SecHub testing on local k8s #4165 #416
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # SPDX-License-Identifier: MIT | |
| name: Build SecHub GHA (scan) | |
| on: | |
| push: | |
| branches: | |
| - 'develop' | |
| - 'hotfix' | |
| - 'main' | |
| - 'master' | |
| paths: | |
| - '.github/workflows/github-action-scan.yml' | |
| - 'github-actions/scan/**' | |
| - 'sechub-cli/src/**' | |
| pull_request: | |
| paths: | |
| - '.github/workflows/github-action-scan.yml' | |
| - 'github-actions/scan/**' | |
| - 'sechub-cli/src/**' | |
| # enable manual triggering of workflow | |
| workflow_dispatch: | |
| inputs: | |
| client-version: | |
| description: Insert your client version to test (default=build) | |
| required: false | |
| jobs: | |
| build-scan: | |
| runs-on: ubuntu-latest | |
| # Let's set the scan action folder as the working directory for all "run" steps: | |
| defaults: | |
| run: | |
| working-directory: github-actions/scan | |
| steps: | |
| - name: "Setup client version" | |
| working-directory: ~ | |
| run: | | |
| echo "User input for client-version: '${{ inputs.client-version }}'" | |
| SECHUB_CLIENT_VERSION="${{ inputs.client-version }}" | |
| if [ "$SECHUB_CLIENT_VERSION" = "" ]; then | |
| echo "- not defined, set default" | |
| # set default value for version: | |
| SECHUB_CLIENT_VERSION=build | |
| else | |
| echo "- using defined version" | |
| fi | |
| echo "- SECHUB_CLIENT_VERSION=$SECHUB_CLIENT_VERSION" | |
| echo "SECHUB_CLIENT_VERSION=$SECHUB_CLIENT_VERSION" >> $GITHUB_ENV | |
| if [ "$SECHUB_CLIENT_VERSION" = "build" ]; then | |
| # set client build folder: | |
| SECHUB_CLIENT_BUILD_FOLDER=${{ github.workspace }}/sechub-cli/build | |
| echo "- SECHUB_CLIENT_BUILD_FOLDER=$SECHUB_CLIENT_BUILD_FOLDER" | |
| echo "SECHUB_CLIENT_BUILD_FOLDER=$SECHUB_CLIENT_BUILD_FOLDER" >> $GITHUB_ENV | |
| fi | |
| - name: "Show client version" | |
| working-directory: ~ | |
| run: | | |
| echo "env.SECHUB_CLIENT_VERSION='${{ env.SECHUB_CLIENT_VERSION }}'" | |
| - name: Checkout | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
| - name: Cache Node.js modules | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.npm | |
| key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} | |
| restore-keys: | | |
| ${{ runner.os }}-node- | |
| - name: Use Node.js | |
| uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a | |
| with: | |
| node-version: 22 | |
| - name: Setup npm build | |
| run: npm ci | |
| - name: Build action | |
| run: npm run build | |
| - name: Run unit tests | |
| run: npm test | |
| # We store git status - why? Here we see if index.js has been changed - if so, a developer | |
| # forgot to commit the changes - means the action cannot be used productive! | |
| - name: Store git status | |
| run: | | |
| git status | |
| mkdir "${{ github.workspace }}/build" -p | |
| git status >> "${{ github.workspace }}/build/git-status.txt" | |
| - name: Set up Go | |
| if: env.SECHUB_CLIENT_VERSION == 'build' | |
| uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 | |
| with: | |
| go-version: 1.21.6 | |
| - name: Build go client | |
| if: env.SECHUB_CLIENT_VERSION == 'build' | |
| run: | | |
| echo "Build go client for integration tests because client version='${{ env.SECHUB_CLIENT_VERSION }}'" | |
| cd .. | |
| cd .. | |
| ./gradlew buildGo | |
| - name: Define integration test setup | |
| id : version-selector | |
| run: | | |
| # Make sure that INTEGRATIONTEST_SECHUB_SERVER_VERSION and INTEGRATIONTEST_PDS_VERSION | |
| # are defined in https://github.com/mercedes-benz/sechub/settings/variables/actions | |
| if [ -z "${{ vars.INTEGRATIONTEST_SECHUB_SERVER_VERSION }}" ] ; then | |
| echo "INTEGRATIONTEST_SECHUB_SERVER_VERSION variable is undefined. Exiting." | |
| exit 1 | |
| fi | |
| if [ -z "${{ vars.INTEGRATIONTEST_PDS_VERSION }}" ] ; then | |
| echo "INTEGRATIONTEST_PDS_VERSION variable is undefined. Exiting." | |
| exit 1 | |
| fi | |
| echo "sechub_server_version=${{ vars.INTEGRATIONTEST_SECHUB_SERVER_VERSION }}" >> "$GITHUB_ENV" | |
| echo "sechub_server_port=8443" >> "$GITHUB_ENV" | |
| echo "pds_version=${{ vars.INTEGRATIONTEST_PDS_VERSION }}" >> "$GITHUB_ENV" | |
| echo "pds_port=8444" >> "$GITHUB_ENV" | |
| runner_debug=${{ runner.debug }} | |
| if [ "$runner_debug" = "1" ]; then | |
| echo "SECHUB_INTEGRATIONTEST_DEBUG=true" >> "$GITHUB_ENV" | |
| fi | |
| - name: Cache SecHub server download | |
| # Cache V4 release: 13aacd865c20de90d75de3b17ebe84f7a17d57d2 | |
| uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 | |
| with: | |
| path: ./build/sechub-runtime/server/${{ env.sechub_server_version }}/ | |
| key: ${{ runner.os }}-sechub-server-${{ env.sechub_server_version }} | |
| - name: Cache PDS download | |
| # Cache V4 release: 13aacd865c20de90d75de3b17ebe84f7a17d57d2 | |
| uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 | |
| with: | |
| path: ./build/sechub-runtime/pds/${{ env.pds_version }}/ | |
| key: ${{ runner.os }}-sechub-pds-${{ env.pds_version }} | |
| - name: Set up JDK 17 (to run servers) | |
| uses: actions/setup-java@3a4f6e1af504cf6a31855fa899c6aa5355ba6c12 | |
| with: | |
| java-version: 17 | |
| distribution: temurin | |
| - name: Start integration test servers | |
| working-directory: ./github-actions/scan/__test__/integrationtest/ | |
| run: ./01-start.sh $sechub_server_version $sechub_server_port $pds_version $pds_port | |
| - name: Init integration test data | |
| working-directory: ./github-actions/scan/__test__/integrationtest/ | |
| run: ./03-init_sechub_data.sh $sechub_server_port $pds_port | |
| - name: Run integration tests | |
| run: npm run integration-test | |
| - name: Cleanup integration tests | |
| working-directory: ./github-actions/scan/__test__/integrationtest/ | |
| run: ./05-stop.sh $sechub_server_port $pds_port | |
| # ------------------------------------ Archive git status------------------- | |
| - name: Archive git status | |
| if: always() | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: git-status | |
| path: "${{ github.workspace }}/build/git-status.txt" | |
| retention-days: 14 | |
| # ------------------------------------ Archive runtime logs------------------- | |
| - name: Archive runtime logs | |
| if: always() | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: sechub-runtime-logiles | |
| path: ./build/sechub-runtime/**/*.log | |
| retention-days: 14 | |
| # ------------------------------------ Archive reports ----------------------- | |
| - name: Archive reports | |
| if: always() | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: sechub-reports | |
| path: | | |
| ./github-actions/scan/sechub_report*.* | |
| ./sechub_report*.* | |
| retention-days: 14 |