Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Story #12116: Improve GitHub Actions cache management #1890

Merged
merged 3 commits into from
Jun 24, 2024
Merged

Story #12116: Improve GitHub Actions cache management #1890

merged 3 commits into from
Jun 24, 2024

Conversation

marob
Copy link
Contributor

@marob marob commented Jun 3, 2024
edited
Loading

Description

  • Séparation des caches maven de l'action de Lint et de l'action de build/test (sinon, le cache du Lint ne comprenant que les dépendances Spotless était utilisé pour le build...)
  • Utilisation de actions/cache au lieu de actions/setup-java pour la gestion du cache maven, ce qui permet :
    • de ne pas inclure les données owasp dependency-check dans le cache (on utilise un cache séparé)
    • d'utiliser un cache qui ne correspond pas exactement (hash différent parce que pom.xml modifié) pour accélérer le build (uniquement sur les branches non protégées)
  • Cache séparé pour les données owasp dependency-check :
    • nouveau cache quotidien
    • repart du dernier cache si pas de cache du jour J
  • Mise en cache des spotless-prettier-node-modules-* pour le Lint java
  • Modification de la configuration des repository maven pour que le repository central soit utilisé par défaut (et celui de Vitam uniquement pour les dépendances Vitam)

Type de changement

  • Build

Contributeur

  • VAS (Vitam Accessible en Service)

@vitam-devops
Copy link
Collaborator

vitam-devops commented Jun 3, 2024
edited
Loading

Logo
Checkmarx One – Scan Summary & Detailsb8995933-61fd-4f73-a2ca-9a5ae25d6b8b

New Issues

Severity Issue Source File / Package Checkmarx Insight
HIGH Volume Has Sensitive Host Directory /docker-compose.yml: 26 Container has sensitive host directory mounted as a volume
HIGH Volume Has Sensitive Host Directory /docker-compose.yml: 9 Container has sensitive host directory mounted as a volume
HIGH Volume Has Sensitive Host Directory /vitam-dev.yml: 25 Container has sensitive host directory mounted as a volume
HIGH Volume Has Sensitive Host Directory /vitam-dev.yml: 26 Container has sensitive host directory mounted as a volume
HIGH Volume Has Sensitive Host Directory /vitam-recette.yml: 20 Container has sensitive host directory mounted as a volume
HIGH Volume Has Sensitive Host Directory /docker-compose.yml: 10 Container has sensitive host directory mounted as a volume
HIGH Volume Has Sensitive Host Directory /vitam-dev.yml: 27 Container has sensitive host directory mounted as a volume
HIGH Volume Has Sensitive Host Directory /vitam-recette.yml: 57 Container has sensitive host directory mounted as a volume
HIGH Volume Has Sensitive Host Directory /docker-compose.yml: 25 Container has sensitive host directory mounted as a volume
MEDIUM Unpinned Actions Full Length Commit SHA /build-and-test.yml: 55 Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /build-and-test.yml: 142 Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /build-and-test.yml: 147 Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /build-and-test.yml: 98 Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...

Fixed Issues

Severity Issue Source File / Package
MEDIUM Unpinned Actions Full Length Commit SHA /build-and-test.yml: 79
MEDIUM Unpinned Actions Full Length Commit SHA /build-and-test.yml: 128
MEDIUM Unpinned Actions Full Length Commit SHA /build-and-test.yml: 61
MEDIUM Unpinned Actions Full Length Commit SHA /build-and-test.yml: 123

@marob marob force-pushed the gh-actions-cache branch 2 times, most recently from 87ec94d to 1411144 Compare June 3, 2024 13:54
@marob marob marked this pull request as ready for review June 3, 2024 14:27
@GiooDev GiooDev added this to the IT 136 milestone Jun 3, 2024
@marob marob force-pushed the gh-actions-cache branch from 1411144 to 54f8215 Compare June 3, 2024 15:24
@marob marob added the VAS VAS contribution label Jun 3, 2024
@GiooDev GiooDev modified the milestones: IT 136, IT 137 Jun 12, 2024
@marob marob force-pushed the gh-actions-cache branch from 54f8215 to 97df88d Compare June 24, 2024 09:22
@marob marob force-pushed the gh-actions-cache branch from 2c00f7f to 4d52b86 Compare June 24, 2024 09:47
@marob marob force-pushed the gh-actions-cache branch from 239ee87 to a917db9 Compare June 24, 2024 13:04
@marob marob force-pushed the gh-actions-cache branch from a917db9 to b5b6b99 Compare June 24, 2024 13:08
@marob marob merged commit a3ae5f8 into develop Jun 24, 2024
8 checks passed
@marob marob deleted the gh-actions-cache branch June 24, 2024 14:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Regzox Regzox Regzox approved these changes

@lgheribi lgheribi lgheribi approved these changes

@ebernard ebernard ebernard approved these changes

Assignees
No one assigned
Labels
VAS VAS contribution
Projects
None yet
Milestone
IT 137
Development

Successfully merging this pull request may close these issues.
6 participants
@marob @vitam-devops @ebernard @lgheribi @Regzox @GiooDev