Skip to content

ci: upgrade github actions #790

ci: upgrade github actions

ci: upgrade github actions #790

Workflow file for this run

name: Build then UAT
on:
workflow_dispatch:
push:
branches:
- 'main'
- 'external_pr_*'
pull_request:
branches: '*'
env:
AWS_REGION : "us-west-2"
CODE_BUILD_PROJECT_LINUX: "OtfUatCodeBuildLinux"
jobs:
build:
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ ubuntu-latest, windows-latest]
steps:
- name: Enable core.longpaths
run: git config --global core.longpaths true
if: matrix.os == 'windows-latest'
- uses: actions/checkout@v4
with:
submodules: recursive
fetch-depth: 0
- uses: wagoid/commitlint-github-action@v6
if: matrix.os == 'ubuntu-latest'
- name: Set up JDK 1.8
uses: actions/setup-java@v4
with:
distribution: corretto
java-version: 8
cache: maven
- name: Init Submodule
run: git submodule update --init
- name: Maven Preprocess
run: mvn -U -ntp clean process-resources
- name: Build with Maven
run: mvn -U -ntp clean verify
- name: Upload Failed Test Report for aws-greengrass-testing-features-api
uses: actions/upload-artifact@v3
if: failure()
with:
name: Failed Test Report ${{ matrix.os }}
path: aws-greengrass-testing-features/aws-greengrass-testing-features-api/target/surefire-reports
- name: Upload Failed Test Report for aws-greengrass-testing-launcher
uses: actions/upload-artifact@v3
if: failure()
with:
name: Failed Test Report ${{ matrix.os }}
path: aws-greengrass-testing-launcher/target/surefire-reports
- name: Upload Failed Test Report for aws-greengrass-testing-platform-api
uses: actions/upload-artifact@v3
if: failure()
with:
name: Failed Test Report ${{ matrix.os }}
path: aws-greengrass-testing-platform/aws-greengrass-testing-platform-api/target/surefire-reports
- name: Upload Failed Test Report for aws-greengrass-testing-platform-pillbox
uses: actions/upload-artifact@v3
if: failure()
with:
name: Failed Test Report ${{ matrix.os }}
path: aws-greengrass-testing-platform/aws-greengrass-testing-platform-pillbox/target/surefire-reports
- name: Convert Jacoco unit test report to Cobertura for aws-greengrass-testing-features-api
run: python3 .github/scripts/cover2cover.py aws-greengrass-testing-features/aws-greengrass-testing-features-api/target/jacoco-report/jacoco.xml src/main/java > aws-greengrass-testing-features/aws-greengrass-testing-features-api/target/jacoco-report/cobertura.xml
if: matrix.os == 'ubuntu-latest'
- name: Convert Jacoco unit test report to Cobertura for aws-greengrass-testing-launcher
run: python3 .github/scripts/cover2cover.py aws-greengrass-testing-launcher/target/jacoco-report/jacoco.xml src/main/java > aws-greengrass-testing-launcher/target/jacoco-report/cobertura.xml
if: matrix.os == 'ubuntu-latest'
- name: Convert Jacoco unit test report to Cobertura for aws-greengrass-testing-platform-api
run: python3 .github/scripts/cover2cover.py aws-greengrass-testing-platform/aws-greengrass-testing-platform-api/target/jacoco-report/jacoco.xml src/main/java > aws-greengrass-testing-platform/aws-greengrass-testing-platform-api/target/jacoco-report/cobertura.xml
if: matrix.os == 'ubuntu-latest'
- name: Convert Jacoco unit test report to Cobertura for aws-greengrass-testing-platform-pillbox
run: python3 .github/scripts/cover2cover.py aws-greengrass-testing-platform/aws-greengrass-testing-platform-pillbox/target/jacoco-report/jacoco.xml src/main/java > aws-greengrass-testing-platform/aws-greengrass-testing-platform-pillbox/target/jacoco-report/cobertura.xml
if: matrix.os == 'ubuntu-latest'
- name: Upload Coverage for aws-greengrass-testing-features-api
uses: actions/upload-artifact@v3
if: matrix.os == 'ubuntu-latest'
with:
name: Coverage Report
path: aws-greengrass-testing-features/aws-greengrass-testing-features-api/target/jacoco-report
- name: Upload Coverage for aws-greengrass-testing-launcher
uses: actions/upload-artifact@v3
if: matrix.os == 'ubuntu-latest'
with:
name: Coverage Report
path: aws-greengrass-testing-launcher/target/jacoco-report
- name: Upload Coverage for aws-greengrass-testing-platform-api
uses: actions/upload-artifact@v3
if: matrix.os == 'ubuntu-latest'
with:
name: Coverage Report
path: aws-greengrass-testing-platform/aws-greengrass-testing-platform-api/target/jacoco-report
- name: Upload Coverage for aws-greengrass-testing-platform-pillbox
uses: actions/upload-artifact@v3
if: matrix.os == 'ubuntu-latest'
with:
name: Coverage Report
path: aws-greengrass-testing-platform/aws-greengrass-testing-platform-pillbox/target/jacoco-report
- name: cobertura-report-unit-test for aws-greengrass-testing-features
uses: 5monkeys/cobertura-action@v14
continue-on-error: true
with:
# The GITHUB_TOKEN for this repo
repo_token: ${{ github.token }}
# Path to the cobertura file.
path: aws-greengrass-testing-features/aws-greengrass-testing-features-api/target/jacoco-report/cobertura.xml
# If files with 100% should be skipped from report.
skip_covered: false
# Minimum allowed coverage percentage as an integer.
minimum_coverage: 60
# Show line rate as specific column.
show_line: true
# Show branch rate as specific column.
show_branch: true
# Use class names instead of the filename
show_class_names: true
# Use a unique name for the report and comment
report_name: Unit Tests Coverage Report for aws-greengrass-testing-features
only_changed_files: true
- name: cobertura-report-unit-test for aws-greengrass-testing-launcher
uses: 5monkeys/cobertura-action@v14
continue-on-error: true
with:
# The GITHUB_TOKEN for this repo
repo_token: ${{ github.token }}
# Path to the cobertura file.
path: aws-greengrass-testing-launcher/target/jacoco-report/cobertura.xml
# If files with 100% should be skipped from report.
skip_covered: false
# Minimum allowed coverage percentage as an integer.
minimum_coverage: 60
# Show line rate as specific column.
show_line: true
# Show branch rate as specific column.
show_branch: true
# Use class names instead of the filename
show_class_names: true
# Use a unique name for the report and comment
report_name: Unit Tests Coverage Report for aws-greengrass-testing-launcher
only_changed_files: true
- name: cobertura-report-unit-test for aws-greengrass-testing-platform-api
uses: 5monkeys/cobertura-action@v14
continue-on-error: true
with:
# The GITHUB_TOKEN for this repo
repo_token: ${{ github.token }}
# Path to the cobertura file.
path: aws-greengrass-testing-platform/aws-greengrass-testing-platform-api/target/jacoco-report/cobertura.xml
# If files with 100% should be skipped from report.
skip_covered: false
# Minimum allowed coverage percentage as an integer.
minimum_coverage: 60
# Show line rate as specific column.
show_line: true
# Show branch rate as specific column.
show_branch: true
# Use class names instead of the filename
show_class_names: true
# Use a unique name for the report and comment
report_name: Unit Tests Coverage Report for aws-greengrass-testing-platform-api
only_changed_files: true
- name: cobertura-report-unit-test for aws-greengrass-testing-platform-pillbox
uses: 5monkeys/cobertura-action@v14
continue-on-error: true
with:
# The GITHUB_TOKEN for this repo
repo_token: ${{ github.token }}
# Path to the cobertura file.
path: aws-greengrass-testing-platform/aws-greengrass-testing-platform-pillbox/target/jacoco-report/cobertura.xml
# If files with 100% should be skipped from report.
skip_covered: false
# Minimum allowed coverage percentage as an integer.
minimum_coverage: 60
# Show line rate as specific column.
show_line: true
# Show branch rate as specific column.
show_branch: true
# Use class names instead of the filename
show_class_names: true
# Use a unique name for the report and comment
report_name: Unit Tests Coverage Report for aws-greengrass-testing-platform-pillbox
only_changed_files: true
check-binary-compatability:
runs-on: ubuntu-latest
steps:
- name: Checkout HEAD
uses: actions/checkout@v4
with:
submodules: recursive
fetch-depth: 0
ref: ${{ github.event.pull_request.base.sha }}
path: 'otf-old-japicmp'
- name: Set up JDK 1.8
uses: actions/setup-java@v4
with:
distribution: corretto
java-version: 8
cache: maven
- name: Build HEAD
run: |
cd otf-old-japicmp
# Init Submodule
git submodule update --init
# Maven process resources
mvn -U -ntp clean process-resources
# Set dummy version
mvn --batch-mode --no-transfer-progress org.codehaus.mojo:versions-maven-plugin:2.11.0:set -DnewVersion=JAPICMP-OLD
# Install artifacts with dummy version in local repository; used later by Maven plugin for comparison
mvn --batch-mode --no-transfer-progress install -DskipTests
- name: Checkout new commit
uses: actions/checkout@v4
- name: Build new commit
run: |
# Init Submodule
git submodule update --init
# Maven process resources
mvn -U -ntp clean process-resources
- name: Check binary compatibility
id: check-compatibility
run: >-
mvn --batch-mode --fail-at-end clean package japicmp:cmp -DskipTests &&
pip3 -q install agithub &&
python3 .github/scripts/binaryCompatibility.py --input aws-greengrass-testing-standalone/target/japicmp/default-cli.xml --token "${{ github.token }}"
if: github.event_name == 'pull_request'
- name: Upload Compatibility Report
uses: actions/upload-artifact@v3
with:
name: Binary Compatibility Report
path: aws-greengrass-testing-standalone/target/japicmp/default-cli.html
if: github.event_name == 'pull_request'
scan-for-secrets:
name: Scan for secrets
runs-on: ubuntu-latest
steps:
- name: Install Git Secrets
run: |
cd ~
git clone https://github.com/awslabs/git-secrets.git && cd git-secrets
sudo make install
echo "Git-secrets installation completed"
git secrets --register-aws --global
echo "Added aws secret templates"
- name: Checkout
uses: actions/checkout@v4
- name: Run Git Secrets
run: |
git secrets --scan
echo "Repository scan completed"
- name: Print remediation message
if: failure()
run: echo "git secrets found potential leaked credentials. If ANY credentials were committed, they MUST be immediately revoked."
uat-linux:
if: ${{ github.event.pull_request.head.repo.full_name == github.repository || github.event_name == 'push'}}
permissions:
id-token: write
contents: read
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ ubuntu-latest ]
steps:
- name: configure aws credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: arn:aws:iam::686385081908:role/aws-greengrass-testing-codebuild-uat-role-amazonlinux
role-session-name: otfCI
aws-region: ${{ env.AWS_REGION }}
- name: Run UAT on linux
uses: aws-actions/aws-codebuild-run-build@v1
with:
project-name: ${{ env.CODE_BUILD_PROJECT_LINUX }}
buildspec-override: codebuild/uat_linux_buildspec.yaml