feat: run in nightly veracode #1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Alfresco Connector for Hyland Experience Insight CI | |
| on: | |
| pull_request: | |
| branches: | |
| - feature/** | |
| - fix/** | |
| - master | |
| - release/** | |
| push: | |
| branches: | |
| - feature/** | |
| - fix/** | |
| - master | |
| - release/** | |
| schedule: | |
| - cron: "0 0 * * *" # Runs every night at midnight | |
| env: | |
| # Both variables are required to be set before the release process starts . | |
| # As the release is triggered by a commit message with "[release]" keyword on a release branch, | |
| # setting these variables to new values can be done in the same commit and will indicate the release and the dev versions in it. | |
| DEVELOPMENT_VERSION: "1.0.2-SNAPSHOT" # The version that will be set in pom files after the release (next dev version) | |
| RELEASE_VERSION: "1.0.1" # The version of the release (tag). | |
| GITHUB_ACTIONS_DEPLOY_TIMEOUT: 60 | |
| MAVEN_CLI_OPTS: "-B -e -fae -V -DinstallAtEnd=true -DfailIfNoTests=false -U -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn -Pdistribution " | |
| MAVEN_PASSWORD: ${{ secrets.NEXUS_PASSWORD }} | |
| MAVEN_USERNAME: ${{ secrets.NEXUS_USERNAME }} | |
| JAVA_VERSION: "17" | |
| JAVA_VERSION_SUPPORTED_BY_REPO: "11" | |
| S3_BUCKET_REGION: "eu-west-1" | |
| jobs: | |
| pre_commit: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| java_version: ${{ env.JAVA_VERSION }} | |
| java_version_supported_by_repo: ${{ env.JAVA_VERSION_SUPPORTED_BY_REPO }} | |
| steps: | |
| - uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - id: changed-files | |
| uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
| with: | |
| write-list-to-env: true | |
| - uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
| veracode_sca: | |
| name: "Veracode - Source Clear Scan (SCA)" | |
| needs: | |
| - pre_commit | |
| runs-on: ubuntu-latest | |
| if: > | |
| (github.ref_name == 'master' || startsWith(github.ref_name, 'release/') || github.event_name == 'schedule' || github.event_name == 'pull_request' || github.actor == 'dependabot[bot]') && | |
| !contains(github.event.head_commit.message, '[skip build]') | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
| - uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
| - uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
| continue-on-error: true | |
| with: | |
| srcclr-api-token: ${{ secrets.SRCCLR_API_TOKEN }} | |
| veracode_sast: | |
| name: "Pipeline SAST Scan" | |
| needs: | |
| - pre_commit | |
| runs-on: ubuntu-latest | |
| if: > | |
| (github.ref_name == 'master' || startsWith(github.ref_name, 'release/') || github.event_name == 'pull_request' || github.event_name == 'schedule') && | |
| github.actor != 'dependabot[bot]' && | |
| !contains(github.event.head_commit.message, '[skip build]') | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - id: changed-files | |
| uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
| with: | |
| write-list-to-env: true | |
| - uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
| - uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
| with: | |
| token: ${{ secrets.BOT_GITHUB_TOKEN }} | |
| repository: "Alfresco/veracode-baseline-archive" | |
| file-path: "hxinsight-connector/hxinsight-connector-baseline.json" | |
| target: "baseline.json" | |
| - name: "Build application" | |
| run: mvn ${{ env.MAVEN_CLI_OPTS }} clean install -DskipTests | |
| - name: "Run SAST Scan" | |
| uses: veracode/[email protected] | |
| with: | |
| vid: ${{ secrets.VERACODE_API_ID }} | |
| vkey: ${{ secrets.VERACODE_API_KEY }} | |
| file: "distribution/target/alfresco-hxinsight-connector-distribution-*.zip" | |
| fail_build: false | |
| project_name: hxinsight-connector | |
| issue_details: true | |
| veracode_policy_name: Alfresco Default | |
| summary_output: true | |
| summary_output_file: results.json | |
| summary_display: true | |
| baseline_file: baseline.json | |
| - name: "Clean Maven cache" | |
| run: bash ./scripts/ci/cleanup_cache.sh | |
| nightly_tests: | |
| name: "Run nightly tests" | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: "Checkout repository" | |
| uses: actions/checkout@v4 | |
| - name: "Set up JDK" | |
| uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
| - name: "Build application" | |
| run: mvn clean install -DskipTests -pl live-ingester | |
| - name: "Run OpenApi Specification tests" | |
| run: mvn test -Dtest=OpenApiRequestValidationTest -pl live-ingester | |
| - name: "Notify on failure" | |
| if: failure() | |
| uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
| with: | |
| webhook-url: ${{ secrets.MS_TEAMS_WEBHOOK_URL }} | |
| message: "Nightly tests failed" |