Skip to content

Commit

Permalink
create test build for new shared-actions
Browse files Browse the repository at this point in the history 
Signed-off-by: MarkAckert <[email protected]>
  • Loading branch information
@MarkAckert
MarkAckert committed Jan 18, 2024
1 parent 863ea09 commit e000e1d
Showing 1 changed file with 235 additions and 0 deletions.
235 changes: 235 additions & 0 deletions .github/workflows/license-generation_tests.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,235 @@
name: License Bundle Generation TESTS

permissions:
contents: read
id-token: write

on:
workflow_dispatch:
inputs:
zowe_version:
description: Version number of Zowe license bundle
type: string
required: true
default: '2.13.0'
publish_release:
description: Should the license bundle be published to libs-release-local
type: boolean
required: true
default: false
overwrite_release:
description: Should the license bundle overwrite and replace an existing artifact
type: boolean
required: false
default: false
release_suffix:
description: Should the license bundle have a suffix (useful during RC testing)
type: string
required: false
default: ''
zowe_sources_branch:
description: The branch of zowe-install-packaging used to determine sources included in the scan
required: true
default: 'v2.x/rc'
dummy_build:
description: Creates empty zip files, bypassing license scans. For test purposes only.
required: false
type: choice
default: 'false'
options:
- 'true'
- 'false'

env:
PUBLISH_RELEASE: ${{ github.event.inputs.publish_release }}
RELEASE_SUFFIX: ${{ github.event.inputs.release_suffix }}
REPLACE_EXISTING_RELEASE: ${{ github.event.inputs.replace_release }}
ZOWE_RELEASE_BRANCH: ${{ github.event.inputs.zowe_sources_branch }}
PENDING_APPROVAL_REPORT_NAME: dependency_approval_action_aggregates.json
DEPENDENCY_SCAN_HOME: licenses/dependency-scan
MARKDOWN_REPORT_NAME: markdown_dependency_report.md
MARKDOWN_CLI_REPORT: cli_dependency_report.md
MARKDOWN_ZOS_REPORT: zos_dependency_report.md
NOTICES_AGGREGATE_FILE: notices_aggregate.txt
NOTICES_CLI_FILE: notices_cli.txt
NOTICES_ZOS_FILE: notices_zos.txt
ARTIFACT_PATH: org/zowe/licenses
VERSION: ${{ github.event.inputs.zowe_version }}
AGG_ARTIFACT_NAME: zowe_licenses_full.zip
CLI_ARTIFACT_NAME: zowe_licenses_cli.zip
ZOS_ARTIFACT_NAME: zowe_licenses_zos.zip
AGG_SBOM_ARTIFACT_NAME: sbom_aggregate.spdx.yml
CLI_SBOM_ARTIFACT_NAME: sbom_cli.spdx.yml
ZOS_SBOM_ARTIFACT_NAME: sbom_zos.spdx.yml
FILENAME_PATTERN: init_in_step_one
ARTIFACT_REPO: init_in_step_one
ARTIFACT_VERSION: init_in_step_one
ORT_VERSION: 12.0.0

jobs:

create-licenses:

runs-on: ubuntu-latest

container:
image: zowe-docker-snapshot.jfrog.io/ompzowe/zowecicd-license-base:latest

steps:

- name: Update variables if releasing
run: |
if [ "$PUBLISH_RELEASE" = true ]; then
echo "ARTIFACT_REPO=libs-release-local" >> $GITHUB_ENV
echo "ARTIFACT_VERSION=$VERSION" >> $GITHUB_ENV
echo "FILENAME_PATTERN={filename}${{ env.RELEASE_SUFFIX }}{fileext}" >> $GITHUB_ENV
else
echo "ARTIFACT_REPO=libs-snapshot-local" >> $GITHUB_ENV
echo "ARTIFACT_VERSION=$VERSION-SNAPSHOT" >> $GITHUB_ENV
echo "FILENAME_PATTERN={filename}-${{ env.VERSION }}-SNAPSHOT{timestamp}{fileext}" >> $GITHUB_ENV
fi
- name: Checkout current repo
uses: actions/checkout@v4

- uses: actions/setup-node@v2
with:
node-version: '16'
- name: 'Install Ansible'
uses: zowe-actions/shared-actions/prepare-workflow@main
- name: '[Zowe Actions] Prepare workflow'
uses: zowe-actions/shared-actions/prepare-workflow@main

- name: 'Setup jFrog CLI'
uses: jfrog/setup-jfrog-cli@v2
env:
JF_ENV_1: ${{ secrets.JF_ARTIFACTORY_TOKEN }}

- name: '[TEST-ONLY] Dummy scan step'
if: ${{ github.event.inputs.dummy_build == 'true' }}
working-directory: ${{ env.DEPENDENCY_SCAN_HOME }}
run: |
mkdir -p zowe_licenses
mkdir -p zowe_cli_licenses
mkdir -p zowe_zos_licenses
echo "HI" >> dummy.txt
cp dummy.txt zowe_licenses
cp dummy.txt zowe_cli_licenses
cp dummy.txt zowe_zos_licenses
zip -j ${{ env.AGG_ARTIFACT_NAME }} zowe_licenses/*
zip -j ${{ env.CLI_ARTIFACT_NAME }} zowe_cli_licenses/*
zip -j ${{ env.ZOS_ARTIFACT_NAME }} zowe_zos_licenses/*
echo "" > ${{ env.AGG_SBOM_ARTIFACT_NAME }}
echo "" > ${{ env.ZOS_SBOM_ARTIFACT_NAME }}
echo "" > ${{ env.CLI_SBOM_ARTIFACT_NAME }}
- name: Scan Licenses on Branch ${{ env.ZOWE_RELEASE_BRANCH }}
if: ${{ github.event.inputs.dummy_build == 'false' }}
env:
APP_NOTICES_SCAN: true
APP_LICENSE_SCAN: true
ZOWE_MANIFEST_BRANCH: ${{ env.ZOWE_RELEASE_BRANCH }}
working-directory: ${{ env.DEPENDENCY_SCAN_HOME }}
run: |
yarn install && yarn build
node lib/index.js
cd build
zip -r logs.zip logs/
zip -r license_reports.zip license_reports/
zip -r notice_reports.zip notice_reports/
cd ..
mkdir -p zowe_licenses
mkdir -p zowe_cli_licenses
mkdir -p zowe_zos_licenses
cp ../resources/* zowe_licenses/
cp ../resources/* zowe_cli_licenses/
cp ../resources/* zowe_zos_licenses/
# Aggregate
cp build/notice_reports/${{ env.NOTICES_AGGREGATE_FILE }} zowe_licenses/zowe_full_notices.txt
cp build/license_reports/${{ env.MARKDOWN_REPORT_NAME }} zowe_licenses/zowe_full_dependency_list.md
zip -j ${{ env.AGG_ARTIFACT_NAME }} zowe_licenses/*
# CLI
cp build/notice_reports/${{ env.NOTICES_CLI_FILE }} zowe_cli_licenses/zowe_cli_notices.txt
cp build/license_reports/${{ env.MARKDOWN_CLI_REPORT }} zowe_cli_licenses/zowe_cli_dependency_list.md
zip -j ${{ env.CLI_ARTIFACT_NAME }} zowe_cli_licenses/*
# z/OS
cp build/notice_reports/${{ env.NOTICES_ZOS_FILE }} zowe_zos_licenses/zowe_zos_notices.txt
cp build/license_reports/${{ env.MARKDOWN_ZOS_REPORT }} zowe_zos_licenses/zowe_zos_dependency_list.md
zip -j ${{ env.ZOS_ARTIFACT_NAME }} zowe_zos_licenses/*
# SBOMs
cp build/sbom_reports/${{ env.AGG_SBOM_ARTIFACT_NAME }} ${{ env.AGG_SBOM_ARTIFACT_NAME }}
cp build/sbom_reports/${{ env.CLI_SBOM_ARTIFACT_NAME }} ${{ env.CLI_SBOM_ARTIFACT_NAME }}
cp build/sbom_reports/${{ env.ZOS_SBOM_ARTIFACT_NAME }} ${{ env.ZOS_SBOM_ARTIFACT_NAME }}
- name: Remove existing artifacts
id: cleanup
if: ${{ github.event.inputs.publish_release }} && ${{ github.event.inputs.overwrite_release }}
run: |
jfrog rt del \
--user ${{ secrets.ZOWE_JFROG_ELEVATED_USER }} \
--password ${{secrets.ZOWE_JFROG_ELEVATED_KEY }} \
--url https://zowe.jfrog.io/artifactory \
${{ env.ARTIFACT_REPO }}/${{ env.ARTIFACT_PATH }}/${{ env.ARTIFACT_VERSION }}/${{ env.AGG_ARTIFACT_NAME }}
jfrog rt del \
--user ${{ secrets.ZOWE_JFROG_ELEVATED_USER }} \
--password ${{secrets.ZOWE_JFROG_ELEVATED_KEY }} \
--url https://zowe.jfrog.io/artifactory \
${{ env.ARTIFACT_REPO }}/${{ env.ARTIFACT_PATH }}/${{ env.ARTIFACT_VERSION }}/${{ env.CLI_ARTIFACT_NAME }}
jfrog rt del\
--user ${{ secrets.ZOWE_JFROG_ELEVATED_USER }} \
--password ${{secrets.ZOWE_JFROG_ELEVATED_KEY }} \
--url https://zowe.jfrog.io/artifactory \
${{ env.ARTIFACT_REPO }}/${{ env.ARTIFACT_PATH }}/${{ env.ARTIFACT_VERSION }}/${{ env.ZOS_ARTIFACT_NAME }}
jfrog rt del\
--user ${{ secrets.ZOWE_JFROG_ELEVATED_USER }} \
--password ${{secrets.ZOWE_JFROG_ELEVATED_KEY }} \
--url https://zowe.jfrog.io/artifactory \
${{ env.ARTIFACT_REPO }}/${{ env.ARTIFACT_PATH }}/${{ env.ARTIFACT_VERSION }}/${{ env.AGG_SBOM_ARTIFACT_NAME }}
jfrog rt del\
--user ${{ secrets.ZOWE_JFROG_ELEVATED_USER }} \
--password ${{secrets.ZOWE_JFROG_ELEVATED_KEY }} \
--url https://zowe.jfrog.io/artifactory \
${{ env.ARTIFACT_REPO }}/${{ env.ARTIFACT_PATH }}/${{ env.ARTIFACT_VERSION }}/${{ env.CLI_SBOM_ARTIFACT_NAME }}
jfrog rt del\
--user ${{ secrets.ZOWE_JFROG_ELEVATED_USER }} \
--password ${{secrets.ZOWE_JFROG_ELEVATED_KEY }} \
--url https://zowe.jfrog.io/artifactory \
${{ env.ARTIFACT_REPO }}/${{ env.ARTIFACT_PATH }}/${{ env.ARTIFACT_VERSION }}/${{ env.ZOS_SBOM_ARTIFACT_NAME }}
- name: '[PUBLISH] Fix local git configuration (container+runner UID mismatch)'
if: ${{ github.event.inputs.publish_release }}
id: debug-git
run: |
git config --global --add safe.directory /__w/zowe-dependency-scan-pipeline/zowe-dependency-scan-pipeline
- name: Publish to Artifactory
id: publish
timeout-minutes: 10
uses: zowe-actions/shared-actions/publish@user/markackert/cosign-publish-integration
with:
publish-target-file-pattern: ${{ env.FILENAME_PATTERN }}
publish-target-path-pattern: ${{ env.ARTIFACT_REPO }}/${{ env.ARTIFACT_PATH }}/${{ env.ARTIFACT_VERSION }}/
perform-release: ${{ env.PUBLISH_RELEASE }}
artifacts: |
${{ env.DEPENDENCY_SCAN_HOME }}/${{ env.AGG_ARTIFACT_NAME }}
${{ env.DEPENDENCY_SCAN_HOME }}/${{ env.CLI_ARTIFACT_NAME }}
${{ env.DEPENDENCY_SCAN_HOME }}/${{ env.ZOS_ARTIFACT_NAME }}
${{ env.DEPENDENCY_SCAN_HOME }}/${{ env.AGG_SBOM_ARTIFACT_NAME }}
${{ env.DEPENDENCY_SCAN_HOME }}/${{ env.CLI_SBOM_ARTIFACT_NAME }}
${{ env.DEPENDENCY_SCAN_HOME }}/${{ env.ZOS_SBOM_ARTIFACT_NAME }}
- name: Archive Aggregates
uses: actions/upload-artifact@v3
with:
path: |
${{ env.DEPENDENCY_SCAN_HOME }}/${{ env.AGG_ARTIFACT_NAME }}
${{ env.DEPENDENCY_SCAN_HOME }}/${{ env.CLI_ARTIFACT_NAME }}
${{ env.DEPENDENCY_SCAN_HOME }}/${{ env.ZOS_ARTIFACT_NAME }}
${{ env.DEPENDENCY_SCAN_HOME }}/${{ env.AGG_SBOM_ARTIFACT_NAME }}
${{ env.DEPENDENCY_SCAN_HOME }}/${{ env.CLI_SBOM_ARTIFACT_NAME }}
${{ env.DEPENDENCY_SCAN_HOME }}/${{ env.ZOS_SBOM_ARTIFACT_NAME }}

0 comments on commit e000e1d

Please sign in to comment.