This repository has been archived by the owner on Feb 20, 2024. It is now read-only.

CI build #571

Workflow file for this run

	name: CI build

	on:
	schedule:
	- cron: '0 10 * * *' # every day at 10am
	push:
	branches:
	- master
	tags:
	- 'v..*'
	pull_request:
	branches:
	- master

	jobs:
	build:
	runs-on: ubuntu-22.04

	steps:
	- name: Check out Git repository
	uses: actions/checkout@v3

	- name: Set up JDK 11
	uses: actions/setup-java@v3
	with:
	java-version: '11'
	distribution: 'temurin'
	cache: 'maven'

	- name: Build with maven
	run: mvn -B package -Dmaven.test.skip=true

	- name: Upload war
	uses: actions/upload-artifact@v3
	with:
	name: negotiator-war
	path: target/negotiator.war

	- name: Set up QEMU
	uses: docker/setup-qemu-action@v2

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v2

	- name: Build and push Docker image
	uses: docker/build-push-action@v3
	with:
	context: .
	tags: negotiator:latest
	outputs: type=docker,dest=/tmp/negotiator.tar

	- name: Upload image
	uses: actions/upload-artifact@v3
	with:
	name: negotiator-image
	path: /tmp/negotiator.tar


	unit-tests:
	needs: build
	runs-on: ubuntu-22.04

	steps:
	- name: Check out Git repository
	uses: actions/checkout@v3

	- name: Set up JDK 11
	uses: actions/setup-java@v3
	with:
	java-version: '11'
	distribution: 'temurin'
	cache: 'maven'

	- name: Run unit tests
	run: mvn test

	- name: Upload coverage to Codecov
	uses: codecov/codecov-action@v3


	system-tests:
	needs: unit-tests
	runs-on: ubuntu-22.04

	steps:
	- name: Check out Git repository
	uses: actions/checkout@v3

	- name: Download Image
	uses: actions/download-artifact@v3
	with:
	name: negotiator-image
	path: /tmp

	- name: Load Image
	run: docker load --input /tmp/negotiator.tar

	- name: Create docker network
	run: docker network create negotiator

	- name: Run negotiator-db in docker
	run: docker run --name negotiator-db --network negotiator -p 5432:5432 -e POSTGRES_PASSWORD=negotiator -e POSTGRES_USER=negotiator -e POSTGRES_DB=negotiator -d postgres:14

	- name: Run negotiator in docker
	run: docker run -d --name negotiator --network negotiator -p 8080:8080 -e POSTGRES_HOST="negotiator-db" -e AUTH="true" negotiator:latest

	- name: Install newman
	run: \|
	npm install -g newman

	- name: Wait for url
	run: .github/scripts/wait_for_url.sh http://localhost:8080

	- name: Run system integration tests
	run: \|
	newman run .github/tests/api_tests.json


	acceptance-tests:
	needs: [ system-tests ]
	runs-on: ubuntu-22.04

	steps:
	- name: Check out Git repository
	uses: actions/checkout@v3

	- name: Download Image
	uses: actions/download-artifact@v3
	with:
	name: negotiator-image
	path: /tmp

	- name: Load Image
	run: docker load --input /tmp/negotiator.tar

	- name: Create docker network
	run: docker network create negotiator

	- name: Run negotiator-db in docker
	run: docker run --name negotiator-db --network negotiator -p 5432:5432 -e POSTGRES_PASSWORD=negotiator -e POSTGRES_USER=negotiator -e POSTGRES_DB=negotiator -d postgres:14

	- name: Run negotiator in docker
	run: docker run -d --name negotiator --network negotiator -p 8080:8080 -e POSTGRES_HOST="negotiator-db" -e AUTH="true" negotiator:latest

	- name: Set up Python
	uses: actions/setup-python@v4
	with:
	python-version: '3.10'

	- name: Install chrome binaries
	run: .github/scripts/install_chrome.sh

	- name: Install all necessary packages
	run: pip install webdrivermanager selenium pytest

	- name: Install newman
	run: \|
	npm install -g newman

	- name: Wait for url
	run: .github/scripts/wait_for_url.sh http://localhost:8080 & sleep 10

	- name: Create query using postman
	run: \|
	newman run .github/tests/create_query_postman.json

	- name: Run acceptance tests
	run: pytest .github/tests/test_use-cases.py


	code-scan:
	needs: [ acceptance-tests ]
	runs-on: ubuntu-22.04
	permissions:
	security-events: write

	steps:
	- name: Check out Git repository
	uses: actions/checkout@v3

	- name: Set up JDK 11
	uses: actions/setup-java@v3
	with:
	java-version: '11'
	distribution: 'temurin'
	cache: 'maven'

	- name: Initialize CodeQL
	uses: github/codeql-action/init@v2
	with:
	languages: java

	- name: Build with maven
	run: mvn package -Dmaven.test.skip=true

	- name: Perform CodeQL Analysis
	uses: github/codeql-action/analyze@v2


	image-scan:
	needs: [ acceptance-tests ]
	runs-on: ubuntu-22.04

	steps:
	- name: Download Image
	uses: actions/download-artifact@v3
	with:
	name: negotiator-image
	path: /tmp

	- name: Load Image
	run: docker load --input /tmp/negotiator.tar

	- name: Check out Git repository
	uses: actions/checkout@v3

	- name: Run Trivy vulnerability scanner
	uses: aquasecurity/trivy-action@0.9.0
	with:
	image-ref: negotiator:latest
	format: sarif
	output: trivy-results.sarif
	severity: 'CRITICAL,HIGH'

	- name: Upload Trivy scan results to GitHub Security tab
	uses: github/codeql-action/upload-sarif@v2
	with:
	sarif_file: trivy-results.sarif


	push_image:
	needs: [ acceptance-tests ]
	runs-on: ubuntu-latest
	steps:
	- name: Check out Git repository
	uses: actions/checkout@v3

	- name: Download Image
	uses: actions/download-artifact@v3
	with:
	name: negotiator-image
	path: /tmp
	- name: Download War
	uses: actions/download-artifact@v3
	with:
	name: negotiator-war
	path: target/negotiator.war

	- name: Load Image
	run: docker load --input /tmp/negotiator.tar

	- name: Set up QEMU
	uses: docker/setup-qemu-action@v2

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v2

	- name: Log in to Docker Hub
	uses: docker/login-action@v2
	with:
	username: ${{ secrets.DOCKERHUB_USER }}
	password: ${{ secrets.DOCKERHUB_TOKEN }}

	- name: Login to GitHub Container Registry
	uses: docker/login-action@v2
	with:
	registry: ghcr.io
	username: ${{ github.repository_owner }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Docker meta
	id: docker-meta
	uses: docker/metadata-action@v4
	with:
	images: \|
	bbmrieric/negotiator
	ghcr.io/${{ github.repository_owner }}/negotiator-v2
	tags: \|
	type=schedule
	type=ref,event=branch
	type=ref,event=pr
	type=semver,pattern={{version}}
	type=semver,pattern={{major}}.{{minor}}
	type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'master') }}

	- name: Build and push Docker image
	uses: docker/build-push-action@v3
	with:
	context: .
	platforms: linux/amd64, linux/arm64
	push: true
	tags: ${{ steps.docker-meta.outputs.tags }}
	labels: ${{ steps.docker-meta.outputs.labels }}
	cache-from: type=gha
	cache-to: type=gha,mode=max

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CI build #571

Workflow file

CI build #571

Jobs

Run details

Workflow file for this run