Skip to content

Commit

Permalink
feat: add ci workflow
Browse files Browse the repository at this point in the history
  • Loading branch information
@fazzatti
fazzatti committed May 29, 2024
1 parent a9c7716 commit 86c4e85
Showing 1 changed file with 59 additions and 64 deletions.
123 changes: 59 additions & 64 deletions .github/workflows/ci.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
---
env:
NODEJS_VERSION: v18.18.2
RUN_TRIVY_SCAN: true
RUN_TRIVY_SCAN: true
jobs:
ActionLint:
uses: ./.github/workflows/actionlint.yaml
Expand Down Expand Up @@ -200,7 +200,7 @@ jobs:
restore-keys: |
${{ runner.os }}-yarn-${{ hashFiles('./yarn.lock') }}
- if : ${{ (steps.yarn-cache.outputs.cache-hit != 'true') }}
- if: ${{ (steps.yarn-cache.outputs.cache-hit != 'true') }}
name: tools_ci_sh
run: ./tools/ci.sh

Expand Down Expand Up @@ -268,12 +268,12 @@ jobs:
- name: Set env.GIT_INDEX_FILE_COUNT
id: set_env_git_index_file_count
run: |
echo "GIT_INDEX_FILE_COUNT=$(git status --porcelain | wc -l)" >> "$GITHUB_ENV"
echo "GIT_INDEX_FILE_COUNT=$(git status --porcelain | wc -l)" >> "$GITHUB_ENV"
- name: Print env.GIT_INDEX_FILE_COUNT
id: print_env_git_index_file_count
run: |
echo "${{ env.GIT_INDEX_FILE_COUNT }}"
echo "${{ env.GIT_INDEX_FILE_COUNT }}"
- uses: actions/github-script@v6.4.1
id: set-result-git_index_file_count
Expand Down Expand Up @@ -420,7 +420,7 @@ jobs:
- name: Ensure .tmp Directory Exists
run: mkdir -p .tmp/benchmark-results/cmd-api-server/

# Download previous benchmark result from cache (if exists)
# Download previous benchmark result from cache (if exists)
- name: Download previous benchmark data
uses: actions/cache@v4.0.1
with:
Expand All @@ -434,7 +434,7 @@ jobs:
- name: Store benchmark result
uses: benchmark-action/github-action-benchmark@v1.19.2
with:
tool: 'benchmarkjs'
tool: "benchmarkjs"
output-file-path: .tmp/benchmark-results/cmd-api-server/run-cmd-api-server-benchmark.ts.log
github-token: ${{ secrets.GITHUB_TOKEN }}

Expand All @@ -443,10 +443,10 @@ jobs:
auto-push: ${{ github.ref == 'refs/heads/main' }}

# Show alert with commit comment on detecting possible performance regression
alert-threshold: '5%'
alert-threshold: "5%"
comment-on-alert: true
fail-on-alert: true
alert-comment-cc-users: '@petermetz'
alert-comment-cc-users: "@petermetz"

cactus-cmd-socketio-server:
continue-on-error: false
Expand Down Expand Up @@ -482,7 +482,7 @@ jobs:
FULL_BUILD_DISABLED: true
JEST_TEST_PATTERN: packages/cactus-common/src/test/typescript/(unit|integration|benchmark)/.*/*.test.ts
JEST_TEST_RUNNER_DISABLED: false
TAPE_TEST_PATTERN: '--files={./packages/cactus-common/src/test/typescript/unit/key-converter.test.ts,./packages/cactus-common/src/test/typescript/unit/logging/logger.test.ts}'
TAPE_TEST_PATTERN: "--files={./packages/cactus-common/src/test/typescript/unit/key-converter.test.ts,./packages/cactus-common/src/test/typescript/unit/logging/logger.test.ts}"
TAPE_TEST_RUNNER_DISABLED: false
needs: build-dev
runs-on: ubuntu-22.04
Expand Down Expand Up @@ -638,7 +638,7 @@ jobs:
FULL_BUILD_DISABLED: true
JEST_TEST_PATTERN: examples/cactus-example-supply-chain-backend/src/test/typescript/(unit|integration|benchmark)/.*/*.test.ts
JEST_TEST_RUNNER_DISABLED: false
TAPE_TEST_PATTERN: '--files={./examples/cactus-example-supply-chain-backend/src/test/typescript/integration/supply-chain-backend-api-calls.test.ts,./examples/cactus-example-supply-chain-backend/src/test/typescript/integration/supply-chain-cli-via-npm-script.test.ts}'
TAPE_TEST_PATTERN: "--files={./examples/cactus-example-supply-chain-backend/src/test/typescript/integration/supply-chain-backend-api-calls.test.ts,./examples/cactus-example-supply-chain-backend/src/test/typescript/integration/supply-chain-cli-via-npm-script.test.ts}"
TAPE_TEST_RUNNER_DISABLED: false
needs: build-dev
runs-on: ubuntu-22.04
Expand Down Expand Up @@ -817,7 +817,7 @@ jobs:
FULL_BUILD_DISABLED: true
JEST_TEST_PATTERN: packages/cactus-plugin-keychain-aws-sm/src/test/typescript/(unit|integration|benchmark)/.*/*.test.ts
JEST_TEST_RUNNER_DISABLED: true
TAPE_TEST_PATTERN: '--files={./packages/cactus-plugin-keychain-aws-sm/src/test/typescript/integration/openapi/openapi-validation.test.ts,./packages/cactus-plugin-keychain-aws-sm/src/test/typescript/integration/plugin-factory-keychain.test.ts,./packages/cactus-plugin-keychain-aws-sm/src/test/typescript/integration/plugin-factory-keychain.test.ts,./packages/cactus-plugin-keychain-aws-sm/src/test/typescript/integration/plugin-keychain-aws-sm.test.ts}'
TAPE_TEST_PATTERN: "--files={./packages/cactus-plugin-keychain-aws-sm/src/test/typescript/integration/openapi/openapi-validation.test.ts,./packages/cactus-plugin-keychain-aws-sm/src/test/typescript/integration/plugin-factory-keychain.test.ts,./packages/cactus-plugin-keychain-aws-sm/src/test/typescript/integration/plugin-factory-keychain.test.ts,./packages/cactus-plugin-keychain-aws-sm/src/test/typescript/integration/plugin-keychain-aws-sm.test.ts}"
TAPE_TEST_RUNNER_DISABLED: false
needs: build-dev
runs-on: ubuntu-22.04
Expand Down Expand Up @@ -869,7 +869,7 @@ jobs:
FULL_BUILD_DISABLED: true
JEST_TEST_PATTERN: packages/cactus-plugin-keychain-google-sm/src/test/typescript/(unit|integration|benchmark)/.*/*.test.ts
JEST_TEST_RUNNER_DISABLED: false
TAPE_TEST_PATTERN: '--files={./packages/cactus-plugin-keychain-google-sm/src/test/typescript/integration/openapi/openapi-validation.test.ts,./packages/cactus-plugin-keychain-google-sm/src/test/typescript/integration/plugin-factory-keychain.test.ts,./packages/cactus-plugin-keychain-google-sm/src/test/typescript/integration/plugin-keychain-google-sm.test.ts}'
TAPE_TEST_PATTERN: "--files={./packages/cactus-plugin-keychain-google-sm/src/test/typescript/integration/openapi/openapi-validation.test.ts,./packages/cactus-plugin-keychain-google-sm/src/test/typescript/integration/plugin-factory-keychain.test.ts,./packages/cactus-plugin-keychain-google-sm/src/test/typescript/integration/plugin-keychain-google-sm.test.ts}"
TAPE_TEST_RUNNER_DISABLED: false
needs: build-dev
runs-on: ubuntu-22.04
Expand Down Expand Up @@ -946,7 +946,7 @@ jobs:
FULL_BUILD_DISABLED: true
JEST_TEST_PATTERN: packages/cactus-plugin-keychain-vault/src/test/typescript/(unit|integration|benchmark)/.*/*.test.ts
JEST_TEST_RUNNER_DISABLED: false
TAPE_TEST_PATTERN: '--files={./packages/cactus-plugin-keychain-vault/src/test/typescript/integration/cactus-keychain-vault-server.test.ts,./packages/cactus-plugin-keychain-vault/src/test/typescript/integration/openapi/openapi-validation.test.ts,./packages/cactus-plugin-keychain-vault/src/test/typescript/integration/plugin-keychain-vault.test.ts}'
TAPE_TEST_PATTERN: "--files={./packages/cactus-plugin-keychain-vault/src/test/typescript/integration/cactus-keychain-vault-server.test.ts,./packages/cactus-plugin-keychain-vault/src/test/typescript/integration/openapi/openapi-validation.test.ts,./packages/cactus-plugin-keychain-vault/src/test/typescript/integration/plugin-keychain-vault.test.ts}"
TAPE_TEST_RUNNER_DISABLED: false
needs: build-dev
runs-on: ubuntu-22.04
Expand Down Expand Up @@ -1024,11 +1024,10 @@ jobs:
restore-keys: |
${{ runner.os }}-yarn-${{ hashFiles('./yarn.lock') }}
- run: ./tools/ci.sh

- name: Ensure .tmp Directory Exists
run: mkdir -p .tmp/benchmark-results/plugin-ledger-connector-besu/

# Download previous benchmark result from cache (if exists)
# Download previous benchmark result from cache (if exists)
- name: Download previous benchmark data
uses: actions/cache@v3.3.1
with:
Expand All @@ -1042,7 +1041,7 @@ jobs:
- name: Store benchmark result
uses: benchmark-action/github-action-benchmark@v1.19.2
with:
tool: 'benchmarkjs'
tool: "benchmarkjs"
output-file-path: .tmp/benchmark-results/plugin-ledger-connector-besu/run-plugin-ledger-connector-besu-benchmark.ts.log
github-token: ${{ secrets.GITHUB_TOKEN }}

Expand All @@ -1051,10 +1050,10 @@ jobs:
auto-push: ${{ github.ref == 'refs/heads/main' }}

# Show alert with commit comment on detecting possible performance regression
alert-threshold: '5%'
alert-threshold: "5%"
comment-on-alert: true
fail-on-alert: true
alert-comment-cc-users: '@petermetz'
alert-comment-cc-users: "@petermetz"

cpl-connector-polkadot:
continue-on-error: false
Expand Down Expand Up @@ -1114,13 +1113,12 @@ jobs:
restore-keys: |
${{ runner.os }}-yarn-${{ hashFiles('./yarn.lock') }}
- run: ./tools/ci.sh

cpl-connector-stellar:
continue-on-error: false
needs:
- build-dev
- compute_changed_packages
if: needs.compute_changed_packages.outputs.plugin-ledger-connector-stellar-changed == 'true'
env:
FULL_BUILD_DISABLED: true
JEST_TEST_PATTERN: packages/cacti-plugin-ledger-connector-stellar/src/test/typescript/(unit|integration|benchmark)/.*/*.test.ts
Expand All @@ -1144,7 +1142,6 @@ jobs:
${{ runner.os }}-yarn-${{ hashFiles('./yarn.lock') }}
- run: ./tools/ci.sh


plc-fabric-0:
needs:
- build-dev
Expand Down Expand Up @@ -1675,7 +1672,7 @@ jobs:
with:
node-version: ${{ env.NODEJS_VERSION }}
- uses: actions/checkout@v4.1.1

- id: yarn-cache
name: Restore Yarn Cache
uses: actions/cache@v4.0.1
Expand All @@ -1685,19 +1682,18 @@ jobs:
restore-keys: |
${{ runner.os }}-yarn-${{ hashFiles('./yarn.lock') }}
- run: ./tools/ci.sh

- name: Build an image from Dockerfile
run: DOCKER_BUILDKIT=1 docker build . -f ./packages/cactus-plugin-ledger-connector-quorum/Dockerfile -t plugin-ledger-connector-quorum
- if: ${{ env.RUN_TRIVY_SCAN == 'true' }}
name: Run Trivy vulnerability scan for plugin-ledger-connector-quorum
uses: aquasecurity/trivy-action@0.19.0
with:
image-ref: 'plugin-ledger-connector-quorum'
format: 'table'
exit-code: '1'
image-ref: "plugin-ledger-connector-quorum"
format: "table"
exit-code: "1"
ignore-unfixed: false
vuln-type: 'os,library'
severity: 'CRITICAL,HIGH'
vuln-type: "os,library"
severity: "CRITICAL,HIGH"
cplc-sawtooth:
continue-on-error: false
env:
Expand Down Expand Up @@ -1780,7 +1776,7 @@ jobs:
FULL_BUILD_DISABLED: true
JEST_TEST_PATTERN: extensions/cactus-plugin-object-store-ipfs/src/test/typescript/(unit|integration|benchmark)/.*/*.test.ts
JEST_TEST_RUNNER_DISABLED: false
TAPE_TEST_PATTERN: '--files={./extensions/cactus-plugin-object-store-ipfs/src/test/typescript/integration/plugin-object-store-ipfs.test.ts,./extensions/cactus-plugin-object-store-ipfs/src/test/typescript/unit/plugin-object-store-ipfs.test.ts}'
TAPE_TEST_PATTERN: "--files={./extensions/cactus-plugin-object-store-ipfs/src/test/typescript/integration/plugin-object-store-ipfs.test.ts,./extensions/cactus-plugin-object-store-ipfs/src/test/typescript/unit/plugin-object-store-ipfs.test.ts}"
TAPE_TEST_RUNNER_DISABLED: false
needs: build-dev
runs-on: ubuntu-22.04
Expand Down Expand Up @@ -1963,7 +1959,7 @@ jobs:
FULL_BUILD_DISABLED: true
JEST_TEST_PATTERN: packages/cactus-test-plugin-htlc-eth-besu/src/test/typescript/(unit|integration|benchmark)/.*/*.test.ts
JEST_TEST_RUNNER_DISABLED: false
TAPE_TEST_PATTERN: '--files={./packages/cactus-test-plugin-htlc-eth-besu/src/test/typescript/integration/plugin-htlc-eth-besu/get-single-status-endpoint.test.ts,./packages/cactus-test-plugin-htlc-eth-besu/src/test/typescript/integration/plugin-htlc-eth-besu/openapi/openapi-validation.test.ts}'
TAPE_TEST_PATTERN: "--files={./packages/cactus-test-plugin-htlc-eth-besu/src/test/typescript/integration/plugin-htlc-eth-besu/get-single-status-endpoint.test.ts,./packages/cactus-test-plugin-htlc-eth-besu/src/test/typescript/integration/plugin-htlc-eth-besu/openapi/openapi-validation.test.ts}"
TAPE_TEST_RUNNER_DISABLED: false
needs: build-dev
runs-on: ubuntu-22.04
Expand All @@ -1983,7 +1979,6 @@ jobs:
restore-keys: |
${{ runner.os }}-yarn-${{ hashFiles('./yarn.lock') }}
- run: ./tools/ci.sh

- name: Install Foundry
uses: foundry-rs/foundry-toolchain@v1

Expand Down Expand Up @@ -2037,7 +2032,7 @@ jobs:
with:
node-version: ${{ env.NODEJS_VERSION }}
- uses: actions/checkout@v4.1.1

- id: yarn-cache
name: Restore Yarn Cache
uses: actions/cache@v4.0.1
Expand Down Expand Up @@ -2176,12 +2171,12 @@ jobs:
name: Run Trivy vulnerability scan for cactus-cmd-api-server
uses: aquasecurity/trivy-action@0.19.0
with:
image-ref: 'cactus-cmd-api-server'
format: 'table'
exit-code: '1'
image-ref: "cactus-cmd-api-server"
format: "table"
exit-code: "1"
ignore-unfixed: false
vuln-type: 'os,library'
severity: 'CRITICAL,HIGH'
vuln-type: "os,library"
severity: "CRITICAL,HIGH"
ghcr-connector-besu:
needs:
- compute_changed_packages
Expand All @@ -2195,12 +2190,12 @@ jobs:
name: Run Trivy vulnerability scan for cactus-connector-besu
uses: aquasecurity/trivy-action@0.19.0
with:
image-ref: 'cactus-connector-besu'
format: 'table'
exit-code: '1'
image-ref: "cactus-connector-besu"
format: "table"
exit-code: "1"
ignore-unfixed: false
vuln-type: 'os,library'
severity: 'CRITICAL,HIGH'
vuln-type: "os,library"
severity: "CRITICAL,HIGH"
ghcr-connector-corda-server:
runs-on: ubuntu-22.04
needs:
Expand All @@ -2215,12 +2210,12 @@ jobs:
name: Run Trivy vulnerability scan for cactus-connector-corda-server
uses: aquasecurity/trivy-action@0.19.0
with:
image-ref: 'cactus-connector-corda-server'
format: 'table'
exit-code: '1'
image-ref: "cactus-connector-corda-server"
format: "table"
exit-code: "1"
ignore-unfixed: false
vuln-type: 'os,library'
severity: 'CRITICAL,HIGH'
vuln-type: "os,library"
severity: "CRITICAL,HIGH"
ghcr-connector-fabric:
runs-on: ubuntu-22.04
needs:
Expand All @@ -2235,12 +2230,12 @@ jobs:
name: Run Trivy vulnerability scan for cactus-connector-fabric
uses: aquasecurity/trivy-action@0.19.0
with:
image-ref: 'cactus-connector-fabric'
format: 'table'
exit-code: '1'
image-ref: "cactus-connector-fabric"
format: "table"
exit-code: "1"
ignore-unfixed: false
vuln-type: 'os,library'
severity: 'CRITICAL,HIGH'
vuln-type: "os,library"
severity: "CRITICAL,HIGH"
ghcr-corda-all-in-one:
runs-on: ubuntu-22.04
needs:
Expand All @@ -2266,7 +2261,7 @@ jobs:
- uses: actions/checkout@v4.1.1
- name: ghcr.io/hyperledger/cactus-corda-all-in-one-obligation
run: DOCKER_BUILDKIT=1 docker build ./tools/docker/corda-all-in-one/ -f ./tools/docker/corda-all-in-one/corda-v4_8/Dockerfile -t cactus-corda-all-in-one-obligation

ghcr-dev-container-vscode:
runs-on: ubuntu-22.04
needs:
Expand Down Expand Up @@ -2297,14 +2292,14 @@ jobs:
- uses: actions/checkout@v4.1.1
- name: ghcr.io/hyperledger/cactus-example-supply-chain-app
run: DOCKER_BUILDKIT=1 docker build . -f ./examples/cactus-example-supply-chain-backend/Dockerfile -t cactus-example-supply-chain-app

ghcr-fabric-all-in-one:
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4.1.1
- name: ghcr.io/hyperledger/cactus-fabric-all-in-one
run: DOCKER_BUILDKIT=1 docker build ./tools/docker/fabric-all-in-one/ -f ./tools/docker/fabric-all-in-one/Dockerfile_v1.4.x

ghcr-fabric2-all-in-one:
runs-on: ubuntu-22.04
steps:
Expand All @@ -2322,28 +2317,28 @@ jobs:
name: Run Trivy vulnerability scan for cactus-keychain-vault-server
uses: aquasecurity/trivy-action@0.19.0
with:
image-ref: 'cactus-keychain-vault-server'
format: 'table'
exit-code: '1'
image-ref: "cactus-keychain-vault-server"
format: "table"
exit-code: "1"
ignore-unfixed: false
vuln-type: 'os,library'
severity: 'CRITICAL,HIGH'
vuln-type: "os,library"
severity: "CRITICAL,HIGH"
ghcr-quorum-all-in-one:
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4.1.1
- name: ghcr.io/hyperledger/cactus-quorum-all-in-one
run: DOCKER_BUILDKIT=1 docker build ./tools/docker/quorum-all-in-one/ -f ./tools/docker/quorum-all-in-one/Dockerfile

ghcr-quorum-multi-party-all-in-one:
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4.1.1
- name: ghcr.io/hyperledger/cactus-quorum-multi-party-all-in-one
run: DOCKER_BUILDKIT=1 docker build ./tools/docker/quorum-multi-party-all-in-one/ -f ./tools/docker/quorum-multi-party-all-in-one/Dockerfile -t cactus-quorum-multi-party-all-in-one

name: Cactus_CI
'on':
"on":
pull_request:
branches:
- main
Expand All @@ -2352,4 +2347,4 @@ name: Cactus_CI
push:
branches:
- main
- dev
- dev

0 comments on commit 86c4e85

Please sign in to comment.