-
Notifications
You must be signed in to change notification settings - Fork 30
108 lines (93 loc) · 4.5 KB
/
CI.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
name: CI
on:
push:
branches: [ "dev" ]
pull_request:
branches: [ "dev" ]
env:
CODEARTIFACT_DOWNLOAD_URL: ${{ secrets.CODEARTIFACT_DOWNLOAD_URL }}
CODEARTIFACT_USERNAME: ${{ secrets.CODEARTIFACT_USERNAME }}
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
jobs:
compile:
runs-on: ubuntu-latest
steps:
- name: Configure AWS CLI
uses: aws-actions/configure-aws-credentials@v2
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: eu-west-1
- name: Configure CodeArtifact Authentication Token
run: |
CODEARTIFACT_TOKEN=`aws codeartifact get-authorization-token --domain build-service-live --domain-owner ${{ secrets.AWS_ACCOUNT_ID }} --query authorizationToken --output text`
echo "::add-mask::$CODEARTIFACT_TOKEN"
echo "CODEARTIFACT_TOKEN=$CODEARTIFACT_TOKEN" >> "$GITHUB_ENV"
- uses: actions/checkout@v3
- uses: ./.github/actions/setup-jdk
- uses: ./.github/actions/setup-gradle-cache
- name: Determine latest neo4j CI version
run: |
neo4j_version_base=$(grep -e ".*neo4jVersionOverride.* : .*" build.gradle | cut -d ':' -f 2 | tr -d \'\" | tr -d ' ')
echo "neo4j_version_base=$neo4j_version_base"
NEO4J_VERSION_CI=`aws codeartifact list-package-versions --domain build-service-live --domain-owner ${{ secrets.AWS_ACCOUNT_ID }} --repository ci-live --format maven --namespace org.neo4j --package neo4j --sort-by PUBLISHED_TIME --max-items 1 --query "versions[?starts_with(version,'$neo4j_version_base')] | [0].version" --output text | head -n 1`
echo "NEO4J_VERSION_CI=$NEO4J_VERSION_CI" >> "$GITHUB_ENV"
echo "Found NEO4j_VERSION_CI=$NEO4J_VERSION_CI"
- name: Compile
run: ./gradlew --info -Pneo4jVersionOverride=$NEO4J_VERSION_CI compileJava
snyk-test:
runs-on: ubuntu-latest
needs: compile
steps:
- uses: actions/checkout@v3
- uses: ./.github/actions/setup-jdk
- uses: ./.github/actions/setup-snyk
- name: Snyk test dependencies
run: snyk test --all-projects --severity-threshold=medium --fail-on=all
snyk-monitor:
runs-on: ubuntu-latest
if: github.event_name != 'pull_request'
needs: compile
steps:
- uses: actions/checkout@v3
- uses: ./.github/actions/setup-jdk
- uses: ./.github/actions/setup-snyk
- name: Snyk monitor dependencies
run: snyk monitor --all-projects --target-reference=${GITHUB_REF}
code-ql:
runs-on: ubuntu-latest
needs: compile
# required by CodeQL
permissions:
security-events: write
actions: read
steps:
- uses: actions/checkout@v3
- uses: ./.github/actions/setup-jdk
- uses: ./.github/actions/setup-gradle-cache
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
with:
languages: java
- name: Configure AWS CLI
uses: aws-actions/configure-aws-credentials@v2
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: eu-west-1
- name: Configure CodeArtifact Authentication Token
run: |
CODEARTIFACT_TOKEN=`aws codeartifact get-authorization-token --domain build-service-live --domain-owner ${{ secrets.AWS_ACCOUNT_ID }} --query authorizationToken --output text`
echo "::add-mask::$CODEARTIFACT_TOKEN"
echo "CODEARTIFACT_TOKEN=$CODEARTIFACT_TOKEN" >> "$GITHUB_ENV"
- name: Determine latest neo4j CI version
run: |
neo4j_version_base=$(grep -e ".*neo4jVersionOverride.* : .*" build.gradle | cut -d ':' -f 2 | tr -d \'\" | tr -d ' ')
echo "neo4j_version_base=$neo4j_version_base"
NEO4J_VERSION_CI=`aws codeartifact list-package-versions --domain build-service-live --domain-owner ${{ secrets.AWS_ACCOUNT_ID }} --repository ci-live --format maven --namespace org.neo4j --package neo4j --sort-by PUBLISHED_TIME --max-items 1 --query "versions[?starts_with(version,'$neo4j_version_base')] | [0].version" --output text | head -n 1`
echo "NEO4J_VERSION_CI=$NEO4J_VERSION_CI" >> "$GITHUB_ENV"
echo "Found NEO4j_VERSION_CI=$NEO4J_VERSION_CI"
- name: Compile
run: ./gradlew --info -Pneo4jVersionOverride=$NEO4J_VERSION_CI compileJava compileTestJava
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2