add security cron job #1286
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Java Agent Tests | |
on: | |
push: | |
branches: | |
- master | |
pull_request: | |
paths-ignore: | |
- 'components/**' | |
- 'inspectit-ocelot-documentation/**' | |
- 'resources/**' | |
- 'codequality/**' | |
- '**.md' | |
- '**.txt' | |
- '.github/**' | |
- '.circleci/**' | |
workflow_call: | |
jobs: | |
pr-check: | |
name: 'Agent Tests (${{ matrix.dockerimage }})' | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
dockerimage: | |
- 'ibmjava:8-sdk' | |
- 'eclipse-temurin:8' | |
- 'eclipse-temurin:11' | |
- 'eclipse-temurin:17' | |
- 'eclipse-temurin:21' | |
container: ${{ matrix.dockerimage }} | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Grant execute permission for gradlew | |
run: chmod +x gradlew | |
- name: Determine JDK version | |
id: determine-jdk | |
# if Java 21 is used, update com.palantir.docker to 0.36.0, because 0.34.0 is not compatible with gradle 8 | |
# Java 21 needs at least gradle 8 | |
shell: bash | |
run: | | |
java_version=$(java -version 2>&1 | awk -F '"' '/version/ {print $2}') | |
echo "Java version: $java_version" | |
if [[ "$java_version" == 21* ]]; then | |
echo "::set-output name=gradle_property::comPalantirDockerVersion=0.36.0" | |
else | |
echo "::set-output name=gradle_property::comPalantirDockerVersion=0.34.0" | |
fi | |
- name: Upgrade Wrapper to 8.7 for Java 21 | |
# Java 21 needs at least gradle 8 | |
shell: bash | |
run: | | |
if [[ "${{ matrix.dockerimage }}" == "eclipse-temurin:21" ]]; then | |
sed -i 's/gradle-7.6.4-bin.zip/gradle-8.7-bin.zip/' gradle/wrapper/gradle-wrapper.properties | |
cat gradle/wrapper/gradle-wrapper.properties | |
fi | |
- name: Clean Gradle cache | |
run: ./gradlew -P${{ steps.determine-jdk.outputs.gradle_property }} clean | |
- name: assemble | |
run: ./gradlew -P${{ steps.determine-jdk.outputs.gradle_property }} :inspectit-ocelot-core:assemble | |
- name: test | |
run: ./gradlew -P${{ steps.determine-jdk.outputs.gradle_property }} :inspectit-ocelot-core:test --no-daemon | |
- name: systemTest | |
run: ./gradlew -P${{ steps.determine-jdk.outputs.gradle_property }} :inspectit-ocelot-agent:systemTest | |
- name: upload test results | |
uses: actions/upload-artifact@v3 | |
if: ${{ failure() }} | |
with: | |
name: 'test-results' | |
path: | | |
inspectit-ocelot-agent/build/test-results | |
inspectit-ocelot-core/build/test-results | |
inspectit-ocelot-core/build/reports | |
inspectit-ocelot-config/build/test-results | |
coverage: | |
name: Coverage | |
runs-on: ubuntu-latest | |
container: eclipse-temurin:8-jdk | |
needs: [ pr-check ] | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Grant execute permission for gradlew | |
run: chmod +x gradlew | |
- name: Run code coverage | |
run: ./gradlew codeCoverageReport | |
- name: Upload coverage to Codecov | |
uses: codecov/codecov-action@v3 | |
with: | |
name: codecov-ocelot-agent | |
files: ./build/reports/jacoco/report.xml | |
flags: unittests | |
verbose: true | |
dependency-scan: | |
name: Dependency Scan | |
runs-on: ubuntu-latest | |
container: eclipse-temurin:8-jdk | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Grant execute permission for gradlew | |
run: chmod +x gradlew | |
- name: build | |
run: ./gradlew :inspectit-ocelot-agent:assemble | |
- name: Run DependencyCheck plugin | |
uses: dependency-check/Dependency-Check_Action@main | |
id: depcheck | |
continue-on-error: true | |
with: | |
project: inspectIT/inspectit-ocelot-agent | |
path: 'inspectit-ocelot-agent' | |
format: 'HTML' | |
args: > | |
--disableAssembly | |
--disableNodeAudit | |
--nvdApiKey ${{ secrets.NVD_API_KEY }} | |
--nvdApiDelay 10000 | |
- name: Upload test results | |
uses: actions/upload-artifact@v4 | |
with: | |
name: dependency-check-report-ocelot-agent | |
path: ${{ github.workspace }}/reports | |
# if DependencyCheck failed, the job should also fail, but only after the results were uploaded | |
- name: Validate DependencyCheck outcome | |
if: ${{ steps.depcheck.outcome == 'failure' }} | |
run: | | |
echo "DependencyCheck failed" | |
exit 1 | |
jmh-compile: | |
name: 'Compile JMH Tests' | |
runs-on: ubuntu-latest | |
container: eclipse-temurin:8-jdk | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Grant execute permission for gradlew | |
run: chmod +x gradlew | |
- name: jmhCompile | |
run: ./gradlew jmhCompile | |
attach-jdk8: | |
name: 'Runtime Attachment' | |
runs-on: ubuntu-latest | |
container: eclipse-temurin:8-jdk | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Grant execute permission for gradlew | |
run: chmod +x gradlew | |
- name: assemble | |
run: ./gradlew assemble | |
- name: attach | |
run: | | |
apk update && apk add curl | |
echo "class Dummy{public static void main(String[] args)throws InterruptedException{while (true){Thread.sleep(1000);}}}" > Dummy.java | |
javac Dummy.java | |
$(nohup java Dummy > out.txt &) | |
processId=$( ps -e -o pid,comm,args | grep 'java Dummy' | awk '{ if ($2=="java") print $1 }' ) | |
pwd | |
java -jar inspectit-ocelot-agent/build/inspectit-ocelot-agent-SNAPSHOT.jar $processId '{"inspectit.exporters.metrics.prometheus.enabled":"ENABLED"}' | |
curl -4 -o /dev/null -s -w "%{http_code}" --connect-timeout 2 --max-time 2 --retry 3 --retry-delay 3 --retry-max-time 10 --retry-connrefuse http://localhost:8888 |