From e8d9985db0e4206d9cf9755507d8564f4200fe8b Mon Sep 17 00:00:00 2001 From: Matthias Fischer Date: Fri, 5 Jul 2024 15:23:42 +0200 Subject: [PATCH 01/19] chore(build):[#222] trial to use env file instead of set-output --- .github/workflows/irs-build.yml | 41 ++++++++++++++++++++++----------- 1 file changed, 27 insertions(+), 14 deletions(-) diff --git a/.github/workflows/irs-build.yml b/.github/workflows/irs-build.yml index c726df7446..ee0fbe23f3 100644 --- a/.github/workflows/irs-build.yml +++ b/.github/workflows/irs-build.yml @@ -12,25 +12,32 @@ on: - '!docs/src/api/**' - 'local/**' - 'CHANGELOG.md' + + push: branches: - main tags: - '**' + + jobs: + init: runs-on: ubuntu-latest - outputs: - image_namespace: tractusx - image_name: irs-api - docker_hub_user: ${{ secrets.DOCKER_HUB_USER }} - # In order to skip sonar if not configured - sonar_configured: ${{ secrets.SONAR_TOKEN != '' && secrets.SONAR_PROJECT_KEY != '' && secrets.SONAR_ORGANIZATION != '' }} steps: - run: | echo "Preparing variables" - echo "sonar_configured: ${{ secrets.SONAR_TOKEN != '' && secrets.SONAR_PROJECT_KEY != '' && secrets.SONAR_ORGANIZATION != '' }}" + + echo "IMAGE_NAMESPACE=tractusx" >> $GITHUB_ENV + echo "IMAGE_NAMESPACE: $IMAGE_NAMESPACE" + + echo "IMAGE_NAME: irs-api" >> $GITHUB_ENV + echo "IMAGE_NAME: $IMAGE_NAME" + + echo "SONAR_CONFIGURED=${{ secrets.SONAR_TOKEN != '' && secrets.SONAR_PROJECT_KEY != '' && secrets.SONAR_ORGANIZATION != '' }}" >> $GITHUB_ENV + echo "SONAR_CONFIGURED: $SONAR_CONFIGURED" build: runs-on: ubuntu-latest @@ -59,7 +66,7 @@ jobs: needs: [init] # No need to run if we cannot use the sonar token if: >- - needs.init.outputs.sonar_configured == 'true' + env.SONAR_CONFIGURED == 'true' && (github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository) && github.actor != 'dependabot[bot]' runs-on: ubuntu-latest @@ -131,29 +138,35 @@ jobs: echo "::set-output name=image_tag::$VERSION" - name: Login to Docker Hub - if: needs.init.outputs.docker_hub_user != '' + env: + DOCKER_HUB_USER: ${{ secrets.DOCKER_HUB_USER }} + if: env.DOCKER_HUB_USER != '' uses: docker/login-action@v3 with: username: ${{ secrets.DOCKER_HUB_USER }} password: ${{ secrets.DOCKER_HUB_TOKEN }} - name: Push image (DockerHub) - if: needs.init.outputs.docker_hub_user != '' && github.event_name != 'pull_request' + env: + DOCKER_HUB_USER: ${{ secrets.DOCKER_HUB_USER }} + if: env.DOCKER_HUB_USER != '' && github.event_name != 'pull_request' run: | - docker tag ${{ matrix.image }} ${{ needs.init.outputs.image_namespace }}/${{ needs.init.outputs.image_name }}:${{ steps.version.outputs.image_tag }} - docker push ${{ needs.init.outputs.image_namespace }}/${{ needs.init.outputs.image_name }}:${{ steps.version.outputs.image_tag }} + docker tag ${{ matrix.image }} ${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME }}:${{ steps.version.outputs.image_tag }} + docker push ${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME }}:${{ steps.version.outputs.image_tag }} docker tag ${{ matrix.image }} $IMAGE_ID:$GITHUB_SHA docker push $IMAGE_ID:$GITHUB_SHA # https://github.com/peter-evans/dockerhub-description - name: Update Docker Hub description - if: needs.init.outputs.docker_hub_user != '' && github.event_name != 'pull_request' + env: + DOCKER_HUB_USER: ${{ secrets.DOCKER_HUB_USER }} + if: env.DOCKER_HUB_USER != '' && github.event_name != 'pull_request' uses: peter-evans/dockerhub-description@v4 with: username: ${{ secrets.DOCKER_HUB_USER }} password: ${{ secrets.DOCKER_HUB_TOKEN }} - repository: ${{ needs.init.outputs.image_namespace }}/${{ needs.init.outputs.image_name }} + repository: ${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME }} readme-filepath: ./DOCKER_NOTICE.md trigger-trivy-image-scan: From 07799c6b3032821f4b0f5d842c76e634c63fa117 Mon Sep 17 00:00:00 2001 From: Matthias Fischer Date: Fri, 5 Jul 2024 15:50:48 +0200 Subject: [PATCH 02/19] chore(build):[#222] trial to fix --- .github/workflows/irs-build.yml | 24 +++++++----------------- 1 file changed, 7 insertions(+), 17 deletions(-) diff --git a/.github/workflows/irs-build.yml b/.github/workflows/irs-build.yml index ee0fbe23f3..d457005321 100644 --- a/.github/workflows/irs-build.yml +++ b/.github/workflows/irs-build.yml @@ -24,21 +24,6 @@ on: jobs: - init: - runs-on: ubuntu-latest - steps: - - run: | - echo "Preparing variables" - - echo "IMAGE_NAMESPACE=tractusx" >> $GITHUB_ENV - echo "IMAGE_NAMESPACE: $IMAGE_NAMESPACE" - - echo "IMAGE_NAME: irs-api" >> $GITHUB_ENV - echo "IMAGE_NAME: $IMAGE_NAME" - - echo "SONAR_CONFIGURED=${{ secrets.SONAR_TOKEN != '' && secrets.SONAR_PROJECT_KEY != '' && secrets.SONAR_ORGANIZATION != '' }}" >> $GITHUB_ENV - echo "SONAR_CONFIGURED: $SONAR_CONFIGURED" - build: runs-on: ubuntu-latest steps: @@ -63,7 +48,9 @@ jobs: mvn clean verify --batch-mode analyze_with_Sonar: - needs: [init] + env: + SONAR_CONFIGURED: ${{ secrets.SONAR_TOKEN != '' && secrets.SONAR_PROJECT_KEY != '' && secrets.SONAR_ORGANIZATION != '' }}" + # No need to run if we cannot use the sonar token if: >- env.SONAR_CONFIGURED == 'true' @@ -106,7 +93,6 @@ jobs: -Dcheckstyle.skip -Dpmd.skip=true build_images: - needs: [init] strategy: matrix: image: @@ -149,6 +135,8 @@ jobs: - name: Push image (DockerHub) env: DOCKER_HUB_USER: ${{ secrets.DOCKER_HUB_USER }} + IMAGE_NAMESPACE: tractusx + IMAGE_NAME: irs-api if: env.DOCKER_HUB_USER != '' && github.event_name != 'pull_request' run: | docker tag ${{ matrix.image }} ${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME }}:${{ steps.version.outputs.image_tag }} @@ -161,6 +149,8 @@ jobs: - name: Update Docker Hub description env: DOCKER_HUB_USER: ${{ secrets.DOCKER_HUB_USER }} + IMAGE_NAMESPACE: tractusx + IMAGE_NAME: irs-api if: env.DOCKER_HUB_USER != '' && github.event_name != 'pull_request' uses: peter-evans/dockerhub-description@v4 with: From 145593d1575056cb88e7954d0383367465c56810 Mon Sep 17 00:00:00 2001 From: Matthias Fischer Date: Fri, 5 Jul 2024 15:57:41 +0200 Subject: [PATCH 03/19] chore(build):[#222] trial to fix --- .github/workflows/irs-build.yml | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/.github/workflows/irs-build.yml b/.github/workflows/irs-build.yml index d457005321..d324b83948 100644 --- a/.github/workflows/irs-build.yml +++ b/.github/workflows/irs-build.yml @@ -47,13 +47,17 @@ jobs: run: | mvn clean verify --batch-mode - analyze_with_Sonar: - env: - SONAR_CONFIGURED: ${{ secrets.SONAR_TOKEN != '' && secrets.SONAR_PROJECT_KEY != '' && secrets.SONAR_ORGANIZATION != '' }}" + check_sonar_configured: + runs-on: ubuntu-latest + steps: + outputs: + sonar_configured: ${{ secrets.SONAR_TOKEN != '' && secrets.SONAR_PROJECT_KEY != '' && secrets.SONAR_ORGANIZATION != '' }}" + analyze_with_Sonar: + needs: [check_sonar_configured] # No need to run if we cannot use the sonar token if: >- - env.SONAR_CONFIGURED == 'true' + needs.check_sonar_configured.outputs.sonar_configured == 'true' && (github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository) && github.actor != 'dependabot[bot]' runs-on: ubuntu-latest From f3f54eaec530ee25a7d88caa42e7e7be01c31246 Mon Sep 17 00:00:00 2001 From: Matthias Fischer Date: Fri, 5 Jul 2024 16:25:32 +0200 Subject: [PATCH 04/19] chore(build):[#222] trial to fix --- .github/workflows/irs-build.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/irs-build.yml b/.github/workflows/irs-build.yml index d324b83948..5b4dd5020f 100644 --- a/.github/workflows/irs-build.yml +++ b/.github/workflows/irs-build.yml @@ -50,6 +50,9 @@ jobs: check_sonar_configured: runs-on: ubuntu-latest steps: + - name: check_sonar_configured + run: | + mvn clean verify --batch-mode outputs: sonar_configured: ${{ secrets.SONAR_TOKEN != '' && secrets.SONAR_PROJECT_KEY != '' && secrets.SONAR_ORGANIZATION != '' }}" From c55914ad95305abd544cec5739ea461347b2f3f3 Mon Sep 17 00:00:00 2001 From: Matthias Fischer Date: Fri, 5 Jul 2024 16:27:36 +0200 Subject: [PATCH 05/19] chore(build):[#222] trial to fix --- .github/workflows/irs-build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/irs-build.yml b/.github/workflows/irs-build.yml index 5b4dd5020f..c4446447d7 100644 --- a/.github/workflows/irs-build.yml +++ b/.github/workflows/irs-build.yml @@ -52,7 +52,7 @@ jobs: steps: - name: check_sonar_configured run: | - mvn clean verify --batch-mode + echo "Checking if sonar is configured" outputs: sonar_configured: ${{ secrets.SONAR_TOKEN != '' && secrets.SONAR_PROJECT_KEY != '' && secrets.SONAR_ORGANIZATION != '' }}" From 83bdf22c10712e3c3572cf14327cfe4930569bb4 Mon Sep 17 00:00:00 2001 From: Matthias Fischer Date: Fri, 5 Jul 2024 16:35:31 +0200 Subject: [PATCH 06/19] chore(build):[#222] trial to fix --- .github/workflows/irs-build.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/irs-build.yml b/.github/workflows/irs-build.yml index c4446447d7..f71b276746 100644 --- a/.github/workflows/irs-build.yml +++ b/.github/workflows/irs-build.yml @@ -52,9 +52,11 @@ jobs: steps: - name: check_sonar_configured run: | - echo "Checking if sonar is configured" + echo "Checking if sonar is configured: ${{ env.SONAR_CONFIGURED }}" + env: + SONAR_CONFIGURED: ${{ secrets.SONAR_TOKEN != '' && secrets.SONAR_PROJECT_KEY != '' && secrets.SONAR_ORGANIZATION != '' }}" outputs: - sonar_configured: ${{ secrets.SONAR_TOKEN != '' && secrets.SONAR_PROJECT_KEY != '' && secrets.SONAR_ORGANIZATION != '' }}" + sonar_configured: ${{ env.SONAR_CONFIGURED }}" analyze_with_Sonar: needs: [check_sonar_configured] From cd62563e7ebbcd628177d42c615a11dbbc49fb34 Mon Sep 17 00:00:00 2001 From: Matthias Fischer Date: Fri, 5 Jul 2024 16:36:25 +0200 Subject: [PATCH 07/19] chore(build):[#222] trial to fix --- .github/workflows/irs-build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/irs-build.yml b/.github/workflows/irs-build.yml index f71b276746..cb74d81142 100644 --- a/.github/workflows/irs-build.yml +++ b/.github/workflows/irs-build.yml @@ -56,7 +56,7 @@ jobs: env: SONAR_CONFIGURED: ${{ secrets.SONAR_TOKEN != '' && secrets.SONAR_PROJECT_KEY != '' && secrets.SONAR_ORGANIZATION != '' }}" outputs: - sonar_configured: ${{ env.SONAR_CONFIGURED }}" + sonar_configured: ${{ env.SONAR_CONFIGURED }} analyze_with_Sonar: needs: [check_sonar_configured] From 9a9453b2447c75827ee01ca3239f5b67c2bea06a Mon Sep 17 00:00:00 2001 From: Matthias Fischer Date: Fri, 5 Jul 2024 16:39:16 +0200 Subject: [PATCH 08/19] chore(build):[#222] trial to fix --- .github/workflows/irs-build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/irs-build.yml b/.github/workflows/irs-build.yml index cb74d81142..5cb292c586 100644 --- a/.github/workflows/irs-build.yml +++ b/.github/workflows/irs-build.yml @@ -54,7 +54,7 @@ jobs: run: | echo "Checking if sonar is configured: ${{ env.SONAR_CONFIGURED }}" env: - SONAR_CONFIGURED: ${{ secrets.SONAR_TOKEN != '' && secrets.SONAR_PROJECT_KEY != '' && secrets.SONAR_ORGANIZATION != '' }}" + SONAR_CONFIGURED: ${{ secrets.SONAR_TOKEN != '' && secrets.SONAR_PROJECT_KEY != '' && secrets.SONAR_ORGANIZATION != '' }} outputs: sonar_configured: ${{ env.SONAR_CONFIGURED }} From 4019155b354a15c25ad82bf4d309f2967bfc9e43 Mon Sep 17 00:00:00 2001 From: Matthias Fischer Date: Fri, 5 Jul 2024 17:15:21 +0200 Subject: [PATCH 09/19] chore(build):[#222] Revert 5b5e0354b9b6a7961bba6e95a1d9688d9a00193b --- .../cucumber-integration-test-DIL.yaml | 25 ++++++ .../cucumber-integration-test-INT.yaml | 25 ++++++ .../workflows/cucumber-integration-test.yaml | 12 ++- .github/workflows/int-setup-testdata.yml | 84 ------------------- .github/workflows/integration-test-DEV.yaml | 35 +++++++- .github/workflows/irs-load-test.yaml | 25 ++++++ .github/workflows/owasp.yml | 2 + ...{int-test-automation.yml => smoketest.yml} | 2 +- TESTS.md | 2 +- 9 files changed, 123 insertions(+), 89 deletions(-) delete mode 100644 .github/workflows/int-setup-testdata.yml rename .github/workflows/{int-test-automation.yml => smoketest.yml} (97%) diff --git a/.github/workflows/cucumber-integration-test-DIL.yaml b/.github/workflows/cucumber-integration-test-DIL.yaml index b3469503b0..53a8375ab4 100644 --- a/.github/workflows/cucumber-integration-test-DIL.yaml +++ b/.github/workflows/cucumber-integration-test-DIL.yaml @@ -9,7 +9,32 @@ concurrency: cancel-in-progress: true jobs: + + check-config: + runs-on: ubuntu-latest + steps: + - name: Check if DIL_REGULAR_USER_API_KEY is defined + run: | + if [[ -z "${{ secrets.DIL_REGULAR_USER_API_KEY }}" ]]; then + echo "Error: Missing secret: Please configure DIL_REGULAR_USER_API_KEY." + exit 1 + fi + - name: Check if DIL_ADMIN_USER_API_KEY is defined + run: | + if [[ -z "${{ secrets.DIL_ADMIN_USER_API_KEY }}" ]]; then + echo "Error: Missing secret: Please configure DIL_ADMIN_USER_API_KEY." + exit 1 + fi + - name: Check if IRS_CUCUMBER_PUBLISH_TOKEN is defined + run: | + if [[ -z "${{ secrets.IRS_CUCUMBER_PUBLISH_TOKEN }}" ]]; then + echo "Error: Missing secret: Please configure IRS_CUCUMBER_PUBLISH_TOKEN." + exit 1 + fi + shell: bash + trigger-integration-test: + needs: check-config uses: ./.github/workflows/cucumber-integration-test.yaml secrets: regularUserApiKey: ${{ secrets.DIL_REGULAR_USER_API_KEY }} diff --git a/.github/workflows/cucumber-integration-test-INT.yaml b/.github/workflows/cucumber-integration-test-INT.yaml index 4e0ead9325..85ac6f3e04 100644 --- a/.github/workflows/cucumber-integration-test-INT.yaml +++ b/.github/workflows/cucumber-integration-test-INT.yaml @@ -9,7 +9,32 @@ concurrency: cancel-in-progress: true jobs: + + check-config: + runs-on: ubuntu-latest + steps: + - name: Check if INT_REGULAR_USER_API_KEY is defined + run: | + if [[ -z "${{ secrets.INT_REGULAR_USER_API_KEY }}" ]]; then + echo "Error: Missing secret: Please configure INT_REGULAR_USER_API_KEY." + exit 1 + fi + - name: Check if INT_ADMIN_USER_API_KEY is defined + run: | + if [[ -z "${{ secrets.INT_ADMIN_USER_API_KEY }}" ]]; then + echo "Error: Missing secret: Please configure INT_ADMIN_USER_API_KEY." + exit 1 + fi + - name: Check if IRS_CUCUMBER_PUBLISH_TOKEN is defined + run: | + if [[ -z "${{ secrets.IRS_CUCUMBER_PUBLISH_TOKEN }}" ]]; then + echo "Error: Missing secret: Please configure IRS_CUCUMBER_PUBLISH_TOKEN." + exit 1 + fi + shell: bash + trigger-integration-test: + needs: check-config uses: ./.github/workflows/cucumber-integration-test.yaml secrets: regularUserApiKey: ${{ secrets.INT_REGULAR_USER_API_KEY }} diff --git a/.github/workflows/cucumber-integration-test.yaml b/.github/workflows/cucumber-integration-test.yaml index 6e417a74fe..07c7953ea1 100644 --- a/.github/workflows/cucumber-integration-test.yaml +++ b/.github/workflows/cucumber-integration-test.yaml @@ -15,6 +15,7 @@ on: type: string jobs: + build: runs-on: ubuntu-latest @@ -40,9 +41,16 @@ jobs: ADMIN_USER_API_KEY: ${{ secrets.adminUserApiKey }} ISSUE_FILTER: ${{ inputs.executionFilter }} CUCUMBER_PUBLISH_TOKEN: ${{ secrets.cucumberPublishToken }} - # workaround replacement since injecting the token via environment variable does not work run: | - sed -i "s/CUCUMBER_TOKEN_IRS_PLACEHOLDER/${CUCUMBER_PUBLISH_TOKEN}/g" irs-cucumber-tests/src/test/java/org/eclipse/tractusx/irs/cucumber/RunCucumberTest.java + if [ -z "${{ secrets.cucumberPublishToken }}" ]; then + echo "Publish cucumber report disabled" + sed -i "s/PUBLISH_ENABLED_FLAG/false/g" irs-cucumber-tests/src/test/java/org/eclipse/tractusx/irs/cucumber/RunCucumberTest.java + else + echo "Publish cucumber report enabled" + sed -i "s/PUBLISH_ENABLED_FLAG/true/g" irs-cucumber-tests/src/test/java/org/eclipse/tractusx/irs/cucumber/RunCucumberTest.java + # workaround replacement since injecting the token via environment variable does not work + sed -i "s/CUCUMBER_TOKEN_IRS_PLACEHOLDER/${CUCUMBER_PUBLISH_TOKEN}/g" irs-cucumber-tests/src/test/java/org/eclipse/tractusx/irs/cucumber/RunCucumberTest.java + fi mvn clean verify -P cucumber -Dgroups="$ISSUE_FILTER" -pl irs-cucumber-tests -am --batch-mode 2> irs-cucumber-tests/report-banner.txt diff --git a/.github/workflows/int-setup-testdata.yml b/.github/workflows/int-setup-testdata.yml deleted file mode 100644 index c97771b16d..0000000000 --- a/.github/workflows/int-setup-testdata.yml +++ /dev/null @@ -1,84 +0,0 @@ -name: Integration testdata setup - -on: - workflow_dispatch: - inputs: - testfilePath: - description: 'Path to Testdata file on GitHub' - required: true - type: string - submodelUrls: - description: 'Space-separated list of Submodel server URLs' - required: true - type: string - aasUrl: - description: 'Digital twin registry URL' - required: true - type: string - edcUrls: - description: 'Space-separated list of Provider control plane URLs' - required: true - type: string - edcApiKey: - description: 'API-Key for the provider control plane' - required: true - type: string - esrUrl: - description: 'ESR endpoint Url' - required: false - type: string - -jobs: - build: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - - name: setup python - uses: actions/setup-python@v5 - with: - python-version: 3.8 #install the python needed - cache: 'pip' - - run: pip install -r local/testing/testdata/requirements.txt - - - name: Delete existing and setup new test data on provider EDC and Registry - if: ${{ github.event.inputs.esrUrl == '' }} - env: - TESTFILE_PATH: ${{ github.event.inputs.testfilePath }} - SUBMODEL_URLs: ${{ github.event.inputs.submodelUrls }} - AAS_URL: ${{ github.event.inputs.aasUrl }} - EDC_URLs: ${{ github.event.inputs.edcUrls }} - EDC_API_KEY: ${{ github.event.inputs.edcApiKey }} - run: | - python local/testing/testdata/reset-env.py \ - -a $AAS_URL \ - -edc $EDC_URLs \ - -k $EDC_API_KEY - python local/testing/testdata/transform-and-upload.py \ - -f $TESTFILE_PATH \ - -s $SUBMODEL_URLs \ - -a $AAS_URL \ - -edc $EDC_URLs \ - -k $EDC_API_KEY - - - name: Delete existing and setup new test data on provider EDC and Registry - if: ${{ github.event.inputs.esrUrl != '' }} - env: - TESTFILE_PATH: ${{ github.event.inputs.testfilePath }} - SUBMODEL_URLs: ${{ github.event.inputs.submodelUrls }} - AAS_URL: ${{ github.event.inputs.aasUrl }} - EDC_URLs: ${{ github.event.inputs.edcUrls }} - EDC_API_KEY: ${{ github.event.inputs.edcApiKey }} - ESR_URL: ${{ github.event.inputs.esrUrl }} - run: | - python local/testing/testdata/reset-env.py \ - -a $AAS_URL \ - -edc $EDC_URLs \ - -k $EDC_API_KEY - python local/testing/testdata/transform-and-upload.py \ - -f $TESTFILE_PATH \ - -s $SUBMODEL_URLs \ - -a $AAS_URL \ - -edc $EDC_URLs \ - -k $EDC_API_KEY - -e $ESR_URL diff --git a/.github/workflows/integration-test-DEV.yaml b/.github/workflows/integration-test-DEV.yaml index d2498bb84d..f314ec76b1 100644 --- a/.github/workflows/integration-test-DEV.yaml +++ b/.github/workflows/integration-test-DEV.yaml @@ -2,6 +2,11 @@ name: IRS DEV Cucumber Integration test execution on: workflow_dispatch: # Trigger manually + inputs: + executionFilter: + description: 'Execution filter' + required: false + default: '!Ignore & !INACTIVE & INTEGRATION_TEST & DEV' push: branches: - 'main' @@ -19,12 +24,40 @@ concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true + + + jobs: + + check-config: + runs-on: ubuntu-latest + steps: + - name: Check if DEV_REGULAR_USER_API_KEY is defined + run: | + if [[ -z "${{ secrets.DEV_REGULAR_USER_API_KEY }}" ]]; then + echo "Error: Missing secret: Please configure DEV_REGULAR_USER_API_KEY." + exit 1 + fi + - name: Check if DEV_ADMIN_USER_API_KEY is defined + run: | + if [[ -z "${{ secrets.DEV_ADMIN_USER_API_KEY }}" ]]; then + echo "Error: Missing secret: Please configure DEV_ADMIN_USER_API_KEY." + exit 1 + fi + - name: Check if IRS_CUCUMBER_PUBLISH_TOKEN is defined + run: | + if [[ -z "${{ secrets.IRS_CUCUMBER_PUBLISH_TOKEN }}" ]]; then + echo "Error: Missing secret: Please configure IRS_CUCUMBER_PUBLISH_TOKEN." + exit 1 + fi + shell: bash + trigger-integration-test: + needs: check-config uses: ./.github/workflows/cucumber-integration-test.yaml secrets: regularUserApiKey: ${{ secrets.DEV_REGULAR_USER_API_KEY }} adminUserApiKey: ${{ secrets.DEV_ADMIN_USER_API_KEY }} cucumberPublishToken: ${{ secrets.IRS_CUCUMBER_PUBLISH_TOKEN }} with: - executionFilter: "!Ignore & !INACTIVE & INTEGRATION_TEST & DEV" + executionFilter: ${{ github.event.inputs.executionFilter || '!Ignore & !INACTIVE & INTEGRATION_TEST & DEV' }} diff --git a/.github/workflows/irs-load-test.yaml b/.github/workflows/irs-load-test.yaml index 25fa75c633..8c3166c594 100644 --- a/.github/workflows/irs-load-test.yaml +++ b/.github/workflows/irs-load-test.yaml @@ -19,7 +19,32 @@ on: required: false jobs: + + check-config: + runs-on: ubuntu-latest + steps: + - name: Check if OAUTH2_CLIENT_TOKEN_URI is defined + run: | + if [[ -z "${{ secrets.OAUTH2_CLIENT_TOKEN_URI }}" ]]; then + echo "Error: Missing secret: Please configure OAUTH2_CLIENT_TOKEN_URI." + exit 1 + fi + - name: Check if OAUTH2_CLIENT_SECRET is defined + run: | + if [[ -z "${{ secrets.OAUTH2_CLIENT_SECRET }}" ]]; then + echo "Error: Missing secret: Please configure OAUTH2_CLIENT_SECRET." + exit 1 + fi + - name: Check if OAUTH2_CLIENT_ID is defined + run: | + if [[ -z "${{ secrets.OAUTH2_CLIENT_ID }}" ]]; then + echo "Error: Missing secret: Please configure OAUTH2_CLIENT_ID." + exit 1 + fi + shell: bash + gatling-test: + needs: check-config runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 diff --git a/.github/workflows/owasp.yml b/.github/workflows/owasp.yml index 7fc31acbcf..6fb83925ab 100644 --- a/.github/workflows/owasp.yml +++ b/.github/workflows/owasp.yml @@ -1,6 +1,8 @@ name: "OWASP dependency scanner" on: + workflow_dispatch: # Additionally allow to trigger manually + push: branches: main paths-ignore: diff --git a/.github/workflows/int-test-automation.yml b/.github/workflows/smoketest.yml similarity index 97% rename from .github/workflows/int-test-automation.yml rename to .github/workflows/smoketest.yml index d9ac02bdff..e648281acb 100644 --- a/.github/workflows/int-test-automation.yml +++ b/.github/workflows/smoketest.yml @@ -1,4 +1,4 @@ -name: IRS integration tests +name: IRS smoke tests on: workflow_dispatch: diff --git a/TESTS.md b/TESTS.md index b7e9059acd..e19b86d9bc 100644 --- a/TESTS.md +++ b/TESTS.md @@ -47,7 +47,7 @@ Wiremock Tests and their corresponding utilities are marked by the suffix `Wirem ### Smoke Tests - The smoke test can be found under `irs-integration-tests/src/test/java/org/eclipse/tractusx/irs/smoketest/ItemGraphSmokeTest.java`. -- It is executed via the GitHub workflow [IRS integration tests](.github/workflows/int-test-automation.yml). +- It is executed via the GitHub workflow [IRS integration tests](.github/workflows/smoketest.yml). ### Regression Tests From fb344346fb7dfcd9968ea9773bdac5e1274953e8 Mon Sep 17 00:00:00 2001 From: Matthias Fischer Date: Mon, 8 Jul 2024 12:14:55 +0200 Subject: [PATCH 10/19] chore(github-actions): [#222] remove Push image (GHCR) --- .github/workflows/irs-build.yml | 19 ------------------- 1 file changed, 19 deletions(-) diff --git a/.github/workflows/irs-build.yml b/.github/workflows/irs-build.yml index e82f0e9cf6..ddef25bbdc 100644 --- a/.github/workflows/irs-build.yml +++ b/.github/workflows/irs-build.yml @@ -140,25 +140,6 @@ jobs: # This is where you will update the PAT to GITHUB_TOKEN run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin - - name: Push image (GHCR) - env: - DOCKER_HUB_USER: ${{ secrets.DOCKER_HUB_USER }} - if: >- - env.DOCKER_HUB_USER == '' && - (github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository) && - github.actor != 'dependabot[bot]' - run: | - IMAGE_ID=ghcr.io/${{ github.repository_owner }}/${{ matrix.image }} - # Change all uppercase to lowercase - IMAGE_ID=$(echo $IMAGE_ID | tr '[A-Z]' '[a-z]') - echo IMAGE_ID=$IMAGE_ID - - docker tag ${{ matrix.image }} $IMAGE_ID:${{ steps.version.outputs.image_tag }} - docker push $IMAGE_ID:${{ steps.version.outputs.image_tag }} - - docker tag ${{ matrix.image }} $IMAGE_ID:$GITHUB_SHA - docker push $IMAGE_ID:$GITHUB_SHA - - name: Login to Docker Hub env: DOCKER_HUB_USER: ${{ secrets.DOCKER_HUB_USER }} From d40bcee6422078c72778d0acdc98029050d4c460 Mon Sep 17 00:00:00 2001 From: Matthias Fischer Date: Mon, 8 Jul 2024 12:20:43 +0200 Subject: [PATCH 11/19] chore(github-actions): [#222] remove obsolete code --- .github/workflows/cucumber-integration-test.yaml | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/.github/workflows/cucumber-integration-test.yaml b/.github/workflows/cucumber-integration-test.yaml index 07c7953ea1..a54c48e908 100644 --- a/.github/workflows/cucumber-integration-test.yaml +++ b/.github/workflows/cucumber-integration-test.yaml @@ -42,15 +42,8 @@ jobs: ISSUE_FILTER: ${{ inputs.executionFilter }} CUCUMBER_PUBLISH_TOKEN: ${{ secrets.cucumberPublishToken }} run: | - if [ -z "${{ secrets.cucumberPublishToken }}" ]; then - echo "Publish cucumber report disabled" - sed -i "s/PUBLISH_ENABLED_FLAG/false/g" irs-cucumber-tests/src/test/java/org/eclipse/tractusx/irs/cucumber/RunCucumberTest.java - else - echo "Publish cucumber report enabled" - sed -i "s/PUBLISH_ENABLED_FLAG/true/g" irs-cucumber-tests/src/test/java/org/eclipse/tractusx/irs/cucumber/RunCucumberTest.java - # workaround replacement since injecting the token via environment variable does not work - sed -i "s/CUCUMBER_TOKEN_IRS_PLACEHOLDER/${CUCUMBER_PUBLISH_TOKEN}/g" irs-cucumber-tests/src/test/java/org/eclipse/tractusx/irs/cucumber/RunCucumberTest.java - fi + # workaround replacement since injecting the token via environment variable does not work + sed -i "s/CUCUMBER_TOKEN_IRS_PLACEHOLDER/${CUCUMBER_PUBLISH_TOKEN}/g" irs-cucumber-tests/src/test/java/org/eclipse/tractusx/irs/cucumber/RunCucumberTest.java mvn clean verify -P cucumber -Dgroups="$ISSUE_FILTER" -pl irs-cucumber-tests -am --batch-mode 2> irs-cucumber-tests/report-banner.txt From cf45b4b268b386f80e121d0e96a808a5aaeed753 Mon Sep 17 00:00:00 2001 From: Matthias Fischer Date: Mon, 8 Jul 2024 17:56:40 +0200 Subject: [PATCH 12/19] chore(github-actions): [#222] fix DockerHub push (IMAGE_ID) --- .github/workflows/irs-build.yml | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/.github/workflows/irs-build.yml b/.github/workflows/irs-build.yml index ddef25bbdc..7a88338c40 100644 --- a/.github/workflows/irs-build.yml +++ b/.github/workflows/irs-build.yml @@ -156,11 +156,13 @@ jobs: IMAGE_NAME: irs-api if: env.DOCKER_HUB_USER != '' && github.event_name != 'pull_request' run: | - docker tag ${{ matrix.image }} ${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME }}:${{ steps.version.outputs.image_tag }} - docker push ${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME }}:${{ steps.version.outputs.image_tag }} + IMAGE_ID=${{ needs.init.outputs.image_namespace }}/${{ needs.init.outputs.image_name }} - docker tag ${{ matrix.image }} $IMAGE_ID:$GITHUB_SHA - docker push $IMAGE_ID:$GITHUB_SHA + docker tag ${{ matrix.image }} $IMAGE_ID:${{ steps.version.outputs.image_tag }} + docker push IMAGE_ID:${{ steps.version.outputs.image_tag }} + + docker tag ${{ matrix.image }} IMAGE_ID:$GITHUB_SHA + docker push IMAGE_ID:$GITHUB_SHA # https://github.com/peter-evans/dockerhub-description - name: Update Docker Hub description From 62918cdc275ce53c2ef2f7d5037fb21c799c2997 Mon Sep 17 00:00:00 2001 From: Matthias Fischer Date: Mon, 8 Jul 2024 18:47:42 +0200 Subject: [PATCH 13/19] chore(build): [#222] fix --- .github/workflows/irs-build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/irs-build.yml b/.github/workflows/irs-build.yml index 7a88338c40..0be5458e3c 100644 --- a/.github/workflows/irs-build.yml +++ b/.github/workflows/irs-build.yml @@ -156,7 +156,7 @@ jobs: IMAGE_NAME: irs-api if: env.DOCKER_HUB_USER != '' && github.event_name != 'pull_request' run: | - IMAGE_ID=${{ needs.init.outputs.image_namespace }}/${{ needs.init.outputs.image_name }} + IMAGE_ID=$${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME }} docker tag ${{ matrix.image }} $IMAGE_ID:${{ steps.version.outputs.image_tag }} docker push IMAGE_ID:${{ steps.version.outputs.image_tag }} From 9fda07f40987165a2131a99c03452ca4edab71c2 Mon Sep 17 00:00:00 2001 From: Matthias Fischer Date: Mon, 8 Jul 2024 19:26:54 +0200 Subject: [PATCH 14/19] chore(build): [#222] fix: remove doubled $ --- .github/workflows/irs-build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/irs-build.yml b/.github/workflows/irs-build.yml index 0be5458e3c..f75ec0cf38 100644 --- a/.github/workflows/irs-build.yml +++ b/.github/workflows/irs-build.yml @@ -156,7 +156,7 @@ jobs: IMAGE_NAME: irs-api if: env.DOCKER_HUB_USER != '' && github.event_name != 'pull_request' run: | - IMAGE_ID=$${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME }} + IMAGE_ID=${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME }} docker tag ${{ matrix.image }} $IMAGE_ID:${{ steps.version.outputs.image_tag }} docker push IMAGE_ID:${{ steps.version.outputs.image_tag }} From 119802152276353a32df09ba772297b4a82c97da Mon Sep 17 00:00:00 2001 From: Matthias Fischer Date: Mon, 8 Jul 2024 19:44:53 +0200 Subject: [PATCH 15/19] chore(build): [#222] fix: IMAGE_ID to lowercase --- .github/workflows/irs-build.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/irs-build.yml b/.github/workflows/irs-build.yml index f75ec0cf38..3e14583cf4 100644 --- a/.github/workflows/irs-build.yml +++ b/.github/workflows/irs-build.yml @@ -157,6 +157,9 @@ jobs: if: env.DOCKER_HUB_USER != '' && github.event_name != 'pull_request' run: | IMAGE_ID=${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME }} + # Change all uppercase to lowercase + IMAGE_ID=$(echo $IMAGE_ID | tr '[A-Z]' '[a-z]') + echo IMAGE_ID=$IMAGE_ID docker tag ${{ matrix.image }} $IMAGE_ID:${{ steps.version.outputs.image_tag }} docker push IMAGE_ID:${{ steps.version.outputs.image_tag }} From 32dddcebcd3944c3980ee913bad7088c77b8d876 Mon Sep 17 00:00:00 2001 From: Matthias Fischer Date: Mon, 8 Jul 2024 23:22:27 +0200 Subject: [PATCH 16/19] chore(build):[#222] Fix --- .github/workflows/irs-build.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/irs-build.yml b/.github/workflows/irs-build.yml index 3e14583cf4..d2da72adf4 100644 --- a/.github/workflows/irs-build.yml +++ b/.github/workflows/irs-build.yml @@ -162,10 +162,10 @@ jobs: echo IMAGE_ID=$IMAGE_ID docker tag ${{ matrix.image }} $IMAGE_ID:${{ steps.version.outputs.image_tag }} - docker push IMAGE_ID:${{ steps.version.outputs.image_tag }} + docker push $IMAGE_ID:${{ steps.version.outputs.image_tag }} docker tag ${{ matrix.image }} IMAGE_ID:$GITHUB_SHA - docker push IMAGE_ID:$GITHUB_SHA + docker push $IMAGE_ID:$GITHUB_SHA # https://github.com/peter-evans/dockerhub-description - name: Update Docker Hub description From aab7715de4cb89c41e162886bf43aee380e0f8c1 Mon Sep 17 00:00:00 2001 From: jhartmann Date: Tue, 9 Jul 2024 11:07:07 +0200 Subject: [PATCH 17/19] chore(workflows):[#222] fix image tagging and simplify image build --- .github/workflows/irs-build.yml | 107 +++++++++++++------------------- 1 file changed, 44 insertions(+), 63 deletions(-) diff --git a/.github/workflows/irs-build.yml b/.github/workflows/irs-build.yml index d2da72adf4..74dfd46916 100644 --- a/.github/workflows/irs-build.yml +++ b/.github/workflows/irs-build.yml @@ -13,7 +13,6 @@ on: - 'local/**' - 'CHANGELOG.md' - push: branches: - main @@ -100,80 +99,63 @@ jobs: -Dcheckstyle.skip -Dpmd.skip=true build_images: - strategy: - matrix: - image: - - irs-api + env: + IMAGE_NAMESPACE: tractusx + IMAGE_NAME: irs-api + TARGET_PLATFORMS: "linux/amd64, linux/arm64" runs-on: ubuntu-latest outputs: image-tag: ${{ steps.version.outputs.image_tag }} steps: - uses: actions/checkout@v4 - - name: Build image to make sure Dockerfile is valid - run: | - # RUN --mount=type=cache is used in the IRS Dockerfile to cache directories for maven. - # And the --mount option requires BuildKit. - DOCKER_BUILDKIT=1 docker build --build-arg BUILD_TARGET=${{ matrix.image }} --target ${{ matrix.image }} -t ${{ matrix.image }}:latest . + # Needed to create multi-platform image + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 - - name: Set image version - id: version - run: | - # Strip git ref prefix from version - VERSION=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,') - # Strip "v" prefix from tag name - [[ "${{ github.ref }}" == "refs/tags/"* ]] && VERSION=$(echo $VERSION | sed -e 's/^v//') - # Support PR ref versions - [[ "${{ github.ref }}" == "refs/pull/"* ]] && VERSION=PR-$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\)/merge,\1,') - # Use Docker `latest` tag convention - [ "$VERSION" == "main" ] && VERSION=latest - echo VERSION=$VERSION - echo "::set-output name=image_tag::$VERSION" - - - name: Log in to registry - env: - DOCKER_HUB_USER: ${{ secrets.DOCKER_HUB_USER }} - if: >- - env.DOCKER_HUB_USER == '' && - (github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository) && - github.actor != 'dependabot[bot]' - # This is where you will update the PAT to GITHUB_TOKEN - run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin - - - name: Login to Docker Hub - env: - DOCKER_HUB_USER: ${{ secrets.DOCKER_HUB_USER }} - if: env.DOCKER_HUB_USER != '' - uses: docker/login-action@v3 + # Needed to create multi-platform image + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + + # Create SemVer or ref tags dependent of trigger event + - name: Docker meta + id: meta + uses: docker/metadata-action@v5 with: + images: | + ${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME }} + # Automatically prepare image tags; See action docs for more examples. + # semver patter will generate tags like these for example :1 :1.2 :1.2.3 + tags: | + type=ref,event=branch + type=ref,event=pr + type=sha,format=long + type=semver,pattern={{version}} + type=semver,pattern={{major}} + type=semver,pattern={{major}}.{{minor}} + + - name: DockerHub login + if: github.event_name != 'pull_request' + uses: docker/login-action@v2 + with: + # Use existing DockerHub credentials present as secrets username: ${{ secrets.DOCKER_HUB_USER }} password: ${{ secrets.DOCKER_HUB_TOKEN }} - - name: Push image (DockerHub) - env: - DOCKER_HUB_USER: ${{ secrets.DOCKER_HUB_USER }} - IMAGE_NAMESPACE: tractusx - IMAGE_NAME: irs-api - if: env.DOCKER_HUB_USER != '' && github.event_name != 'pull_request' - run: | - IMAGE_ID=${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME }} - # Change all uppercase to lowercase - IMAGE_ID=$(echo $IMAGE_ID | tr '[A-Z]' '[a-z]') - echo IMAGE_ID=$IMAGE_ID - - docker tag ${{ matrix.image }} $IMAGE_ID:${{ steps.version.outputs.image_tag }} - docker push $IMAGE_ID:${{ steps.version.outputs.image_tag }} - - docker tag ${{ matrix.image }} IMAGE_ID:$GITHUB_SHA - docker push $IMAGE_ID:$GITHUB_SHA + - name: Build and push + uses: docker/build-push-action@v3 + with: + context: . + # Needed to create multi-platform image + platforms: ${{ env.TARGET_PLATFORMS }} + # Build image for verification purposes on every trigger event. Only push if event is not a PR + push: ${{ github.event_name != 'pull_request' }} + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} # https://github.com/peter-evans/dockerhub-description - name: Update Docker Hub description - env: - DOCKER_HUB_USER: ${{ secrets.DOCKER_HUB_USER }} - IMAGE_NAMESPACE: tractusx - IMAGE_NAME: irs-api - if: env.DOCKER_HUB_USER != '' && github.event_name != 'pull_request' + if: github.event_name != 'pull_request' uses: peter-evans/dockerhub-description@v4 with: username: ${{ secrets.DOCKER_HUB_USER }} @@ -182,8 +164,7 @@ jobs: readme-filepath: ./DOCKER_NOTICE.md trigger-trivy-image-scan: - if: >- - github.event_name != 'pull_request' + if: github.event_name != 'pull_request' needs: - build_images uses: ./.github/workflows/trivy-docker-hub-scan.yml From a074a51919810634800f4fa3bdc928b4a344dba5 Mon Sep 17 00:00:00 2001 From: jhartmann Date: Tue, 9 Jul 2024 11:14:11 +0200 Subject: [PATCH 18/19] chore(workflows):[#222] fix fix target plattforms --- .github/workflows/irs-build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/irs-build.yml b/.github/workflows/irs-build.yml index 74dfd46916..1f2dc661dd 100644 --- a/.github/workflows/irs-build.yml +++ b/.github/workflows/irs-build.yml @@ -102,7 +102,7 @@ jobs: env: IMAGE_NAMESPACE: tractusx IMAGE_NAME: irs-api - TARGET_PLATFORMS: "linux/amd64, linux/arm64" + TARGET_PLATFORMS: "linux/amd64" # add 'linux/arm64' once the upgrade to JDK 21 is done runs-on: ubuntu-latest outputs: image-tag: ${{ steps.version.outputs.image_tag }} From e78a609e967551405f257821eee3d7af191c4614 Mon Sep 17 00:00:00 2001 From: jhartmann Date: Tue, 9 Jul 2024 11:20:23 +0200 Subject: [PATCH 19/19] chore(workflows):[#222] fix sha tag --- .github/workflows/irs-build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/irs-build.yml b/.github/workflows/irs-build.yml index 1f2dc661dd..7f421f6cfa 100644 --- a/.github/workflows/irs-build.yml +++ b/.github/workflows/irs-build.yml @@ -129,7 +129,7 @@ jobs: tags: | type=ref,event=branch type=ref,event=pr - type=sha,format=long + type=sha,prefix=,format=long type=semver,pattern={{version}} type=semver,pattern={{major}} type=semver,pattern={{major}}.{{minor}}