diff --git a/.github/workflows/app-eps_develop.yml b/.github/workflows/app-eps_develop.yml index a303a9ee7..653f15b2d 100644 --- a/.github/workflows/app-eps_develop.yml +++ b/.github/workflows/app-eps_develop.yml @@ -56,6 +56,6 @@ jobs: container_scan: name: Container Scan needs: build_and_push - uses: iris-connect/iris-client/.github/workflows/trivy-container-scan.yml@develop + uses: iris-connect/iris-client/.github/workflows/sub.trivy-container-scan.yml@develop with: image-refs: "[ '${{needs.build_and_push.outputs.image-ref}}' ]" diff --git a/.github/workflows/client_develop.yml b/.github/workflows/client_develop.yml new file mode 100644 index 000000000..34f643227 --- /dev/null +++ b/.github/workflows/client_develop.yml @@ -0,0 +1,123 @@ +name: Client Develop + +on: + push: + branches: + - develop + pull_request: + branches: + - develop + - main + +jobs: + skip_check: + name: Determines Job skipping + continue-on-error: true # Uncomment once integration is finished + runs-on: ubuntu-latest + # Map a step output to a job output + outputs: + should_skip_bff: ${{ steps.skip_check_bff.outputs.should_skip }} + should_skip_fe: ${{ steps.skip_check_fe.outputs.should_skip }} + steps: + - id: skip_check_bff + name: Skip Check BFF + uses: fkirc/skip-duplicate-actions@master + with: + # All of these options are optional, so you can remove them if you are happy with the defaults + skip_after_successful_duplicate: 'false' + cancel_others: 'true' + paths_ignore: '["**/README.md", "**/Readme.md", "**/docs/**", "**/postman/**"]' + paths: '[".github/workflows/sub.bff_develop.yml", "iris-client-bff/**"]' + + - id: skip_check_fe + name: Skip Check FE + uses: fkirc/skip-duplicate-actions@master + with: + skip_after_successful_duplicate: 'false' + cancel_others: 'true' + paths_ignore: '["**/README.md", "**/Readme.md", "**/docs/**", "**/postman/**"]' + paths: '[".github/workflows/sub.fe_develop.yml", "iris-client-fe/**"]' + + determine_images: + name: Determines Relevant Images + needs: skip_check + runs-on: ubuntu-latest + outputs: + images: ${{ env.IMAGES }} + steps: + - id: step + name: Determines Relevant Images + run: | + declare -a image_array + + if [ ${{ needs.skip_check.outputs.should_skip_bff }} != 'true' ]; then + image_array+=(inoeg/iris-client-bff) + fi + if [ ${{ needs.skip_check.outputs.should_skip_fe }} != 'true' ]; then + image_array+=(inoeg/iris-client-frontend) + fi + + echo "IMAGES=$(IFS=,; echo "${image_array[*]}")" >> $GITHUB_ENV +# echo "tags=$(echo $IMAGE_JSON | jq -c '[.tags[] | select(test("bff|fr"))]')" >> $GITHUB_ENV + + determine_tag: + name: Determines Image Tag + needs: determine_images + if: ${{ needs.determine_images.outputs.images != '' }} + runs-on: ubuntu-latest + # Map a step output to a job output + outputs: + image_tag: ${{ steps.step.outputs.version }} + image_json: ${{ steps.step.outputs.json }} + steps: + - name: Determines Image Tag + id: step + uses: docker/metadata-action@v3 + with: + images: ${{needs.determine_images.outputs.images}} + + bff: + name: Build BFF + needs: [skip_check, determine_tag] + if: ${{ needs.skip_check.outputs.should_skip_bff != 'true' }} + uses: iris-connect/iris-client/.github/workflows/sub.bff_develop.yml@chore/optimized_build + with: + image_tag: ${{needs.determine_tag.outputs.image_tag}} + secrets: + DOCKER_HUB_USER: ${{ secrets.DOCKER_HUB_USER }} + DOCKER_HUB_PW: ${{ secrets.DOCKER_HUB_PW }} + + publish-test-results: + name: Publish Test Results + needs: bff + # the previous job might be skipped, we don't need to run this job then + if: success() || failure() + uses: iris-connect/iris-client/.github/workflows/sub.publish-test-results.yml@chore/optimized_build + + fe: + name: Build FE + needs: [skip_check, determine_tag] + if: ${{ needs.skip_check.outputs.should_skip_fe != 'true' }} + uses: iris-connect/iris-client/.github/workflows/sub.fe_develop.yml@chore/optimized_build + with: + image_tag: ${{needs.determine_tag.outputs.image_tag}} + secrets: + DOCKER_HUB_USER: ${{ secrets.DOCKER_HUB_USER }} + DOCKER_HUB_PW: ${{ secrets.DOCKER_HUB_PW }} + + e2e_test: + name: Run E2E Tests + needs: [bff, fe] + if: ${{ !failure() && !cancelled() && (success('bff') || success('fe')) }} +# if: ${{ always() && contains(needs.*.result, 'success') && !(contains(needs.*.result, 'failure')) }} +# from: https://github.community/t/run-a-job-if-at-least-one-of-the-previous-ones-succeeded/163777/2 +# Does not work! See also for the solution above: https://github.com/actions/runner/issues/491 + uses: iris-connect/iris-client/.github/workflows/sub.fe-e2e-test.yml@chore/optimized_build + + container_scan: + name: Container Scan + needs: [determine_tag, bff, fe] + if: ${{ !failure() && !cancelled() }} + uses: iris-connect/iris-client/.github/workflows/sub.trivy-container-scan.yml@chore/optimized_build + with: + image-refs: ${{ toJSON(fromJSON(needs.determine_tag.outputs.image_json).tags) }} diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index a8f16a815..bb44ffdfa 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -1,4 +1,4 @@ -name: "CodeQL" +name: CodeQL on: push: diff --git a/.github/workflows/iris-client-eps_develop.yml b/.github/workflows/iris-client-eps_develop.yml index b6d3dd50b..bd6ec66da 100644 --- a/.github/workflows/iris-client-eps_develop.yml +++ b/.github/workflows/iris-client-eps_develop.yml @@ -56,6 +56,6 @@ jobs: container_scan: name: Container Scan needs: build_and_push - uses: iris-connect/iris-client/.github/workflows/trivy-container-scan.yml@develop + uses: iris-connect/iris-client/.github/workflows/sub.trivy-container-scan.yml@develop with: image-refs: "[ '${{needs.build_and_push.outputs.image-ref}}' ]" diff --git a/.github/workflows/iris-client-proxy_develop.yml b/.github/workflows/iris-client-proxy_develop.yml index e0c0397d7..4bd1a4d9d 100644 --- a/.github/workflows/iris-client-proxy_develop.yml +++ b/.github/workflows/iris-client-proxy_develop.yml @@ -56,6 +56,6 @@ jobs: container_scan: name: Container Scan needs: build_and_push - uses: iris-connect/iris-client/.github/workflows/trivy-container-scan.yml@develop + uses: iris-connect/iris-client/.github/workflows/sub.trivy-container-scan.yml@develop with: image-refs: "[ '${{needs.build_and_push.outputs.image-ref}}' ]" diff --git a/.github/workflows/nginx_develop.yml b/.github/workflows/nginx_develop.yml index 410888460..7740bc2c2 100644 --- a/.github/workflows/nginx_develop.yml +++ b/.github/workflows/nginx_develop.yml @@ -57,6 +57,6 @@ jobs: container_scan: name: Container Scan needs: build_and_push - uses: iris-connect/iris-client/.github/workflows/trivy-container-scan.yml@develop + uses: iris-connect/iris-client/.github/workflows/sub.trivy-container-scan.yml@develop with: image-refs: "[ '${{needs.build_and_push.outputs.image-ref}}' ]" diff --git a/.github/workflows/release-gitflow.yml b/.github/workflows/release-gitflow.yml index c35bc8e8c..b5a065f2f 100644 --- a/.github/workflows/release-gitflow.yml +++ b/.github/workflows/release-gitflow.yml @@ -10,10 +10,6 @@ on: - next - next-major - 1.** - -defaults: - run: - shell: bash jobs: release-client: @@ -82,11 +78,16 @@ jobs: publish-test-results: name: Publish Test Results needs: release-client - uses: iris-connect/iris-client/.github/workflows/publish-test-results.yml@develop + uses: iris-connect/iris-client/.github/workflows/sub.publish-test-results.yml@develop + + e2e_test: + name: Run E2E Tests + needs: release-client + uses: iris-connect/iris-client/.github/workflows/sub.fe-e2e-test.yml@chore/optimized_build container_scan: name: Container Scan needs: release-client - uses: iris-connect/iris-client/.github/workflows/trivy-container-scan.yml@develop + uses: iris-connect/iris-client/.github/workflows/sub.trivy-container-scan.yml@develop with: image-refs: "[ 'inoeg/iris-client-bff:latest', 'inoeg/iris-client-frontend:latest', 'inoeg/iris-client-nginx:latest', 'inoeg/iris-client-eps:latest', 'inoeg/iris-client-proxy:latest', 'inoeg/app-eps:latest']" diff --git a/.github/workflows/bff_develop.yml b/.github/workflows/sub.bff_develop.yml similarity index 60% rename from .github/workflows/bff_develop.yml rename to .github/workflows/sub.bff_develop.yml index b67da6893..2178d7299 100644 --- a/.github/workflows/bff_develop.yml +++ b/.github/workflows/sub.bff_develop.yml @@ -4,29 +4,23 @@ name: BFF Develop on: - push: - branches: - - develop - paths: - - iris-client-bff/** - - .github/workflows/bff_develop.yml - pull_request: - branches: - - develop - -defaults: - run: - shell: bash + workflow_call: + inputs: + image_tag: + description: 'Tag that will be added to the image name' + required: true + type: string + secrets: + DOCKER_HUB_USER: + required: true + DOCKER_HUB_PW: + required: true jobs: build_and_push: name: Build and push to docker.io runs-on: ubuntu-latest - # Map a step output to a job output - outputs: - image-ref: ${{ steps.meta.outputs.tags }} - steps: - name: Checkout code uses: actions/checkout@v2.4.0 @@ -45,15 +39,9 @@ jobs: restore-keys: | ${{ runner.os }}-maven- - - name: Create image tag - id: meta - uses: docker/metadata-action@v3 - with: - images: inoeg/iris-client-bff - - name: build, package and publish the image run: | - mvn -B clean verify spring-boot:build-image -am -pl iris-client-bff -Dspring-boot.build-image.publish=true -Dversion.tag=${{ steps.meta.outputs.version }} + mvn -B clean verify spring-boot:build-image -am -pl iris-client-bff -Dspring-boot.build-image.publish=true -Dversion.tag=${{ inputs.image_tag }} env: DOCKER_HUB_USER: ${{ secrets.DOCKER_HUB_USER }} DOCKER_HUB_PW: ${{ secrets.DOCKER_HUB_PW }} @@ -67,15 +55,3 @@ jobs: **/surefire-reports/*.xml **/failsafe-reports/*.xml !**/failsafe-reports/failsafe-summary.xml - - publish-test-results: - name: Publish Test Results - needs: build_and_push - uses: iris-connect/iris-client/.github/workflows/publish-test-results.yml@develop - - container_scan: - name: Container Scan - needs: build_and_push - uses: iris-connect/iris-client/.github/workflows/trivy-container-scan.yml@develop - with: - image-refs: "[ '${{needs.build_and_push.outputs.image-ref}}' ]" diff --git a/.github/workflows/fe-e2e-test.yml b/.github/workflows/sub.fe-e2e-test.yml similarity index 62% rename from .github/workflows/fe-e2e-test.yml rename to .github/workflows/sub.fe-e2e-test.yml index 223ded1a9..08e999cfc 100644 --- a/.github/workflows/fe-e2e-test.yml +++ b/.github/workflows/sub.fe-e2e-test.yml @@ -1,19 +1,32 @@ name: FE e2e Test on: - push: - branches: - - main - - release - - develop - - 1.** - pull_request: - branches: - - develop + workflow_call: jobs: + pre_job: + name: Determines job skipping + # continue-on-error: true # Uncomment once integration is finished + runs-on: ubuntu-latest + # Map a step output to a job output + outputs: + should_skip: ${{ steps.skip_check.outputs.should_skip }} + steps: + - id: skip_check + uses: fkirc/skip-duplicate-actions@master + with: + # All of these options are optional, so you can remove them if you are happy with the defaults + skip_after_successful_duplicate: 'true' + concurrent_skipping: 'never' + cancel_others: 'true' + paths_ignore: '["**/README.md", "**/docs/**", "**/postman/**", ".reuse/**", "infrastructure/**", "LICENSES/**", "iris-client-eps/**"]' + cypress-run: - runs-on: ubuntu-20.04 + name: Run Cypress E2E Tests + needs: pre_job +# if: ${{ always() && contains(needs.*.result, 'success') && !contains(needs.*.result, 'failure') }} +# || needs.pre_job.outputs.should_skip != 'true' }} + runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@v2.4.0 diff --git a/.github/workflows/fe_develop.yml b/.github/workflows/sub.fe_develop.yml similarity index 50% rename from .github/workflows/fe_develop.yml rename to .github/workflows/sub.fe_develop.yml index ebdd3a009..f3e6e4035 100644 --- a/.github/workflows/fe_develop.yml +++ b/.github/workflows/sub.fe_develop.yml @@ -1,24 +1,25 @@ name: FE Develop on: - push: - branches: - - develop - paths: - - iris-client-fe/** - - .github/workflows/fe_develop.yml - pull_request: - branches: - - develop + workflow_call: + inputs: + image_tag: + description: 'Tag that will be added to the image name' + required: true + type: string + secrets: + DOCKER_HUB_USER: + required: true + DOCKER_HUB_PW: + required: true jobs: build_and_push: name: Build and push to docker.io runs-on: ubuntu-latest - # Map a step output to a job output - outputs: - image-ref: ${{ steps.meta.outputs.tags }} + env: + tags: inoeg/iris-client-frontend:${{ inputs.image_tag }} steps: - name: Check out the repo @@ -27,12 +28,6 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v1 - - name: Create image tag - id: meta - uses: docker/metadata-action@v3 - with: - images: inoeg/iris-client-frontend - - name: Login to DockerHub uses: docker/login-action@v1 with: @@ -43,17 +38,10 @@ jobs: uses: docker/build-push-action@v2.7.0 with: context: ./iris-client-fe/ - tags: ${{ steps.meta.outputs.tags }} + tags: ${{ env.tags }} push: true build-args: | - VUE_APP_VERSION_ID=${{ steps.meta.outputs.tags }} + VUE_APP_VERSION_ID=${{ env.tags }} VUE_APP_BUILD_ID=${{ github.sha }} labels: | iris.client-fe.image.revision=${{ github.sha }} - - container_scan: - name: Container Scan - needs: build_and_push - uses: iris-connect/iris-client/.github/workflows/trivy-container-scan.yml@develop - with: - image-refs: "[ '${{needs.build_and_push.outputs.image-ref}}' ]" diff --git a/.github/workflows/publish-test-results.yml b/.github/workflows/sub.publish-test-results.yml similarity index 85% rename from .github/workflows/publish-test-results.yml rename to .github/workflows/sub.publish-test-results.yml index b068eafc9..723c2af00 100644 --- a/.github/workflows/publish-test-results.yml +++ b/.github/workflows/sub.publish-test-results.yml @@ -14,9 +14,6 @@ jobs: name: Download and Publish runs-on: ubuntu-latest - # the previous job might be skipped, we don't need to run this job then - if: success() || failure() - steps: - name: Download Artifact uses: actions/download-artifact@v2 diff --git a/.github/workflows/trivy-container-scan.yml b/.github/workflows/sub.trivy-container-scan.yml similarity index 100% rename from .github/workflows/trivy-container-scan.yml rename to .github/workflows/sub.trivy-container-scan.yml diff --git a/.github/workflows/trivy-repo-scan.yml b/.github/workflows/trivy-repo-scan.yml index 765e90e15..868291fcb 100644 --- a/.github/workflows/trivy-repo-scan.yml +++ b/.github/workflows/trivy-repo-scan.yml @@ -12,6 +12,11 @@ jobs: repo_scan: name: Trivy Repo Scan runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + steps: - name: Checkout code uses: actions/checkout@v2.4.0