Added detect-secrets to github workflow #167
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# | |
# Copyright contributors to the Galasa project | |
# | |
# SPDX-License-Identifier: EPL-2.0 | |
# | |
name: PR build | |
on: | |
pull_request: | |
branches: [main] | |
env: | |
REGISTRY: ghcr.io | |
NAMESPACE: galasa-dev | |
IMAGE_TAG: main | |
jobs: | |
build-cli: | |
name: Build the Galasa CLI | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout CLI | |
uses: actions/checkout@v4 | |
- name: Turn script into an executable | |
run: chmod +x detect-secrets.sh | |
- name: Run the detect secrets script | |
run: ./detect-secrets.sh | |
- name: Setup Gradle | |
uses: gradle/actions/setup-gradle@v3 | |
with: | |
gradle-version: 8.9 | |
cache-disabled: true | |
# Pull down dependencies with Gradle and put them in the right places. | |
- name: Gather dependencies using Gradle | |
run : | | |
set -o pipefail | |
gradle -b build.gradle installJarsIntoTemplates --info \ | |
--no-daemon --console plain \ | |
-PsourceMaven=https://development.galasa.dev/main/maven-repo/obr \ | |
-PcentralMaven=https://repo.maven.apache.org/maven2/ \ | |
-PtargetMaven=${{ github.workspace }}/repo 2>&1 | tee build.log | |
- name: Upload Gradle installJarsIntoTemplates log | |
if: failure() | |
uses: actions/upload-artifact@v4 | |
with: | |
name: gradle-installJarsIntoTemplates-log | |
path: build.log | |
retention-days: 7 | |
# Generate client code so galasactl can communicate with the API server. | |
- name: Generate Go client code using openapi.yaml | |
run : | | |
docker run --rm -v ${{ github.workspace }}:/var/workspace ghcr.io/galasa-dev/openapi:main java -jar /opt/openapi/openapi-generator-cli.jar generate -i /var/workspace/build/dependencies/openapi.yaml -g go -o /var/workspace/pkg/galasaapi --additional-properties=packageName=galasaapi --global-property=apiTests=false | |
# The go.mod and go.sum are out of date, as they do not include the generated code so they are deleted here. They get re-generated when we compile. | |
# Due to permissions, deleting the go.mod and go.sum must be done by the openapi image as the image generated those files. | |
- name: Clear go.mod | |
run : | | |
docker run --rm -v ${{ github.workspace }}:/var/workspace ghcr.io/galasa-dev/openapi:main rm /var/workspace/pkg/galasaapi/go.mod | |
- name: Clear go.sum | |
run : | | |
docker run --rm -v ${{ github.workspace }}:/var/workspace ghcr.io/galasa-dev/openapi:main rm /var/workspace/pkg/galasaapi/go.sum | |
# The go code needs to know which version of Galasa it is part of, so substitute an eye-catcher with the correct value. | |
- name: Update version | |
run : | | |
version=$(cat VERSION) && | |
cat pkg/cmd/root.go | sed "s/unknowncliversion-unknowngithash/${version}/1" > temp.txt && | |
mv -f temp.txt pkg/cmd/root.go && | |
cat pkg/cmd/root.go | |
# Invoke the make command to build the go code, run unit tests and gather code coverage stats. | |
- name: Build Go code with the Makefile | |
run : | | |
make all | |
- name: Set up JDK | |
uses: actions/setup-java@v4 | |
with: | |
java-version: '17' | |
distribution: 'semeru' | |
- name: Chmod local test script | |
run: | | |
chmod +x test-galasactl-local.sh | |
- name: Run local test script with Maven | |
run : | | |
./test-galasactl-local.sh --buildTool maven | |
- name: Run local test script with Gradle | |
run : | | |
./test-galasactl-local.sh --buildTool gradle | |
# Commenting out for now as we cannot reach the prod1 ecosystem from GitHub Actions. | |
# - name: Chmod ecosystem test script | |
# run : | | |
# chmod +x test-galasactl-ecosystem.sh | |
# - name: Run ecosystem test script | |
# run : | | |
# ./test-galasactl-ecosystem.sh --bootstrap https://prod1-galasa-dev.cicsk8s.hursley.ibm.com/api/bootstrap | |
- name: Build Docker image with galasactl executable | |
uses: docker/build-push-action@v5 | |
with: | |
context: . | |
file: dockerfiles/dockerfile.galasactl | |
load: true | |
tags: galasactl-x86_64:test | |
build-args: | | |
platform=linux-x86_64 | |
- name: Build Docker image with galasactl executable and IBM certificates | |
uses: docker/build-push-action@v5 | |
with: | |
context: dockerfiles/certs | |
file: dockerfiles/dockerfile.galasactl-ibm | |
load: true | |
tags: galasactl-ibm-x86_64:test | |
build-args: | | |
dockerRepository=ghcr.io | |
tag=main | |
- name: Build Docker image for development download site | |
uses: docker/build-push-action@v5 | |
with: | |
context: . | |
file: dockerfiles/dockerfile.galasactl-executables | |
load: true | |
tags: galasactl-executables:test | |