Skip to content
API Container Tests

[Snyk] Security upgrade node from lts-alpine to 20.15.1-alpine3.20 #9

Sign in to view logs

[Snyk] Security upgrade node from lts-alpine to 20.15.1-alpine3.20

[Snyk] Security upgrade node from lts-alpine to 20.15.1-alpine3.20 #9

Workflow file for this run

.github/workflows/api-container-tests.yml at 76b8927
name: API Container Tests
on:
workflow_dispatch:
pull_request:
branches:
- main
paths:
- "api/source/**"
- "test/api/**"
- "Dockerfile"
- ".github/workflows/api-container-tests.yml"
jobs:
fetch-mysql-versions:
runs-on: ubuntu-latest
outputs:
MYSQL_VERSIONS: ${{ steps.fetch-versions.outputs.version_array }}
steps:
- name: Fetch MySQL Versions
id: fetch-versions
run: |
VERSIONS=$(echo $(curl -s "https://registry.hub.docker.com/v2/repositories/library/mysql/tags/?page_size=100" | jq -r '.results[].name | select(test("^8\\.0\\.\\d+$"))' | sort -V | tail -n3 | cat <(echo "8.0.21") - | jq -Rnc '[inputs]'))
echo "version_array=$VERSIONS" >> $GITHUB_OUTPUT
test_api:
needs: fetch-mysql-versions
name: Postman tests with ${{ matrix.container.name }} and MySQL ${{ matrix.mysql_version }}
runs-on: ubuntu-latest
strategy:
matrix:
container:
- name: "stig-manager-alpine"
build_arg: "node:lts-alpine"
mysql_version: ${{fromJson(needs.fetch-mysql-versions.outputs.MYSQL_VERSIONS)}}
steps:
- name: Check out the repo
uses: actions/checkout@v4
- name: Build image for ${{ matrix.container.name }}
id: image-build
run: |
docker build -t ${{ matrix.container.name }} --build-arg BASE_IMAGE=${{ matrix.container.build_arg }} .
- name: Run mock Keycloak
id: id-run
working-directory: ./test/api/mock-keycloak
run: |
python3 -m http.server 8080 &
- name: Run MySQL container version ${{ matrix.mysql_version }}
id: mysql-run
run: |
docker run -d --name stig-manager-db \
-p 3306:3306 \
-e MYSQL_ROOT_PASSWORD=rootpw \
-e MYSQL_DATABASE=stigman \
-e MYSQL_USER=stigman \
-e MYSQL_PASSWORD=stigman \
mysql:${{ matrix.mysql_version }}
- name: Run STIG Manager container ${{ matrix.container.name }}
id: api-run
run: |
docker run -d --name stig-manager-api \
--net=host \
-e STIGMAN_API_PORT=64001 \
-e STIGMAN_DB_HOST=localhost \
-e STIGMAN_DB_PORT=3306 \
-e STIGMAN_DB_PASSWORD=stigman \
-e STIGMAN_API_AUTHORITY=http://127.0.0.1:8080/auth/realms/stigman \
-e STIGMAN_DEV_RESPONSE_VALIDATION=logOnly \
${{ matrix.container.name }}
- name: Install Newman reporter
id: newman-reporter-install
run: |
sudo npm install -g newman-reporter-htmlextra
- name: Wait for bootstrap
run: for i in {1..10}; do [ $i -gt 1 ] && sleep 5; curl --output /dev/null --silent --fail http://localhost:64001/api/op/configuration && s=0 && break || s=$?; printf '.'; done; (exit $s)
- name: Run Newman Collection LoadTestData
id: newman-run-loadTestData
working-directory: ./test/api
run: |
set -o pipefail
newman run postman_collection.json -e postman_environment.json -d collectionRunnerData.json -n 1 --folder LoadTestData -r cli,htmlextra --reporter-cli-no-assertions --reporter-cli-no-console --reporter-htmlextra-showOnlyFails --reporter-htmlextra-export ./newman/dataPreloadReport-${{ matrix.container.name }}-${{ matrix.mysql_version }}-${{ github.run_id }}.html | grep -A18 '┌─────'
- name: Run Newman Collection GETS
id: newman-run-gets
if: steps.newman-run-loadTestData.conclusion == 'success'
working-directory: ./test/api
run: |
set -o pipefail
newman run postman_collection.json -e postman_environment.json -d collectionRunnerData.json -n 6 --folder GETs -r cli,htmlextra --reporter-cli-no-assertions --reporter-cli-no-console --reporter-htmlextra-showOnlyFails --reporter-htmlextra-export ./newman/GetsReport-${{ matrix.container.name }}-${{ matrix.mysql_version }}-${{ github.run_id }}.html | grep -A18 '┌─────'
- name: Run Newman Collection Posts, Puts, Patches, Deletes
id: newman-run-pppd
if: steps.newman-run-loadTestData.conclusion == 'success'
working-directory: ./test/api
run: |
set -o pipefail
newman run postman_collection.json -e postman_environment.json -d collectionRunnerData.json -n 6 --folder "POSTS, Puts, Patches, and Deletes" -r cli,htmlextra --reporter-cli-no-assertions --reporter-cli-no-console --reporter-htmlextra-showOnlyFails --reporter-htmlextra-export ./newman/PPPDReport-${{ matrix.container.name }}-${{ matrix.mysql_version }}-${{ github.run_id }}.html | grep -A18 '┌─────'
- name: Run Newman Collection STIGS
id: newman-run-stigs
if: steps.newman-run-loadTestData.conclusion == 'success'
working-directory: ./test/api
run: |
set -o pipefail
newman run postman_collection.json -e postman_environment.json -d collectionRunnerData.json -n 2 --folder "STIGS" -r cli,htmlextra --reporter-cli-no-assertions --reporter-cli-no-console --reporter-htmlextra-showOnlyFails --reporter-htmlextra-export ./newman/stigsReport-${{ matrix.container.name }}-${{ matrix.mysql_version }}-${{ github.run_id }}.html | grep -A18 '┌─────'
- name: Run Newman Collection LVL1 Cross-Boundary Tests
id: newman-run-lvl1-cross-boundary
if: steps.newman-run-loadTestData.conclusion == 'success'
working-directory: ./test/api
run: |
set -o pipefail
newman run postman_collection.json -e postman_environment.json -d collectionRunnerData.json -n 1 --folder "LVL1 cross-boundary tests" -r cli,htmlextra --reporter-cli-no-assertions --reporter-cli-no-console --reporter-htmlextra-showEnvironmentData --reporter-htmlextra-export ./newman/lvl1Report-${{ matrix.container.name }}-${{ matrix.mysql_version }}-${{ github.run_id }}.html | grep -A18 '┌─────'
- name: Run Newman Collection Additional Sundry Tests
id: newman-run-additional-sundry
if: steps.newman-run-loadTestData.conclusion == 'success'
working-directory: ./test/api
run: |
set -o pipefail
newman run postman_collection.json -e postman_environment.json -d collectionRunnerData.json -n 1 --folder "Additional sundry tests" -r cli,htmlextra --reporter-cli-no-assertions --reporter-cli-no-console --reporter-htmlextra-showEnvironmentData --reporter-htmlextra-export ./newman/AdditionalSundryReport-${{ matrix.container.name }}-${{ matrix.mysql_version }}-${{ github.run_id }}.html | grep -A18 '┌─────'
- name: Upload Newman artifact
id: artifact-upload
uses: actions/upload-artifact@v4
if: ${{ always() }}
with:
name: newman-htmlextra-${{ matrix.container.name }}-${{ matrix.mysql_version }}-${{ github.run_id }}
path: ./test/api/newman
- name: Extract API container log
id: api-log-extract
if: ${{ always() }}
working-directory: ./test/api
run: |
docker logs stig-manager-api > api-log-${{ matrix.container.name }}-${{ matrix.mysql_version }}-${{ github.run_id }}.json
- name: Upload API log artifact
uses: actions/upload-artifact@v4
id: api-log-upload
if: ${{ always() }}
with:
name: api-log-${{ matrix.container.name }}-${{ matrix.mysql_version }}-${{ github.run_id }}
path: ./test/api/api-log-${{ matrix.container.name }}-${{ matrix.mysql_version }}-${{ github.run_id }}.json
- name: Collect all container logs on failure
if: ${{ cancelled() || failure() }}
uses: jwalton/gh-docker-logs@54a2a89cd6a2c929525f26ca67a7a4857a5dc1d9 # pin@v1
with:
dest: "./logs-${{ matrix.container.name }}-${{ matrix.mysql_version }}"
- name: Tar container logs
if: ${{ cancelled() || failure() }}
run: tar cvzf ./logs-${{ matrix.container.name }}-${{ matrix.mysql_version }}.tgz ./logs-${{ matrix.container.name }}-${{ matrix.mysql_version }}
- name: Upload container logs artifact
if: ${{ cancelled() || failure() }}
uses: actions/upload-artifact@v4
with:
name: logs-${{ matrix.container.name }}-${{ matrix.mysql_version }}.tgz
path: ./logs-${{ matrix.container.name }}-${{ matrix.mysql_version }}.tgz