Test pipeline #1
Closed
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Added a Github workflow to build the code and run the automated tests and checks, including Code Climate and SYNK
Created a PR template to enforce best practises when developers and implementers open PRs in the code. They will be prompted to fill in details about their work and provide clear descriptions and details. This forms part of the SDLC.
Moved the PR template into a subdirectory which allows for multiple PR templates to be defined
This reverts commit a362861.
Moved the PR template into a subdirectory which allows for multiple PR templates to be defined. This commit fixes the previous commit which had to be reverted
Update the Java version used by the Github Actions from 11 to 17
Updated JaCoCo Maven plugin configuration to specify report output directory and adjusted the Code Climate reporter command to use the correct report path so it can upload the reports in the CI pipeline.
Define the JAVA_HOME in the Github Actions. This should resolve the issue with the JAVA_HOME variable not being set correctly.
This reverts commit d1375d2.
Export JAVA_HOME into a variable that can be used by Synk
Updated the artifacts action to use v4 instead of v3 which was deprecated
Added debug information to help diagnose the issue with the Snyk action which is currently failing to execute.
Using a specific environment for Snyk that matches the Maven and Java version of the project. This should hopefully fix the issue with JAVA_HOME that is being thrown when we try to execute Snyk checks
Attempting to use Snyk CLI instead of the predefined Github actions as the JAVA_HOME issue with the Snyk Maven 3 JDK 17 docker container seems to be difficult to solve.
Ensure that the build does not get aborted after the Snyk check fails and also publish the results on the build page
Fix the warnings in Github Actions and upgrade dependencies
Added a separate pipeline for Snyk Security scanning, as set up using the Github user interface to implement code scanning under Security.
Removed Snyk from the Github Actions build as it has been added separately into another workflow so the code can be scanned independently of the build process.
Upload artifacts for the build output, jacoco and surefire test reports
This reverts commit 6647c53.
Created separate jobs for the different parts of the CI pipeline to make it easier to view in Github
Used ubuntu-latest and fixed bug that tried to use env variables for runs-on which doesn't work
Decoupled the dependency of code-scan and security-scan jobs from the build job because both use the code checkout and don't need the compiled code. This means the jobs can run in parallal and the process will be faster.
Fixed the issue with the code-scan job in the Github actions pipeline which was causing it to fail.
Small changes to the Code Climate task and setup for the repo
Removed separate Snyk workflow because it makes sense to do it in one workflow
This change will show the Snyk failure in the Github Actions workflow otherwise it is obscured and shows that everything passed (which is incorrect)
Added Snyk static code analysis for security vulnerabilities
This reverts commit 77e1787.
Collaborator
Author
🎉 Snyk checks have passed. No issues have been found so far.✅ security/snyk check is complete. No issues have been found. (View Details) |
Separated out Snyk commands so 'code test' and 'test' (which do different) things are managed separately and two sarif reports are generated.
Change the order that the sarif file is uploaded - it should probably be uploaded immediately after when the command is executed.
Removed the Snyk failure task because it seems non-standard also it is currently broken
bausmeier
added
invalid
Refactor the CI pipeline so it runs on any push to the repo and only runs a compile and test. This will means the build runs quicker and it saves us time on Github. A separate workflow will be defined to do the security scanning (if it is necessary)
Member
|
@timler I see that Code Climate is still not reporting a status even after I enabled the web hook. The only other thing I can think of is to close this PR and create a new one from the same branch. Maybe Code Climate needs to be triggered at the creation of the PR. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Test a Github Actions CI workflow to build the code and run the automated tests and checks (from Code Climate and SYNK).
Type of change
Testing
Test Cases
mvn clean installand viewed jacoco test coverageDeployment Instructions (optional)
Configure the necessary secrets in your GitHub repository:
CC_TEST_REPORTER_IDfrom Code Climate (Under 'Repo Settings' / 'Test Coverage')SNYK_TOKENfrom Snyk (https://app.snyk.io/account)QA Instructions (optional)
Breaking Changes
Dependencies
Related Tickets & Documents
Part of deliverable 1.4.1
Screenshots/Recordings
TODO
Checklist
Additional Notes