diff --git a/.github/workflows/codeql-go.yml b/.github/workflows/codeql-go.yml index 893a0aa3ec..29761cc4bb 100644 --- a/.github/workflows/codeql-go.yml +++ b/.github/workflows/codeql-go.yml @@ -12,11 +12,7 @@ name: "CodeQL Advanced (Go)" on: - push: - branches: [ "main" ] - pull_request: - branches: [ "main" ] - paths: [ "modules/buildutils/**", "modules/cli/**" ] + workflow_call: schedule: - cron: '41 13 * * 0' @@ -54,6 +50,21 @@ jobs: - name: Checkout repository uses: actions/checkout@v4 + - name: Download All 'dev.galasa' Artifacts + if: ${{ github.event_name == 'workflow_call' }} + uses: actions/download-artifact@v4 + with: + name: all-artifacts + path: /home/runner/.m2/repository/dev/galasa + + # Download from the last Main Build Orchestrator + # - name: Download All 'dev.galasa' Artifacts + # if: github.event_name == 'schedule' + # uses: actions/download-artifact@v4 + # with: + # name: all-artifacts + # path: /home/runner/.m2/repository/dev/galasa + # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL uses: github/codeql-action/init@v3 @@ -74,116 +85,12 @@ jobs: # ℹī¸ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun - - name: Building Platform (manually) - shell: bash - working-directory: ${{ github.workspace }}/modules/platform - run: | - set -o pipefail - gradle -b dev.galasa.platform/build.gradle build check publish --info \ - --no-daemon --console plain \ - -PsourceMaven=https://repo.maven.apache.org/maven2/ \ - -PcentralMaven=https://repo.maven.apache.org/maven2/ \ - -PtargetMaven=/home/runner/.m2/repository 2>&1 | tee build.log - - - - name: Building Wrapping (manually) - shell: bash - working-directory: ${{ github.workspace }}/modules/wrapping - run: | - set -o pipefail - mvn deploy \ - -Dgalasa.source.repo=https://development.galasa.dev/main/maven-repo/obr \ - -Dgalasa.central.repo=https://repo.maven.apache.org/maven2/ \ - -Dgalasa.release.repo=file:///home/runner/.m2/repository \ - -Dgalasa.jacocoEnabled=false \ - -Dgalasa.isRelease=false \ - -Dgpg.skip=true \ - --batch-mode --errors --fail-at-end \ - --settings settings.xml 2>&1 | tee build.log - - - name: Building Gradle (manually) - shell: bash - working-directory: ${{ github.workspace }}/modules/gradle - run: | - set -o pipefail - gradle check publish --info \ - --no-daemon --console plain \ - -PsourceMaven=https://development.galasa.dev/main/maven-repo/obr \ - -PcentralMaven=https://repo.maven.apache.org/maven2/ \ - -PtargetMaven=/home/runner/.m2/repository \ - -PjacocoEnabled=false \ - -PisMainOrRelease=false 2>&1 | tee build.log - - - name: Building Maven (manually) + - name: Building Buildutils (manually) shell: bash - working-directory: ${{ github.workspace }}/modules/maven + working-directory: ${{ github.workspace }}/modules/buildutils run: | - set -o pipefail - mvn -f galasa-maven-plugin/pom.xml deploy -X \ - -Dgalasa.source.repo=https://development.galasa.dev/main/maven-repo/obr \ - -Dgalasa.central.repo=https://repo.maven.apache.org/maven2/ \ - -Dgalasa.release.repo=file:///home/runner/.m2/repository \ - -Dgalasa.jacocoEnabled=false \ - -Dgalasa.isRelease=false \ - -Dgpg.skip=true \ - --batch-mode --errors --fail-at-end \ - --settings settings.xml 2>&1 | tee build.log - - - name: Building Framework (manually) - shell: bash - working-directory: ${{ github.workspace }}/modules/framework - env: - YAML_LOCATION: "modules/framework/galasa-parent/dev.galasa.framework.api.openapi/src/main/resources/openapi.yaml" - OUTPUT_LOCATION: "modules/framework/galasa-parent/dev.galasa.framework.api.beans/src/main/java" - PACKAGE: "dev.galasa.framework.api.beans.generated" - run: | - docker run --rm -v ${{ github.workspace }}:/var/workspace ghcr.io/galasa-dev/openapi2beans:main generate --yaml var/workspace/${{ env.YAML_LOCATION }} --output var/workspace/${{ env.OUTPUT_LOCATION }} --package ${{ env.PACKAGE }} - set -o pipefail - gradle -b galasa-parent/build.gradle check publish --info \ - --no-daemon --console plain \ - -Dorg.gradle.jvmargs=-Xmx5120M \ - -PsourceMaven=https://development.galasa.dev/main/maven-repo/obr \ - -PcentralMaven=https://repo.maven.apache.org/maven2/ \ - -PtargetMaven=/home/runner/.m2/repository \ - -PjacocoEnabled=false \ - -PisMainOrRelease=false 2>&1 | tee build.log - - - name: Building Managers (manually) - shell: bash - working-directory: ${{ github.workspace }}/modules/managers - run: | - set -o pipefail - gradle -b galasa-managers-parent/build.gradle check publish --info \ - --no-daemon --console plain \ - -Dorg.gradle.jvmargs=-Xmx4096M \ - -PsourceMaven=https://development.galasa.dev/main/maven-repo/obr \ - -PcentralMaven=https://repo.maven.apache.org/maven2/ \ - -PtargetMaven=/home/runner/.m2/repository \ - -PjacocoEnabled=false \ - -PisMainOrRelease=false 2>&1 | tee build.log - - - name: Building OBR (manually) - shell: bash - working-directory: ${{ github.workspace }}/modules/obr - run: | - docker run --rm -v ${{ github.workspace }}/modules:/var/root/ ghcr.io/galasa-dev/galasabld-amd64:main template --releaseMetadata var/root/framework/release.yaml --releaseMetadata /var/root/extensions/release.yaml --releaseMetadata /var/root/managers/release.yaml --releaseMetadata /var/root/obr/release.yaml --template /var/root/obr/galasa-bom/pom.template --output /var/root/obr/galasa-bom/pom.xml --bom - set -o pipefail - mvn -f galasa-bom/pom.xml deploy -X \ - -Dgalasa.source.repo=https://development.galasa.dev/main/maven-repo/obr \ - -Dgalasa.central.repo=https://repo.maven.apache.org/maven2/ \ - -Dgalasa.release.repo=file:///home/runner/.m2/repository \ - -Dgpg.skip=true \ - --batch-mode --errors --fail-at-end \ - --settings settings.xml 2>&1 | tee galasa-bom-build.log - docker run --rm -v ${{ github.workspace }}/modules:/var/root/ ghcr.io/galasa-dev/galasabld-amd64:main template --releaseMetadata var/root/framework/release.yaml --releaseMetadata /var/root/extensions/release.yaml --releaseMetadata /var/root/managers/release.yaml --releaseMetadata /var/root/obr/release.yaml --template /var/root/obr/dev.galasa.uber.obr/pom.template --output /var/root/obr/dev.galasa.uber.obr/pom.xml --obr - set -o pipefail - mvn -f dev.galasa.uber.obr/pom.xml deploy -X \ - -Dgalasa.source.repo=https://development.galasa.dev/main/maven-repo/obr \ - -Dgalasa.central.repo=https://repo.maven.apache.org/maven2/ \ - -Dgalasa.release.repo=file:///home/runner/.m2/repository \ - -Dgpg.skip=true \ - --batch-mode --errors --fail-at-end \ - --settings settings.xml 2>&1 | tee galasa-obr-build.log + make all + make all -C openapi2beans - name: Building CLI (manually) shell: bash diff --git a/.github/workflows/codeql-java.yml b/.github/workflows/codeql-java.yaml similarity index 86% rename from .github/workflows/codeql-java.yml rename to .github/workflows/codeql-java.yaml index 872c7438b7..87220076e2 100644 --- a/.github/workflows/codeql-java.yml +++ b/.github/workflows/codeql-java.yaml @@ -1,82 +1,93 @@ -# For most projects, this workflow file will not need changing; you simply need -# to commit it to your repository. -# -# You may wish to alter this file to override the set of languages analyzed, -# or to provide custom queries or build logic. -# -# ******** NOTE ******** -# We have attempted to detect the languages in your repository. Please check -# the `language` matrix defined below to confirm you have the correct set of -# supported CodeQL languages. -# -name: "CodeQL Advanced (Java)" - -on: - push: - branches: [ "main" ] - pull_request: - branches: [ "main" ] - paths: [ "modules/platform/**", "modules/wrapping/**", "modules/gradle/**", "modules/maven/**", "modules/framework/**", "modules/extensions/**", "modules/managers/**", "modules/obr/**", "modules/ivts/**" ] - - schedule: - - cron: '41 13 * * 0' - -jobs: - analyze-java: - name: Analyze (Java) - # Runner size impacts CodeQL analysis time. To learn more, please see: - # - https://gh.io/recommended-hardware-resources-for-running-codeql - # - https://gh.io/supported-runners-and-hardware-resources - # - https://gh.io/using-larger-runners (GitHub.com only) - # Consider using larger runners or machines with greater resources for possible analysis time improvements. - runs-on: ${{ 'ubuntu-latest' }} - permissions: - # required for all workflows - security-events: write - - # required to fetch internal or private CodeQL packs - packages: read - - # only required for workflows in private repositories - actions: read - contents: read - - # CodeQL supports the following values keywords for 'language': 'c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'swift' - # Use `c-cpp` to analyze code written in C, C++ or both - # Use 'java-kotlin' to analyze code written in Java, Kotlin or both - # Use 'javascript-typescript' to analyze code written in JavaScript, TypeScript or both - # To learn more about changing the languages that are analyzed or customizing the build mode for your analysis, - # see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning. - # If you are analyzing a compiled language, you can modify the 'build-mode' for that language to customize how - # your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages - - steps: - - name: Checkout repository - uses: actions/checkout@v4 - - # Initializes the CodeQL tools for scanning. - - name: Initialize CodeQL - uses: github/codeql-action/init@v3 - with: - languages: java-kotlin - build-mode: none - # If you wish to specify custom queries, you can do so here or in a config file. - # By default, queries listed here will override any specified in a config file. - # Prefix the list here with "+" to use these queries and those in the config file. - - # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs - # queries: security-extended,security-and-quality - - # If the analyze step fails for one of the languages you are analyzing with - # "We were unable to automatically build your code", modify the matrix above - # to set the build mode to "manual" for that language. Then modify this step - # to build your code. - # ℹī¸ Command-line programs to run using the OS shell. - # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun - - - name: Perform CodeQL Analysis Java - uses: github/codeql-action/analyze@v3 - with: - category: "/language:java-kotlin" - checkout_path: ${{ github.workspace }} - output: results-java.sarif +# For most projects, this workflow file will not need changing; you simply need +# to commit it to your repository. +# +# You may wish to alter this file to override the set of languages analyzed, +# or to provide custom queries or build logic. +# +# ******** NOTE ******** +# We have attempted to detect the languages in your repository. Please check +# the `language` matrix defined below to confirm you have the correct set of +# supported CodeQL languages. +# +name: "CodeQL Advanced (Java)" + +on: + workflow_call: + + schedule: + - cron: '41 13 * * 0' + +jobs: + analyze-java: + name: Analyze (Java) + # Runner size impacts CodeQL analysis time. To learn more, please see: + # - https://gh.io/recommended-hardware-resources-for-running-codeql + # - https://gh.io/supported-runners-and-hardware-resources + # - https://gh.io/using-larger-runners (GitHub.com only) + # Consider using larger runners or machines with greater resources for possible analysis time improvements. + runs-on: ${{ 'ubuntu-latest' }} + permissions: + # required for all workflows + security-events: write + + # required to fetch internal or private CodeQL packs + packages: read + + # only required for workflows in private repositories + actions: read + contents: read + + # CodeQL supports the following values keywords for 'language': 'c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'swift' + # Use `c-cpp` to analyze code written in C, C++ or both + # Use 'java-kotlin' to analyze code written in Java, Kotlin or both + # Use 'javascript-typescript' to analyze code written in JavaScript, TypeScript or both + # To learn more about changing the languages that are analyzed or customizing the build mode for your analysis, + # see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning. + # If you are analyzing a compiled language, you can modify the 'build-mode' for that language to customize how + # your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Download All 'dev.galasa' Artifacts + if: ${{ github.event_name == 'workflow_call' }} + uses: actions/download-artifact@v4 + with: + name: all-artifacts + path: /home/runner/.m2/repository/dev/galasa + + # Download from the last Main Build Orchestrator + # - name: Download All 'dev.galasa' Artifacts + # if: github.event_name == 'schedule' + # uses: actions/download-artifact@v4 + # with: + # name: all-artifacts + # path: /home/runner/.m2/repository/dev/galasa + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v3 + with: + languages: java-kotlin + build-mode: none + # If you wish to specify custom queries, you can do so here or in a config file. + # By default, queries listed here will override any specified in a config file. + # Prefix the list here with "+" to use these queries and those in the config file. + + # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs + # queries: security-extended,security-and-quality + + # If the analyze step fails for one of the languages you are analyzing with + # "We were unable to automatically build your code", modify the matrix above + # to set the build mode to "manual" for that language. Then modify this step + # to build your code. + # ℹī¸ Command-line programs to run using the OS shell. + # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun + + - name: Perform CodeQL Analysis Java + uses: github/codeql-action/analyze@v3 + with: + category: "/language:java-kotlin" + checkout_path: ${{ github.workspace }} + output: results-java.sarif \ No newline at end of file diff --git a/.github/workflows/pull-requests.yaml b/.github/workflows/pull-requests.yaml index 0539001f45..38dbd6702b 100644 --- a/.github/workflows/pull-requests.yaml +++ b/.github/workflows/pull-requests.yaml @@ -171,6 +171,196 @@ jobs: changed: ${{ needs.get-changed-modules.outputs.ivts_changed }} artifact-id: ${{ needs.find-artifacts.outputs.workflow_for_artifact_download_id }} + download-artifacts-for-codeql: + name: Download artifacts for Advanced CodeQL Java scan + runs-on: ubuntu-latest + needs: [get-changed-modules, find-artifacts, pr-build-ivts] + + steps: + - name: Download Platform from this Workflow Run + if: ${{ needs.get-changed-modules.outputs.platform_changed }} + uses: actions/download-artifact@v4 + with: + name: platform + path: /home/runner/.m2/repository + + - name: Download Platform from last Main Workflow Run + if: ${{ ! needs.get-changed-modules.outputs.platform_changed }} + uses: actions/download-artifact@v4 + with: + name: platform + path: /home/runner/.m2/repository + github-token: ${{ github.token }} + run-id: ${{ needs.find-artifacts.outputs.workflow_for_artifact_download_id }} + + - name: Download Wrapping from this Workflow Run + if: ${{ needs.get-changed-modules.outputs.wrapping_changed }} + uses: actions/download-artifact@v4 + with: + name: wrapping + path: /home/runner/.m2/repository + + - name: Download Wrapping from last Main Workflow Run + if: ${{ ! needs.get-changed-modules.outputs.wrapping_changed }} + uses: actions/download-artifact@v4 + with: + name: wrapping + path: /home/runner/.m2/repository + github-token: ${{ github.token }} + run-id: ${{ needs.find-artifacts.outputs.workflow_for_artifact_download_id }} + + - name: Download Gradle from this Workflow Run + if: ${{ needs.get-changed-modules.outputs.gradle_changed }} + uses: actions/download-artifact@v4 + with: + name: gradle + path: /home/runner/.m2/repository + + - name: Download Gradle from last Main Workflow Run + if: ${{ ! needs.get-changed-modules.outputs.gradle_changed }} + uses: actions/download-artifact@v4 + with: + name: gradle + path: /home/runner/.m2/repository + github-token: ${{ github.token }} + run-id: ${{ needs.find-artifacts.outputs.workflow_for_artifact_download_id }} + + - name: Download Maven from this Workflow Run + if: ${{ needs.get-changed-modules.outputs.maven_changed }} + uses: actions/download-artifact@v4 + with: + name: maven + path: /home/runner/.m2/repository + + - name: Download Maven from last Main Workflow Run + if: ${{ ! needs.get-changed-modules.outputs.maven_changed }} + uses: actions/download-artifact@v4 + with: + name: maven + path: /home/runner/.m2/repository + github-token: ${{ github.token }} + run-id: ${{ needs.find-artifacts.outputs.workflow_for_artifact_download_id }} + + - name: Download Framework from this Workflow Run + if: ${{ needs.get-changed-modules.outputs.framework_changed }} + uses: actions/download-artifact@v4 + with: + name: framework + path: /home/runner/.m2/repository + + - name: Download Framework from last Main Workflow Run + if: ${{ ! needs.get-changed-modules.outputs.framework_changed }} + uses: actions/download-artifact@v4 + with: + name: framework + path: /home/runner/.m2/repository + github-token: ${{ github.token }} + run-id: ${{ needs.find-artifacts.outputs.workflow_for_artifact_download_id }} + + - name: Download Extensions from this Workflow Run + if: ${{ needs.get-changed-modules.outputs.extensions_changed }} + uses: actions/download-artifact@v4 + with: + name: extensions + path: /home/runner/.m2/repository + + - name: Download Extensions from last Main Workflow Run + if: ${{ ! needs.get-changed-modules.outputs.extensions_changed }} + uses: actions/download-artifact@v4 + with: + name: extensions + path: /home/runner/.m2/repository + github-token: ${{ github.token }} + run-id: ${{ needs.find-artifacts.outputs.workflow_for_artifact_download_id }} + + - name: Download Managers from this Workflow Run + if: ${{ needs.get-changed-modules.outputs.managers_changed }} + uses: actions/download-artifact@v4 + with: + name: managers + path: /home/runner/.m2/repository + + - name: Download Managers from last Main Workflow Run + if: ${{ ! needs.get-changed-modules.outputs.managers_changed }} + uses: actions/download-artifact@v4 + with: + name: managers + path: /home/runner/.m2/repository + github-token: ${{ github.token }} + run-id: ${{ needs.find-artifacts.outputs.workflow_for_artifact_download_id }} + + - name: Download OBR from this Workflow Run + if: ${{ needs.get-changed-modules.outputs.obr_changed }} + uses: actions/download-artifact@v4 + with: + name: obr + path: /home/runner/.m2/repository + + - name: Download OBR from last Main Workflow Run + if: ${{ ! needs.get-changed-modules.outputs.obr_changed }} + uses: actions/download-artifact@v4 + with: + name: obr + path: /home/runner/.m2/repository + github-token: ${{ github.token }} + run-id: ${{ needs.find-artifacts.outputs.workflow_for_artifact_download_id }} + + - name: Download IVTs from this Workflow Run + if: ${{ needs.get-changed-modules.outputs.ivts_changed }} + uses: actions/download-artifact@v4 + with: + name: ivts + path: /home/runner/.m2/repository + + - name: Download IVTs from last Main Workflow Run + if: ${{ ! needs.get-changed-modules.outputs.ivts_changed }} + uses: actions/download-artifact@v4 + with: + name: ivts + path: /home/runner/.m2/repository + github-token: ${{ github.token }} + run-id: ${{ needs.find-artifacts.outputs.workflow_for_artifact_download_id }} + + - name: Upload All Artifacts + uses: actions/upload-artifact@v4 + with: + name: all-artifacts + path: /home/runner/.m2/repository/dev/galasa + + codeql-java: + name: CodeQL scans the Java code + if: ${{ + needs.get-changed-modules.outputs.platform_changed || + needs.get-changed-modules.outputs.wrapping_changed || + needs.get-changed-modules.outputs.gradle_changed || + needs.get-changed-modules.outputs.maven_changed || + needs.get-changed-modules.outputs.framework_changed || + needs.get-changed-modules.outputs.extensions_changed || + needs.get-changed-modules.outputs.managers_changed || + needs.get-changed-modules.outputs.obr_changed || + needs.get-changed-modules.outputs.ivts_changed + }} + needs: [get-changed-modules, download-artifacts-for-codeql] + uses: ./.github/workflows/codeql-java.yaml + secrets: inherit + permissions: + security-events: write + packages: read + actions: read + contents: read + + codeql-go: + name: CodeQL scans the Golang code + if: ${{ needs.get-changed-modules.outputs.buildutils_changed || needs.get-changed-modules.outputs.cli_changed }} + needs: [get-changed-modules, download-artifacts-for-codeql] + uses: ./.github/workflows/codeql-go.yml + secrets: inherit + permissions: + security-events: write + packages: read + actions: read + contents: read + pr-build-cli: name: Build the 'cli' module needs: [get-changed-modules, find-artifacts, pr-build-obr] diff --git a/modules/ivts/galasa-ivts-parent/buildSrc/gradle.properties b/modules/ivts/galasa-ivts-parent/buildSrc/gradle.properties new file mode 100644 index 0000000000..88656ba1dd --- /dev/null +++ b/modules/ivts/galasa-ivts-parent/buildSrc/gradle.properties @@ -0,0 +1,2 @@ +sourceMaven=https://repo.maven.apache.org/maven2/ +targetMaven=https://repo.maven.apache.org/maven2/ diff --git a/modules/platform/README.md b/modules/platform/README.md index 77d8c37da5..9404633c84 100644 --- a/modules/platform/README.md +++ b/modules/platform/README.md @@ -4,4 +4,4 @@ This module houses the Galasa Platform (dev.galasa.platform). This uses Gradle's ## Contributing -To contribute to this module, take a look at the [Contributor's Guide](https://github.com/galasa-dev/galasa/blob/main/CONTRIBUTING.md). \ No newline at end of file +To contribute to this module, take a look at the [Contributor's Guide](https://github.com/galasa-dev/galasa/blob/main/CONTRIBUTING.md). diff --git a/modules/platform/dev.galasa.platform/gradle.properties b/modules/platform/dev.galasa.platform/gradle.properties index 9d3bf33362..29e0d97f40 100644 --- a/modules/platform/dev.galasa.platform/gradle.properties +++ b/modules/platform/dev.galasa.platform/gradle.properties @@ -1 +1,5 @@ -isMainOrRelease=false \ No newline at end of file +isMainOrRelease=false + +sourceMaven=https://repo.maven.apache.org/maven2/ +centralMaven=https://repo.maven.apache.org/maven2/ +targetMaven=https://repo.maven.apache.org/maven2/ \ No newline at end of file