Skip to content

fix: backend/pom.xml to reduce vulnerabilities #1708

fix: backend/pom.xml to reduce vulnerabilities

fix: backend/pom.xml to reduce vulnerabilities #1708

Workflow file for this run

name: Build+Test+Release pipeline
on:
push:
pull_request:
release:
types: [published]
workflow_dispatch:
schedule:
- cron: "23 4 12 * *"
env:
GITHUB_TOKEN: ${{ github.token }}
SAUCE_CONNECT_VERSION: '5.2.2'
jobs:
prepare:
name: "Prepare"
runs-on: ubuntu-22.04
outputs:
version: ${{ steps.get_version.outputs.VERSION }}
create_release: ${{ steps.check_release.outputs.CREATE_RELEASE }}
steps:
- name: Get the version
id: get_version
run: echo "VERSION=${GITHUB_REF##*/}" >> $GITHUB_OUTPUT
- name: Check create release for tag
if: github.event_name == 'push' && contains(github.ref, 'refs/tags/')
id: check_release
run: |
URL="https://api.github.com/repos/${{ github.repository }}/releases/tags/${{ steps.get_version.outputs.VERSION }}"
StatusCode=$(curl -o -I -L -s -w "%{http_code}" -X GET -G $URL)
if [ "$StatusCode" == 200 ]; then
echo "Release exists"
echo "CREATE_RELEASE=false" >> $GITHUB_OUTPUT
else
echo "Release does not exist"
echo "CREATE_RELEASE=true" >> $GITHUB_OUTPUT
fi
build:
name: "Build"
needs: [prepare]
# Run job for: github releases, tag pushes without github release and regular pushes (not tag)
if: github.event_name == 'release' || !contains(github.ref, 'refs/tags/') || needs.prepare.outputs.create_release == 'true'
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
with:
fetch-depth: '2'
- name: Build
run: |
make build-docker-image
docker save switchboard/switchboard:latest > switchboard-docker-image.tar
env:
CI_VERSION: ${{ needs.prepare.outputs.version }}
- name: Upload exported docker image
uses: actions/upload-artifact@v4
with:
name: switchboard-docker-image
path: switchboard-docker-image.tar
retention-days: 1
sauce-test:
name: "E2E test on SauceLabs"
needs: [build]
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
with:
fetch-depth: '1'
- name: Download docker image from build job
uses: actions/download-artifact@v4
with:
name: switchboard-docker-image
- name: 'Fetch tools'
uses: actions/checkout@v4
with:
repository: clarin-eric/switchboard-tool-registry
ref: production
fetch-depth: '1'
path: switchboard-tool-registry
- name: Launch Switchboard server
run: |
docker load < switchboard-docker-image.tar
docker run -d -p 8080:8080 -v ${GITHUB_WORKSPACE}/switchboard-tool-registry:/switchboard-tool-registry:ro switchboard/switchboard:latest
env:
CI_VERSION: ${{ needs.prepare.outputs.version }}
- name: Setup tunnel proxy to SauceLabs
run: |
mkdir sauce-connect-${SAUCE_CONNECT_VERSION}_linux.x86_64
(cd sauce-connect-${SAUCE_CONNECT_VERSION}_linux.x86_64
curl https://saucelabs.com/downloads/sauce-connect/${SAUCE_CONNECT_VERSION}/sauce-connect-${SAUCE_CONNECT_VERSION}_linux.x86_64.tar.gz | tar -xz) # Install sauce connect
chmod 777 -R ./sauce-connect-${SAUCE_CONNECT_VERSION}_linux.x86_64
PATH=./sauce-connect-${SAUCE_CONNECT_VERSION}_linux.x86_64:${PATH}
sc run -u "${USERNAME}" -k "${SAUCE_ACCESS_KEY}" -i "github-action-tunnel-${RUN_ID}" --api-address :8032 --region us-west-1 --proxy-localhost allow &
until curl localhost:8032/readiness > /dev/null 2>&1; do sleep 1; done
echo "SC ready"
env:
USERNAME: ${{ secrets.SAUCE_USERNAME }}
SAUCE_ACCESS_KEY: ${{ secrets.SAUCE_ACCESS_KEY }}
RUN_ID: ${{ github.run_id }}
- name: Run Cypress UI test on SauceLabs
uses: saucelabs/saucectl-run-action@v4
with:
sauce-username: ${{ secrets.SAUCE_USERNAME }}
sauce-access-key: ${{ secrets.SAUCE_ACCESS_KEY }}
working-directory: webui/test
release:
name: "Release"
needs: [prepare, build, sauce-test]
# Run job for github releases and tag pushes (without github release)
if: github.event_name == 'release' || needs.prepare.outputs.create_release == 'true'
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
with:
fetch-depth: '1'
- name: Download docker image from build job
uses: actions/download-artifact@v4
with:
name: switchboard-docker-image
- name: Make release package
run: |
docker load < switchboard-docker-image.tar
make package
cp build/switchboard.tar.gz switchboard-${{ needs.prepare.outputs.version }}.tar.gz
# For github releases -> upload release package to existing release
# For tag pushes without github release -> create a github release with release package
- name: Create prelease for this tag
if: needs.prepare.outputs.create_release == 'true'
id: create_release
uses: softprops/action-gh-release@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: ${{ needs.prepare.outputs.version }}
name: Release ${{ needs.prepare.outputs.version }}
draft: true
prerelease: true
- uses: shogo82148/actions-upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
# Pseudo-ternary expression: get "upload_url" from the release created above, or from github "release" event if release is pre-created
upload_url: ${{ needs.prepare.outputs.create_release == 'true' && steps.create_release.outputs.upload_url || github.event.release.upload_url }}
asset_path: ./switchboard-${{ needs.prepare.outputs.version }}.tar.gz
asset_name: switchboard-${{ needs.prepare.outputs.version }}.tar.gz
asset_content_type: application/tar+gzip
- uses: eregon/publish-release@v1
if: needs.prepare.outputs.create_release == 'true'
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
release_id: ${{ steps.create_release.outputs.id }}