Merge FEGA related components from pipeline into SDA #448
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build PR container | |
| on: | |
| pull_request: | |
| paths-ignore: | |
| - ".github/**" | |
| - ".gitignore" | |
| - "**/README.md" | |
| env: | |
| PR_NUMBER: ${{ github.event.number }} | |
| jobs: | |
| build_go_images: | |
| name: Build PR image (golang) | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: write | |
| security-events: write | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: Log in to the Github Container registry | |
| uses: docker/login-action@v2 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Build container for sda-auth | |
| uses: docker/build-push-action@v4 | |
| with: | |
| context: ./sda-auth | |
| push: true | |
| tags: | | |
| ghcr.io/${{ github.repository }}:sha-${{ github.sha }}-auth | |
| ghcr.io/${{ github.repository }}:PR${{ github.event.number }}-auth | |
| labels: | | |
| org.opencontainers.image.source=${{ github.event.repository.clone_url }} | |
| org.opencontainers.image.created=$(date -u +'%Y-%m-%dT%H:%M:%SZ') | |
| org.opencontainers.image.revision=${{ github.sha }} | |
| - name: Build container for sda-download | |
| uses: docker/build-push-action@v4 | |
| with: | |
| context: ./sda-download | |
| push: true | |
| tags: | | |
| ghcr.io/${{ github.repository }}:sha-${{ github.sha }}-download | |
| ghcr.io/${{ github.repository }}:PR${{ github.event.number }}-download | |
| labels: | | |
| org.opencontainers.image.source=${{ github.event.repository.clone_url }} | |
| org.opencontainers.image.created=$(date -u +'%Y-%m-%dT%H:%M:%SZ') | |
| org.opencontainers.image.revision=${{ github.sha }} | |
| - name: Build container for sensitive-data-archive | |
| uses: docker/build-push-action@v4 | |
| with: | |
| context: ./sda | |
| push: true | |
| tags: | | |
| ghcr.io/${{ github.repository }}:sha-${{ github.sha }} | |
| ghcr.io/${{ github.repository }}:PR${{ github.event.number }} | |
| labels: | | |
| org.opencontainers.image.source=${{ github.event.repository.clone_url }} | |
| org.opencontainers.image.created=$(date -u +'%Y-%m-%dT%H:%M:%SZ') | |
| org.opencontainers.image.revision=${{ github.sha }} | |
| build_server_images: | |
| name: Build PR image (servers) | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: write | |
| security-events: write | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: Log in to the Github Container registry | |
| uses: docker/login-action@v2 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Build container for postgres | |
| uses: docker/build-push-action@v4 | |
| with: | |
| context: ./postgresql | |
| push: true | |
| tags: | | |
| ghcr.io/${{ github.repository }}:sha-${{ github.sha }}-postgres | |
| ghcr.io/${{ github.repository }}:PR${{ github.event.number }}-postgres | |
| labels: | | |
| org.opencontainers.image.source=${{ github.event.repository.clone_url }} | |
| org.opencontainers.image.created=$(date -u +'%Y-%m-%dT%H:%M:%SZ') | |
| org.opencontainers.image.revision=${{ github.sha }} | |
| - name: Build container for rabbitmq | |
| uses: docker/build-push-action@v4 | |
| with: | |
| context: ./rabbitmq | |
| push: true | |
| tags: | | |
| ghcr.io/${{ github.repository }}:sha-${{ github.sha }}-rabbitmq | |
| ghcr.io/${{ github.repository }}:PR${{ github.event.number }}-rabbitmq | |
| labels: | | |
| org.opencontainers.image.source=${{ github.event.repository.clone_url }} | |
| org.opencontainers.image.created=$(date -u +'%Y-%m-%dT%H:%M:%SZ') | |
| org.opencontainers.image.revision=${{ github.sha }} | |
| - name: Run Trivy vulnerability scanner on postgres | |
| uses: aquasecurity/[email protected] | |
| with: | |
| image-ref: ghcr.io/${{ github.repository }}:sha-${{ github.sha }}-postgres | |
| format: "sarif" | |
| hide-progress: true | |
| ignore-unfixed: true | |
| output: 'postgres-results.sarif' | |
| severity: "CRITICAL,HIGH" | |
| - name: Upload Trivy scan results to GitHub Security tab | |
| uses: github/codeql-action/upload-sarif@v2 | |
| with: | |
| sarif_file: 'postgres-results.sarif' | |
| category: postgres | |
| - name: Run Trivy vulnerability scanner on rabbitmq | |
| uses: aquasecurity/[email protected] | |
| with: | |
| image-ref: ghcr.io/${{ github.repository }}:sha-${{ github.sha }}-rabbitmq | |
| format: "sarif" | |
| hide-progress: true | |
| ignore-unfixed: true | |
| output: 'rabbitmq-results.sarif' | |
| severity: "CRITICAL,HIGH" | |
| - name: Upload Trivy scan results to GitHub Security tab | |
| uses: github/codeql-action/upload-sarif@v2 | |
| with: | |
| sarif_file: 'rabbitmq-results.sarif' | |
| category: rabbitmq | |
| build_java_images: | |
| name: Build PR image (java) | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: write | |
| security-events: write | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: Log in to the Github Container registry | |
| uses: docker/login-action@v2 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Build container for sda-sftp-inbox | |
| uses: docker/build-push-action@v4 | |
| with: | |
| context: ./sda-sftp-inbox | |
| push: true | |
| tags: | | |
| ghcr.io/${{ github.repository }}:sha-${{ github.sha }}-sftp-inbox | |
| ghcr.io/${{ github.repository }}:PR${{ github.event.number }}-sftp-inbox | |
| labels: | | |
| org.opencontainers.image.source=${{ github.event.repository.clone_url }} | |
| org.opencontainers.image.created=$(date -u +'%Y-%m-%dT%H:%M:%SZ') | |
| org.opencontainers.image.revision=${{ github.sha }} | |
| - name: Run Trivy vulnerability scanner on sftp-inbox | |
| uses: aquasecurity/[email protected] | |
| with: | |
| image-ref: ghcr.io/${{ github.repository }}:sha-${{ github.sha }}-sftp-inbox | |
| format: "sarif" | |
| hide-progress: true | |
| ignore-unfixed: true | |
| output: 'inbox-results.sarif' | |
| severity: "CRITICAL,HIGH" | |
| - name: Upload Trivy scan results to GitHub Security tab | |
| uses: github/codeql-action/upload-sarif@v2 | |
| with: | |
| sarif_file: 'inbox-results.sarif' | |
| category: sftp-inbox | |
| rabbitmq: | |
| needs: | |
| - build_go_images | |
| - build_server_images | |
| name: rabbitmq-federation-test | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check out code | |
| uses: actions/checkout@v3 | |
| - name: Test rabbitmq federation | |
| run: docker compose -f .github/integration/rabbitmq-federation.yml run federation_test | |
| postgres: | |
| needs: | |
| - build_server_images | |
| name: postgres-test-suite | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check out code | |
| uses: actions/checkout@v3 | |
| - name: Test postgres | |
| run: docker compose -f .github/integration/postgres.yml run tests | |
| sda: | |
| needs: | |
| - build_go_images | |
| - build_server_images | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check out code | |
| uses: actions/checkout@v3 | |
| - name: Test sensitive-data-archive | |
| run: docker compose -f .github/integration/sda-integration.yml run integration_test | |
| chart: | |
| needs: | |
| - build_go_images | |
| - build_server_images | |
| - build_java_images | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| version: ["1.26", "1.27"] | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| - name: Install Helm | |
| uses: azure/[email protected] | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Initialise k3d | |
| id: initK3D | |
| run: bash .github/integration/scripts/charts/k3d.sh ${{matrix.version}} | |
| shell: bash | |
| - name: debug | |
| if: steps.initK3D.outcome == 'failure' | |
| run: k3d version list k3s | grep ${{matrix.version}} | |
| shell: bash | |
| - name: Deploy external services | |
| run: bash .github/integration/scripts/charts/dependencies.sh | |
| shell: bash | |
| - name: Deploy DB | |
| id: deployDB | |
| run: bash .github/integration/scripts/charts/deploy_charts.sh sda-db ${{ github.event.number }} | |
| - name: debug | |
| if: steps.deployDB.outcome == 'failure' | |
| run: | | |
| kubectl describe pod postgres-sda-db-0 | |
| sleep 1 | |
| kubectl logs postgres-sda-db-0 | |
| - name: Deploy MQ | |
| id: deployMQ | |
| run: bash .github/integration/scripts/charts/deploy_charts.sh sda-mq ${{ github.event.number }} | |
| shell: bash | |
| - name: debug | |
| if: steps.deployMQ.outcome == 'failure' | |
| run: | | |
| kubectl describe pod broker-sda-mq-0 | |
| sleep 1 | |
| kubectl logs broker-sda-mq-0 | |
| - name: Deploy pipeline | |
| run: bash .github/integration/scripts/charts/deploy_charts.sh sda-svc ${{ github.event.number }} | |
| shell: bash | |
| - name: test | |
| if: always() | |
| run: | | |
| kubectl get pods | |
| sleep 1 | |
| for svc in auth finalize inbox ingest mapper verify; do | |
| echo "## describe $svc" && kubectl describe pod -l role="$svc" | |
| sleep 1 | |
| echo "## logs $svc" && kubectl logs -l role="$svc" | |
| sleep 1 | |
| done | |
| shell: bash |