Add user notification on import #93 #1004
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Continuous Integration | |
| on: push | |
| env: | |
| JAVA_VERSION: 17 | |
| jobs: | |
| build: | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - name: Check out repository code | |
| uses: actions/checkout@v4 | |
| with: | |
| path: plugin | |
| - name: Setup Java JDK ${{ env.JAVA_VERSION }} | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: ${{ env.JAVA_VERSION }} | |
| distribution: temurin | |
| cache: maven | |
| - name: Retrieve variables from pom | |
| id: requestPom | |
| working-directory: plugin | |
| run: | | |
| echo "GRAYLOG_VERSION=$(mvn help:evaluate -Dexpression=project.parent.version -q -DforceStdout)" >> $GITHUB_OUTPUT | |
| NAME=$(mvn help:evaluate -Dexpression=project.name -q -DforceStdout) | |
| VERSION=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout) | |
| echo "JAR_PATH=target/$NAME-$VERSION.jar" >> $GITHUB_OUTPUT | |
| echo "RPM_PATH=target/rpm/$NAME/RPMS/noarch/$NAME-$VERSION-1.noarch.rpm" >> $GITHUB_OUTPUT | |
| echo "DEB_PATH=target/$NAME-$VERSION.deb" >> $GITHUB_OUTPUT | |
| - name: Cache Graylog | |
| uses: actions/cache@v4 | |
| id: cache | |
| with: | |
| path: graylog2-server | |
| key: ${{ steps.requestPom.outputs.GRAYLOG_VERSION }} | |
| - name: Check out Graylog ${{ steps.requestPom.outputs.GRAYLOG_VERSION }} | |
| if: steps.cache.outputs.cache-hit != 'true' | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: Graylog2/graylog2-server | |
| ref: ${{ steps.requestPom.outputs.GRAYLOG_VERSION }} | |
| path: graylog2-server | |
| - name: Build Graylog | |
| if: steps.cache.outputs.cache-hit != 'true' | |
| working-directory: graylog2-server | |
| run: | | |
| mvn compile -DskipTests=true --batch-mode | |
| - name: Cache node_modules | |
| uses: actions/cache@v4 | |
| with: | |
| path: plugin/node_modules | |
| key: ${{ hashFiles('plugin/yarn.lock') }} | |
| - name: Build plugin | |
| working-directory: plugin | |
| run: | | |
| mvn package --batch-mode | |
| - name: Copy jar to backend tests runtime | |
| working-directory: plugin | |
| run: | | |
| mkdir runtime/graylog/plugin | |
| cp ${{ steps.requestPom.outputs.JAR_PATH }} runtime/graylog/plugin | |
| - name: Preparing backend tests | |
| working-directory: plugin/validation | |
| run: | | |
| python -m venv venv | |
| source venv/bin/activate | |
| pip install -r requirements.txt | |
| docker-compose --project-directory ../runtime pull | |
| - name: Execute brittle tests | |
| working-directory: plugin/validation | |
| run: | | |
| PYTHONUNBUFFERED=true python -m unittest test_brittle --verbose | |
| - name: Execute backend tests | |
| working-directory: plugin/validation | |
| run: | | |
| PYTHONUNBUFFERED=true python -m unittest test --verbose | |
| - name: Package signed .rpm | |
| working-directory: plugin | |
| env: | |
| GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }} | |
| PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} | |
| run: | | |
| mvn rpm:rpm | |
| echo -n "$GPG_PRIVATE_KEY" | gpg2 --batch --allow-secret-key-import --import | |
| rpm --define "_gpg_name Airbus CyberSecurity" --define "_gpg_sign_cmd_extra_args --pinentry-mode loopback --passphrase $PASSPHRASE" --addsign "${{ steps.requestPom.outputs.RPM_PATH }}" | |
| - name: Package signed .deb | |
| working-directory: plugin | |
| env: | |
| GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }} | |
| PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} | |
| run: | | |
| echo -n "$GPG_PRIVATE_KEY" | gpg2 --batch --allow-secret-key-import --import | |
| gpg2 --export-secret-keys --batch --pinentry-mode loopback --passphrase "$PASSPHRASE" > $HOME/.gnupg/secring.gpg | |
| mvn jdeb:jdeb --settings deployment/settings.xml | |
| - name: Check license headers | |
| working-directory: plugin | |
| run: | | |
| mvn license:check | |
| - name: Archive .jar | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: jar | |
| path: plugin/${{ steps.requestPom.outputs.JAR_PATH }} | |
| if-no-files-found: error | |
| - name: Archive .rpm | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: rpm | |
| path: plugin/${{ steps.requestPom.outputs.RPM_PATH }} | |
| if-no-files-found: error | |
| - name: Archive .deb | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: deb | |
| path: plugin/${{ steps.requestPom.outputs.DEB_PATH }} | |
| if-no-files-found: error | |
| - name: Release | |
| if: startsWith(github.ref, 'refs/tags/') | |
| uses: softprops/action-gh-release@v1 | |
| with: | |
| files: | | |
| plugin/${{ steps.requestPom.outputs.JAR_PATH }} | |
| plugin/${{ steps.requestPom.outputs.RPM_PATH }} | |
| plugin/${{ steps.requestPom.outputs.DEB_PATH }} | |
| fail_on_unmatched_files: true | |
| - name: Deploy to Maven Central | |
| if: startsWith(github.ref, 'refs/tags/') | |
| working-directory: plugin | |
| env: | |
| SONATYPE_USERNAME: ${{ secrets.SONATYPE_USERNAME }} | |
| SONATYPE_PASSWORD: ${{ secrets.SONATYPE_PASSWORD }} | |
| GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }} | |
| PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} | |
| run: | | |
| echo -n "$GPG_PRIVATE_KEY" | gpg2 --batch --allow-secret-key-import --import | |
| mvn clean deploy -DskipTests=true --settings deployment/settings.xml |