feat: run in nightly veracode #4908
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Alfresco Connector for Hyland Experience Insight CI | |
| on: | |
| pull_request: | |
| branches: | |
| - feature/** | |
| - fix/** | |
| - master | |
| - release/** | |
| push: | |
| branches: | |
| - feature/** | |
| - fix/** | |
| - master | |
| - release/** | |
| schedule: | |
| - cron: "0 0 * * *" # Runs every night at midnight | |
| env: | |
| # Both variables are required to be set before the release process starts . | |
| # As the release is triggered by a commit message with "[release]" keyword on a release branch, | |
| # setting these variables to new values can be done in the same commit and will indicate the release and the dev versions in it. | |
| DEVELOPMENT_VERSION: "1.0.2-SNAPSHOT" # The version that will be set in pom files after the release (next dev version) | |
| RELEASE_VERSION: "1.0.1" # The version of the release (tag). | |
| GITHUB_ACTIONS_DEPLOY_TIMEOUT: 60 | |
| MAVEN_CLI_OPTS: "-B -e -fae -V -DinstallAtEnd=true -DfailIfNoTests=false -U -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn -Pdistribution " | |
| MAVEN_PASSWORD: ${{ secrets.NEXUS_PASSWORD }} | |
| MAVEN_USERNAME: ${{ secrets.NEXUS_USERNAME }} | |
| JAVA_VERSION: "17" | |
| JAVA_VERSION_SUPPORTED_BY_REPO: "11" | |
| S3_BUCKET_REGION: "eu-west-1" | |
| jobs: | |
| # pre_commit: | |
| # runs-on: ubuntu-latest | |
| # outputs: | |
| # java_version: ${{ env.JAVA_VERSION }} | |
| # java_version_supported_by_repo: ${{ env.JAVA_VERSION_SUPPORTED_BY_REPO }} | |
| # steps: | |
| # - uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
| # - uses: actions/checkout@v4 | |
| # with: | |
| # fetch-depth: 0 | |
| # - id: changed-files | |
| # uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
| # with: | |
| # write-list-to-env: true | |
| # - uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
| veracode_sca: | |
| name: "TESTTTTT Veracode - Source Clear Scan (SCA)" | |
| # needs: | |
| # - pre_commit | |
| runs-on: ubuntu-latest | |
| if: > | |
| (github.ref_name == 'master' || startsWith(github.ref_name, 'release/') || github.event_name == 'schedule' || github.event_name == 'pull_request' || github.actor == 'dependabot[bot]') && | |
| !contains(github.event.head_commit.message, '[skip build]') | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
| - uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
| - uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
| continue-on-error: true | |
| with: | |
| srcclr-api-token: ${{ secrets.SRCCLR_API_TOKEN }} | |
| # veracode_sast: | |
| # name: "Pipeline SAST Scan" | |
| # # needs: | |
| # # - pre_commit | |
| # runs-on: ubuntu-latest | |
| # if: > | |
| # (github.ref_name == 'master' || startsWith(github.ref_name, 'release/') || github.event_name == 'pull_request' || github.event_name == 'schedule') && | |
| # github.actor != 'dependabot[bot]' && | |
| # !contains(github.event.head_commit.message, '[skip build]') | |
| # steps: | |
| # - uses: actions/checkout@v4 | |
| # - id: changed-files | |
| # uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
| # with: | |
| # write-list-to-env: true | |
| # - uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
| # - uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
| # with: | |
| # token: ${{ secrets.BOT_GITHUB_TOKEN }} | |
| # repository: "Alfresco/veracode-baseline-archive" | |
| # file-path: "hxinsight-connector/hxinsight-connector-baseline.json" | |
| # target: "baseline.json" | |
| # - name: "Build application" | |
| # run: mvn ${{ env.MAVEN_CLI_OPTS }} clean install -DskipTests | |
| # - name: "Run SAST Scan" | |
| # uses: veracode/[email protected] | |
| # with: | |
| # vid: ${{ secrets.VERACODE_API_ID }} | |
| # vkey: ${{ secrets.VERACODE_API_KEY }} | |
| # file: "distribution/target/alfresco-hxinsight-connector-distribution-*.zip" | |
| # fail_build: false | |
| # project_name: hxinsight-connector | |
| # issue_details: true | |
| # veracode_policy_name: Alfresco Default | |
| # summary_output: true | |
| # summary_output_file: results.json | |
| # summary_display: true | |
| # baseline_file: baseline.json | |
| # - name: "Clean Maven cache" | |
| # run: bash ./scripts/ci/cleanup_cache.sh | |
| # pmd_scan: | |
| # name: "PMD Scan" | |
| # runs-on: ubuntu-latest | |
| # if: > | |
| # github.event_name == 'pull_request' && | |
| # !contains(github.event.head_commit.message, '[skip pmd]') && | |
| # !contains(github.event.head_commit.message, '[skip tests]') | |
| # steps: | |
| # - uses: actions/checkout@v4 | |
| # - uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
| # - uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
| # - uses: Alfresco/[email protected] | |
| # test_application: | |
| # name: "Build and test application" | |
| # runs-on: ubuntu-latest | |
| # needs: | |
| # - pre_commit | |
| # if: > | |
| # (github.event_name == 'push' || github.actor == 'dependabot[bot]') && | |
| # !contains(github.event.head_commit.message, '[skip tests]') && | |
| # !contains(github.event.head_commit.message, '[skip build]') | |
| # strategy: | |
| # fail-fast: false | |
| # matrix: | |
| # subproject: [ "bulk-ingester", "common", "common-authentication", "common-test", | |
| # "live-ingester", "prediction-applier", "hxinsight-extension" ] | |
| # steps: | |
| # - uses: actions/checkout@v4 | |
| # - uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
| # - name: "Login to Quay.io" | |
| # uses: docker/login-action@v3 | |
| # with: | |
| # registry: quay.io | |
| # username: ${{ secrets.QUAY_USERNAME }} | |
| # password: ${{ secrets.QUAY_PASSWORD }} | |
| # - uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
| # - name: "Test application" | |
| # run: mvn ${{ env.MAVEN_CLI_OPTS }} clean verify -pl '${{ matrix.subproject }}' -am | |
| # test_distribution: | |
| # name: "Build application with distribution profile" | |
| # runs-on: ubuntu-latest | |
| # needs: | |
| # - pre_commit | |
| # if: > | |
| # (github.event_name == 'push' || github.actor == 'dependabot[bot]') && | |
| # !contains(github.event.head_commit.message, '[skip tests]') && | |
| # !contains(github.event.head_commit.message, '[skip build]') | |
| # strategy: | |
| # fail-fast: false | |
| # matrix: | |
| # repoVersion: [ 7.3.2, 7.4.2, 23.3.0 ] | |
| # steps: | |
| # - uses: actions/checkout@v4 | |
| # - uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
| # - name: "Login to Quay.io" | |
| # uses: docker/login-action@v3 | |
| # with: | |
| # registry: quay.io | |
| # username: ${{ secrets.QUAY_USERNAME }} | |
| # password: ${{ secrets.QUAY_PASSWORD }} | |
| # - uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
| # - name: "Build application with distribution profile" | |
| # run: mvn ${{ env.MAVEN_CLI_OPTS }} clean install -DskipTests -Dalfresco-platform.version=${{ matrix.repoVersion }} | |
| # run_e2e_test: | |
| # name: "Run e2e tests using ACS ${{ matrix.repoVersion }}" | |
| # runs-on: ubuntu-latest | |
| # needs: | |
| # - pre_commit | |
| # if: > | |
| # (github.event_name == 'push' || github.actor == 'dependabot[bot]') && | |
| # !contains(github.event.head_commit.message, '[skip build]') && | |
| # !contains(github.event.head_commit.message, '[skip tests]') && | |
| # !contains(github.event.head_commit.message, '[skip e2es]') | |
| # strategy: | |
| # fail-fast: false | |
| # matrix: | |
| # repoVersion: [ 7.3.2, 7.4.2, 23.3.0 ] | |
| # steps: | |
| # - uses: actions/checkout@v4 | |
| # - uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
| # - name: "Login to Quay.io" | |
| # uses: docker/login-action@v3 | |
| # with: | |
| # registry: quay.io | |
| # username: ${{ secrets.QUAY_USERNAME }} | |
| # password: ${{ secrets.QUAY_PASSWORD }} | |
| # - uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
| # - name: "Build application" | |
| # run: mvn ${{ env.MAVEN_CLI_OPTS }} clean install -DskipTests -Dalfresco-platform.version=${{ matrix.repoVersion }} | |
| # - name: "Build docker images" | |
| # run: bash ./scripts/ci/buildDockerImages.sh | |
| # - name: "Run e2e tests" | |
| # run: mvn ${{ env.MAVEN_CLI_OPTS }} verify -pl 'hxinsight-extension,e2e-test' -am -DskipUnitTests -DskipIntegrationTests -Dalfresco-platform.version=${{ matrix.repoVersion }} | |
| # run_e2e_test_using_older_java: | |
| # name: "Run e2e tests using ACS ${{ matrix.repoVersion }} on Java ${{ needs.pre_commit.outputs.java_version_supported_by_repo }}" | |
| # runs-on: ubuntu-latest | |
| # needs: | |
| # - pre_commit | |
| # if: > | |
| # needs.pre_commit.outputs.java_version_supported_by_repo != needs.pre_commit.outputs.java_version && | |
| # github.event_name != 'pull_request' && | |
| # (github.ref_name == 'master' || startsWith(github.ref_name, 'release/')) && | |
| # !contains(github.event.head_commit.message, '[skip build]') && | |
| # !contains(github.event.head_commit.message, '[skip tests]') && | |
| # !contains(github.event.head_commit.message, '[skip e2es]') | |
| # strategy: | |
| # fail-fast: false | |
| # matrix: | |
| # repoVersion: [ 7.3.2, 7.4.2 ] | |
| # steps: | |
| # - uses: actions/checkout@v4 | |
| # - uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
| # - name: "Login to Quay.io" | |
| # uses: docker/login-action@v3 | |
| # with: | |
| # registry: quay.io | |
| # username: ${{ secrets.QUAY_USERNAME }} | |
| # password: ${{ secrets.QUAY_PASSWORD }} | |
| # - uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
| # - name: "Build application" | |
| # run: mvn ${{ env.MAVEN_CLI_OPTS }} clean install -DskipTests -Dalfresco-platform.version=${{ matrix.repoVersion }} -Dalfresco-platform.java.version=${{ env.JAVA_VERSION_SUPPORTED_BY_REPO }} | |
| # - name: "Build docker images" | |
| # run: JAVA_VERSION=${{ env.JAVA_VERSION_SUPPORTED_BY_REPO }} && bash ./scripts/ci/buildDockerImages.sh | |
| # - name: "Run e2e tests" | |
| # run: mvn ${{ env.MAVEN_CLI_OPTS }} verify -pl 'hxinsight-extension,e2e-test' -am -DskipUnitTests -DskipIntegrationTests -Dalfresco-platform.version=${{ matrix.repoVersion }} -Dalfresco-platform.java.version=${{ env.JAVA_VERSION_SUPPORTED_BY_REPO }} | |
| # nightly_tests: | |
| # name: "Run nightly tests" | |
| # runs-on: ubuntu-latest | |
| # if: github.event_name == 'schedule' && github.ref_name == 'master' | |
| # steps: | |
| # - name: "Checkout repository" | |
| # uses: actions/checkout@v4 | |
| # - name: "Set up JDK" | |
| # uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
| # - name: "Build application" | |
| # run: mvn clean install -DskipTests -pl live-ingester | |
| # - name: "Run OpenApi Specification tests" | |
| # run: mvn test -Dtest=OpenApiRequestValidationTest -pl live-ingester | |
| # - name: "Notify on failure" | |
| # if: failure() | |
| # uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
| # with: | |
| # webhook-url: ${{ secrets.MS_TEAMS_WEBHOOK_URL }} | |
| # message: "Nightly tests failed" | |
| # push_docker_images: | |
| # name: "Push docker images" | |
| # runs-on: ubuntu-latest | |
| # needs: | |
| # - test_application | |
| # - test_distribution | |
| # - run_e2e_test | |
| # if: > | |
| # github.event_name == 'push' && | |
| # (github.ref_name == 'master' || startsWith(github.ref_name, 'release/')) && | |
| # !(failure() || cancelled()) && | |
| # !contains(github.event.head_commit.message, '[skip build]') | |
| # steps: | |
| # - uses: actions/checkout@v4 | |
| # - uses: docker/setup-qemu-action@v3 | |
| # - uses: docker/setup-buildx-action@v3 | |
| # - name: "Login to Quay.io" | |
| # uses: docker/login-action@v3 | |
| # with: | |
| # registry: quay.io | |
| # username: ${{ secrets.QUAY_USERNAME }} | |
| # password: ${{ secrets.QUAY_PASSWORD }} | |
| # - uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
| # - uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
| # - name: "Build application" | |
| # run: mvn ${{ env.MAVEN_CLI_OPTS }} clean install -DskipTests -Dalfresco-platform.java.version=${{ env.JAVA_VERSION_SUPPORTED_BY_REPO }} | |
| # - name: "Push docker images" | |
| # run: bash ./scripts/ci/buildDockerImages.sh -p | |
| # env: | |
| # COMMIT_MESSAGE: ${{ github.sha }} | |
| # - name: "Clean Maven cache" | |
| # run: bash ./scripts/ci/cleanup_cache.sh | |
| # publish_snapshot_artifacts: | |
| # name: "Publish SNAPSHOT artifacts" | |
| # runs-on: ubuntu-latest | |
| # needs: | |
| # - test_application | |
| # - test_distribution | |
| # - run_e2e_test | |
| # if: > | |
| # !(failure() || cancelled()) && | |
| # (github.ref_name == 'master' || startsWith(github.ref_name, 'release/')) && | |
| # github.event_name != 'pull_request' && | |
| # !contains(github.event.head_commit.message, '[skip build]') | |
| # steps: | |
| # - uses: actions/checkout@v4 | |
| # - uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
| # - uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
| # - uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
| # - name: "Publish SNAPSHOT artifacts" | |
| # timeout-minutes: ${{ fromJSON(env.GITHUB_ACTIONS_DEPLOY_TIMEOUT) }} | |
| # run: mvn ${{ env.MAVEN_CLI_OPTS }} deploy -DskipTests -Dalfresco-platform.java.version=${{ env.JAVA_VERSION_SUPPORTED_BY_REPO }} | |
| # - name: "Clean Maven cache" | |
| # run: bash ./scripts/ci/cleanup_cache.sh | |
| # release_and_deploy_to_nexus_and_s3: | |
| # name: "Make release and deploy to Nexus and S3 Staging Bucket" | |
| # runs-on: ubuntu-latest | |
| # needs: | |
| # - test_application | |
| # - test_distribution | |
| # - run_e2e_test | |
| # if: > | |
| # !(failure() || cancelled()) && | |
| # (github.ref_name == 'master' || startsWith(github.ref_name, 'release/')) && | |
| # github.event_name != 'pull_request' && | |
| # contains(github.event.head_commit.message, '[release]') | |
| # steps: | |
| # - uses: actions/checkout@v4 | |
| # with: | |
| # persist-credentials: false | |
| # - uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
| # - uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
| # - uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
| # with: | |
| # username: ${{ secrets.BOT_GITHUB_USERNAME }} | |
| # email: ${{ secrets.BOT_GITHUB_EMAIL }} | |
| # - name: "Build application" | |
| # run: mvn ${{ env.MAVEN_CLI_OPTS }} clean install -DskipTests -Dproject.revision.key=${{ github.sha }} -Dalfresco-platform.java.version=${{ env.JAVA_VERSION_SUPPORTED_BY_REPO }} | |
| # - name: "Make release and deploy to Nexus" | |
| # timeout-minutes: ${{ fromJSON(env.GITHUB_ACTIONS_DEPLOY_TIMEOUT) }} | |
| # run: mvn ${{ env.MAVEN_CLI_OPTS }} -DreleaseVersion="${{ env.RELEASE_VERSION }}" -DdevelopmentVersion="${{ env.DEVELOPMENT_VERSION }}" -Dtag="${{ env.RELEASE_VERSION }}" -Dusername="${{ secrets.BOT_GITHUB_USERNAME }}" -Dpassword="${{ secrets.BOT_GITHUB_TOKEN }}" -DscmCommentPrefix="[maven-release-plugin][skip ci]" -DskipTests -Dproject.revision.key=${{ github.sha }} "-Darguments=-DskipTests -Dadditionalparam=-Xdoclint:none -Dproject.revision.key=${{ github.sha }} -Dalfresco-platform.java.version=${{ env.JAVA_VERSION_SUPPORTED_BY_REPO }}" release:prepare release:perform | |
| # - run: mkdir -p deploy_dir/community/hxinsight-connector/${{ env.RELEASE_VERSION }} | |
| # - name: "Move the final artifacts to a single folder (deploy_dir) to be copied to S3" | |
| # run: mv "distribution/target/alfresco-hxinsight-connector-distribution-${{ env.RELEASE_VERSION }}.zip" "deploy_dir/community/hxinsight-connector/${{ env.RELEASE_VERSION }}/" | |
| # - name: "Clone Alfresco/third-party-license-overrides" | |
| # run: git clone --depth=1 https://github.com/Alfresco/third-party-license-overrides.git | |
| # - uses: actions/setup-python@v5 | |
| # - name: "Create third party license csv file and add it to the deploy directory" | |
| # run: python3 ./third-party-license-overrides/thirdPartyLicenseCSVCreator.py --project "${{ github.workspace }}" --version "${{ env.RELEASE_VERSION }}" --combined --output "deploy_dir/community/hxinsight-connector/${{ env.RELEASE_VERSION }}" | |
| # - name: "Configure AWS credentials" | |
| # uses: aws-actions/configure-aws-credentials@v4 | |
| # with: | |
| # aws-access-key-id: ${{ secrets.AWS_S3_STAGING_ACCESS_KEY }} | |
| # aws-secret-access-key: ${{ secrets.AWS_S3_STAGING_SECRET_KEY }} | |
| # aws-region: ${{ env.S3_BUCKET_REGION }} | |
| # - name: "Deploy to S3 Staging Bucket" | |
| # run: aws s3 cp --recursive --acl private ./deploy_dir s3://alfresco-artefacts-staging | |
| # - name: "Clean Maven cache" | |
| # run: bash ./scripts/ci/cleanup_cache.sh | |
| # deploy_release_version_to_quay: | |
| # name: "Deploy release version to quay.io" | |
| # runs-on: ubuntu-latest | |
| # needs: | |
| # - test_application | |
| # - test_distribution | |
| # - run_e2e_test | |
| # if: > | |
| # !(failure() || cancelled()) && | |
| # (github.ref_name == 'master' || startsWith(github.ref_name, 'release/')) && | |
| # github.event_name != 'pull_request' && | |
| # contains(github.event.head_commit.message, '[release]') | |
| # steps: | |
| # - uses: actions/checkout@v4 | |
| # - uses: docker/setup-qemu-action@v3 | |
| # - uses: docker/setup-buildx-action@v3 | |
| # - name: "Login to Quay.io" | |
| # uses: docker/login-action@v3 | |
| # with: | |
| # registry: quay.io | |
| # username: ${{ secrets.QUAY_USERNAME }} | |
| # password: ${{ secrets.QUAY_PASSWORD }} | |
| # - uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
| # - uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
| # - name: "Build application" | |
| # run: mvn ${{ env.MAVEN_CLI_OPTS }} clean install -DskipTests -Dproject.revision.key=${{ github.sha }} -Dalfresco-platform.java.version=${{ env.JAVA_VERSION_SUPPORTED_BY_REPO }} | |
| # - name: "Deploy release version to quay.io" | |
| # run: bash ./scripts/ci/releaseDockerImage.sh -v ${{ env.RELEASE_VERSION }} | |
| # env: | |
| # COMMIT_MESSAGE: ${{ github.sha }} | |
| # - name: "Clean Maven cache" | |
| # run: bash ./scripts/ci/cleanup_cache.sh | |
| # deploy_release: | |
| # name: "Copy to S3 Downloads Bucket" | |
| # runs-on: ubuntu-latest | |
| # needs: | |
| # - deploy_release_version_to_quay | |
| # - release_and_deploy_to_nexus_and_s3 | |
| # - publish_snapshot_artifacts | |
| # - push_docker_images | |
| # if: > | |
| # !(failure() || cancelled()) && | |
| # (github.ref_name == 'master' || startsWith(github.ref_name, 'release/')) && | |
| # github.event_name != 'pull_request' && | |
| # contains(github.event.head_commit.message, '[release]') | |
| # steps: | |
| # - uses: actions/checkout@v4 | |
| # - name: "Configure AWS credentials" | |
| # uses: aws-actions/configure-aws-credentials@v4 | |
| # with: | |
| # aws-access-key-id: ${{ secrets.AWS_S3_RELEASE_ACCESS_KEY_ID }} | |
| # aws-secret-access-key: ${{ secrets.AWS_S3_RELEASE_SECRET_ACCESS_KEY }} | |
| # aws-region: ${{ env.S3_BUCKET_REGION }} | |
| # - run: set -x | |
| # - name: "Check release version and copy to S3 Downloads Bucket" | |
| # run: | | |
| # if [[ ${{ env.RELEASE_VERSION }} =~ ^[0-9]+\.[0-9]+\.[0-9]+(\.[0-9]+)?$ ]]; then | |
| # aws s3 cp --recursive --acl private --copy-props none "s3://alfresco-artefacts-staging/community/hxinsight-connector/${{ env.RELEASE_VERSION }}/" "s3://eu.dl.alfresco.com/release/community/hxinsight-connector/${{ env.RELEASE_VERSION }}/" | |
| # fi |