Skip to content

Commit

Permalink
feat: run in nightly veracode
Browse files Browse the repository at this point in the history
  • Loading branch information
@PWS-TE
PWS-TE committed Jan 21, 2025
1 parent ca69c1d commit 8a77a11
Show file tree
Hide file tree
Showing 2 changed files with 92 additions and 80 deletions.
80 changes: 0 additions & 80 deletions .github/workflows/ci.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,10 +13,6 @@ on:
- fix/**
- master
- release/**
schedule:
- cron: "0 0 * * *" # Runs every night at midnight
branches:
- master

env:
# Both variables are required to be set before the release process starts .
Expand All @@ -35,7 +31,6 @@ env:
jobs:
pre_commit:
runs-on: ubuntu-latest
if: github.event_name != 'schedule'
outputs:
java_version: ${{ env.JAVA_VERSION }}
java_version_supported_by_repo: ${{ env.JAVA_VERSION_SUPPORTED_BY_REPO }}
Expand All @@ -50,60 +45,6 @@ jobs:
write-list-to-env: true
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]

veracode_sca:
name: "Veracode - Source Clear Scan (SCA)"
runs-on: ubuntu-latest
needs:
- pre_commit
if: >
(github.ref_name == 'master' || startsWith(github.ref_name, 'release/') || github.event_name == 'pull_request') &&
!contains(github.event.head_commit.message, '[skip build]')
steps:
- uses: actions/checkout@v4
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
continue-on-error: true
with:
srcclr-api-token: ${{ secrets.SRCCLR_API_TOKEN }}

veracode_sast:
name: "Pipeline SAST Scan"
runs-on: ubuntu-latest
needs:
- pre_commit
if: >
(github.ref_name == 'master' || startsWith(github.ref_name, 'release/') || github.event_name == 'pull_request') &&
github.actor != 'dependabot[bot]' &&
!contains(github.event.head_commit.message, '[skip build]')
steps:
- uses: actions/checkout@v4
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
with:
token: ${{ secrets.BOT_GITHUB_TOKEN }}
repository: "Alfresco/veracode-baseline-archive"
file-path: "hxinsight-connector/hxinsight-connector-baseline.json"
target: "baseline.json"
- name: "Build application"
run: mvn ${{ env.MAVEN_CLI_OPTS }} clean install -DskipTests
- name: "Run SAST Scan"
uses: veracode/[email protected]
with:
vid: ${{ secrets.VERACODE_API_ID }}
vkey: ${{ secrets.VERACODE_API_KEY }}
file: "distribution/target/alfresco-hxinsight-connector-distribution-*.zip"
fail_build: false
project_name: hxinsight-connector
issue_details: true
veracode_policy_name: Alfresco Default
summary_output: true
summary_output_file: results.json
summary_display: true
baseline_file: baseline.json
- name: "Clean Maven cache"
run: bash ./scripts/ci/cleanup_cache.sh

pmd_scan:
name: "PMD Scan"
runs-on: ubuntu-latest
Expand Down Expand Up @@ -234,26 +175,6 @@ jobs:
- name: "Run e2e tests"
run: mvn ${{ env.MAVEN_CLI_OPTS }} verify -pl 'hxinsight-extension,e2e-test' -am -DskipUnitTests -DskipIntegrationTests -Dalfresco-platform.version=${{ matrix.repoVersion }} -Dalfresco-platform.java.version=${{ env.JAVA_VERSION_SUPPORTED_BY_REPO }}

nightly_tests:
name: "Run nightly tests"
runs-on: ubuntu-latest
if: github.event_name == 'schedule'
steps:
- name: "Checkout repository"
uses: actions/checkout@v4
- name: "Set up JDK"
uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
- name: "Build application"
run: mvn clean install -DskipTests -pl live-ingester
- name: "Run OpenApi Specification tests"
run: mvn test -Dtest=OpenApiRequestValidationTest -pl live-ingester
- name: "Notify on failure"
if: failure()
uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
with:
webhook-url: ${{ secrets.MS_TEAMS_WEBHOOK_URL }}
message: "Nightly tests failed"

push_docker_images:
name: "Push docker images"
runs-on: ubuntu-latest
Expand Down Expand Up @@ -298,7 +219,6 @@ jobs:
!(failure() || cancelled()) &&
(github.ref_name == 'master' || startsWith(github.ref_name, 'release/')) &&
github.event_name != 'pull_request' &&
github.event_name != 'schedule' &&
!contains(github.event.head_commit.message, '[skip build]')
steps:
- uses: actions/checkout@v4
Expand Down
92 changes: 92 additions & 0 deletions .github/workflows/nightly_tests_and_veracode.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,92 @@
name: Veracode and Nightly Tests run

on:
pull_request:
branches:
- master
- release/**

push:
branches:
- master
- release/**
schedule:
- cron: "0 0 * * *" # Runs every night at midnight

env:
MAVEN_CLI_OPTS: "-B -e -fae -V -DinstallAtEnd=true -DfailIfNoTests=false -U -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn -Pdistribution "
MAVEN_PASSWORD: ${{ secrets.NEXUS_PASSWORD }}
MAVEN_USERNAME: ${{ secrets.NEXUS_USERNAME }}
JAVA_VERSION: "17"
JAVA_VERSION_SUPPORTED_BY_REPO: "11"

jobs:
veracode_sca:
name: "Veracode - Source Clear Scan (SCA)"
runs-on: ubuntu-latest
if: >
(github.event_name == 'schedule' || github.actor == 'dependabot[bot]') &&
!contains(github.event.head_commit.message, '[skip build]')
steps:
- uses: actions/checkout@v4
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
continue-on-error: true
with:
srcclr-api-token: ${{ secrets.SRCCLR_API_TOKEN }}

veracode_sast:
name: "Pipeline SAST Scan"
runs-on: ubuntu-latest
if: >
(github.ref_name == 'master' || startsWith(github.ref_name, 'release/') || github.event_name == 'schedule') &&
github.actor != 'dependabot[bot]' &&
!contains(github.event.head_commit.message, '[skip build]')
steps:
- uses: actions/checkout@v4
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
with:
token: ${{ secrets.BOT_GITHUB_TOKEN }}
repository: "Alfresco/veracode-baseline-archive"
file-path: "hxinsight-connector/hxinsight-connector-baseline.json"
target: "baseline.json"
- name: "Build application"
run: mvn ${{ env.MAVEN_CLI_OPTS }} clean install -DskipTests
- name: "Run SAST Scan"
uses: veracode/[email protected]
with:
vid: ${{ secrets.VERACODE_API_ID }}
vkey: ${{ secrets.VERACODE_API_KEY }}
file: "distribution/target/alfresco-hxinsight-connector-distribution-*.zip"
fail_build: false
project_name: hxinsight-connector
issue_details: true
veracode_policy_name: Alfresco Default
summary_output: true
summary_output_file: results.json
summary_display: true
baseline_file: baseline.json
- name: "Clean Maven cache"
run: bash ./scripts/ci/cleanup_cache.sh

nightly_tests:
name: "Run nightly tests"
runs-on: ubuntu-latest
if: github.event_name == 'schedule'
steps:
- name: "Checkout repository"
uses: actions/checkout@v4
- name: "Set up JDK"
uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
- name: "Build application"
run: mvn clean install -DskipTests -pl live-ingester
- name: "Run OpenApi Specification tests"
run: mvn test -Dtest=OpenApiRequestValidationTest -pl live-ingester
- name: "Notify on failure"
if: failure()
uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
with:
webhook-url: ${{ secrets.MS_TEAMS_WEBHOOK_URL }}
message: "Nightly tests failed"

0 comments on commit 8a77a11

Please sign in to comment.