security/.github/workflows/ci.yml at main · mch2/security · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
name: CI

on: [push, pull_request]

env:
  GRADLE_OPTS: -Dhttp.keepAlive=false

jobs:
  build:
    name: build
    runs-on: ubuntu-latest
    strategy:
      fail-fast: true
      matrix:
        jdk: [11, 14, 17]

    steps:

    - name: Set up JDK for build and test
      if: matrix.jdk != 17
      uses: actions/setup-java@v1
      with:
        distribution: temurin # Temurin is a distribution of adoptium
        java-version: ${{ matrix.jdk }}

    - name: Checkout security
      uses: actions/checkout@v2

    - name: Cache Gradle packages
      uses: actions/cache@v2
      with:
        path: |
          ~/.gradle/caches
          ~/.gradle/wrapper
        key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}
        restore-keys: |
          ${{ runner.os }}-gradle-

    - name: Package
      run: ./gradlew clean build -Dbuild.snapshot=false -x test

    - name: Test
      run: OPENDISTRO_SECURITY_TEST_OPENSSL_OPT=true ./gradlew test -i

    - name: Coverage
      uses: codecov/codecov-action@v1
      with:
        token: ${{ secrets.CODECOV_TOKEN }}
        files: ./build/jacoco/test/jacocoTestReport.xml

  backward-compatibility:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v2
    - uses: actions/setup-java@v1
      with:
        java-version: 11
    - run: ./gradlew clean build -Dbuild.snapshot=false -x test
    - run: |
        echo "Running backwards compatibility tests ..."
        cp -r build/ ./bwc-test/
        cd bwc-test/
        ./gradlew bwcTestSuite -Dtests.security.manager=false

  code-ql:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v2
    - uses: actions/setup-java@v1
      with:
        java-version: 11
    - uses: github/codeql-action/init@v1
      with:
        languages: java
    - run: ./gradlew clean build -Dbuild.snapshot=false -x test
    - uses: github/codeql-action/analyze@v1

  build-artifact-names:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v2

    - run: ./gradlew clean assemble

    - id: security-plugin-version
      uses: madhead/read-java-properties@66cc8c88f5c6f6069ebfb42586024dd6ffe2e451
      with:
         file: gradle.properties
         property: security-plugin.version

    - uses: actions/setup-java@v1
      with:
        java-version: 11

    - run: ./gradlew clean assemble
    - run: test -s ./build/opensearch-security-${{ steps.security-plugin-version.outputs.value }}-SNAPSHOT.jar

    - run: ./gradlew clean assemble -Dbuild.snapshot=false
    - run: test -s ./build/opensearch-security-${{ steps.security-plugin-version.outputs.value }}.jar

    - run: ./gradlew clean assemble -Dbuild.snapshot=false -Dbuild.version_qualifier=alpha1
    - run: test -s ./build/opensearch-security-${{ steps.security-plugin-version.outputs.value }}-alpha1.jar

    - run: ./gradlew clean assemble -Dbuild.version_qualifier=alpha1
    - run: test -s ./build/opensearch-security-${{ steps.security-plugin-version.outputs.value }}-alpha1-SNAPSHOT.jar

    - name: List files in the build directory if there was an error
      run: ls -al ./build/
      if: failure()