-
Notifications
You must be signed in to change notification settings - Fork 25
91 lines (82 loc) · 3.38 KB
/
Copy pathci.yaml
File metadata and controls
91 lines (82 loc) · 3.38 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
name: CI
# Trigger on push or pull request
on:
pull_request:
types: [opened, reopened, synchronize, edited]
push:
branches:
- master
- develop
permissions: write-all
jobs:
# Build and run unit tests
build-and-test:
name: Build and test
uses: ./.github/workflows/build-and-test.yaml
secrets:
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
# Run Mend SCA Scan
mend-sca-scan:
name: Mend SCA Scan
uses: ./.github/workflows/mend-sca-scan.yaml
secrets:
MEND_EMAIL: ${{ secrets.MEND_EMAIL }}
MEND_USER_KEY: ${{ secrets.MEND_USER_KEY }}
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
# Run Mend SAST Scan
mend-sast-scan:
name: Mend SAST Scan
uses: ./.github/workflows/mend-sast-scan.yaml
secrets:
MEND_EMAIL: ${{ secrets.MEND_EMAIL }}
MEND_USER_KEY: ${{ secrets.MEND_USER_KEY }}
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
# Build and sign BrowserStack test artifacts (app-debug.apk and forgerock-auth-debug-androidTest-signed.apk)
# Skip this step for PRs created by dependabot
browserstack-prepare-artifacts:
name: Prepare device farm artifacts
uses: ./.github/workflows/browserstack-prepare-artifacts.yaml
if: ${{ github.actor != 'dependabot[bot]' }}
needs: build-and-test
secrets:
E2E_CONFIG: ${{ secrets.E2E_CONFIG }}
SIGNING_KEYSTORE: ${{ secrets.SIGNING_KEYSTORE }}
SIGNING_ALIAS: ${{ secrets.SIGNING_ALIAS }}
SIGNING_KEYSTORE_PASSWORD: ${{ secrets.SIGNING_KEYSTORE_PASSWORD }}
SIGNING_KEY_PASSWORD: ${{ secrets.SIGNING_KEY_PASSWORD }}
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
# Execute e2e test cases in BrowserStack. The workflow outputs the newly created run id.
browserstack-run:
name: Run tests in BrowserStack
uses: ./.github/workflows/browserstack-run.yaml
needs: browserstack-prepare-artifacts
secrets:
BROWSERSTACK_USERNAME: ${{ secrets.BROWSERSTACK_USERNAME }}
BROWSERSTACK_ACCESS_KEY: ${{ secrets.BROWSERSTACK_ACCESS_KEY }}
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
# Wait for BrowserStack test run to finish and publish results
browserstack-results:
name: BrowserStack test results
uses: ./.github/workflows/browserstack-results.yaml
needs: browserstack-run
secrets:
BROWSERSTACK_USERNAME: ${{ secrets.BROWSERSTACK_USERNAME }}
BROWSERSTACK_ACCESS_KEY: ${{ secrets.BROWSERSTACK_ACCESS_KEY }}
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
with:
browserstack-build-id: ${{ needs.browserstack-run.outputs.browserstack-build-id }}
# Publish a SNAPSHOT release
# This is only run upon push to develop and if all tests pass...
publish-snapshot:
name: Publish SNAPSHOT release
uses: ./.github/workflows/publish-snapshot.yaml
if: (github.ref == 'refs/heads/develop' && github.event_name == 'push')
needs: [browserstack-results, mend-sca-scan, mend-sast-scan]
secrets:
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
PUBLISHING_SIGNING_KEY_ID: ${{ secrets.PUBLISHING_SIGNING_KEY_ID }}
PUBLISHING_SIGNING_KEY_PASSWORD: ${{ secrets.PUBLISHING_SIGNING_KEY_PASSWORD }}
PUBLISHING_SIGNING_KEY_RING_FILE_BASE64: ${{ secrets.PUBLISHING_SIGNING_KEY_RING_FILE_BASE64 }}
PUBLISHING_USERNAME: ${{ secrets.PUBLISHING_USERNAME }}
PUBLISHING_PASSWORD: ${{ secrets.PUBLISHING_PASSWORD }}