IDS-10052: Keystore Certificates Validation (#191) #672
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CWS CI Camunda | |
# Triggers the workflow on push | |
on: | |
push: | |
schedule: | |
# trigger a build and test of CWS weekly on Monday at 5 AM PST / 12 PM UTC | |
- cron: '0 12 * * 1' | |
env: | |
TEAM: ("jamesfwood" "voxparcxls" "galenhollins" "galenatjpl" "jeffreypon") | |
jobs: | |
build-and-test-cws: | |
runs-on: ubuntu-latest | |
env: | |
SECURITY: "CAMUNDA" | |
WORKERS: 1 | |
services: | |
mdb103: | |
image: mariadb:10.6 | |
ports: | |
- 3306:3306 | |
env: | |
MYSQL_DATABASE: cws_dev | |
MYSQL_ROOT_PASSWORD: adminpw | |
options: >- | |
--name mdb103 | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Set up JDK 11 | |
uses: actions/setup-java@v3 | |
with: | |
java-version: '11' | |
distribution: 'temurin' | |
cache: maven | |
- name: Create open-source certs | |
run: | | |
cd cws-certs | |
chmod +x generate-certs.sh | |
./generate-certs.sh | |
- name: Set up Keystore storepass | |
run: | | |
mkdir ~/.cws/ | |
chmod 700 ~/.cws/ | |
echo ${{ secrets.KEYSTORE_PASSWORD }} > ~/.cws/creds | |
chmod 600 ~/.cws/creds | |
- name: Download Logstash | |
uses: carlosperate/download-file-action@v1 | |
with: | |
file-url: https://artifacts.elastic.co/downloads/logstash/logstash-8.8.0-windows-x86_64.zip | |
file-name: logstash-8.8.0.zip | |
location: install/logging/ | |
- name: Check for Logstash | |
run: | | |
cd install/logging/ | |
ls -l | |
- name: Set up Elasticsearch | |
run: | | |
cd install/docker/es-only | |
docker-compose up -d | |
- name: Show Docker containers | |
run: | | |
sleep 5s | |
docker ps -a | |
- name: Build CWS | |
id: build | |
run: | | |
cd ci | |
chmod +x run_ci.sh | |
./run_ci.sh $SECURITY $WORKERS | |
shell: bash | |
- name: Show CWS Log | |
run: | | |
cd dist/console-only/cws/server/apache-tomcat-9.0.75/logs | |
ls -al | |
- name: Set up Google Chrome | |
run: | | |
sudo apt-get update | |
sudo apt-get --only-upgrade install google-chrome-stable | |
- name: Display Google Chrome version | |
run: google-chrome --version | |
- name: Run Unit Tests | |
id: unit | |
run: mvn -Dmaven.compiler.debug=true -Dmaven.compiler.debuglevel=lines,vars,source clean test jacoco:report-aggregate | |
shell: bash | |
- name: Run Integration Tests | |
id: integration | |
run: mvn -Dmaven.compiler.debug=true -Dmaven.compiler.debuglevel=lines,vars,source integration-test verify -DskipTests | |
shell: bash | |
- name: Upload Jacoco report | |
uses: actions/upload-artifact@v3 | |
with: | |
name: jacoco-report | |
path: jacoco-reports/aggregate/index.html | |
- name: Upload test screenshots | |
if: ${{ always() && steps.build.outcome == 'success' }} | |
uses: actions/upload-artifact@v3 | |
with: | |
name: test-screenshots | |
path: test-screenshots/ | |
- name: Send custom JSON data to Slack workflow | |
if: ${{ always() && contains(env.TEAM, github.actor) }} | |
id: slack | |
uses: slackapi/[email protected] | |
with: | |
# This data can be any valid JSON from a previous step in the GitHub Action | |
payload: | | |
{ | |
"status": "CWS CI Camunda build and test result: ${{ job.status }}\n${{ github.event.pull_request.html_url || github.event.head_commit.url }}\nBuild result: ${{ steps.build.outcome }}\nUnit test result: ${{ steps.unit.outcome }}\nIntegration test result: ${{ steps.integration.outcome }}", | |
"blocks": [ | |
{ | |
"type": "section", | |
"text": { | |
"type": "mrkdwn", | |
"text": "CWS CI Camunda build and test result: ${{ job.status }}\n${{ github.event.pull_request.html_url || github.event.head_commit.url }}\nBuild result: ${{ steps.build.outcome }}\nUnit test result: ${{ steps.unit.outcome }}\nIntegration test result: ${{ steps.integration.outcome }}" | |
} | |
} | |
] | |
} | |
env: | |
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} | |
advanced-test: | |
runs-on: ubuntu-latest | |
env: | |
SECURITY: "CAMUNDA" | |
WORKERS: 2 | |
services: | |
mdb103: | |
image: mariadb:10.6 | |
ports: | |
- 3306:3306 | |
env: | |
MYSQL_DATABASE: cws_dev | |
MYSQL_ROOT_PASSWORD: adminpw | |
options: >- | |
--name mdb103 | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Set up JDK 11 | |
uses: actions/setup-java@v3 | |
with: | |
java-version: '11' | |
distribution: 'temurin' | |
cache: maven | |
- name: Create open-source certs | |
run: | | |
cd cws-certs | |
chmod +x generate-certs.sh | |
./generate-certs.sh | |
- name: Set up Keystore storepass | |
run: | | |
mkdir ~/.cws/ | |
chmod 700 ~/.cws/ | |
echo ${{ secrets.KEYSTORE_PASSWORD }} > ~/.cws/creds | |
chmod 600 ~/.cws/creds | |
- name: Download Logstash | |
uses: carlosperate/download-file-action@v1 | |
with: | |
file-url: https://artifacts.elastic.co/downloads/logstash/logstash-8.8.0-windows-x86_64.zip | |
file-name: logstash-8.8.0.zip | |
location: install/logging/ | |
- name: Check for Logstash | |
run: | | |
cd install/logging/ | |
ls -l | |
- name: Set up Elasticsearch | |
run: | | |
cd install/docker/es-only | |
docker-compose up -d | |
- name: Show Docker containers | |
run: | | |
sleep 5s | |
docker ps -a | |
- name: Build CWS | |
id: build | |
run: | | |
cd ci | |
chmod +x run_ci.sh | |
./run_ci.sh $SECURITY $WORKERS | |
shell: bash | |
- name: Show CWS Log | |
run: | | |
cd dist/console-only/cws/server/apache-tomcat-9.0.75/logs | |
ls -al | |
- name: Set up Google Chrome | |
run: | | |
sudo apt-get update | |
sudo apt-get --only-upgrade install google-chrome-stable | |
- name: Display Google Chrome version | |
run: google-chrome --version | |
- name: Run Load Integration Test | |
id: load | |
run: mvn -Dmaven.compiler.debug=true -Dmaven.compiler.debuglevel=lines,vars, -Dit.test=LoadTestIT verify -DskipTests | |
shell: bash | |
- name: Upload test screenshots | |
if: ${{ always() && steps.build.outcome == 'success' }} | |
uses: actions/upload-artifact@v3 | |
with: | |
name: test-screenshots-advanced | |
path: test-screenshots/ | |
- name: Send custom JSON data to Slack workflow | |
if: ${{ always() && contains(env.TEAM, github.actor) }} | |
id: slack | |
uses: slackapi/[email protected] | |
with: | |
# This data can be any valid JSON from a previous step in the GitHub Action | |
payload: | | |
{ | |
"status": "CWS CI Camunda advanced test result: ${{ job.status }}\n${{ github.event.pull_request.html_url || github.event.head_commit.url }}\nBuild result: ${{ steps.build.outcome }}\nLoad integration test result: ${{ steps.load.outcome }}", | |
"blocks": [ | |
{ | |
"type": "section", | |
"text": { | |
"type": "mrkdwn", | |
"text": "CWS CI Camunda advanced test result: ${{ job.status }}\n${{ github.event.pull_request.html_url || github.event.head_commit.url }}\nBuild result: ${{ steps.build.outcome }}\nLoad integration test result: ${{ steps.load.outcome }}" | |
} | |
} | |
] | |
} | |
env: | |
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} | |
publish-cws-image: | |
if: ${{ github.ref_type == 'tag' }} | |
needs: [build-and-test-cws, advanced-test] | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out the repo | |
uses: actions/checkout@v3 | |
- name: Set up JDK 11 | |
uses: actions/setup-java@v3 | |
with: | |
java-version: '11' | |
distribution: 'temurin' | |
cache: maven | |
- name: Log in to Docker Hub | |
uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9 | |
with: | |
username: ${{ secrets.DOCKER_USERNAME }} | |
password: ${{ secrets.DOCKER_PASSWORD }} | |
- name: Generate CWS Docker image | |
run: | | |
cd install/docker/cws-image | |
./build.sh | |
- name: Re-Tag CWS Docker image for open source | |
run: docker tag nasa-ammos/common-workflow-service:${{ github.ref_name }} ${{ secrets.DOCKER_USERNAME }}/common-workflow-service:${{ github.ref_name }} | |
- name: Push CWS Docker image | |
run: docker push ${{ secrets.DOCKER_USERNAME }}/common-workflow-service:${{ github.ref_name }} |