
with:
|
|
registry: quay.io
|
|
username: ${{ secrets.QUAY_USERNAME }}
|
|
password: ${{ secrets.QUAY_PASSWORD }}
|
|
- name: "Enable experimental docker features"
|
|
run: |
|
|
echo '{"experimental":true}' | sudo tee /etc/docker/daemon.json
|
|
sudo service docker restart
|
|
- name: "Clean-up SNAPSHOT artifacts"
|
|
run: find "${HOME}/.m2/repository/" -type d -name "*-SNAPSHOT*" | xargs -r -l rm -rf
|
|
- name: "Build"
|
|
timeout-minutes: ${{ fromJSON(env.GITHUB_ACTIONS_DEPLOY_TIMEOUT) }}
|
|
run: mvn -B -U -q clean install -DadditionalOption=-Xdoclint:none -DskipTests -Dmaven.javadoc.skip=true -Dmaven.wagon.http.pool=false -Pbase
|
|
- name: "Cache LibreOffice"
|
|
run: bash _ci/cache_artifacts.sh
|
|
- name: "Run tests"
|
|
timeout-minutes: ${{ fromJSON(env.GITHUB_ACTIONS_DEPLOY_TIMEOUT) }}
|
|
run: mvn -B -U clean deploy -DadditionalOption=-Xdoclint:none -Dmaven.javadoc.skip=true -Dmaven.wagon.http.pool=false -Pbase
|
|
|
|
all_tests_matrix:
|
|
name: ${{ matrix.testName }}
|
|
runs-on: ubuntu-latest
|
|
needs:
|
|
- pre_commit
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
include:
|
|
- testName: ImageMagick
|
|
buildProfile: imagemagick
|
|
testProfile: imagemagick
|
|
- testName: LibreOffice
|
|
buildProfile: libreoffice
|
|
testProfile: libreoffice
|
|
- testName: Transform Misc
|
|
buildProfile: misc
|
|
testProfile: misc
|
|
- testName: PDF Renderer
|
|
buildProfile: pdf-renderer
|
|
testProfile: pdf-renderer
|
|
- testName: Tika
|
|
buildProfile: tika
|
|
testProfile: tika
|
|
- testName: All in One Transformer
|
|
buildProfile: full-build
|
|
testProfile: aio-test
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v9.3.1
|
|
- uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v9.3.1
|
|
- name: "Login to Docker Hub"
|
|
uses: docker/login-action@v3
|
|
with:
|
|
username: ${{ secrets.DOCKER_USERNAME }}
|
|
password: ${{ secrets.DOCKER_PASSWORD }}
|
|
- name: "Login to Quay.io"
|
|
uses: docker/login-action@v3
|
|
with:
|
|
registry: quay.io
|
|
username: ${{ secrets.QUAY_USERNAME }}
|
|
password: ${{ secrets.QUAY_PASSWORD }}
|
|
- name: "Enable experimental docker features"
|
|
run: |
|
|
echo '{"experimental":true}' | sudo tee /etc/docker/daemon.json
|
|
sudo service docker restart
|
|
- name: "Clean-up SNAPSHOT artifacts"
|
|
run: find "${HOME}/.m2/repository/" -type d -name "*-SNAPSHOT*" | xargs -r -l rm -rf
|
|
- name: "Build local docker image"
|
|
timeout-minutes: ${{ fromJSON(env.GITHUB_ACTIONS_DEPLOY_TIMEOUT) }}
|
|
run: bash _ci/build.sh ${{ matrix.buildProfile }}
|
|
- name: "Cache LibreOffice"
|
|
run: bash _ci/cache_artifacts.sh
|
|
- name: "Run tests"
|
|
timeout-minutes: ${{ fromJSON(env.GITHUB_ACTIONS_DEPLOY_TIMEOUT) }}
|
|
run: bash _ci/test.sh ${{ matrix.testProfile }}
|
|
|
|
e2e_javaruntime_tests:
|
|
name: "E2E AIO Smoke Tests ( Java: ${{ matrix.java }}"
|
|
runs-on: ubuntu-latest
|
|
needs:
|
|
- pre_commit
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
java: [ '21', '25' ]
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v9.3.1
|
|
- uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v9.3.1
|
|
- name: "Login to Docker Hub"
|
|
uses: docker/login-action@v3
|
|
with:
|
|
username: ${{ secrets.DOCKER_USERNAME }}
|
|
password: ${{ secrets.DOCKER_PASSWORD }}
|
|
- name: "Login to Quay.io"
|
|
uses: docker/login-action@v3
|
|
with:
|
|
registry: quay.io
|
|
username: ${{ secrets.QUAY_USERNAME }}
|
|
password: ${{ secrets.QUAY_PASSWORD }}
|
|
- name: "Enable experimental docker features"
|
|
run: |
|
|
echo '{"experimental":true}' | sudo tee /etc/docker/daemon.json
|
|
sudo service docker restart
|
|
- name: "Clean-up SNAPSHOT artifacts"
|
|
run: find "${HOME}/.m2/repository/" -type d -name "*-SNAPSHOT*" | xargs -r -l rm -rf
|
|
- name: "Build local docker image"
|
|
timeout-minutes: ${{ fromJSON(env.GITHUB_ACTIONS_DEPLOY_TIMEOUT) }}
|
|
run: bash _ci/build.sh full-build
|
|
- name: "Cache LibreOffice"
|
|
run: bash _ci/cache_artifacts.sh
|
|
- name: "Run tests"
|
|
timeout-minutes: ${{ fromJSON(env.GITHUB_ACTIONS_DEPLOY_TIMEOUT) }}
|
|
env:
|
|
SMOKE_TESTS: true
|
|
SKIP_DEPLOY: true
|
|
JAVA_RUNTIME_VERSION: ${{ matrix.java }}
|
|
run: bash _ci/test.sh aio-test
|
|
|
|
release:
|
|
name: "Release"
|
|
runs-on: ubuntu-latest
|
|
needs: [veracode_sca, build_and_test, all_tests_matrix, e2e_javaruntime_tests]
|
|
if: >
|
|
!(failure() || cancelled()) &&
|
|
contains(github.event.head_commit.message, '[release]') &&
|
|
github.event_name != 'pull_request' &&
|
|
(github.ref_name == 'master' || startsWith(github.ref_name, 'SP/') || startsWith(github.ref_name, 'HF/'))
|
|
steps:
|
|
- uses: Alfresco/alfresco-build-tools/.github/actions/free-hosted-runner-disk-space@v9.3.1
|
|
- uses: actions/checkout@v4
|
|
with:
|
|
persist-credentials: false
|
|
- uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v9.3.1
|
|
- uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v9.3.1
|
|
- name: Set up QEMU
|
|
uses: docker/setup-qemu-action@v3
|
|
with:
|
|
platforms: linux/amd64,linux/arm64
|
|
- name: "Login to Docker Hub"
|
|
uses: docker/login-action@v3
|
|
with:
|
|
username: ${{ secrets.DOCKER_USERNAME }}
|
|
password: ${{ secrets.DOCKER_PASSWORD }}
|
|
- name: "Login to Quay.io"
|
|
uses: docker/login-action@v3
|
|
with:
|
|
registry: quay.io
|
|
username: ${{ secrets.QUAY_USERNAME }}
|
|
password: ${{ secrets.QUAY_PASSWORD }}
|
|
- name: "Enable experimental docker features"
|
|
run: |
|
|
echo '{"experimental":true}' | sudo tee /etc/docker/daemon.json
|
|
sudo service docker restart
|
|
- name: "Clean-up SNAPSHOT artifacts"
|
|
run: find "${HOME}/.m2/repository/" -type d -name "*-SNAPSHOT*" | xargs -r -l rm -rf
|
|
- uses: Alfresco/alfresco-build-tools/.github/actions/configure-git-author@v9.3.1
|
|
with:
|
|
username: ${{ env.GIT_USERNAME }}
|
|
email: ${{ env.GIT_EMAIL }}
|
|
global: true
|
|
- name: "Cache LibreOffice"
|
|
run: bash _ci/cache_artifacts.sh
|
|
- name: "Release"
|
|
timeout-minutes: ${{ fromJSON(env.GITHUB_ACTIONS_DEPLOY_TIMEOUT) }}
|
|
run: bash _ci/release.sh
|