Skip to content

Generate report via cli instead by action #5

Generate report via cli instead by action

Generate report via cli instead by action #5

Workflow file for this run

name: FOSSA Scan Tests
on:
# Due to security constraints we cannot run the workflow on PRs due to missing secrets on PRs from forks
push:
branches:
- "main"
- "release-*"
- "add-fossa"
permissions:
contents: read
actions: read
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
test-fossa-maven-scan:
name: Test FOSSA Maven Scan
runs-on: ubuntu-latest
timeout-minutes: 60
steps:
- name: Checkout github-actions
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
ref: ${{ github.sha }}
- name: Checkout strimzi/drain-cleaner
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
repository: strimzi/drain-cleaner
ref: 1.6.0
path: drain-cleaner
- name: Copy drain-cleaner project to workspace root
run: rsync -a --exclude='.git' --exclude='.github' drain-cleaner/ ./
- name: Setup Java and Maven
uses: ./.github/actions/dependencies/setup-java
- name: Install yq
uses: ./.github/actions/dependencies/install-yq
- name: Restore Maven cache
uses: actions/cache/restore@55cc8345863c7cc4c66a329aec7e433d2d1c52a9 # v6.1.0
with:
path: ~/.m2/repository
key: maven-${{ hashFiles('**/pom.xml') }}
restore-keys: |
maven-
- name: Build Maven project
shell: bash
run: mvn -B -DskipTests -Dmaven.javadoc.skip=true clean install
- name: Run FOSSA Maven scan
uses: ./.github/actions/security/fossa-maven-scan
with:
# Keep false to avoid running policy tests during testing
fossaTest: "false"
scanName: test-drain-cleaner
branch: "1.6.0"
env:
FOSSA_API_KEY: ${{ secrets.FOSSA_API_KEY }}
- name: Download report artifact
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
name: fossa-maven-test-drain-cleaner-report.md
path: report-output
- name: Verify report artifact
shell: bash
run: |
REPORT_FILE="report-output/fossa-maven-test-drain-cleaner-report.md"
if [ ! -f "$REPORT_FILE" ]; then
echo "Report file not found: $REPORT_FILE"
exit 1
fi
if [ ! -s "$REPORT_FILE" ]; then
echo "Report file is empty: $REPORT_FILE"
exit 1
fi
echo "FOSSA report file size: $(wc -c < "$REPORT_FILE") bytes"
# Test workflow loads image artifacts from test-integrations workflow.
# To avoid additional image build, the scan check will wait until integration workflow store the artifacts
wait-for-container-artifact:
name: Wait for Container Artifact
runs-on: ubuntu-latest
timeout-minutes: 90
outputs:
run-id: ${{ steps.find-build.outputs.run_id }}
steps:
- name: Wait for container artifact
id: find-build
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
env:
INPUT_SHA: ${{ github.sha }}
# TODO - change it
ARTIFACT_NAME: "containers-drain-cleaner-amd64.tar"
MAX_WAIT_MINUTES: "20"
with:
script: |
const {owner, repo} = context.repo;
const workflowName = 'test-integrations.yml';
const sha = process.env.INPUT_SHA;
const artifactName = process.env.ARTIFACT_NAME;
const maxWaitMinutes = parseInt(process.env.MAX_WAIT_MINUTES);
const maxWaitSeconds = maxWaitMinutes * 60;
const startTime = Date.now();
core.info(`Waiting for artifact '${artifactName}' from commit ${sha}`);
async function findArtifact() {
const runs = await github.rest.actions.listWorkflowRuns({
owner,
repo,
workflow_id: workflowName,
head_sha: sha,
per_page: 1
});
const run = runs.data.workflow_runs[0];
if (!run) return null;
const artifacts = await github.rest.actions.listWorkflowRunArtifacts({
owner,
repo,
run_id: run.id
});
const artifact = artifacts.data.artifacts.find(a => a.name === artifactName);
if (artifact) {
return { runId: run.id, artifactId: artifact.id };
}
if (run.status === 'completed') {
core.setFailed(`Integration tests completed (${run.conclusion}) but artifact '${artifactName}' not found`);
core.setFailed(`Run: ${context.serverUrl}/${owner}/${repo}/actions/runs/${run.id}`);
return 'failed';
}
return null;
}
while (true) {
const elapsed = Math.floor((Date.now() - startTime) / 1000);
if (elapsed >= maxWaitSeconds) {
core.setFailed(`Timeout: Artifact '${artifactName}' not found after ${maxWaitMinutes} minutes`);
return;
}
const result = await findArtifact();
if (result === 'failed') return;
if (result) {
core.setOutput('run_id', result.runId.toString());
core.info(`Artifact '${artifactName}' found in run #${result.runId}`);
return;
}
core.info(`Artifact not available yet... (${elapsed}s elapsed, max: ${maxWaitSeconds}s)`);
await new Promise(resolve => setTimeout(resolve, 30000));
}
# test-fossa-container-scan-operators:
# name: Test FOSSA Container Scan (${{ matrix.image }})
# needs: wait-for-container-artifact
# runs-on: ubuntu-latest
# timeout-minutes: 30
# strategy:
# matrix:
# image:
# # Kafka images are not here to avoid need to change Kafka versions on multiple places when we bump operators repo versions for testing
# - buildah-latest-amd64
# - kaniko-executor-latest-amd64
# - maven-builder-latest-amd64
# - operator-latest-amd64
# steps:
# - name: Checkout github-actions
# uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
#
# - name: Install Docker
# uses: ./.github/actions/dependencies/install-docker
#
# - name: Download container archive
# uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
# with:
# name: containers-operators-amd64.tar
# run-id: ${{ needs.wait-for-container-artifact.outputs.run-id }}
# github-token: ${{ github.token }}
#
# - name: Untar container archive
# run: tar -xvf containers-operators-amd64.tar
#
# - name: Run FOSSA container scan
# uses: ./.github/actions/security/fossa-container-scan
# with:
# imageFile: docker-images/container-archives/${{ matrix.image }}.tar.gz
# image: ${{ matrix.image }}
# fossaTest: "false"
# env:
# FOSSA_API_KEY: ${{ secrets.FOSSA_API_KEY }}
test-fossa-container-scan-drain-cleaner:
name: Test FOSSA Container Scan (drain-cleaner)
needs: wait-for-container-artifact
runs-on: ubuntu-latest
timeout-minutes: 30
steps:
- name: Checkout github-actions
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
- name: Install Docker
uses: ./.github/actions/dependencies/install-docker
- name: Download container archive
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
name: containers-drain-cleaner-amd64.tar
run-id: ${{ needs.wait-for-container-artifact.outputs.run-id }}
github-token: ${{ github.token }}
- name: Untar container archive
run: tar -xvf containers-drain-cleaner-amd64.tar
- name: Run FOSSA container scan
uses: ./.github/actions/security/fossa-container-scan
with:
imageFile: drain-cleaner-container-amd64.tar.gz
image: drain-cleaner-amd64
fossaTest: "false"
branch: "1.6.1"
env:
FOSSA_API_KEY: ${{ secrets.FOSSA_API_KEY }}