Pin dependencies causing CVEs. (#435) #84
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Java CI | |
| on: | |
| push: | |
| branches: | |
| - "*" | |
| pull_request: | |
| branches: | |
| - "*" | |
| jobs: | |
| build_rca_pkg: | |
| runs-on: [ubuntu-latest] | |
| name: Building RCA package | |
| steps: | |
| - name: Checkout RCA package | |
| uses: actions/checkout@v2 | |
| with: | |
| repository: opensearch-project/performance-analyzer-rca | |
| path: ./tmp/rca | |
| - name: Checkout Performance Analyzer package | |
| uses: actions/checkout@v2 | |
| with: | |
| path: ./tmp/pa | |
| # fetch the main branch to make it available for spotless ratcheting | |
| - name: Fetch 'main' branch | |
| working-directory: ./tmp/pa | |
| run: git fetch --depth=1 origin main | |
| - name: Set up JDK 1.12 | |
| uses: actions/setup-java@v1 | |
| with: | |
| java-version: 1.12 | |
| - name: Build RCA with Gradle | |
| working-directory: ./tmp/rca | |
| run: ./gradlew build -x test | |
| - name: Publish RCA jar to maven local | |
| working-directory: ./tmp/rca | |
| run: ./gradlew publishToMavenLocal | |
| # dependencies: OpenSearch | |
| - name: Checkout OpenSearch | |
| uses: actions/checkout@v2 | |
| with: | |
| repository: 'opensearch-project/OpenSearch' | |
| path: OpenSearch | |
| ref: '1.0' | |
| - name: Build OpenSearch | |
| working-directory: ./OpenSearch | |
| run: ./gradlew publishToMavenLocal -Dbuild.snapshot=false | |
| - name: Build PA gradle using the new RCA jar | |
| working-directory: ./tmp/pa | |
| run: rm -f licenses/performanceanalyzer-rca-1.0.0.0.jar.sha1 | |
| - name: Update SHA | |
| working-directory: ./tmp/pa | |
| run: ./gradlew updateShas | |
| # Explicitly set the docker-compose program path so that our build scripts in RCA can run the program | |
| # This is necessary because of the Github Actions environment and the workingDir of the Gradle environment | |
| - name: Set docker-compose path | |
| run: DOCKER_COMPOSE_LOCATION=$(which docker-compose) | |
| # Set the vm.max_map_count system property to the minimum required to run OpenSearch | |
| - name: Set vm.max_map_count | |
| run: sudo sysctl -w vm.max_map_count=262144 | |
| - name: Build PA and run Unit Tests | |
| working-directory: ./tmp/pa | |
| run: ./gradlew build | |
| - name: Generate Jacoco coverage report | |
| working-directory: ./tmp/pa | |
| run: ./gradlew jacocoTestReport | |
| - name: Upload coverage report | |
| working-directory: ./tmp/pa | |
| env: | |
| CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} | |
| run: bash <(curl -s https://codecov.io/bash) -f ./build/reports/jacoco/test/jacocoTestReport.xml | |
| - name: Run Integration Tests | |
| working-directory: ./tmp/pa | |
| run: ./gradlew integTest -Dtests.enableIT -Dtests.useDockerCluster |