Relax tls limitation on UI that blocks encryption if not enabled #1996
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: UI | |
on: | |
pull_request: | |
branches: | |
- master | |
push: | |
branches: | |
- master | |
# This ensures that previous jobs for the PR are canceled when the PR is | |
# updated. | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.head_ref }} | |
cancel-in-progress: true | |
jobs: | |
semgrep-static-code-analysis: | |
timeout-minutes: 30 | |
name: "semgrep checks" | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
os: [ ubuntu-latest ] | |
steps: | |
- name: Check out source code | |
uses: actions/checkout@v3 | |
- name: Scanning code on ${{ matrix.os }} | |
continue-on-error: false | |
run: | | |
# Install semgrep rather than using a container due to: | |
# https://github.com/actions/checkout/issues/334 | |
sudo apt install -y python3-pip || apt install -y python3-pip | |
pip3 install semgrep | |
semgrep --config semgrep.yaml $(pwd)/web-app --error | |
ui-assets: | |
timeout-minutes: 30 | |
name: "React No Warnings & Prettified" | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
go-version: [ 1.22.x ] | |
os: [ ubuntu-latest ] | |
steps: | |
- name: Check out code | |
uses: actions/checkout@v3 | |
- name: Read .nvmrc | |
id: node_version | |
run: echo "$(cat .nvmrc)" && echo "NVMRC=$(cat .nvmrc)" >> $GITHUB_ENV | |
- name: Enable Corepack | |
run: corepack enable | |
- uses: actions/setup-node@v3 | |
with: | |
node-version: ${{ env.NVMRC }} | |
cache: 'yarn' | |
cache-dependency-path: web-app/yarn.lock | |
- uses: actions/cache@v3 | |
id: assets-cache | |
name: Assets Cache | |
with: | |
path: | | |
./web-app/build/ | |
key: ${{ runner.os }}-assets-${{ github.run_id }} | |
- name: Install Dependencies | |
working-directory: ./web-app | |
continue-on-error: false | |
run: | | |
yarn install --immutable | |
- name: Check for Warnings in build output | |
working-directory: ./web-app | |
continue-on-error: false | |
run: | | |
./check-warnings.sh | |
- name: Check if Files are Prettified | |
working-directory: ./web-app | |
continue-on-error: false | |
run: | | |
./check-prettier.sh | |
- name: Check for dead code | |
working-directory: ./web-app | |
continue-on-error: false | |
run: | | |
./check-deadcode.sh | |
reuse-golang-dependencies: | |
timeout-minutes: 30 | |
name: reuse golang dependencies | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
go-version: [ 1.22.x ] | |
os: [ ubuntu-latest ] | |
steps: | |
- name: Check out code | |
uses: actions/checkout@v3 | |
- name: Set up Go ${{ matrix.go-version }} on ${{ matrix.os }} | |
uses: actions/setup-go@v3 | |
with: | |
go-version: ${{ matrix.go-version }} | |
cache: true | |
id: go | |
- name: Build on ${{ matrix.os }} | |
env: | |
GO111MODULE: on | |
GOOS: linux | |
run: | | |
go mod download | |
compile-binary: | |
timeout-minutes: 30 | |
name: Compiles on Go ${{ matrix.go-version }} and ${{ matrix.os }} | |
needs: | |
- ui-assets | |
- reuse-golang-dependencies | |
- semgrep-static-code-analysis | |
runs-on: ${{ matrix.os }} | |
strategy: | |
matrix: | |
go-version: [ 1.22.x ] | |
os: [ ubuntu-latest ] | |
steps: | |
- name: Check out code | |
uses: actions/checkout@v3 | |
- name: Set up Go ${{ matrix.go-version }} on ${{ matrix.os }} | |
uses: actions/setup-go@v3 | |
with: | |
go-version: ${{ matrix.go-version }} | |
cache: true | |
id: go | |
- uses: actions/cache@v3 | |
name: Operator Binary Cache | |
with: | |
path: | | |
./minio-operator | |
key: ${{ runner.os }}-binary-${{ github.run_id }} | |
- uses: actions/cache@v3 | |
id: assets-cache | |
name: Assets Cache | |
with: | |
path: | | |
./web-app/build/ | |
key: ${{ runner.os }}-assets-${{ github.run_id }} | |
- name: Build on ${{ matrix.os }} | |
env: | |
GO111MODULE: on | |
GOOS: linux | |
run: | | |
make binary | |
react-code-known-vulnerabilities: | |
timeout-minutes: 30 | |
name: "React No Known Vulnerable Deps" | |
needs: | |
- ui-assets | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
go-version: [ 1.22.x ] | |
os: [ ubuntu-latest ] | |
steps: | |
- name: Check out code | |
uses: actions/checkout@v3 | |
- name: Read .nvmrc | |
id: node_version | |
run: echo "$(cat .nvmrc)" && echo "NVMRC=$(cat .nvmrc)" >> $GITHUB_ENV | |
- name: Enable Corepack | |
run: corepack enable | |
- uses: actions/setup-node@v3 | |
with: | |
node-version: ${{ env.NVMRC }} | |
cache: 'yarn' | |
cache-dependency-path: web-app/yarn.lock | |
- name: Checks for known security issues with the installed packages | |
working-directory: ./web-app | |
continue-on-error: false | |
run: | | |
yarn npm audit --environment production \ | |
--ignore '1097346' | |
all-operator-tests-1: | |
timeout-minutes: 30 | |
name: Operator UI Tests Part 1 | |
needs: | |
- compile-binary | |
runs-on: ${{ matrix.os }} | |
strategy: | |
matrix: | |
go-version: [ 1.22.x ] | |
os: [ ubuntu-latest ] | |
steps: | |
- name: Check out code | |
uses: actions/checkout@v3 | |
- name: Read .nvmrc | |
id: node_version | |
run: echo "$(cat .nvmrc)" && echo "NVMRC=$(cat .nvmrc)" >> $GITHUB_ENV | |
- name: Enable Corepack | |
run: corepack enable | |
- uses: actions/setup-node@v3 | |
with: | |
node-version: ${{ env.NVMRC }} | |
- name: Install MinIO JS | |
working-directory: ./ | |
continue-on-error: false | |
run: | | |
yarn add minio | |
- uses: actions/cache@v3 | |
name: Operator Binary Cache | |
with: | |
path: | | |
./minio-operator | |
key: ${{ runner.os }}-binary-${{ github.run_id }} | |
# Runs a set of commands using the runners shell | |
- name: Start Kind for Operator UI | |
run: | | |
"${GITHUB_WORKSPACE}/web-app/tests/scripts/operator.sh" | |
- name: Run TestCafe Tests | |
uses: DevExpress/testcafe-action@latest | |
with: | |
args: '"chrome:headless" web-app/tests/operator/login --skip-js-errors -c 3' | |
all-operator-tests-2: | |
timeout-minutes: 30 | |
name: Operator UI Tests Part 2 | |
needs: | |
- compile-binary | |
runs-on: ${{ matrix.os }} | |
strategy: | |
matrix: | |
go-version: [ 1.22.x ] | |
os: [ ubuntu-latest ] | |
steps: | |
- name: Check out code | |
uses: actions/checkout@v3 | |
- name: Read .nvmrc | |
id: node_version | |
run: echo "$(cat .nvmrc)" && echo "NVMRC=$(cat .nvmrc)" >> $GITHUB_ENV | |
- name: Enable Corepack | |
run: corepack enable | |
- uses: actions/setup-node@v3 | |
with: | |
node-version: ${{ env.NVMRC }} | |
- name: Install MinIO JS | |
working-directory: ./ | |
continue-on-error: false | |
run: | | |
yarn add minio | |
- uses: actions/cache@v3 | |
name: Operator Binary Cache | |
with: | |
path: | | |
./minio-operator | |
key: ${{ runner.os }}-binary-${{ github.run_id }} | |
# Runs a set of commands using the runners shell | |
- name: Start Kind for Operator UI | |
run: | | |
"${GITHUB_WORKSPACE}/web-app/tests/scripts/operator.sh" | |
- name: Run TestCafe Tests | |
uses: DevExpress/testcafe-action@latest | |
with: | |
args: '"chrome:headless" web-app/tests/operator/tenant/test-1 --skip-js-errors -c 3' | |
test-operatorapi-on-go: | |
timeout-minutes: 30 | |
name: Test Operatorapi on Go ${{ matrix.go-version }} and ${{ matrix.os }} | |
needs: | |
- ui-assets | |
- reuse-golang-dependencies | |
- semgrep-static-code-analysis | |
runs-on: ${{ matrix.os }} | |
strategy: | |
matrix: | |
go-version: [ 1.22.x ] | |
os: [ ubuntu-latest ] | |
steps: | |
- name: Check out code | |
uses: actions/checkout@v3 | |
- name: Set up Go ${{ matrix.go-version }} on ${{ matrix.os }} | |
uses: actions/setup-go@v3 | |
with: | |
go-version: ${{ matrix.go-version }} | |
cache: true | |
id: go | |
- name: Build on ${{ matrix.os }} | |
env: | |
GO111MODULE: on | |
GOOS: linux | |
run: | | |
make test-unit-test-operator | |
- uses: actions/cache@v3 | |
id: coverage-cache-unittest-operatorapi | |
name: Coverage Cache unit test operatorAPI | |
with: | |
path: | | |
./api/coverage/ | |
key: ${{ runner.os }}-coverage-unittest-operatorapi-2-${{ github.run_id }} | |
react-tests: | |
timeout-minutes: 30 | |
name: React Tests | |
needs: | |
- ui-assets | |
- reuse-golang-dependencies | |
- semgrep-static-code-analysis | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Enable Corepack | |
run: corepack enable | |
- name: Install modules | |
working-directory: ./web-app | |
run: yarn install --immutable | |
- name: Run tests | |
working-directory: ./web-app | |
run: yarn test | |
c-operator-api-tests: | |
timeout-minutes: 30 | |
name: Operator API Tests | |
needs: | |
- ui-assets | |
- reuse-golang-dependencies | |
- semgrep-static-code-analysis | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
go-version: [ 1.22.x ] | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Set up Go ${{ matrix.go-version }} on ${{ matrix.os }} | |
uses: actions/setup-go@v3 | |
with: | |
go-version: ${{ matrix.go-version }} | |
cache: true | |
id: go | |
- name: Operator API Tests | |
run: | | |
curl -sLO "https://dl.k8s.io/release/v1.23.1/bin/linux/amd64/kubectl" -o kubectl | |
chmod +x kubectl | |
mv kubectl /usr/local/bin | |
"${GITHUB_WORKSPACE}/tests/start-tests-tenant.sh" | |
echo "start ---> make test-operator-integration"; | |
make test-operator-integration; | |
- uses: actions/cache@v3 | |
id: coverage-cache-operator | |
name: Coverage Cache Operator | |
with: | |
path: | | |
./operator-integration/coverage/ | |
key: ${{ runner.os }}-coverage-2-operator-${{ github.run_id }} | |
coverage: | |
timeout-minutes: 30 | |
name: "Coverage Limit Check" | |
needs: | |
- test-operatorapi-on-go | |
- c-operator-api-tests | |
runs-on: ${{ matrix.os }} | |
strategy: | |
matrix: | |
go-version: [ 1.22.x ] | |
os: [ ubuntu-latest ] | |
steps: | |
- name: Check out code | |
uses: actions/checkout@v3 | |
- name: Set up Go ${{ matrix.go-version }} on ${{ matrix.os }} | |
uses: actions/setup-go@v3 | |
with: | |
go-version: ${{ matrix.go-version }} | |
cache: true | |
id: go | |
- name: Check out gocovmerge as a nested repository | |
uses: actions/checkout@v3 | |
with: | |
repository: wadey/gocovmerge | |
path: gocovmerge | |
- uses: actions/cache@v3 | |
id: coverage-cache-operator | |
name: Coverage Cache Operator | |
with: | |
path: | | |
./operator-integration/coverage/ | |
key: ${{ runner.os }}-coverage-2-operator-${{ github.run_id }} | |
- uses: actions/cache@v3 | |
id: coverage-cache-unittest-operatorapi | |
name: Coverage Cache unit test operatorAPI | |
with: | |
path: | | |
./api/coverage/ | |
key: ${{ runner.os }}-coverage-unittest-operatorapi-2-${{ github.run_id }} | |
- name: Get coverage | |
run: | | |
echo "change directory to gocovmerge" | |
cd gocovmerge | |
echo "download golang x tools" | |
go mod download golang.org/x/tools | |
echo "go mod tidy compat mode" | |
go mod tidy | |
echo "go build gocoverage.go" | |
go build gocovmerge.go | |
echo "put together the outs for final coverage resolution" | |
./gocovmerge ../operator-integration/coverage/operator-api.out ../api/coverage/coverage-unit-test-operatorapi.out > all.out | |
echo "Download mc for Ubuntu" | |
wget -q https://dl.min.io/client/mc/release/linux-amd64/mc | |
echo "Change the permissions to execute mc command" | |
chmod +x mc | |
echo "Only run our test if play is up and running since we require it for replication tests here." | |
PLAY_IS_ON=`wget --spider --server-response https://play.min.io:9443/login 2>&1 | grep '200\ OK' | wc -l` | |
if [ $PLAY_IS_ON == 1 ] | |
then | |
echo "Play is up and running, we will proceed with the play part for coverage" | |
echo "Create the folder to put the all.out file" | |
./mc mb --ignore-existing play/builds/ | |
echo "Copy the all.out file to play bucket" | |
echo ${{ github.repository }} | |
echo ${{ github.event.number }} | |
echo ${{ github.run_id }} | |
# mc cp can fail due to lack of space: mc: <ERROR> Failed to copy `all.out`. | |
# Storage backend has reached its minimum free disk threshold. Please delete a few objects to proceed. | |
./mc cp all.out play/builds/${{ github.repository }}/${{ github.event.number }}/${{ github.run_id }}/ || true | |
./mc cp all.out play/builds/${{ github.repository }}/${{ github.event.number }}/latest/ || true | |
go tool cover -html=all.out -o coverage.html | |
./mc cp coverage.html play/builds/${{ github.repository }}/${{ github.event.number }}/${{ github.run_id }}/ || true | |
./mc cp coverage.html play/builds/${{ github.repository }}/${{ github.event.number }}/latest/ || true | |
else | |
echo "Play is down, please report it on hack channel, no coverage is going to be uploaded!!!" | |
fi | |
echo "grep to obtain the result" | |
go tool cover -func=all.out | grep total > tmp2 | |
result=`cat tmp2 | awk 'END {print $3}'` | |
result=${result%\%} | |
threshold=61.2 | |
echo "Result:" | |
echo "$result%" | |
if (( $(echo "$result >= $threshold" |bc -l) )); then | |
echo "It is equal or greater than threshold ($threshold%), passed!" | |
else | |
echo "It is smaller than threshold ($threshold%) value, failed!" | |
exit 1 | |
fi |