From 86c4e8573154a630555bd8671566b6cffbd505b8 Mon Sep 17 00:00:00 2001 From: Fabricius Zatti Date: Wed, 29 May 2024 14:12:42 -0300 Subject: [PATCH] feat: add ci workflow --- .github/workflows/ci.yaml | 123 ++++++++++++++++++-------------------- 1 file changed, 59 insertions(+), 64 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 14bd954b96..b0a1a9b20c 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -12,7 +12,7 @@ --- env: NODEJS_VERSION: v18.18.2 - RUN_TRIVY_SCAN: true + RUN_TRIVY_SCAN: true jobs: ActionLint: uses: ./.github/workflows/actionlint.yaml @@ -200,7 +200,7 @@ jobs: restore-keys: | ${{ runner.os }}-yarn-${{ hashFiles('./yarn.lock') }} - - if : ${{ (steps.yarn-cache.outputs.cache-hit != 'true') }} + - if: ${{ (steps.yarn-cache.outputs.cache-hit != 'true') }} name: tools_ci_sh run: ./tools/ci.sh @@ -268,12 +268,12 @@ jobs: - name: Set env.GIT_INDEX_FILE_COUNT id: set_env_git_index_file_count run: | - echo "GIT_INDEX_FILE_COUNT=$(git status --porcelain | wc -l)" >> "$GITHUB_ENV" + echo "GIT_INDEX_FILE_COUNT=$(git status --porcelain | wc -l)" >> "$GITHUB_ENV" - name: Print env.GIT_INDEX_FILE_COUNT id: print_env_git_index_file_count run: | - echo "${{ env.GIT_INDEX_FILE_COUNT }}" + echo "${{ env.GIT_INDEX_FILE_COUNT }}" - uses: actions/github-script@v6.4.1 id: set-result-git_index_file_count @@ -420,7 +420,7 @@ jobs: - name: Ensure .tmp Directory Exists run: mkdir -p .tmp/benchmark-results/cmd-api-server/ - # Download previous benchmark result from cache (if exists) + # Download previous benchmark result from cache (if exists) - name: Download previous benchmark data uses: actions/cache@v4.0.1 with: @@ -434,7 +434,7 @@ jobs: - name: Store benchmark result uses: benchmark-action/github-action-benchmark@v1.19.2 with: - tool: 'benchmarkjs' + tool: "benchmarkjs" output-file-path: .tmp/benchmark-results/cmd-api-server/run-cmd-api-server-benchmark.ts.log github-token: ${{ secrets.GITHUB_TOKEN }} @@ -443,10 +443,10 @@ jobs: auto-push: ${{ github.ref == 'refs/heads/main' }} # Show alert with commit comment on detecting possible performance regression - alert-threshold: '5%' + alert-threshold: "5%" comment-on-alert: true fail-on-alert: true - alert-comment-cc-users: '@petermetz' + alert-comment-cc-users: "@petermetz" cactus-cmd-socketio-server: continue-on-error: false @@ -482,7 +482,7 @@ jobs: FULL_BUILD_DISABLED: true JEST_TEST_PATTERN: packages/cactus-common/src/test/typescript/(unit|integration|benchmark)/.*/*.test.ts JEST_TEST_RUNNER_DISABLED: false - TAPE_TEST_PATTERN: '--files={./packages/cactus-common/src/test/typescript/unit/key-converter.test.ts,./packages/cactus-common/src/test/typescript/unit/logging/logger.test.ts}' + TAPE_TEST_PATTERN: "--files={./packages/cactus-common/src/test/typescript/unit/key-converter.test.ts,./packages/cactus-common/src/test/typescript/unit/logging/logger.test.ts}" TAPE_TEST_RUNNER_DISABLED: false needs: build-dev runs-on: ubuntu-22.04 @@ -638,7 +638,7 @@ jobs: FULL_BUILD_DISABLED: true JEST_TEST_PATTERN: examples/cactus-example-supply-chain-backend/src/test/typescript/(unit|integration|benchmark)/.*/*.test.ts JEST_TEST_RUNNER_DISABLED: false - TAPE_TEST_PATTERN: '--files={./examples/cactus-example-supply-chain-backend/src/test/typescript/integration/supply-chain-backend-api-calls.test.ts,./examples/cactus-example-supply-chain-backend/src/test/typescript/integration/supply-chain-cli-via-npm-script.test.ts}' + TAPE_TEST_PATTERN: "--files={./examples/cactus-example-supply-chain-backend/src/test/typescript/integration/supply-chain-backend-api-calls.test.ts,./examples/cactus-example-supply-chain-backend/src/test/typescript/integration/supply-chain-cli-via-npm-script.test.ts}" TAPE_TEST_RUNNER_DISABLED: false needs: build-dev runs-on: ubuntu-22.04 @@ -817,7 +817,7 @@ jobs: FULL_BUILD_DISABLED: true JEST_TEST_PATTERN: packages/cactus-plugin-keychain-aws-sm/src/test/typescript/(unit|integration|benchmark)/.*/*.test.ts JEST_TEST_RUNNER_DISABLED: true - TAPE_TEST_PATTERN: '--files={./packages/cactus-plugin-keychain-aws-sm/src/test/typescript/integration/openapi/openapi-validation.test.ts,./packages/cactus-plugin-keychain-aws-sm/src/test/typescript/integration/plugin-factory-keychain.test.ts,./packages/cactus-plugin-keychain-aws-sm/src/test/typescript/integration/plugin-factory-keychain.test.ts,./packages/cactus-plugin-keychain-aws-sm/src/test/typescript/integration/plugin-keychain-aws-sm.test.ts}' + TAPE_TEST_PATTERN: "--files={./packages/cactus-plugin-keychain-aws-sm/src/test/typescript/integration/openapi/openapi-validation.test.ts,./packages/cactus-plugin-keychain-aws-sm/src/test/typescript/integration/plugin-factory-keychain.test.ts,./packages/cactus-plugin-keychain-aws-sm/src/test/typescript/integration/plugin-factory-keychain.test.ts,./packages/cactus-plugin-keychain-aws-sm/src/test/typescript/integration/plugin-keychain-aws-sm.test.ts}" TAPE_TEST_RUNNER_DISABLED: false needs: build-dev runs-on: ubuntu-22.04 @@ -869,7 +869,7 @@ jobs: FULL_BUILD_DISABLED: true JEST_TEST_PATTERN: packages/cactus-plugin-keychain-google-sm/src/test/typescript/(unit|integration|benchmark)/.*/*.test.ts JEST_TEST_RUNNER_DISABLED: false - TAPE_TEST_PATTERN: '--files={./packages/cactus-plugin-keychain-google-sm/src/test/typescript/integration/openapi/openapi-validation.test.ts,./packages/cactus-plugin-keychain-google-sm/src/test/typescript/integration/plugin-factory-keychain.test.ts,./packages/cactus-plugin-keychain-google-sm/src/test/typescript/integration/plugin-keychain-google-sm.test.ts}' + TAPE_TEST_PATTERN: "--files={./packages/cactus-plugin-keychain-google-sm/src/test/typescript/integration/openapi/openapi-validation.test.ts,./packages/cactus-plugin-keychain-google-sm/src/test/typescript/integration/plugin-factory-keychain.test.ts,./packages/cactus-plugin-keychain-google-sm/src/test/typescript/integration/plugin-keychain-google-sm.test.ts}" TAPE_TEST_RUNNER_DISABLED: false needs: build-dev runs-on: ubuntu-22.04 @@ -946,7 +946,7 @@ jobs: FULL_BUILD_DISABLED: true JEST_TEST_PATTERN: packages/cactus-plugin-keychain-vault/src/test/typescript/(unit|integration|benchmark)/.*/*.test.ts JEST_TEST_RUNNER_DISABLED: false - TAPE_TEST_PATTERN: '--files={./packages/cactus-plugin-keychain-vault/src/test/typescript/integration/cactus-keychain-vault-server.test.ts,./packages/cactus-plugin-keychain-vault/src/test/typescript/integration/openapi/openapi-validation.test.ts,./packages/cactus-plugin-keychain-vault/src/test/typescript/integration/plugin-keychain-vault.test.ts}' + TAPE_TEST_PATTERN: "--files={./packages/cactus-plugin-keychain-vault/src/test/typescript/integration/cactus-keychain-vault-server.test.ts,./packages/cactus-plugin-keychain-vault/src/test/typescript/integration/openapi/openapi-validation.test.ts,./packages/cactus-plugin-keychain-vault/src/test/typescript/integration/plugin-keychain-vault.test.ts}" TAPE_TEST_RUNNER_DISABLED: false needs: build-dev runs-on: ubuntu-22.04 @@ -1024,11 +1024,10 @@ jobs: restore-keys: | ${{ runner.os }}-yarn-${{ hashFiles('./yarn.lock') }} - run: ./tools/ci.sh - - name: Ensure .tmp Directory Exists run: mkdir -p .tmp/benchmark-results/plugin-ledger-connector-besu/ - # Download previous benchmark result from cache (if exists) + # Download previous benchmark result from cache (if exists) - name: Download previous benchmark data uses: actions/cache@v3.3.1 with: @@ -1042,7 +1041,7 @@ jobs: - name: Store benchmark result uses: benchmark-action/github-action-benchmark@v1.19.2 with: - tool: 'benchmarkjs' + tool: "benchmarkjs" output-file-path: .tmp/benchmark-results/plugin-ledger-connector-besu/run-plugin-ledger-connector-besu-benchmark.ts.log github-token: ${{ secrets.GITHUB_TOKEN }} @@ -1051,10 +1050,10 @@ jobs: auto-push: ${{ github.ref == 'refs/heads/main' }} # Show alert with commit comment on detecting possible performance regression - alert-threshold: '5%' + alert-threshold: "5%" comment-on-alert: true fail-on-alert: true - alert-comment-cc-users: '@petermetz' + alert-comment-cc-users: "@petermetz" cpl-connector-polkadot: continue-on-error: false @@ -1114,13 +1113,12 @@ jobs: restore-keys: | ${{ runner.os }}-yarn-${{ hashFiles('./yarn.lock') }} - run: ./tools/ci.sh - + cpl-connector-stellar: continue-on-error: false needs: - build-dev - compute_changed_packages - if: needs.compute_changed_packages.outputs.plugin-ledger-connector-stellar-changed == 'true' env: FULL_BUILD_DISABLED: true JEST_TEST_PATTERN: packages/cacti-plugin-ledger-connector-stellar/src/test/typescript/(unit|integration|benchmark)/.*/*.test.ts @@ -1144,7 +1142,6 @@ jobs: ${{ runner.os }}-yarn-${{ hashFiles('./yarn.lock') }} - run: ./tools/ci.sh - plc-fabric-0: needs: - build-dev @@ -1675,7 +1672,7 @@ jobs: with: node-version: ${{ env.NODEJS_VERSION }} - uses: actions/checkout@v4.1.1 - + - id: yarn-cache name: Restore Yarn Cache uses: actions/cache@v4.0.1 @@ -1685,19 +1682,18 @@ jobs: restore-keys: | ${{ runner.os }}-yarn-${{ hashFiles('./yarn.lock') }} - run: ./tools/ci.sh - - name: Build an image from Dockerfile run: DOCKER_BUILDKIT=1 docker build . -f ./packages/cactus-plugin-ledger-connector-quorum/Dockerfile -t plugin-ledger-connector-quorum - if: ${{ env.RUN_TRIVY_SCAN == 'true' }} name: Run Trivy vulnerability scan for plugin-ledger-connector-quorum uses: aquasecurity/trivy-action@0.19.0 with: - image-ref: 'plugin-ledger-connector-quorum' - format: 'table' - exit-code: '1' + image-ref: "plugin-ledger-connector-quorum" + format: "table" + exit-code: "1" ignore-unfixed: false - vuln-type: 'os,library' - severity: 'CRITICAL,HIGH' + vuln-type: "os,library" + severity: "CRITICAL,HIGH" cplc-sawtooth: continue-on-error: false env: @@ -1780,7 +1776,7 @@ jobs: FULL_BUILD_DISABLED: true JEST_TEST_PATTERN: extensions/cactus-plugin-object-store-ipfs/src/test/typescript/(unit|integration|benchmark)/.*/*.test.ts JEST_TEST_RUNNER_DISABLED: false - TAPE_TEST_PATTERN: '--files={./extensions/cactus-plugin-object-store-ipfs/src/test/typescript/integration/plugin-object-store-ipfs.test.ts,./extensions/cactus-plugin-object-store-ipfs/src/test/typescript/unit/plugin-object-store-ipfs.test.ts}' + TAPE_TEST_PATTERN: "--files={./extensions/cactus-plugin-object-store-ipfs/src/test/typescript/integration/plugin-object-store-ipfs.test.ts,./extensions/cactus-plugin-object-store-ipfs/src/test/typescript/unit/plugin-object-store-ipfs.test.ts}" TAPE_TEST_RUNNER_DISABLED: false needs: build-dev runs-on: ubuntu-22.04 @@ -1963,7 +1959,7 @@ jobs: FULL_BUILD_DISABLED: true JEST_TEST_PATTERN: packages/cactus-test-plugin-htlc-eth-besu/src/test/typescript/(unit|integration|benchmark)/.*/*.test.ts JEST_TEST_RUNNER_DISABLED: false - TAPE_TEST_PATTERN: '--files={./packages/cactus-test-plugin-htlc-eth-besu/src/test/typescript/integration/plugin-htlc-eth-besu/get-single-status-endpoint.test.ts,./packages/cactus-test-plugin-htlc-eth-besu/src/test/typescript/integration/plugin-htlc-eth-besu/openapi/openapi-validation.test.ts}' + TAPE_TEST_PATTERN: "--files={./packages/cactus-test-plugin-htlc-eth-besu/src/test/typescript/integration/plugin-htlc-eth-besu/get-single-status-endpoint.test.ts,./packages/cactus-test-plugin-htlc-eth-besu/src/test/typescript/integration/plugin-htlc-eth-besu/openapi/openapi-validation.test.ts}" TAPE_TEST_RUNNER_DISABLED: false needs: build-dev runs-on: ubuntu-22.04 @@ -1983,7 +1979,6 @@ jobs: restore-keys: | ${{ runner.os }}-yarn-${{ hashFiles('./yarn.lock') }} - run: ./tools/ci.sh - - name: Install Foundry uses: foundry-rs/foundry-toolchain@v1 @@ -2037,7 +2032,7 @@ jobs: with: node-version: ${{ env.NODEJS_VERSION }} - uses: actions/checkout@v4.1.1 - + - id: yarn-cache name: Restore Yarn Cache uses: actions/cache@v4.0.1 @@ -2176,12 +2171,12 @@ jobs: name: Run Trivy vulnerability scan for cactus-cmd-api-server uses: aquasecurity/trivy-action@0.19.0 with: - image-ref: 'cactus-cmd-api-server' - format: 'table' - exit-code: '1' + image-ref: "cactus-cmd-api-server" + format: "table" + exit-code: "1" ignore-unfixed: false - vuln-type: 'os,library' - severity: 'CRITICAL,HIGH' + vuln-type: "os,library" + severity: "CRITICAL,HIGH" ghcr-connector-besu: needs: - compute_changed_packages @@ -2195,12 +2190,12 @@ jobs: name: Run Trivy vulnerability scan for cactus-connector-besu uses: aquasecurity/trivy-action@0.19.0 with: - image-ref: 'cactus-connector-besu' - format: 'table' - exit-code: '1' + image-ref: "cactus-connector-besu" + format: "table" + exit-code: "1" ignore-unfixed: false - vuln-type: 'os,library' - severity: 'CRITICAL,HIGH' + vuln-type: "os,library" + severity: "CRITICAL,HIGH" ghcr-connector-corda-server: runs-on: ubuntu-22.04 needs: @@ -2215,12 +2210,12 @@ jobs: name: Run Trivy vulnerability scan for cactus-connector-corda-server uses: aquasecurity/trivy-action@0.19.0 with: - image-ref: 'cactus-connector-corda-server' - format: 'table' - exit-code: '1' + image-ref: "cactus-connector-corda-server" + format: "table" + exit-code: "1" ignore-unfixed: false - vuln-type: 'os,library' - severity: 'CRITICAL,HIGH' + vuln-type: "os,library" + severity: "CRITICAL,HIGH" ghcr-connector-fabric: runs-on: ubuntu-22.04 needs: @@ -2235,12 +2230,12 @@ jobs: name: Run Trivy vulnerability scan for cactus-connector-fabric uses: aquasecurity/trivy-action@0.19.0 with: - image-ref: 'cactus-connector-fabric' - format: 'table' - exit-code: '1' + image-ref: "cactus-connector-fabric" + format: "table" + exit-code: "1" ignore-unfixed: false - vuln-type: 'os,library' - severity: 'CRITICAL,HIGH' + vuln-type: "os,library" + severity: "CRITICAL,HIGH" ghcr-corda-all-in-one: runs-on: ubuntu-22.04 needs: @@ -2266,7 +2261,7 @@ jobs: - uses: actions/checkout@v4.1.1 - name: ghcr.io/hyperledger/cactus-corda-all-in-one-obligation run: DOCKER_BUILDKIT=1 docker build ./tools/docker/corda-all-in-one/ -f ./tools/docker/corda-all-in-one/corda-v4_8/Dockerfile -t cactus-corda-all-in-one-obligation - + ghcr-dev-container-vscode: runs-on: ubuntu-22.04 needs: @@ -2297,14 +2292,14 @@ jobs: - uses: actions/checkout@v4.1.1 - name: ghcr.io/hyperledger/cactus-example-supply-chain-app run: DOCKER_BUILDKIT=1 docker build . -f ./examples/cactus-example-supply-chain-backend/Dockerfile -t cactus-example-supply-chain-app - + ghcr-fabric-all-in-one: runs-on: ubuntu-22.04 steps: - uses: actions/checkout@v4.1.1 - name: ghcr.io/hyperledger/cactus-fabric-all-in-one run: DOCKER_BUILDKIT=1 docker build ./tools/docker/fabric-all-in-one/ -f ./tools/docker/fabric-all-in-one/Dockerfile_v1.4.x - + ghcr-fabric2-all-in-one: runs-on: ubuntu-22.04 steps: @@ -2322,28 +2317,28 @@ jobs: name: Run Trivy vulnerability scan for cactus-keychain-vault-server uses: aquasecurity/trivy-action@0.19.0 with: - image-ref: 'cactus-keychain-vault-server' - format: 'table' - exit-code: '1' + image-ref: "cactus-keychain-vault-server" + format: "table" + exit-code: "1" ignore-unfixed: false - vuln-type: 'os,library' - severity: 'CRITICAL,HIGH' + vuln-type: "os,library" + severity: "CRITICAL,HIGH" ghcr-quorum-all-in-one: runs-on: ubuntu-22.04 steps: - uses: actions/checkout@v4.1.1 - name: ghcr.io/hyperledger/cactus-quorum-all-in-one run: DOCKER_BUILDKIT=1 docker build ./tools/docker/quorum-all-in-one/ -f ./tools/docker/quorum-all-in-one/Dockerfile - + ghcr-quorum-multi-party-all-in-one: runs-on: ubuntu-22.04 steps: - uses: actions/checkout@v4.1.1 - name: ghcr.io/hyperledger/cactus-quorum-multi-party-all-in-one run: DOCKER_BUILDKIT=1 docker build ./tools/docker/quorum-multi-party-all-in-one/ -f ./tools/docker/quorum-multi-party-all-in-one/Dockerfile -t cactus-quorum-multi-party-all-in-one - + name: Cactus_CI -'on': +"on": pull_request: branches: - main @@ -2352,4 +2347,4 @@ name: Cactus_CI push: branches: - main - - dev \ No newline at end of file + - dev