Skip to content

Commit

Permalink
refactor config-server workflow
Browse files Browse the repository at this point in the history
  • Loading branch information
EddeCCC committed Dec 3, 2024
1 parent d5a1a1d commit 4a1cf80
Show file tree
Hide file tree
Showing 5 changed files with 89 additions and 105 deletions.
1 change: 0 additions & 1 deletion .github/workflows/agent_security_check.yml
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,6 @@ jobs:
run: chmod +x gradlew
- name: build
run: ./gradlew :inspectit-ocelot-agent:assemble
# the action has not been updated a while, but it always uses the latest plugin version
- name: Run DependencyCheck plugin
uses: dependency-check/Dependency-Check_Action@main
id: depcheck
Expand Down
49 changes: 0 additions & 49 deletions .github/workflows/configurationserver-security_check.yml

This file was deleted.

86 changes: 86 additions & 0 deletions .github/workflows/configurationserver_security_check.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,86 @@
name: Automatic Security Check Configuration-Server

on:
schedule:
- cron: "0 8 1,15 * *" # At 08:00 on day-of-month 1 and 15

jobs:
security-check:
name: Security Check Configuration-Server
runs-on: ubuntu-latest
container: eclipse-temurin:17
steps:
- uses: actions/checkout@v3
- name: Grant execute permission for gradlew
run: chmod +x gradlew
- name: build Configuration-Server
run: ./gradlew :inspectit-ocelot-configurationserver:bootJarWithFrontend
- name: Run DependencyCheck Backend
uses: dependency-check/Dependency-Check_Action@main
id: depcheck
continue-on-error: true
with:
project: inspectIT/inspectit-ocelot-configuration-server
path: 'components/inspectit-ocelot-configurationserver'
format: 'HTML'
out: 'reports/configuration-server'
args: >
--disableAssembly
--disableNodeAudit
--nvdApiKey ${{ secrets.NVD_API_KEY }}
--nvdApiDelay 10000
- name: Run DependencyCheck UI
uses: dependency-check/Dependency-Check_Action@main
id: depcheck-ui
continue-on-error: true
with:
project: inspectIT/inspectit-ocelot-configuration-server-ui
path: 'components/inspectit-ocelot-configurationserver-ui'
format: 'HTML'
out: 'reports/configuration-server-ui'
args: >
--disableAssembly
--disableNodeAudit
--nvdApiKey ${{ secrets.NVD_API_KEY }}
--nvdApiDelay 10000
- name: build ConfigDocsGenerator
run: ./gradlew :inspectit-ocelot-configdocsgenerator:assemble
- name: Run DependencyCheck ConfigDocsGenerator
uses: dependency-check/Dependency-Check_Action@main
id: depcheck-docs
continue-on-error: true
with:
project: inspectIT/inspectit-ocelot-configdocsgenerator
path: 'components/inspectit-ocelot-configdocsgenerator'
format: 'HTML'
out: 'reports/configdocsgenerator'
args: >
--disableAssembly
--disableNodeAudit
--nvdApiKey ${{ secrets.NVD_API_KEY }}
--nvdApiDelay 10000
- name: Upload test results
uses: actions/upload-artifact@v4
with:
name: dependency-check-report-ocelot-configurationserver
path: ${{ github.workspace }}/reports
- name: Set DependencyCheck status
run: |
if [ ${{ steps.depcheck.outcome == 'failure' || steps.depcheck-ui.outcome == 'failure' || steps.depcheck-docs.outcome == 'failure' }} == "true" ]; then
echo "DEP_CHECK_STATUS=failure" >> $GITHUB_ENV
else
echo "DEP_CHECK_STATUS=success" >> $GITHUB_ENV
fi
- name: Send Notification
uses: slackapi/[email protected]
with:
webhook: ${{ secrets.SLACK_WEBHOOK_URL }}
webhook-type: incoming-webhook
payload: |
text: "*Ocelot-Configuration-Server Dependency-Check Report*: ${{ env.DEP_CHECK_STATUS }}\nPlease check the report here: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"
# if DependencyCheck failed, the job should also fail, but only after the results were uploaded
- name: Validate DependencyCheck outcome
if: ${{ env.DEP_CHECK_STATUS == 'failure' }}
run: |
echo "DependencyCheck failed"
exit 1
36 changes: 3 additions & 33 deletions .github/workflows/configurationserver_test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -41,9 +41,9 @@ jobs:
- uses: actions/checkout@v3
- name: Grant execute permission for gradlew
run: chmod +x gradlew
- name: build Configuration-server
- name: build Configuration-Server
run: ./gradlew :inspectit-ocelot-configurationserver:bootJarWithFrontend
- name: Run DependencyCheck plugin
- name: Run DependencyCheck
uses: dependency-check/Dependency-Check_Action@main
id: depcheck
continue-on-error: true
Expand All @@ -57,44 +57,14 @@ jobs:
--disableNodeAudit
--nvdApiKey ${{ secrets.NVD_API_KEY }}
--nvdApiDelay 10000
- name: Run DependencyCheck plugin
uses: dependency-check/Dependency-Check_Action@main
id: depcheck-ui
continue-on-error: true
with:
project: inspectIT/inspectit-ocelot-configuration-server-ui
path: 'components/inspectit-ocelot-configurationserver-ui'
format: 'HTML'
out: 'reports/configuration-server-ui'
args: >
--disableAssembly
--disableNodeAudit
--nvdApiKey ${{ secrets.NVD_API_KEY }}
--nvdApiDelay 10000
- name: build Configdocsgenerator
run: ./gradlew :inspectit-ocelot-configdocsgenerator:assemble
- name: Run DependencyCheck plugin
uses: dependency-check/Dependency-Check_Action@main
id: depcheck-docs
continue-on-error: true
with:
project: inspectIT/inspectit-ocelot-configdocsgenerator
path: 'components/inspectit-ocelot-configdocsgenerator'
format: 'HTML'
out: 'reports/configdocsgenerator'
args: >
--disableAssembly
--disableNodeAudit
--nvdApiKey ${{ secrets.NVD_API_KEY }}
--nvdApiDelay 10000
- name: Upload test results
uses: actions/upload-artifact@v4
with:
name: dependency-check-report-ocelot-configurationserver
path: ${{ github.workspace }}/reports
# if DependencyCheck failed, the job should also fail, but only after the results were uploaded
- name: Validate DependencyCheck outcome
if: ${{ steps.depcheck.outcome == 'failure' || steps.depcheck-ui.outcome == 'failure' || steps.depcheck-docs.outcome == 'failure' }}
if: ${{ steps.depcheck.outcome == 'failure' }}
run: |
echo "DependencyCheck failed"
exit 1
22 changes: 0 additions & 22 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -35,28 +35,6 @@ jobs:
- name: Calculate checksums of release artifacts
working-directory: ./artifacts
run: for f in *; do sha256sum "$f" >> inspectit-ocelot-sha256-checksums.txt; done
- name: Scan dependencies agent
uses: dependency-check/Dependency-Check_Action@main
with:
project: inspectIT/inspectit-ocelot-agent
path: 'inspectit-ocelot-agent'
format: 'HTML'
args: >
--disableAssembly
--disableNodeAudit
--nvdApiKey ${{ secrets.NVD_API_KEY }}
--nvdApiDelay 10000
- name: Scan dependencies configuration-server
uses: dependency-check/Dependency-Check_Action@main
with:
project: inspectIT/inspectit-ocelot-configuration-server
path: 'components/inspectit-ocelot-configurationserver'
format: 'HTML'
args: >
--disableAssembly
--disableNodeAudit
--nvdApiKey ${{ secrets.NVD_API_KEY }}
--nvdApiDelay 10000
- name: "Get previous tag"
id: previoustag
# this gets the tag of the previous release based on the tags in the repo
Expand Down

0 comments on commit 4a1cf80

Please sign in to comment.