Skip to content
Veracode and Nightly Tests run

feat: run in nightly veracode #2

Sign in to view logs

feat: run in nightly veracode

feat: run in nightly veracode #2

Workflow file for this run

.github/workflows/nightly_tests_and_veracode.yml at 2b74ec3
name: Veracode and Nightly Tests run
on:
pull_request:
branches:
- master
- release/**
push:
branches:
- master
- release/**
schedule:
- cron: "0 0 * * *" # Runs every night at midnight
env:
DEVELOPMENT_VERSION: "1.0.2-SNAPSHOT"
RELEASE_VERSION: "1.0.1"
GITHUB_ACTIONS_DEPLOY_TIMEOUT: 60
MAVEN_CLI_OPTS: "-B -e -fae -V -DinstallAtEnd=true -DfailIfNoTests=false -U -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn -Pdistribution "
MAVEN_PASSWORD: ${{ secrets.NEXUS_PASSWORD }}
MAVEN_USERNAME: ${{ secrets.NEXUS_USERNAME }}
JAVA_VERSION: "17"
JAVA_VERSION_SUPPORTED_BY_REPO: "11"
S3_BUCKET_REGION: "eu-west-1"
jobs:
pre_commit:
runs-on: ubuntu-latest
if: >
(github.ref_name == 'master' || startsWith(github.ref_name, 'release/') || github.event_name == 'schedule' || github.actor == 'dependabot[bot]')
outputs:
java_version: ${{ env.JAVA_VERSION }}
java_version_supported_by_repo: ${{ env.JAVA_VERSION_SUPPORTED_BY_REPO }}
steps:
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
- uses: actions/checkout@v4
with:
fetch-depth: 0
- id: changed-files
uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
with:
write-list-to-env: true
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
veracode_sca:
name: "Veracode - Source Clear Scan (SCA)"
needs:
- pre_commit
runs-on: ubuntu-latest
if: >
(github.ref_name == 'master' || startsWith(github.ref_name, 'release/') || github.event_name == 'schedule' || github.actor == 'dependabot[bot]') &&
!contains(github.event.head_commit.message, '[skip build]')
steps:
- uses: actions/checkout@v4
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
continue-on-error: true
with:
srcclr-api-token: ${{ secrets.SRCCLR_API_TOKEN }}
veracode_sast:
name: "Pipeline SAST Scan"
runs-on: ubuntu-latest
needs:
- pre_commit
if: >
(github.ref_name == 'master' || startsWith(github.ref_name, 'release/') || github.event_name == 'schedule') &&
github.actor != 'dependabot[bot]' &&
!contains(github.event.head_commit.message, '[skip build]')
steps:
- uses: actions/checkout@v4
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
with:
token: ${{ secrets.BOT_GITHUB_TOKEN }}
repository: "Alfresco/veracode-baseline-archive"
file-path: "hxinsight-connector/hxinsight-connector-baseline.json"
target: "baseline.json"
- name: "Build application"
run: mvn ${{ env.MAVEN_CLI_OPTS }} clean install -DskipTests
- name: "Run SAST Scan"
uses: veracode/[email protected]
with:
vid: ${{ secrets.VERACODE_API_ID }}
vkey: ${{ secrets.VERACODE_API_KEY }}
file: "distribution/target/alfresco-hxinsight-connector-distribution-*.zip"
fail_build: false
project_name: hxinsight-connector
issue_details: true
veracode_policy_name: Alfresco Default
summary_output: true
summary_output_file: results.json
summary_display: true
baseline_file: baseline.json
- name: "Clean Maven cache"
run: bash ./scripts/ci/cleanup_cache.sh
nightly_tests:
name: "Run nightly tests"
runs-on: ubuntu-latest
if: github.event_name == 'schedule'
steps:
- name: "Checkout repository"
uses: actions/checkout@v4
- name: "Set up JDK"
uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
- name: "Build application"
run: mvn clean install -DskipTests -pl live-ingester
- name: "Run OpenApi Specification tests"
run: mvn test -Dtest=OpenApiRequestValidationTest -pl live-ingester
- name: "Notify on failure"
if: failure()
uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
with:
webhook-url: ${{ secrets.MS_TEAMS_WEBHOOK_URL }}
message: "Nightly tests failed"