Bumped version to 2.9.0 #1431
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CWS CI Camunda | |
| # Triggers the workflow on push | |
| on: | |
| push: | |
| schedule: | |
| # trigger a build and test of CWS weekly on Monday at 5 AM PST / 12 PM UTC | |
| - cron: '0 12 * * 1' | |
| env: | |
| TEAM: ("jamesfwood" "jl-0") | |
| jobs: | |
| build-and-test-cws: | |
| runs-on: ubuntu-latest | |
| env: | |
| SECURITY: "CAMUNDA" | |
| WORKERS: 1 | |
| services: | |
| mdb1011: | |
| image: mariadb:10.11 | |
| ports: | |
| - 3306:3306 | |
| env: | |
| MYSQL_DATABASE: cws_dev | |
| MYSQL_ROOT_PASSWORD: adminpw | |
| options: >- | |
| --name mdb1011 | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Set up JDK 17 | |
| uses: actions/setup-java@v5 | |
| with: | |
| java-version: '17' | |
| distribution: 'temurin' | |
| # Configure Maven security (master password) | |
| - name: Configure Maven security | |
| run: | | |
| mkdir -p ~/.m2 | |
| echo "<settingsSecurity> | |
| <master>${{ secrets.MAVEN_MASTER_PASSWORD }}</master> | |
| </settingsSecurity>" > ~/.m2/settings-security.xml | |
| # Configure Maven settings (encrypted repo password) | |
| - name: Configure Maven settings | |
| run: | | |
| echo "<settings> | |
| <servers> | |
| <server> | |
| <id>${{ secrets.MAVEN_REPO_ID }}</id> | |
| <username>${{ secrets.MAVEN_USERNAME }}</username> | |
| <password>${{ secrets.MAVEN_ENCRYPTED_PASSWORD }}</password> | |
| </server> | |
| </servers> | |
| </settings>" > ~/.m2/settings.xml | |
| - name: Cache Maven packages | |
| uses: actions/cache@v5 | |
| with: | |
| path: ~/.m2/repository | |
| key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} | |
| restore-keys: | | |
| ${{ runner.os }}-m2- | |
| - name: Configure Camunda Download Credentials | |
| run: | | |
| echo "machine downloads.camunda.cloud | |
| login ${{ secrets.CAMUNDA_DOWNLOAD_LOGIN }} | |
| password ${{ secrets.CAMUNDA_DOWNLOAD_PASSWORD }}" > ~/.netrc | |
| chmod 400 ~/.netrc | |
| - name: Create open-source certs | |
| run: | | |
| cd cws-certs | |
| chmod +x generate-certs.sh | |
| ./generate-certs.sh | |
| - name: Set up Keystore storepass | |
| run: | | |
| mkdir ~/.cws/ | |
| chmod 700 ~/.cws/ | |
| echo ${{ secrets.KEYSTORE_PASSWORD }} > ~/.cws/creds | |
| chmod 400 ~/.cws/creds | |
| - name: Write license to file | |
| run: | | |
| mkdir -p ~/.camunda | |
| chmod 700 ~/.camunda | |
| cat <<'EOF' > ~/.camunda/license.txt | |
| ${{ secrets.CAMUNDA_LICENSE }} | |
| EOF | |
| chmod 400 ~/.camunda/license.txt | |
| - name: Download Logstash | |
| run: | | |
| curl -o install/logging/logstash-8.12.0.zip https://artifacts.elastic.co/downloads/logstash/logstash-8.12.0-windows-x86_64.zip | |
| - name: Check for Logstash | |
| run: | | |
| cd install/logging/ | |
| ls -l | |
| - name: Set up Elasticsearch | |
| run: | | |
| cd install/docker/es-only | |
| docker compose up -d | |
| - name: Show Docker containers | |
| run: | | |
| sleep 5s | |
| docker ps -a | |
| - name: Cache Dependency-Check data | |
| uses: actions/cache@v5 | |
| with: | |
| path: ~/.dependency-check-data | |
| key: ${{ runner.os }}-dependency-check | |
| restore-keys: | | |
| ${{ runner.os }}-dependency-check | |
| - name: Run Dependency Check | |
| run: mvn clean dependency-check:aggregate | |
| shell: bash | |
| env: | |
| NVD_API_KEY: ${{ secrets.NVD_API_KEY }} | |
| - name: Upload Dependency Check Report | |
| uses: actions/upload-artifact@v7 | |
| with: | |
| name: dependency-check-report | |
| path: target/dependency-check-reports/dependency-check-report.html | |
| - name: Build and Start CWS | |
| id: build | |
| run: | | |
| cd ci | |
| chmod +x run_ci.sh | |
| ./run_ci.sh $SECURITY $WORKERS | |
| shell: bash | |
| - name: List CWS Logs | |
| run: | | |
| cd "dist/console-only/cws/server/apache-tomcat-11.0.20/logs" | |
| ls -al | |
| - name: Set up Google Chrome | |
| run: | | |
| sudo apt update | |
| sudo apt install -y google-chrome-stable | |
| - name: Display Google Chrome version | |
| run: google-chrome --version | |
| - name: Run Unit Tests | |
| id: unit | |
| run: mvn -Dmaven.compiler.debug=true -Dmaven.compiler.debuglevel=lines,vars,source clean test jacoco:report-aggregate | |
| shell: bash | |
| - name: Run Integration Tests | |
| id: integration | |
| run: mvn -Dmaven.compiler.debug=true -Dmaven.compiler.debuglevel=lines,vars,source integration-test verify -DskipTests | |
| shell: bash | |
| - name: Upload Jacoco report | |
| uses: actions/upload-artifact@v7 | |
| with: | |
| name: jacoco-report | |
| path: jacoco-reports/aggregate/index.html | |
| - name: Upload test screenshots | |
| if: ${{ always() && steps.build.outcome == 'success' }} | |
| uses: actions/upload-artifact@v7 | |
| with: | |
| name: test-screenshots | |
| path: test-screenshots/ | |
| - name: Show CWS Log for Console | |
| if: always() | |
| working-directory: dist/console-only/cws/server/apache-tomcat-11.0.20/logs | |
| run: | | |
| cat cws.log | |
| - name: Show Catalina Log for Console | |
| if: always() | |
| working-directory: dist/console-only/cws/server/apache-tomcat-11.0.20/logs | |
| run: | | |
| cat catalina.out | |
| - name: Show CWS Log for Worker1 | |
| if: always() | |
| working-directory: dist/worker1/cws/server/apache-tomcat-11.0.20/logs | |
| run: | | |
| cat cws.log | |
| - name: Show Catalina Log for Worker1 | |
| if: always() | |
| working-directory: dist/worker1/cws/server/apache-tomcat-11.0.20/logs | |
| run: | | |
| cat catalina.out | |
| - name: Cleanup Private files | |
| if: always() | |
| run: | | |
| rm -rf ~/.camunda | |
| rm -f ~/.netrc | |
| - name: Send custom JSON data to Slack workflow | |
| if: ${{ always() && contains(env.TEAM, github.actor) }} | |
| id: slack | |
| uses: slackapi/slack-github-action@v3 | |
| with: | |
| webhook-type: incoming-webhook | |
| webhook: ${{ secrets.SLACK_WEBHOOK_URL }} | |
| # This data can be any valid JSON from a previous step in the GitHub Action | |
| payload: | | |
| { | |
| "status": "CWS CI Camunda build and test result: ${{ job.status }}\n${{ github.event.pull_request.html_url || github.event.head_commit.url }}\nBuild result: ${{ steps.build.outcome }}\nUnit test result: ${{ steps.unit.outcome }}\nIntegration test result: ${{ steps.integration.outcome }}", | |
| "blocks": [ | |
| { | |
| "type": "section", | |
| "text": { | |
| "type": "mrkdwn", | |
| "text": "CWS CI Camunda build and test result: ${{ job.status }}\n${{ github.event.pull_request.html_url || github.event.head_commit.url }}\nBuild result: ${{ steps.build.outcome }}\nUnit test result: ${{ steps.unit.outcome }}\nIntegration test result: ${{ steps.integration.outcome }}" | |
| } | |
| } | |
| ] | |
| } | |
| advanced-test: | |
| runs-on: ubuntu-latest | |
| env: | |
| SECURITY: "CAMUNDA" | |
| WORKERS: 2 | |
| services: | |
| mdb1011: | |
| image: mariadb:10.11 | |
| ports: | |
| - 3306:3306 | |
| env: | |
| MYSQL_DATABASE: cws_dev | |
| MYSQL_ROOT_PASSWORD: adminpw | |
| options: >- | |
| --name mdb1011 | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Set up JDK 17 | |
| uses: actions/setup-java@v5 | |
| with: | |
| java-version: '17' | |
| distribution: 'temurin' | |
| # Configure Maven security (master password) | |
| - name: Configure Maven security | |
| run: | | |
| mkdir -p ~/.m2 | |
| echo "<settingsSecurity> | |
| <master>${{ secrets.MAVEN_MASTER_PASSWORD }}</master> | |
| </settingsSecurity>" > ~/.m2/settings-security.xml | |
| # Configure Maven settings (encrypted repo password) | |
| - name: Configure Maven settings | |
| run: | | |
| echo "<settings> | |
| <servers> | |
| <server> | |
| <id>${{ secrets.MAVEN_REPO_ID }}</id> | |
| <username>${{ secrets.MAVEN_USERNAME }}</username> | |
| <password>${{ secrets.MAVEN_ENCRYPTED_PASSWORD }}</password> | |
| </server> | |
| </servers> | |
| </settings>" > ~/.m2/settings.xml | |
| - name: Cache Maven packages | |
| uses: actions/cache@v5 | |
| with: | |
| path: ~/.m2/repository | |
| key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} | |
| restore-keys: | | |
| ${{ runner.os }}-m2- | |
| - name: Configure Camunda Download Credentials | |
| run: | | |
| echo "machine downloads.camunda.cloud | |
| login ${{ secrets.CAMUNDA_DOWNLOAD_LOGIN }} | |
| password ${{ secrets.CAMUNDA_DOWNLOAD_PASSWORD }}" > ~/.netrc | |
| chmod 400 ~/.netrc | |
| - name: Create open-source certs | |
| run: | | |
| cd cws-certs | |
| chmod +x generate-certs.sh | |
| ./generate-certs.sh | |
| - name: Set up Keystore storepass | |
| run: | | |
| mkdir ~/.cws/ | |
| chmod 700 ~/.cws/ | |
| echo ${{ secrets.KEYSTORE_PASSWORD }} > ~/.cws/creds | |
| chmod 400 ~/.cws/creds | |
| - name: Write license to file | |
| run: | | |
| mkdir -p ~/.camunda | |
| chmod 700 ~/.camunda | |
| cat <<'EOF' > ~/.camunda/license.txt | |
| ${{ secrets.CAMUNDA_LICENSE }} | |
| EOF | |
| chmod 400 ~/.camunda/license.txt | |
| - name: Download Logstash | |
| run: | | |
| curl -o install/logging/logstash-8.12.0.zip https://artifacts.elastic.co/downloads/logstash/logstash-8.12.0-windows-x86_64.zip | |
| - name: Check for Logstash | |
| run: | | |
| cd install/logging/ | |
| ls -l | |
| - name: Set up Elasticsearch | |
| run: | | |
| cd install/docker/es-only | |
| docker compose up -d | |
| - name: Show Docker containers | |
| run: | | |
| sleep 5s | |
| docker ps -a | |
| - name: Build and Start CWS | |
| id: build | |
| run: | | |
| cd ci | |
| chmod +x run_ci.sh | |
| ./run_ci.sh $SECURITY $WORKERS | |
| shell: bash | |
| - name: List CWS Logs | |
| run: | | |
| cd dist/console-only/cws/server/apache-tomcat-11.0.20/logs | |
| ls -al | |
| - name: Set up Google Chrome | |
| run: | | |
| sudo apt update | |
| sudo apt install -y google-chrome-stable | |
| - name: Display Google Chrome version | |
| run: google-chrome --version | |
| - name: Run Load Integration Test | |
| id: load | |
| run: mvn -Dmaven.compiler.debug=true -Dmaven.compiler.debuglevel=lines,vars, -Dit.test=LoadTestIT verify -DskipTests | |
| shell: bash | |
| - name: Upload test screenshots | |
| if: ${{ always() && steps.build.outcome == 'success' }} | |
| uses: actions/upload-artifact@v7 | |
| with: | |
| name: test-screenshots-advanced | |
| path: test-screenshots/ | |
| - name: Show CWS Log for Console | |
| if: always() | |
| working-directory: dist/console-only/cws/server/apache-tomcat-11.0.20/logs | |
| run: | | |
| cat cws.log | |
| - name: Show Catalina Log for Console | |
| if: always() | |
| working-directory: dist/console-only/cws/server/apache-tomcat-11.0.20/logs | |
| run: | | |
| cat catalina.out | |
| - name: Show CWS Log for Worker1 | |
| if: always() | |
| working-directory: dist/worker1/cws/server/apache-tomcat-11.0.20/logs | |
| run: | | |
| cat cws.log | |
| - name: Show Catalina Log for Worker1 | |
| if: always() | |
| working-directory: dist/worker1/cws/server/apache-tomcat-11.0.20/logs | |
| run: | | |
| cat catalina.out | |
| - name: Show CWS Log for Worker2 | |
| if: always() | |
| working-directory: dist/worker2/cws/server/apache-tomcat-11.0.20/logs | |
| run: | | |
| cat cws.log | |
| - name: Show Catalina Log for Worker2 | |
| if: always() | |
| working-directory: dist/worker2/cws/server/apache-tomcat-11.0.20/logs | |
| run: | | |
| cat catalina.out | |
| - name: Cleanup Private files | |
| if: always() | |
| run: | | |
| rm -rf ~/.camunda | |
| rm -f ~/.netrc | |
| - name: Send custom JSON data to Slack workflow | |
| if: ${{ always() && contains(env.TEAM, github.actor) }} | |
| id: slack | |
| uses: slackapi/slack-github-action@v3 | |
| with: | |
| webhook-type: incoming-webhook | |
| webhook: ${{ secrets.SLACK_WEBHOOK_URL }} | |
| # This data can be any valid JSON from a previous step in the GitHub Action | |
| payload: | | |
| { | |
| "status": "CWS CI Camunda advanced test result: ${{ job.status }}\n${{ github.event.pull_request.html_url || github.event.head_commit.url }}\nBuild result: ${{ steps.build.outcome }}\nLoad integration test result: ${{ steps.load.outcome }}", | |
| "blocks": [ | |
| { | |
| "type": "section", | |
| "text": { | |
| "type": "mrkdwn", | |
| "text": "CWS CI Camunda advanced test result: ${{ job.status }}\n${{ github.event.pull_request.html_url || github.event.head_commit.url }}\nBuild result: ${{ steps.build.outcome }}\nLoad integration test result: ${{ steps.load.outcome }}" | |
| } | |
| } | |
| ] | |
| } | |
| publish-cws-image: | |
| if: ${{ github.ref_type == 'tag' }} | |
| needs: [build-and-test-cws, advanced-test] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check out the repo | |
| uses: actions/checkout@v6 | |
| - name: Set up JDK 17 | |
| uses: actions/setup-java@v5 | |
| with: | |
| java-version: '17' | |
| distribution: 'temurin' | |
| cache: maven | |
| - name: Log in to Docker Hub | |
| uses: docker/login-action@v4 | |
| with: | |
| username: ${{ secrets.DOCKER_USERNAME }} | |
| password: ${{ secrets.DOCKER_PASSWORD }} | |
| - name: Generate CWS Docker image | |
| run: | | |
| cd install/docker/cws-image | |
| ./build.sh | |
| - name: Re-Tag CWS Docker image for open source | |
| run: docker tag nasa-ammos/common-workflow-service:${{ github.ref_name }} ${{ secrets.DOCKER_USERNAME }}/common-workflow-service:${{ github.ref_name }} | |
| - name: Push CWS Docker image | |
| run: docker push ${{ secrets.DOCKER_USERNAME }}/common-workflow-service:${{ github.ref_name }} |