Skip to content

ci: Update per Q3 audit findings (#2055) #3290

ci: Update per Q3 audit findings (#2055)

ci: Update per Q3 audit findings (#2055) #3290

Workflow file for this run

name: PR Checks
on:
push:
branches:
- main
- develop
- release/*
pull_request:
branches:
- main
- develop
- release/*
defaults:
run:
shell: bash
permissions:
contents: read
packages: write
env:
LC_ALL: C.UTF-8
GRADLE_CACHE_USERNAME: ${{ secrets.GRADLE_CACHE_USERNAME }}
GRADLE_CACHE_PASSWORD: ${{ secrets.GRADLE_CACHE_PASSWORD }}
jobs:
build:
name: Build
runs-on: client-sdk-linux-medium
steps:
- name: Harden Runner
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
with:
egress-policy: audit
- name: Checkout Code
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Setup Java
uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b # v4.5.0
with:
distribution: temurin
java-version: 17
- name: Setup Gradle
uses: gradle/actions/setup-gradle@d156388eb19639ec20ade50009f3d199ce1e2808 # v4.1.0
with:
cache-read-only: false
- name: Build SDK & Javadoc
run: ./gradlew assemble :sdk:javadoc --scan
test:
name: Unit and Integration Tests
runs-on: client-sdk-linux-medium
needs:
- build
steps:
- name: Harden Runner
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
with:
egress-policy: audit
- name: Checkout Code
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
- name: Setup NodeJS
uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
with:
node-version: 18
- name: Setup Java
uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b # v4.5.0
with:
distribution: temurin
java-version: 17
- name: Setup Gradle
uses: gradle/actions/setup-gradle@d156388eb19639ec20ade50009f3d199ce1e2808 # v4.1.0
- name: Install Local Node
run: npm install @hashgraph/hedera-local
- name: Build SDK
run: ./gradlew assemble --scan
- name: Gradle Dependency Scopes Check
run: ./gradlew checkAllModuleInfo --continue --scan
- name: Start Local Node
run: npx @hashgraph/hedera-local start -d --network local
- name: Run Unit and Integration Tests
env:
OPERATOR_KEY: '0xa608e2130a0a3cb34f86e757303c862bee353d9ab77ba4387ec084f881d420d4'
OPERATOR_ID: '0.0.1022'
HEDERA_NETWORK: 'localhost'
run: |
./gradlew -POPERATOR_ID=$OPERATOR_ID -POPERATOR_KEY=$OPERATOR_KEY -PHEDERA_NETWORK=$HEDERA_NETWORK jacocoTestReport --scan
- name: Upload coverage to Codecov
if: ${{ github.event_name == 'push' || (github.event.pull_request.head.repo.full_name == github.repository && github.actor != 'dependabot[bot]') }}
uses: codecov/codecov-action@b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238 # v4.6.0
- name: Stop the local node
run: npx @hashgraph/hedera-local stop
run-examples:
name: Run Examples
runs-on: client-sdk-linux-medium
needs:
- build
steps:
- name: Harden Runner
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
with:
egress-policy: audit
- name: Checkout Code
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Setup NodeJS
uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
with:
node-version: 18
- name: Setup Java
uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b # v4.5.0
with:
distribution: temurin
java-version: 17
- name: Setup Android SDK
uses: android-actions/setup-android@00854ea68c109d98c75d956347303bf7c45b0277 # v3.2.1
- name: Setup Gradle
uses: gradle/actions/setup-gradle@d156388eb19639ec20ade50009f3d199ce1e2808 # v4.1.0
- name: Install Local Node
run: npm install @hashgraph/hedera-local
- name: Build SDK
run: ./gradlew assemble --scan
- name: Build Android Example
run: ./gradlew -p example-android assemble --scan
- name: Start the local node
run: npx @hashgraph/hedera-local start -d --network local
- name: Prepare .env for Examples
run: |
echo "OPERATOR_KEY=0xa608e2130a0a3cb34f86e757303c862bee353d9ab77ba4387ec084f881d420d4" > examples/.env
echo "OPERATOR_ID=0.0.1022" >> examples/.env
echo "HEDERA_NETWORK=localhost" >> examples/.env
- name: Run Examples
run: ./gradlew :examples:runAllExamples --scan
- name: Stop the local node
run: npx @hashgraph/hedera-local stop
test-tck:
name: TCK Tests
runs-on: client-sdk-linux-medium
needs:
- build
steps:
- name: Harden Runner
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
with:
egress-policy: audit
- name: Checkout Code
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
- name: Setup NodeJS
uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
with:
node-version: 18
- name: Setup Java
uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b # v4.5.0
with:
distribution: temurin
java-version: 17
- name: Setup Gradle
uses: gradle/actions/setup-gradle@d156388eb19639ec20ade50009f3d199ce1e2808 # v4.1.0
- name: Install Local Node
run: npm install @hashgraph/hedera-local
- name: Build TCK
run: ./gradlew assemble --scan
- name: Start Local Node
run: npx @hashgraph/hedera-local start -d --network local
- name: Run TCK Unit Tests
run: ./gradlew :tck:test
- name: Stop the local node
run: npx @hashgraph/hedera-local stop