diff --git a/.github/release.yaml b/.github/release.yaml deleted file mode 100644 index 57d918b50..000000000 --- a/.github/release.yaml +++ /dev/null @@ -1,14 +0,0 @@ -changelog: - categories: - - title: Breaking Changes 🛠 - labels: - - breaking - - title: Exciting New Features 🎉 - labels: - - feature - - title: Fixes 🔧 - labels: - - fix - - title: Other Changes - labels: - - "*" \ No newline at end of file diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 974c16997..44121d1a2 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -18,7 +18,7 @@ concurrency: jobs: tests-java: - name: Lint and Test + name: Java CI if: github.event_name != 'pull_request' || !github.event.pull_request.draft runs-on: ubuntu-22.04 strategy: @@ -45,7 +45,7 @@ jobs: sonar_project_token: ${{ secrets[matrix.token] }} tests-javascript: - name: Lint and Tests + name: JavaScript CI if: github.event_name != 'pull_request' || !github.event.pull_request.draft runs-on: ubuntu-22.04 steps: @@ -67,33 +67,9 @@ jobs: -Dsonar.test.inclusions=src/**/__test__/**/* sonar_project_token: ${{ secrets.SONAR_FRONTEND }} - validation-labels: - name: Label Validation - runs-on: ubuntu-22.04 - if: github.event_name != 'pull_request' || !github.event.pull_request.draft - permissions: - contents: read - pull-requests: write - steps: - - uses: actions/checkout@v3 - - - name: Pull request size and stability labels - uses: actions/labeler@v4 - continue-on-error: true - with: - repo-token: "${{ secrets.GITHUB_TOKEN }}" - - - name: Conventional Label - uses: bcoe/conventional-release-labels@v1 - continue-on-error: true - with: - token: ${{ secrets.GITHUB_TOKEN }} - ignored_types: '["chore","pr"]' - type_labels: '{"feat": "feature", "fix": "fix", "bug": "fix", "doc": "documentation", "ci": "ci", "chore": "chore", "breaking": "breaking", "BREAKING CHANGE": "breaking"}' - # https://github.com/marketplace/actions/aqua-security-trivy trivy: - name: Trivy Security Scan + name: Security Scan if: github.event_name != 'pull_request' || !github.event.pull_request.draft runs-on: ubuntu-22.04 steps: diff --git a/.github/workflows/cypress-nightly.yml b/.github/workflows/cypress-nightly.yml index 0d13c9c69..466ef2127 100644 --- a/.github/workflows/cypress-nightly.yml +++ b/.github/workflows/cypress-nightly.yml @@ -1,9 +1,10 @@ name: Cypress Nightly on: - schedule: - # runs e2e tests every day at 4am - - cron: '0 4 * * *' + workflow_dispatch: + # schedule: + # # runs e2e tests every day at 4am + # - cron: '0 4 * * *' env: REGISTRY: ghcr.io diff --git a/.github/workflows/merge-main.yml b/.github/workflows/merge-main.yml index efb8e75f6..1fa85aa9c 100644 --- a/.github/workflows/merge-main.yml +++ b/.github/workflows/merge-main.yml @@ -44,145 +44,10 @@ jobs: - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v2 - # SonarCloud runs in the main branch are needed to compare against PRs - sonarcloud: - name: Static Analysis - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - uses: actions/cache@v3 - with: - path: | - ~/.m2 - key: ${{ runner.os }}-maven-test-${{ hashFiles('**/backend/pom.xml') }} - restore-keys: | - ${{ runner.os }}-maven-test- - - - name: Cache SonarCloud packages - uses: actions/cache@v3 - with: - path: ~/.sonar/cache - key: ${{ runner.os }}-sonar - restore-keys: ${{ runner.os }}-sonar - - - name: Set up JDK 17 - uses: actions/setup-java@v3 - with: - java-version: "17" - distribution: "temurin" - - - name: Unit Tests - run: mvn --no-transfer-progress test --file backend/pom.xml - - - name: Integration Tests - run: mvn --no-transfer-progress verify -P integration-test --file backend/pom.xml - - - name: Code Coverage - run: mvn --no-transfer-progress clean verify -P all-tests --file backend/pom.xml - - - name: Generate JaCoCo Badge - uses: cicirello/jacoco-badge-generator@v2 - id: jacoco - with: - generate-branches-badge: true - jacoco-csv-file: backend/target/coverage-reports/merged-test-report/jacoco.csv - - - name: Log coverage percentage - run: | - echo "coverage = ${{ steps.jacoco.outputs.coverage }}" - echo "branch coverage = ${{ steps.jacoco.outputs.branches }}" - - - name: Commit the badge (if it changed) - run: | - if [[ `git status --porcelain` ]]; then - git config --global user.name 'CI Bot' - git config --global user.email 'cibot@users.noreply.github.com' - git add -A - git commit -m "ci: autogenerated JaCoCo coverage badge" - git push - fi - - - name: Upload JaCoCo coverage report - uses: actions/upload-artifact@v3 - with: - name: jacoco-report - path: backend/target/coverage-reports/merged-test-report/ - - - name: SonarCloud Scan - run: mvn --no-transfer-progress clean verify package -P all-tests sonar:sonar -Dsonar.projectKey=bcgov_nr-spar-backend -Dsonar.coverage.jacoco.xmlReportPaths=target/coverage-reports/merged-test-report/jacoco.xml --file backend/pom.xml - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any - SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} - - # Generate release notes and update new version - release: - name: Release Notes - runs-on: ubuntu-latest - outputs: - version: ${{ steps.changelog.outputs.version }} - steps: - - uses: actions/checkout@v3 - with: - token: ${{ secrets.PAT }} - fetch-depth: 0 - - - uses: actions/cache@v3 - with: - path: | - ~/.m2 - key: ${{ runner.os }}-maven-test-${{ hashFiles('**/backend/pom.xml') }} - restore-keys: | - ${{ runner.os }}-maven-test- - - - name: Set up JDK 17 - uses: actions/setup-java@v3 - with: - java-version: "17" - distribution: "temurin" - - - name: Conventional Changelog Update - continue-on-error: true - uses: TriPSs/conventional-changelog-action@v3 - id: changelog - with: - github-token: ${{ secrets.GITHUB_TOKEN }} - output-file: "CHANGELOG.md" - skip-version-file: "true" - skip-commit: "true" - git-push: "false" - skip-on-empty: "false" - - - name: Set new version - run: | - echo "::set-output name=version::${{ steps.changelog.outputs.version }}" - mvn versions:set -DnewVersion='${{ steps.changelog.outputs.version }}' -f backend/pom.xml -DskipTests -Dtests.skip=true -Dskip.unit.tests=true - - - name: Update POM - run: mvn versions:commit --file backend/pom.xml - - - name: Commit pom and changelog - uses: EndBug/add-and-commit@v9 - with: - author_name: Ci Bot - author_email: cibot@users.noreply.github.com - message: "doc: updating pom to ${{ steps.changelog.outputs.version }} [ci skip]" - add: '["backend/pom.xml","CHANGELOG.md"]' - - - name: Create Release - uses: actions/create-release@v1 - env: - GITHUB_TOKEN: ${{ secrets.PAT }} - with: - tag_name: ${{ steps.changelog.outputs.tag }} - release_name: ${{ steps.changelog.outputs.tag }} - body: ${{ steps.changelog.outputs.clean_changelog }} - deploy-test: name: TEST Deployment needs: - codeql - - sonarcloud - - release environment: test runs-on: ubuntu-22.04 strategy: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml deleted file mode 100644 index bd496b605..000000000 --- a/.github/workflows/release.yml +++ /dev/null @@ -1,99 +0,0 @@ -name: Release - -on: - # push: - # tags: - # - '*' - workflow_dispatch: - -env: - REGISTRY: ghcr.io - -jobs: - artifact: - name: Build artifact - runs-on: ubuntu-22.04 - steps: - - name: Check out the repo - uses: actions/checkout@v3 - - - name: Cache Maven - uses: actions/cache@v3 - with: - path: ~/.m2 - key: ${{ runner.os }}-maven-test-${{ hashFiles('**/pom.xml') }} - restore-keys: ${{ runner.os }}-maven-test- - - - name: Set up JDK 17 - uses: actions/setup-java@v3 - with: - java-version: "17" - distribution: "temurin" - - - name: Generate Artifact - run: mvn -B --no-transfer-progress clean package -DskipTests -Dtests.skip=true -Dskip.unit.tests=true --file pom.xml - - - name: Saving artifact - uses: actions/upload-artifact@v3 - with: - name: service - path: target/nr-spar-oracle-api.jar - retention-days: 1 - - push_to_registry: - name: Push Docker image - runs-on: ubuntu-22.04 - if: startsWith(github.ref_name,'v') - permissions: - packages: write - contents: read - steps: - - name: Check out the repo - uses: actions/checkout@v3 - - - name: Creating temp folder - run: mkdir -p target/ - - - name: Getting artifact - uses: actions/download-artifact@v3 - with: - name: service - path: target/ - - - name: Log in to the Container registry - uses: docker/login-action@v2 - with: - registry: ${{ env.REGISTRY }} - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Extract metadata (tags, labels) for Docker - id: meta - uses: docker/metadata-action@507c2f2dc502c992ad446e3d7a5dfbe311567a96 - with: - images: | - ghcr.io/${{ github.repository }} - - - name: Build and push Docker image - uses: docker/build-push-action@v4 - with: - context: . - push: true - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - - - name: Image Scan - uses: aquasecurity/trivy-action@0.10.0 - continue-on-error: true - with: - image-ref: ghcr.io/${{ github.repository }} - ignore-unfixed: true - severity: CRITICAL - format: "sarif" - output: "docker-result.sarif" - - - name: Upload Security results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v2 - continue-on-error: true - with: - sarif_file: "docker-result.sarif"