Generate report via cli instead by action #5
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: FOSSA Scan Tests | |
| on: | |
| # Due to security constraints we cannot run the workflow on PRs due to missing secrets on PRs from forks | |
| push: | |
| branches: | |
| - "main" | |
| - "release-*" | |
| - "add-fossa" | |
| permissions: | |
| contents: read | |
| actions: read | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| test-fossa-maven-scan: | |
| name: Test FOSSA Maven Scan | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 60 | |
| steps: | |
| - name: Checkout github-actions | |
| uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 | |
| with: | |
| ref: ${{ github.sha }} | |
| - name: Checkout strimzi/drain-cleaner | |
| uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 | |
| with: | |
| repository: strimzi/drain-cleaner | |
| ref: 1.6.0 | |
| path: drain-cleaner | |
| - name: Copy drain-cleaner project to workspace root | |
| run: rsync -a --exclude='.git' --exclude='.github' drain-cleaner/ ./ | |
| - name: Setup Java and Maven | |
| uses: ./.github/actions/dependencies/setup-java | |
| - name: Install yq | |
| uses: ./.github/actions/dependencies/install-yq | |
| - name: Restore Maven cache | |
| uses: actions/cache/restore@55cc8345863c7cc4c66a329aec7e433d2d1c52a9 # v6.1.0 | |
| with: | |
| path: ~/.m2/repository | |
| key: maven-${{ hashFiles('**/pom.xml') }} | |
| restore-keys: | | |
| maven- | |
| - name: Build Maven project | |
| shell: bash | |
| run: mvn -B -DskipTests -Dmaven.javadoc.skip=true clean install | |
| - name: Run FOSSA Maven scan | |
| uses: ./.github/actions/security/fossa-maven-scan | |
| with: | |
| # Keep false to avoid running policy tests during testing | |
| fossaTest: "false" | |
| scanName: test-drain-cleaner | |
| branch: "1.6.0" | |
| env: | |
| FOSSA_API_KEY: ${{ secrets.FOSSA_API_KEY }} | |
| - name: Download report artifact | |
| uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 | |
| with: | |
| name: fossa-maven-test-drain-cleaner-report.md | |
| path: report-output | |
| - name: Verify report artifact | |
| shell: bash | |
| run: | | |
| REPORT_FILE="report-output/fossa-maven-test-drain-cleaner-report.md" | |
| if [ ! -f "$REPORT_FILE" ]; then | |
| echo "Report file not found: $REPORT_FILE" | |
| exit 1 | |
| fi | |
| if [ ! -s "$REPORT_FILE" ]; then | |
| echo "Report file is empty: $REPORT_FILE" | |
| exit 1 | |
| fi | |
| echo "FOSSA report file size: $(wc -c < "$REPORT_FILE") bytes" | |
| # Test workflow loads image artifacts from test-integrations workflow. | |
| # To avoid additional image build, the scan check will wait until integration workflow store the artifacts | |
| wait-for-container-artifact: | |
| name: Wait for Container Artifact | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 90 | |
| outputs: | |
| run-id: ${{ steps.find-build.outputs.run_id }} | |
| steps: | |
| - name: Wait for container artifact | |
| id: find-build | |
| uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 | |
| env: | |
| INPUT_SHA: ${{ github.sha }} | |
| # TODO - change it | |
| ARTIFACT_NAME: "containers-drain-cleaner-amd64.tar" | |
| MAX_WAIT_MINUTES: "20" | |
| with: | |
| script: | | |
| const {owner, repo} = context.repo; | |
| const workflowName = 'test-integrations.yml'; | |
| const sha = process.env.INPUT_SHA; | |
| const artifactName = process.env.ARTIFACT_NAME; | |
| const maxWaitMinutes = parseInt(process.env.MAX_WAIT_MINUTES); | |
| const maxWaitSeconds = maxWaitMinutes * 60; | |
| const startTime = Date.now(); | |
| core.info(`Waiting for artifact '${artifactName}' from commit ${sha}`); | |
| async function findArtifact() { | |
| const runs = await github.rest.actions.listWorkflowRuns({ | |
| owner, | |
| repo, | |
| workflow_id: workflowName, | |
| head_sha: sha, | |
| per_page: 1 | |
| }); | |
| const run = runs.data.workflow_runs[0]; | |
| if (!run) return null; | |
| const artifacts = await github.rest.actions.listWorkflowRunArtifacts({ | |
| owner, | |
| repo, | |
| run_id: run.id | |
| }); | |
| const artifact = artifacts.data.artifacts.find(a => a.name === artifactName); | |
| if (artifact) { | |
| return { runId: run.id, artifactId: artifact.id }; | |
| } | |
| if (run.status === 'completed') { | |
| core.setFailed(`Integration tests completed (${run.conclusion}) but artifact '${artifactName}' not found`); | |
| core.setFailed(`Run: ${context.serverUrl}/${owner}/${repo}/actions/runs/${run.id}`); | |
| return 'failed'; | |
| } | |
| return null; | |
| } | |
| while (true) { | |
| const elapsed = Math.floor((Date.now() - startTime) / 1000); | |
| if (elapsed >= maxWaitSeconds) { | |
| core.setFailed(`Timeout: Artifact '${artifactName}' not found after ${maxWaitMinutes} minutes`); | |
| return; | |
| } | |
| const result = await findArtifact(); | |
| if (result === 'failed') return; | |
| if (result) { | |
| core.setOutput('run_id', result.runId.toString()); | |
| core.info(`Artifact '${artifactName}' found in run #${result.runId}`); | |
| return; | |
| } | |
| core.info(`Artifact not available yet... (${elapsed}s elapsed, max: ${maxWaitSeconds}s)`); | |
| await new Promise(resolve => setTimeout(resolve, 30000)); | |
| } | |
| # test-fossa-container-scan-operators: | |
| # name: Test FOSSA Container Scan (${{ matrix.image }}) | |
| # needs: wait-for-container-artifact | |
| # runs-on: ubuntu-latest | |
| # timeout-minutes: 30 | |
| # strategy: | |
| # matrix: | |
| # image: | |
| # # Kafka images are not here to avoid need to change Kafka versions on multiple places when we bump operators repo versions for testing | |
| # - buildah-latest-amd64 | |
| # - kaniko-executor-latest-amd64 | |
| # - maven-builder-latest-amd64 | |
| # - operator-latest-amd64 | |
| # steps: | |
| # - name: Checkout github-actions | |
| # uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 | |
| # | |
| # - name: Install Docker | |
| # uses: ./.github/actions/dependencies/install-docker | |
| # | |
| # - name: Download container archive | |
| # uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 | |
| # with: | |
| # name: containers-operators-amd64.tar | |
| # run-id: ${{ needs.wait-for-container-artifact.outputs.run-id }} | |
| # github-token: ${{ github.token }} | |
| # | |
| # - name: Untar container archive | |
| # run: tar -xvf containers-operators-amd64.tar | |
| # | |
| # - name: Run FOSSA container scan | |
| # uses: ./.github/actions/security/fossa-container-scan | |
| # with: | |
| # imageFile: docker-images/container-archives/${{ matrix.image }}.tar.gz | |
| # image: ${{ matrix.image }} | |
| # fossaTest: "false" | |
| # env: | |
| # FOSSA_API_KEY: ${{ secrets.FOSSA_API_KEY }} | |
| test-fossa-container-scan-drain-cleaner: | |
| name: Test FOSSA Container Scan (drain-cleaner) | |
| needs: wait-for-container-artifact | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 30 | |
| steps: | |
| - name: Checkout github-actions | |
| uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 | |
| - name: Install Docker | |
| uses: ./.github/actions/dependencies/install-docker | |
| - name: Download container archive | |
| uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 | |
| with: | |
| name: containers-drain-cleaner-amd64.tar | |
| run-id: ${{ needs.wait-for-container-artifact.outputs.run-id }} | |
| github-token: ${{ github.token }} | |
| - name: Untar container archive | |
| run: tar -xvf containers-drain-cleaner-amd64.tar | |
| - name: Run FOSSA container scan | |
| uses: ./.github/actions/security/fossa-container-scan | |
| with: | |
| imageFile: drain-cleaner-container-amd64.tar.gz | |
| image: drain-cleaner-amd64 | |
| fossaTest: "false" | |
| branch: "1.6.1" | |
| env: | |
| FOSSA_API_KEY: ${{ secrets.FOSSA_API_KEY }} |