Build Agent and Upload To OSS #743
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This workflow will build a Java project with Maven | |
| # For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-maven | |
| name: Build Agent and Upload To OSS | |
| on: | |
| push: | |
| branches: | |
| - main | |
| - beta | |
| - develop | |
| pull_request: | |
| branches: | |
| - main | |
| - beta | |
| - develop | |
| paths-ignore: | |
| - '.github/**' | |
| - 'changes/**' | |
| - 'deploy/**' | |
| - '**.md' | |
| - '**.yml' | |
| - '**.xml' | |
| - 'LICENSE' | |
| - '.gitignore' | |
| schedule: | |
| - cron: '0 10 * * *' | |
| jobs: | |
| Cache-Dependencies: | |
| name: Cache dependencies | |
| if: github.repository == 'HXSecurity/DongTai-agent-java' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v2 | |
| - name: Set up JDK 1.8 | |
| uses: actions/setup-java@v1 | |
| with: | |
| java-version: 1.8 | |
| - name: Set up Maven | |
| uses: stCarolas/setup-maven@v4 | |
| with: | |
| maven-version: 3.2.5 | |
| - uses: actions/cache@v2 | |
| id: mvn-cache # use this to check for `cache-hit` (`steps.mvn-cache.outputs.cache-hit != 'true'`) | |
| with: | |
| path: ~/.m2 # !WARN does not work if running multiple node versions, instead use https://github.com/actions/cache/blob/master/examples.md#node---yarn | |
| key: ${{ runner.os }}-mvn-${{ hashFiles('**/pom.xml') }} | |
| restore-keys: | | |
| ${{ runner.os }}-mvn- | |
| - name: Mvn Install | |
| if: steps.mvn-cache.outputs.cache-hit != 'true' | |
| run: mvn -B compile -Dmaven.test.skip=true | |
| Build-Agent: | |
| name: Build Java Agent | |
| if: github.event_name == 'pull_request' || github.event_name == 'schedule' | |
| runs-on: ubuntu-latest | |
| needs: [ Cache-Dependencies ] | |
| steps: | |
| - uses: actions/checkout@v2 | |
| - name: Set up JDK 1.8 | |
| uses: actions/setup-java@v1 | |
| with: | |
| java-version: 1.8 | |
| - name: Set up Maven | |
| uses: stCarolas/setup-maven@v4 | |
| with: | |
| maven-version: 3.2.5 | |
| - name: Restore dependencies from cache | |
| uses: actions/cache@v2 | |
| with: | |
| path: ~/.m2 | |
| key: ${{ runner.os }}-mvn-${{ hashFiles('**/pom.xml') }} | |
| restore-keys: | | |
| ${{ runner.os }}-mvn- | |
| - name: Build DongTai-Java-Agent With Maven | |
| run: | | |
| mvn -version | |
| mvn -B package -Dmaven.test.skip=true | |
| - uses: shogo82148/actions-setup-mysql@v1 | |
| with: | |
| mysql-version: '8.0' | |
| auto-start: true | |
| root-password: yuhjnbGYUI | |
| user: test | |
| password: test | |
| # - name: OpenRASP-Vulns-Test | |
| # run: bash .github/workflows/scripts/openrasp-test.sh "OpenRASP" "${{ github.event_name }}-${{ github.run_number }}" | |
| # | |
| # - name: Benchmark-Vulns-Test | |
| # run: bash .github/workflows/scripts/benchmark-test.sh "OWASP-Benchmark" "${{ github.event_name }}-${{ github.run_number }}" | |
| Upload-To-OSS: | |
| name: Upload To TEST OSS | |
| if: github.event_name == 'push' | |
| runs-on: ubuntu-latest | |
| needs: [ Cache-Dependencies ] | |
| steps: | |
| - uses: actions/checkout@v2 | |
| - name: Set up JDK 1.8 | |
| uses: actions/setup-java@v1 | |
| with: | |
| java-version: 1.8 | |
| - name: Set up Maven | |
| uses: stCarolas/setup-maven@v4 | |
| with: | |
| maven-version: 3.2.5 | |
| - name: Get the release version | |
| id: version | |
| run: echo ::set-output name=GITHUB_REF::${GITHUB_REF##*/} | |
| - name: Restore dependencies from cache | |
| uses: actions/cache@v2 | |
| with: | |
| path: ~/.m2 | |
| key: ${{ runner.os }}-mvn-${{ hashFiles('**/pom.xml') }} | |
| restore-keys: | | |
| ${{ runner.os }}-mvn- | |
| - name: Build DongTai-Java-Agent With Maven | |
| run: | | |
| mvn -version | |
| mvn -B package -Dmaven.test.skip=true | |
| - name: Upload Assets | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: dongtai-agent | |
| path: | | |
| dongtai-agent/target/dongtai-agent.jar | |
| dongtai-agent/src/main/resources/bin/* | |
| - uses: manyuanrong/setup-ossutil@v2.0 | |
| with: | |
| endpoint: ${{ secrets.CHART_OSS_ENDPOINT }} | |
| access-key-id: ${{ secrets.OSS_KEY_ID }} | |
| access-key-secret: ${{ secrets.OSS_KEY_SECRET }} | |
| - name: add agent | |
| if: ${{ steps.version.outputs.GITHUB_REF }} == develop || ${{ steps.version.outputs.GITHUB_REF }} == beta || ${{ steps.version.outputs.GITHUB_REF }} == main | |
| run: | | |
| if [ ${{ steps.version.outputs.GITHUB_REF }} = develop ] ; then | |
| ossutil cp -rf dongtai-agent/target/dongtai-agent.jar oss://dongtai-helm-charts/agent_test/java/latest/dongtai-agent.jar --meta x-oss-object-acl:public-read | |
| ossutil cp -rf dongtai-agent/src/main/resources/bin/ oss://dongtai-helm-charts/agent_test/java/latest/ --meta x-oss-object-acl:public-read | |
| cp dongtai-agent/target/dongtai-agent.jar dongtai-agent/src/main/resources/bin/ && cd dongtai-agent/src/main/resources/bin/ && tar -zcvf agent_latest.tar.gz * && cd ../../../../../ | |
| ossutil cp -rf dongtai-agent/src/main/resources/bin/agent_latest.tar.gz oss://dongtai-helm-charts/agent_test/java/latest/ --meta x-oss-object-acl:public-read | |
| else | |
| ossutil cp -rf dongtai-agent/target/dongtai-agent.jar oss://dongtai-helm-charts/agent_${{ steps.version.outputs.GITHUB_REF }}/java/latest/dongtai-agent.jar --meta x-oss-object-acl:public-read | |
| ossutil cp -rf dongtai-agent/src/main/resources/bin/ oss://dongtai-helm-charts/agent_${{ steps.version.outputs.GITHUB_REF }}/java/latest/ --meta x-oss-object-acl:public-read | |
| cp dongtai-agent/target/dongtai-agent.jar dongtai-agent/src/main/resources/bin/ && cd dongtai-agent/src/main/resources/bin/ && tar -zcvf agent_latest.tar.gz * && cd ../../../../../ | |
| ossutil cp -rf dongtai-agent/src/main/resources/bin/agent_latest.tar.gz oss://dongtai-helm-charts/agent_${{ steps.version.outputs.GITHUB_REF }}/java/latest/ --meta x-oss-object-acl:public-read | |
| fi | |
| - name: Set the value | |
| id: release | |
| run: | | |
| if [ ${{ steps.version.outputs.GITHUB_REF }} = develop ] ; then echo "helm_ns=test" >> $GITHUB_ENV; echo "helm_mysql=test" >> $GITHUB_ENV | |
| elif [ ${{ steps.version.outputs.GITHUB_REF }} = beta ] ; then echo "helm_ns=beta" >> $GITHUB_ENV; echo "helm_mysql=beta" >> $GITHUB_ENV | |
| else echo "helm_ns=main" >> $GITHUB_ENV ; echo "helm_mysql=temp" >> $GITHUB_ENV ;fi | |
| - name: deploy to cluster | |
| uses: wahyd4/kubectl-helm-action@master | |
| env: | |
| KUBE_CONFIG_DATA: ${{ secrets.KUBE_CONFIG_TEST_DATA }} | |
| with: | |
| args: | | |
| git clone https://github.com/HXSecurity/DongTai.git | |
| helm upgrade --install huoxian --create-namespace -n iast-${{ env.helm_ns }} ./DongTai/deploy/kubernetes/helm/ \ | |
| --set sca.sca_token=${{ secrets.TOKEN_SCA }} --set usb.usb_token=${{ secrets.TOKEN_SCA }} --set mysql.host=iast-mysql-${{ env.helm_mysql }}.huoxian.cn \ | |
| --set tag=${{ steps.version.outputs.GITHUB_REF }}-latest --set build.agent_number=iast${{github.run_number}} --set develop.agentZip=${{ env.helm_ns }} --values https://charts.dongtai.io/devops.yaml | |
| helm upgrade --install huoxian --create-namespace -n iast-${{ env.helm_ns }}-max ./DongTai/deploy/kubernetes/helm/ \ | |
| --set max=true --set sca.sca_token=${{ secrets.MAX_TOKEN_SCA }} --set usb.usb_token=${{ secrets.MAX_TOKEN_SCA }} --set mysql.host=iast-mysql-${{ env.helm_mysql }}-max.huoxian.cn \ | |
| --set tag=max-${{ steps.version.outputs.GITHUB_REF }}-latest --set develop.agentZip=${{ env.helm_ns }} \ | |
| --set build.agent_number=iast${{github.run_number}} --values https://charts.dongtai.io/devops.yaml |