Skip to content

add security cron job #1286

add security cron job

add security cron job #1286

Workflow file for this run

name: Java Agent Tests
on:
push:
branches:
- master
pull_request:
paths-ignore:
- 'components/**'
- 'inspectit-ocelot-documentation/**'
- 'resources/**'
- 'codequality/**'
- '**.md'
- '**.txt'
- '.github/**'
- '.circleci/**'
workflow_call:
jobs:
pr-check:
name: 'Agent Tests (${{ matrix.dockerimage }})'
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
dockerimage:
- 'ibmjava:8-sdk'
- 'eclipse-temurin:8'
- 'eclipse-temurin:11'
- 'eclipse-temurin:17'
- 'eclipse-temurin:21'
container: ${{ matrix.dockerimage }}
steps:
- uses: actions/checkout@v3
- name: Grant execute permission for gradlew
run: chmod +x gradlew
- name: Determine JDK version
id: determine-jdk
# if Java 21 is used, update com.palantir.docker to 0.36.0, because 0.34.0 is not compatible with gradle 8
# Java 21 needs at least gradle 8
shell: bash
run: |
java_version=$(java -version 2>&1 | awk -F '"' '/version/ {print $2}')
echo "Java version: $java_version"
if [[ "$java_version" == 21* ]]; then
echo "::set-output name=gradle_property::comPalantirDockerVersion=0.36.0"
else
echo "::set-output name=gradle_property::comPalantirDockerVersion=0.34.0"
fi
- name: Upgrade Wrapper to 8.7 for Java 21
# Java 21 needs at least gradle 8
shell: bash
run: |
if [[ "${{ matrix.dockerimage }}" == "eclipse-temurin:21" ]]; then
sed -i 's/gradle-7.6.4-bin.zip/gradle-8.7-bin.zip/' gradle/wrapper/gradle-wrapper.properties
cat gradle/wrapper/gradle-wrapper.properties
fi
- name: Clean Gradle cache
run: ./gradlew -P${{ steps.determine-jdk.outputs.gradle_property }} clean
- name: assemble
run: ./gradlew -P${{ steps.determine-jdk.outputs.gradle_property }} :inspectit-ocelot-core:assemble
- name: test
run: ./gradlew -P${{ steps.determine-jdk.outputs.gradle_property }} :inspectit-ocelot-core:test --no-daemon
- name: systemTest
run: ./gradlew -P${{ steps.determine-jdk.outputs.gradle_property }} :inspectit-ocelot-agent:systemTest
- name: upload test results
uses: actions/upload-artifact@v3
if: ${{ failure() }}
with:
name: 'test-results'
path: |
inspectit-ocelot-agent/build/test-results
inspectit-ocelot-core/build/test-results
inspectit-ocelot-core/build/reports
inspectit-ocelot-config/build/test-results
coverage:
name: Coverage
runs-on: ubuntu-latest
container: eclipse-temurin:8-jdk
needs: [ pr-check ]
steps:
- uses: actions/checkout@v3
- name: Grant execute permission for gradlew
run: chmod +x gradlew
- name: Run code coverage
run: ./gradlew codeCoverageReport
- name: Upload coverage to Codecov
uses: codecov/codecov-action@v3
with:
name: codecov-ocelot-agent
files: ./build/reports/jacoco/report.xml
flags: unittests
verbose: true
dependency-scan:
name: Dependency Scan
runs-on: ubuntu-latest
container: eclipse-temurin:8-jdk
steps:
- uses: actions/checkout@v3
- name: Grant execute permission for gradlew
run: chmod +x gradlew
- name: build
run: ./gradlew :inspectit-ocelot-agent:assemble
- name: Run DependencyCheck plugin
uses: dependency-check/Dependency-Check_Action@main
id: depcheck
continue-on-error: true
with:
project: inspectIT/inspectit-ocelot-agent
path: 'inspectit-ocelot-agent'
format: 'HTML'
args: >
--disableAssembly
--disableNodeAudit
--nvdApiKey ${{ secrets.NVD_API_KEY }}
--nvdApiDelay 10000
- name: Upload test results
uses: actions/upload-artifact@v4
with:
name: dependency-check-report-ocelot-agent
path: ${{ github.workspace }}/reports
# if DependencyCheck failed, the job should also fail, but only after the results were uploaded
- name: Validate DependencyCheck outcome
if: ${{ steps.depcheck.outcome == 'failure' }}
run: |
echo "DependencyCheck failed"
exit 1
jmh-compile:
name: 'Compile JMH Tests'
runs-on: ubuntu-latest
container: eclipse-temurin:8-jdk
steps:
- uses: actions/checkout@v3
- name: Grant execute permission for gradlew
run: chmod +x gradlew
- name: jmhCompile
run: ./gradlew jmhCompile
attach-jdk8:
name: 'Runtime Attachment'
runs-on: ubuntu-latest
container: eclipse-temurin:8-jdk
steps:
- uses: actions/checkout@v3
- name: Grant execute permission for gradlew
run: chmod +x gradlew
- name: assemble
run: ./gradlew assemble
- name: attach
run: |
apk update && apk add curl
echo "class Dummy{public static void main(String[] args)throws InterruptedException{while (true){Thread.sleep(1000);}}}" > Dummy.java
javac Dummy.java
$(nohup java Dummy > out.txt &)
processId=$( ps -e -o pid,comm,args | grep 'java Dummy' | awk '{ if ($2=="java") print $1 }' )
pwd
java -jar inspectit-ocelot-agent/build/inspectit-ocelot-agent-SNAPSHOT.jar $processId '{"inspectit.exporters.metrics.prometheus.enabled":"ENABLED"}'
curl -4 -o /dev/null -s -w "%{http_code}" --connect-timeout 2 --max-time 2 --retry 3 --retry-delay 3 --retry-max-time 10 --retry-connrefuse http://localhost:8888