add security cron job #1281
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Java Agent Tests | |
on: | |
push: | |
branches: | |
- master | |
pull_request: | |
paths-ignore: | |
- 'components/**' | |
- 'inspectit-ocelot-documentation/**' | |
- 'resources/**' | |
- 'codequality/**' | |
- '**.md' | |
- '**.txt' | |
- '.github/**' | |
- '.circleci/**' | |
workflow_call: | |
jobs: | |
pr-check: | |
name: 'Agent Tests (${{ matrix.dockerimage }})' | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
dockerimage: | |
- 'ibmjava:8-sdk' | |
- 'eclipse-temurin:8' | |
- 'eclipse-temurin:11' | |
- 'eclipse-temurin:17' | |
- 'eclipse-temurin:21' | |
container: ${{ matrix.dockerimage }} | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Grant execute permission for gradlew | |
run: chmod +x gradlew | |
- name: Determine JDK version | |
id: determine-jdk | |
# if Java 21 is used, update com.palantir.docker to 0.36.0, because 0.34.0 is not compatible with gradle 8 | |
# Java 21 needs at least gradle 8 | |
shell: bash | |
run: | | |
java_version=$(java -version 2>&1 | awk -F '"' '/version/ {print $2}') | |
echo "Java version: $java_version" | |
if [[ "$java_version" == 21* ]]; then | |
echo "::set-output name=gradle_property::comPalantirDockerVersion=0.36.0" | |
else | |
echo "::set-output name=gradle_property::comPalantirDockerVersion=0.34.0" | |
fi | |
- name: Upgrade Wrapper to 8.7 for Java 21 | |
# Java 21 needs at least gradle 8 | |
shell: bash | |
run: | | |
if [[ "${{ matrix.dockerimage }}" == "eclipse-temurin:21" ]]; then | |
sed -i 's/gradle-7.6.4-bin.zip/gradle-8.7-bin.zip/' gradle/wrapper/gradle-wrapper.properties | |
cat gradle/wrapper/gradle-wrapper.properties | |
fi | |
- name: Clean Gradle cache | |
run: ./gradlew -P${{ steps.determine-jdk.outputs.gradle_property }} clean | |
- name: assemble | |
run: ./gradlew -P${{ steps.determine-jdk.outputs.gradle_property }} :inspectit-ocelot-core:assemble | |
- name: test | |
run: ./gradlew -P${{ steps.determine-jdk.outputs.gradle_property }} :inspectit-ocelot-core:test --no-daemon | |
- name: systemTest | |
run: ./gradlew -P${{ steps.determine-jdk.outputs.gradle_property }} :inspectit-ocelot-agent:systemTest | |
- name: upload test results | |
uses: actions/upload-artifact@v3 | |
if: ${{ failure() }} | |
with: | |
name: 'test-results' | |
path: | | |
inspectit-ocelot-agent/build/test-results | |
inspectit-ocelot-core/build/test-results | |
inspectit-ocelot-core/build/reports | |
inspectit-ocelot-config/build/test-results | |
coverage: | |
name: Coverage | |
runs-on: ubuntu-latest | |
container: eclipse-temurin:8-jdk | |
needs: [ pr-check ] | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Grant execute permission for gradlew | |
run: chmod +x gradlew | |
- name: Run code coverage | |
run: ./gradlew codeCoverageReport | |
- name: Upload coverage to Codecov | |
uses: codecov/codecov-action@v3 | |
with: | |
name: codecov-ocelot-agent | |
files: ./build/reports/jacoco/report.xml | |
flags: unittests | |
verbose: true | |
dependency-scan: | |
name: Dependency Scan | |
runs-on: ubuntu-latest | |
container: eclipse-temurin:8-jdk | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Grant execute permission for gradlew | |
run: chmod +x gradlew | |
- name: build | |
run: ./gradlew :inspectit-ocelot-agent:assemble | |
# the action has not been updated a while, but it always uses the latest plugin version | |
- name: DependencyCheck inspectit-ocelot-agent | |
uses: dependency-check/Dependency-Check_Action@main | |
with: | |
project: inspectIT/inspectit-ocelot-agent | |
path: 'inspectit-ocelot-agent' | |
format: 'HTML' | |
out: 'reports' | |
args: > | |
--disableAssembly | |
--disableNodeAudit | |
--nvdApiKey ${{ secrets.NVD_API_KEY }} | |
--nvdApiDelay 10000 | |
- name: Upload test results | |
uses: actions/upload-artifact@v4 | |
with: | |
name: dependency-check-report-ocelot-agent | |
path: ${{ github.workspace }}/reports | |
jmh-compile: | |
name: 'Compile JMH Tests' | |
runs-on: ubuntu-latest | |
container: eclipse-temurin:8-jdk | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Grant execute permission for gradlew | |
run: chmod +x gradlew | |
- name: jmhCompile | |
run: ./gradlew jmhCompile | |
attach-jdk8: | |
name: 'Runtime Attachment' | |
runs-on: ubuntu-latest | |
container: eclipse-temurin:8-jdk | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Grant execute permission for gradlew | |
run: chmod +x gradlew | |
- name: assemble | |
run: ./gradlew assemble | |
- name: attach | |
run: | | |
apk update && apk add curl | |
echo "class Dummy{public static void main(String[] args)throws InterruptedException{while (true){Thread.sleep(1000);}}}" > Dummy.java | |
javac Dummy.java | |
$(nohup java Dummy > out.txt &) | |
processId=$( ps -e -o pid,comm,args | grep 'java Dummy' | awk '{ if ($2=="java") print $1 }' ) | |
pwd | |
java -jar inspectit-ocelot-agent/build/inspectit-ocelot-agent-SNAPSHOT.jar $processId '{"inspectit.exporters.metrics.prometheus.enabled":"ENABLED"}' | |
curl -4 -o /dev/null -s -w "%{http_code}" --connect-timeout 2 --max-time 2 --retry 3 --retry-delay 3 --retry-max-time 10 --retry-connrefuse http://localhost:8888 |