Skip to content

build(deps): bump zgosalvez/github-actions-ensure-sha-pinned-actions from 3.0.17 to 3.0.20 #6049

build(deps): bump zgosalvez/github-actions-ensure-sha-pinned-actions from 3.0.17 to 3.0.20

build(deps): bump zgosalvez/github-actions-ensure-sha-pinned-actions from 3.0.17 to 3.0.20 #6049

Workflow file for this run

name: CI
on:
push:
branches:
- develop
pull_request:
branches:
- develop
types:
- opened
- reopened
- synchronize
- labeled
workflow_dispatch:
concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.ref_name || github.run_id }}
cancel-in-progress: true
env:
CLUSTER_NAME: activiti
CLUSTER_DOMAIN: envalfresco.com
GITHUB_PR_NUMBER: ${{ github.event.pull_request.number }}
jobs:
pre-checks:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Check dependabot build
uses: Activiti/Activiti/.github/actions/check-ext-build@7700f0283a9ff5181581a350d2520e55c61c1c60 # 8.6.0
- name: pre-commit
uses: Alfresco/alfresco-build-tools/.github/actions/pre-commit@43b8dd18f509dc920089cdf54269f13a5c02022d # v8.5.0
with:
skip_checkout: true
- name: Ensure SHA pinned actions
uses: zgosalvez/github-actions-ensure-sha-pinned-actions@c3a2b64f69b7a1542a68f44d9edbd9ec3fc1455e # v3.0.20
build:
runs-on: ubuntu-latest
needs: pre-checks
# Map a step output to a job output
outputs:
version: ${{ steps.update-pom-to-next-version.outputs.next-prerelease }}
steps:
- name: Checkout repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
token: ${{ secrets.BOT_GITHUB_TOKEN }}
- uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
with:
path: ~/.m2/repository
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
restore-keys: |
${{ runner.os }}-maven-
- name: Setup Java JDK 21
uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b # 4.5.0
with:
java-version: 21
distribution: 'temurin'
- name: Resolve override VERSION
id: resolve-override-version
if: ${{ github.event_name == 'pull_request' }}
run: |
GITHUB_PR_NUMBER=PR-${{ github.event.pull_request.number }}
echo "version=0.0.1-${GITHUB_PR_NUMBER}-SNAPSHOT" >> $GITHUB_OUTPUT
- uses: Alfresco/alfresco-build-tools/.github/actions/update-pom-to-next-pre-release@43b8dd18f509dc920089cdf54269f13a5c02022d # v8.5.0
id: update-pom-to-next-version
with:
version: ${{ steps.resolve-override-version.outputs.version }}
- name: Update VERSION file
run: |
echo ${{ steps.update-pom-to-next-version.outputs.next-prerelease }} > VERSION
echo "VERSION=$VERSION" >> $GITHUB_ENV
- name: Enable testcontainers reuse option
run: |
echo "testcontainers.reuse.enable=true" > ~/.testcontainers.properties
echo "TESTCONTAINERS_RYUK_DISABLED=true" >> $GITHUB_ENV
- name: Maven Build and Test
shell: bash
run: mvn -DskipAcceptanceTests=true -DunitTests.parallel=true -T 1C install ${{ env.MAVEN_CLI_OPTS}}
env:
MAVEN_CLI_OPTS: --show-version --no-transfer-progress --settings settings.xml
MAVEN_USERNAME: ${{ secrets.NEXUS_USERNAME }}
MAVEN_PASSWORD: ${{ secrets.NEXUS_PASSWORD }}
- name: Remove running docker containers
run: docker rm -f $(docker ps -a -q)
continue-on-error: true
- name: Echo Longest Tests run
shell: bash
run: find . -name TEST-*.xml -exec grep -h testcase {} \; | awk -F '"' '{printf("%s#%s() - %.3fms\n", $4, $2, $6); }' | sort -n -k 3 | tail -20
- name: Login to DockerHub
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}
- name: Build Example Runtime Bundle
run: make docker/example-runtime-bundle
- name: Build Activiti Cloud Query
run: make docker/activiti-cloud-query
- name: Build Example Cloud Connector
run: make docker/example-cloud-connector
- name: Build Activiti Cloud Identity Adapter
run: make docker/activiti-cloud-identity-adapter
acceptance-tests:
runs-on: ubuntu-latest
needs: build
env:
MAVEN_CLI_OPTS: --show-version --no-transfer-progress --settings settings.xml
strategy:
# avoid overloading test cluster
max-parallel: 2
fail-fast: true
matrix:
messaging-broker: [ rabbitmq, kafka ]
messaging-partitioned: [ partitioned, non-partitioned ]
messaging-destinations: [ default-destinations ]
include:
- messaging-broker: kafka
messaging-partitioned: partitioned
messaging-destinations: override-destinations
- messaging-broker: rabbitmq
messaging-partitioned: non-partitioned
messaging-destinations: pdb
steps:
- name: Checkout repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
with:
path: ~/.m2/repository
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
restore-keys: |
${{ runner.os }}-maven-
- name: Setup Java JDK 21
uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b # 4.5.0
with:
java-version: 21
distribution: 'temurin'
- name: Set up kubectl
uses: azure/setup-kubectl@3e0aec4d80787158d308d7b364cb1b702e7feb7f # v3
with:
version: v1.19.6
- name: Set up Helm
uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v3
with:
version: v3.5.2
- name: Set up rancher
uses: Alfresco/alfresco-build-tools/.github/actions/setup-rancher-cli@43b8dd18f509dc920089cdf54269f13a5c02022d # v8.5.0
with:
url: ${{ secrets.RANCHER2_URL }}
access-key: ${{ secrets.RANCHER2_ACCESS_KEY }}
secret-key: ${{ secrets.RANCHER2_SECRET_KEY }}
context: ${{ env.CLUSTER_NAME }}
- uses: ./.github/actions/setup-env-for-broker
with:
messaging-broker: ${{ matrix.messaging-broker }}
messaging-partitioning-option: ${{ matrix.messaging-partitioned }}
messaging-destinations-option: ${{ matrix.messaging-destinations }}
version: ${{ needs.build.outputs.version }}
- name: Delete preview for ${{ matrix.messaging-broker }}
if: ${{ github.event_name == 'pull_request' && contains(github.event.pull_request.labels.*.name, 'preview') }}
run: |
kubectl delete ns $PREVIEW_NAME || true
- name: Install release for ${{ matrix.messaging-broker }}
run: |
### Variables ###
export SSO_PROTOCOL=https
export GATEWAY_PROTOCOL=https
export GLOBAL_GATEWAY_DOMAIN=$CLUSTER_NAME.$CLUSTER_DOMAIN
export GATEWAY_HOST=gateway-$PREVIEW_NAME.$GLOBAL_GATEWAY_DOMAIN
export SSO_HOST=identity-$PREVIEW_NAME.$GLOBAL_GATEWAY_DOMAIN
### Main ###
echo "Installing release with make install"
make install
- name: (kafka,partitioned) Checks that consumers can be a different number from partitions
if: ${{ matrix.messaging-broker == 'kafka' && matrix.messaging-partitioned == 'partitioned' && matrix.messaging-destinations == 'default-destinations' }}
run: |
### Variables ###
export SSO_PROTOCOL=https
export GATEWAY_PROTOCOL=https
export GLOBAL_GATEWAY_DOMAIN=$CLUSTER_NAME.$CLUSTER_DOMAIN
export GATEWAY_HOST=gateway-$PREVIEW_NAME.$GLOBAL_GATEWAY_DOMAIN
export SSO_HOST=identity-$PREVIEW_NAME.$GLOBAL_GATEWAY_DOMAIN
export QUERY_CONSUMER_NUMBER=2
### Functions ###
# It checks that the RESULT env var is equals to the first
# argument passed to the function
#
check_result_is () {
if [ "$RESULT" == "$1" ]; then
echo "correct"
else
echo "number expected is $1 but result is $RESULT"
exit 1
fi
}
# It counts the number of query consumer pods in the
# cluster and set it in RESULT env var
#
count_query_consumer_pods () {
export RESULT=$(kubectl -n $PREVIEW_NAME get pods -o \
'custom-columns=POD:metadata.name,READY-true:status.containerStatuses[*].ready' |\
grep -e 'activiti-cloud-query.*true' | wc -l | xargs);
}
# It counts the number of query partition of engineEvents topic
# created in Kafka and set it in RESULT env var
#
count_query_topic_partitions () {
export RESULT=$(kubectl exec -t -n $PREVIEW_NAME kafka-0 \
-c kafka "--" sh -c $'/opt/bitnami/kafka/bin/kafka-topics.sh \
--bootstrap-server=localhost:9092 --describe \
--topic engineEvents | grep PartitionCount |\
awk \'{ printf "%s",$6 }\'')
}
### Main ###
echo "It checks the deployment has 1 query pod consumer"
count_query_consumer_pods
check_result_is 1
echo "It checks the deployment has 4 query topic patitions"
count_query_topic_partitions
check_result_is 4
- uses: ./.github/actions/check-service-health
with:
health-url: ${{ env.GATEWAY_PROTOCOL }}://${{ env.GATEWAY_HOST }}/identity-adapter-service/actuator/health
- name: Run Identity Adapter Acceptance Tests
# identity adapter acceptance tests does not depend on messaging, so they can be run only once
if: ${{ matrix.messaging-broker == 'rabbitmq' && matrix.messaging-partitioned == 'non-partitioned' && matrix.messaging-destinations == 'default-destinations' }}
run: |
make test/identity-adapter-acceptance-tests
- uses: ./.github/actions/check-service-health
with:
health-url: ${{ env.GATEWAY_PROTOCOL }}://${{ env.GATEWAY_HOST }}/rb/actuator/health
- uses: ./.github/actions/check-service-health
with:
health-url: ${{ env.GATEWAY_PROTOCOL }}://${{ env.GATEWAY_HOST }}/query/actuator/health
- name: Run Acceptance Tests for ${{ matrix.messaging-broker }}
run: |
make test/runtime-acceptance-tests
- name: Delete Helm chart for ${{ matrix.messaging-broker }}
if: always()
run: |
echo "Delete Helm release"
make delete
delete-test-images:
runs-on: ubuntu-latest
needs:
- acceptance-tests
# dependency needed for build.outputs env variables resolution
- build
steps:
- name: Checkout repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Delete Docker images
env:
DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
DOCKERHUB_PASSWORD: ${{ secrets.DOCKERHUB_PASSWORD }}
IS_PREVIEW: ${{ github.event_name == 'pull_request' && contains(github.event.pull_request.labels.*.name, 'preview') }}
VERSION: ${{ needs.build.outputs.version }}
run: |
if [ $IS_PREVIEW = true ] || [ $GITHUB_EVENT_NAME = "push" ]
then
echo "Skipping delete Docker images"
else
echo $VERSION > VERSION
echo "Delete Docker images"
make docker-delete-all
fi
publish:
runs-on: ubuntu-latest
needs:
- build
- delete-test-images
if: ${{ github.event_name == 'push' || (github.event_name == 'pull_request' && contains(github.event.pull_request.labels.*.name, 'preview')) }}
env:
VERSION: ${{ needs.build.outputs.version }}
steps:
- name: Checkout repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
token: ${{ secrets.BOT_GITHUB_TOKEN }}
- name: Setup Java JDK 21
uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b # v4.5.0
with:
java-version: 21
distribution: 'temurin'
- uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
with:
path: ~/.m2/repository
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
restore-keys: |
${{ runner.os }}-maven-
- name: Update pom files to the new version
run: mvn -B versions:set -DnewVersion=$VERSION -DprocessAllModules=true -DgenerateBackupPoms=false
- name: Maven Deploy
shell: bash
run: mvn deploy -DskipTests ${{ env.MAVEN_CLI_OPTS}} ${{env.MAVEN_CLI_CONNECTION_OPTS}}
env:
MAVEN_CLI_OPTS: --show-version --no-transfer-progress --settings settings.xml
MAVEN_CLI_CONNECTION_OPTS: -Dhttp.keepAlive=false -Dmaven.wagon.http.pool=false -Dmaven.wagon.httpconnectionManager.ttlSeconds=120
MAVEN_USERNAME: ${{ secrets.NEXUS_USERNAME }}
MAVEN_PASSWORD: ${{ secrets.NEXUS_PASSWORD }}
- uses: Alfresco/alfresco-build-tools/.github/actions/git-commit-changes@43b8dd18f509dc920089cdf54269f13a5c02022d # v8.5.0
with:
username: ${{ secrets.BOT_GITHUB_USERNAME }}
add-options: -u
commit-message: "Release $VERSION"
- name: Create release tag
if: github.event_name == 'push'
run: |
git tag -fa $VERSION -m "Release version $VERSION"
git push origin $VERSION
propagate-maven:
runs-on: ubuntu-latest
needs:
- build
- publish
if: github.event_name == 'push'
env:
VERSION: ${{ needs.build.outputs.version }}
DEVELOPMENT_BRANCH: ${{ github.ref_name }}
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: Alfresco/alfresco-build-tools/.github/actions/jx-updatebot-pr@43b8dd18f509dc920089cdf54269f13a5c02022d # v8.5.0
with:
version: ${{ needs.build.outputs.version }}
auto-merge: 'true'
labels: 'be-propagation,${{ env.DEVELOPMENT_BRANCH }}'
base-branch-name: ${{ env.DEVELOPMENT_BRANCH }}
git-username: ${{ secrets.BOT_GITHUB_USERNAME }}
git-token: ${{ secrets.BOT_GITHUB_TOKEN }}
git-author-name: ${{ secrets.BOT_GITHUB_USERNAME }}
propagate-helm:
runs-on: ubuntu-latest
needs:
- build
- publish
if: github.event_name == 'push' && github.ref_name == 'develop'
env:
VERSION: ${{ needs.build.outputs.version }}
FULL_CHART_DIR: full-chart
FULL_CHART_BASE_BRANCH: develop
FULL_CHART_PR_BRANCH: update-docker-images-${{ needs.build.outputs.version }}
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
path: ${{ env.FULL_CHART_DIR }}
repository: Activiti/activiti-cloud-full-chart
ref: ${{ env.FULL_CHART_BASE_BRANCH }}
token: ${{ secrets.BOT_GITHUB_TOKEN }}
- name: Update image tags in Helm chart
working-directory: ${{ env.FULL_CHART_DIR }}/charts/activiti-cloud-full-example
run: |
git checkout -b $FULL_CHART_PR_BRANCH
yq -i e '.runtime-bundle.image.tag = env(VERSION)' values.yaml
yq -i e '.activiti-cloud-query.image.tag = env(VERSION)' values.yaml
yq -i e '.activiti-cloud-consumer.image.tag = env(VERSION)' values.yaml
yq -i e '.activiti-cloud-connector.image.tag = env(VERSION)' values.yaml
yq -i e '.activiti-cloud-identity-adapter.image.tag = env(VERSION)' values.yaml
- uses: Alfresco/alfresco-build-tools/.github/actions/setup-helm-docs@43b8dd18f509dc920089cdf54269f13a5c02022d # v8.5.0
- name: Update helm docs
working-directory: ${{ env.FULL_CHART_DIR}}
run: helm-docs
- uses: Alfresco/alfresco-build-tools/.github/actions/git-commit-changes@43b8dd18f509dc920089cdf54269f13a5c02022d # v8.5.0
with:
username: ${{ secrets.BOT_GITHUB_USERNAME }}
add-options: -u
repository-directory: ${{ env.FULL_CHART_DIR}}
commit-message: "Update docker image tags to $VERSION"
- name: Create propagation PR
working-directory: ${{ env.FULL_CHART_DIR}}
env:
GITHUB_TOKEN: ${{ secrets.BOT_GITHUB_TOKEN }}
run: |
git push origin $FULL_CHART_PR_BRANCH
gh pr create --fill --base $FULL_CHART_BASE_BRANCH --label updatebot --head $(git branch --show-current)
notify:
runs-on: ubuntu-latest
needs:
- propagate-helm
- propagate-maven
if: always() && failure() && github.event_name == 'push'
steps:
- name: Teams Notification
uses: Alfresco/alfresco-build-tools/.github/actions/send-teams-notification@43b8dd18f509dc920089cdf54269f13a5c02022d # v8.5.0
with:
webhook-url: ${{ secrets.TEAMS_NOTIFICATION_WEBHOOK }}