enh(ci): avoid to rerun veracode analyse on pr if it has already succ…

…eeded (#2027) (#2033)
centreon · Jan 21, 2025 · aec72f7 · aec72f7
1 parent 2629dea
commit aec72f7
Show file tree

Hide file tree

Showing 4 changed files with 80 additions and 112 deletions.
diff --git a/.github/workflows/centreon-collect.yml b/.github/workflows/centreon-collect.yml
@@ -109,22 +109,6 @@ jobs:
       version_file: CMakeLists.txt
       nightly_manual_trigger: ${{ inputs.nightly_manual_trigger || false }}
 
-  veracode-analysis:
-    needs: [get-environment]
-    if: ${{ github.event_name == 'schedule' && github.ref_name == 'develop' }}
-    uses: ./.github/workflows/veracode-analysis.yml
-    with:
-      module_name: centreon-collect
-      major_version: ${{ needs.get-environment.outputs.major_version }}
-      minor_version: ${{ needs.get-environment.outputs.minor_version }}
-      img_version: ${{ needs.get-environment.outputs.img_version }}
-    secrets:
-      veracode_api_id: ${{ secrets.VERACODE_API_ID_COLL }}
-      veracode_api_key: ${{ secrets.VERACODE_API_KEY_COLL }}
-      veracode_srcclr_token: ${{ secrets.VERACODE_SRCCLR_TOKEN }}
-      docker_registry_id: ${{ secrets.HARBOR_CENTREON_PULL_USERNAME }}
-      docker_registry_passwd: ${{ secrets.HARBOR_CENTREON_PULL_TOKEN }}
-
   unit-test:
     needs: [get-environment]
     if: |

diff --git a/.github/workflows/gorgone-analysis.yml b/.github/workflows/gorgone-analysis.yml
@@ -0,0 +1,71 @@
+name: gorgone-analysis
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
+  cancel-in-progress: true
+
+on:
+  workflow_dispatch:
+    inputs:
+      unit_tests:
+        description: 'Execute the unit tests'
+        required: true
+        default: true
+        type: boolean
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
+    paths:
+      - ".version"
+      - "gorgone/**"
+      - "perl-libs/**"
+      - "!gorgone/tests/**"
+      - "!gorgone/veracode.json"
+      - "!gorgone/.veracode-exclusions"
+  push:
+    branches:
+      - develop
+      - dev-[2-9][0-9].[0-9][0-9].x
+      - master
+      - "[2-9][0-9].[0-9][0-9].x"
+    paths:
+      - ".version"
+      - "gorgone/**"
+      - "perl-libs/**"
+      - "!gorgone/tests/**"
+      - "!gorgone/veracode.json"
+      - "!gorgone/.veracode-exclusions"
+
+env:
+  base_directory: gorgone
+
+jobs:
+  get-environment:
+    uses: ./.github/workflows/get-environment.yml
+    with:
+      version_file: gorgone/.version
+
+  veracode-analysis:
+    needs: [get-environment]
+    if: |
+      needs.get-environment.outputs.skip_workflow == 'false' &&
+      needs.get-environment.outputs.is_targeting_feature_branch != 'true' &&
+      github.event.pull_request.draft != 'true'
+    uses: ./.github/workflows/veracode-analysis.yml
+    with:
+      module_directory: gorgone
+      module_name: centreon-gorgone
+      major_version: ${{ needs.get-environment.outputs.major_version }}
+      minor_version: ${{ needs.get-environment.outputs.minor_version }}
+    secrets:
+      veracode_api_id: ${{ secrets.VERACODE_API_ID_GORG }}
+      veracode_api_key: ${{ secrets.VERACODE_API_KEY_GORG }}
+      veracode_srcclr_token: ${{ secrets.VERACODE_SRCCLR_TOKEN }}
+
+  set-skip-label:
+    needs: [get-environment, veracode-analysis]
+    if: needs.get-environment.outputs.skip_workflow == 'false'
+    uses: ./.github/workflows/set-pull-request-skip-label.yml
diff --git a/.github/workflows/gorgone.yml b/.github/workflows/gorgone.yml
@@ -7,11 +7,6 @@ concurrency:
 on:
   workflow_dispatch:
   pull_request:
-    types:
-      - opened
-      - synchronize
-      - reopened
-      - ready_for_review
     paths:
       - "gorgone/**"
       - "!gorgone/tests/**"
@@ -38,23 +33,6 @@ jobs:
     with:
       version_file: gorgone/.version
 
-  veracode-analysis:
-    needs: [get-environment]
-    if: ${{ needs.get-environment.outputs.is_targeting_feature_branch != 'true' && github.event.pull_request.draft != 'true' }}
-    uses: ./.github/workflows/veracode-analysis.yml
-    with:
-      module_directory: gorgone
-      module_name: centreon-gorgone
-      major_version: ${{ needs.get-environment.outputs.major_version }}
-      minor_version: ${{ needs.get-environment.outputs.minor_version }}
-      img_version: ${{ needs.get-environment.outputs.img_version }}
-    secrets:
-      veracode_api_id: ${{ secrets.VERACODE_API_ID_GORG }}
-      veracode_api_key: ${{ secrets.VERACODE_API_KEY_GORG }}
-      veracode_srcclr_token: ${{ secrets.VERACODE_SRCCLR_TOKEN }}
-      docker_registry_id: ${{ secrets.HARBOR_CENTREON_PULL_USERNAME }}
-      docker_registry_passwd: ${{ secrets.HARBOR_CENTREON_PULL_TOKEN }}
-
   package:
     needs: [get-environment]
     if: |

diff --git a/.github/workflows/veracode-analysis.yml b/.github/workflows/veracode-analysis.yml
@@ -14,20 +14,13 @@ on:
       minor_version:
         required: true
         type: string
-      img_version:
-        required: true
-        type: string
     secrets:
       veracode_api_id:
         required: true
       veracode_api_key:
         required: true
       veracode_srcclr_token:
         required: true
-      docker_registry_id:
-        required: true
-      docker_registry_passwd:
-        required: true
 
 jobs:
   routing:
@@ -62,63 +55,13 @@ jobs:
 
   build:
     name: Binary preparation
-    runs-on: [self-hosted, collect]
+    runs-on: [self-hosted, common]
     needs: [routing]
     if: needs.routing.outputs.skip_analysis == 'false'
-    container:
-      image: ${{ vars.DOCKER_INTERNAL_REGISTRY_URL }}/centreon-collect-alma9:${{ inputs.img_version }}
-      credentials:
-        username: ${{ secrets.docker_registry_id }}
-        password: ${{ secrets.docker_registry_passwd }}
 
     steps:
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
 
-      - if: ${{ inputs.module_name == 'centreon-collect' }}
-        name: Compiling Cpp sources
-        run: |
-          mv /root/.cache /github/home
-          export VCPKG_ROOT=/vcpkg
-          export PATH=$VCPKG_ROOT:$PATH
-          rm -rf build
-          cmake \
-            -B build \
-            -DVCPKG_OVERLAY_TRIPLETS=/custom-triplets \
-            -DVCPKG_TARGET_TRIPLET=x64-linux-release \
-            -DVCPKG_OVERLAY_PORTS=/overlays \
-            -S . \
-            -GNinja \
-            -DCMAKE_CXX_FLAGS="-gdwarf-2 -g3 -O0 -fno-builtin" \
-            -DDEBUG_ROBOT=OFF \
-            -DWITH_TESTING=OFF \
-            -DWITH_BENCH=OFF \
-            -DWITH_MODULE_SIMU=OFF \
-            -DCMAKE_INSTALL_PREFIX=/usr \
-            -DWITH_STARTUP_SCRIPT=systemd \
-            -DWITH_ENGINE_LOGROTATE_SCRIPT=ON \
-            -DWITH_USER_BROKER=centreon-broker \
-            -DWITH_GROUP_BROKER=centreon-broker \
-            -DWITH_USER_ENGINE=centreon-engine \
-            -DWITH_GROUP_ENGINE=centreon-engine \
-            -DWITH_VAR_DIR=/var/log/centreon-engine \
-            -DWITH_DAEMONS=ON \
-            -DWITH_CREATE_FILES=OFF \
-            -DWITH_CONFIG_FILES=ON \
-            -DNG=ON
-
-          ninja -Cbuild
-
-          echo "[DEBUG] - Find compiled files"
-          find build/{broker,engine,clib,connectors,common} -name "*.so" -type f
-          echo "[DEBUG] - Build size"
-          du -sh $(find build/{broker,engine,clib,connectors,common} -name "*.so" -type f) | sort -rh
-
-      - if: ${{ inputs.module_name == 'centreon-collect' }}
-        name: Preserve centreon-collect binaries from cleaning
-        run: |
-          echo "[INFO] - Keeping only compiled files"
-          find build -type f -not \( -name "*.so" -or -name "cbd" -or -name "centengine" -or -name "cbwd" -or -name "centreon_connector_*" \) -delete
-
       - name: Binary preparation of ${{ inputs.module_name }}
         run: |
           if [ -n "${{ inputs.module_directory }}" ]; then
@@ -144,25 +87,17 @@ jobs:
             echo "::warning::No '.veracode-exclusions' file found for this module. Skipping exclusion step"
           fi
 
-          if [ "${{ inputs.module_name }}" = "centreon-collect" ]; then
-            echo "[INFO] - Keeping only build's non empty folders"
-            find build -empty -type d -delete
-            ls -la build
-            echo "[INFO] - Generating the tarball"
-            tar cvzf "${{ inputs.module_name }}-${{ github.sha }}-${{ github.run_id }}-veracode-binary.tar.gz" build
-          else
-            echo "[INFO] - Generating the zip"
-            zip -rq "${{ inputs.module_name }}-${{ github.sha }}-${{ github.run_id }}-veracode-binary.zip" *
-            if [ -n "${{ inputs.module_directory }}" ]; then
-              cd -
-              mv ${{ inputs.module_directory }}/${{ inputs.module_name }}-${{ github.sha }}-${{ github.run_id }}-veracode-binary.zip .
-            fi
+          echo "[INFO] - Generating the zip"
+          zip -rq "${{ inputs.module_name }}-${{ github.sha }}-${{ github.run_id }}-veracode-binary.zip" *
+          if [ -n "${{ inputs.module_directory }}" ]; then
+            cd -
+            mv ${{ inputs.module_directory }}/${{ inputs.module_name }}-${{ github.sha }}-${{ github.run_id }}-veracode-binary.zip .
           fi
 
       - name: Cache
         uses: actions/cache/save@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
         with:
-          path: "${{ inputs.module_name }}-${{ github.sha }}-${{ github.run_id }}-veracode-binary.${{ inputs.module_name == 'centreon-collect' && 'tar.gz' || 'zip' }}"
+          path: "${{ inputs.module_name }}-${{ github.sha }}-${{ github.run_id }}-veracode-binary.zip"
           key: "${{ inputs.module_name }}-${{ github.sha }}-${{ github.run_id }}-veracode-binary"
 
   policy-scan:
@@ -192,7 +127,7 @@ jobs:
       - name: Get build binary
         uses: actions/cache/restore@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
         with:
-          path: "${{ inputs.module_name }}-${{ github.sha }}-${{ github.run_id }}-veracode-binary.${{ inputs.module_name == 'centreon-collect' && 'tar.gz' || 'zip' }}"
+          path: "${{ inputs.module_name }}-${{ github.sha }}-${{ github.run_id }}-veracode-binary.zip"
           key: "${{ inputs.module_name }}-${{ github.sha }}-${{ github.run_id }}-veracode-binary"
 
       - name: Sandbox scan
@@ -201,7 +136,7 @@ jobs:
         with:
           appname: "${{ inputs.module_name }}"
           version: "${{ inputs.major_version }}.${{ inputs.minor_version }}_runId-${{ github.run_id }}_attempt-${{ github.run_attempt }}"
-          filepath: "${{ inputs.module_name }}-${{ github.sha }}-${{ github.run_id }}-veracode-binary.${{ inputs.module_name == 'centreon-collect' && 'tar.gz' || 'zip' }}"
+          filepath: "${{ inputs.module_name }}-${{ github.sha }}-${{ github.run_id }}-veracode-binary.zip"
           vid: "vera01ei-${{ secrets.veracode_api_id }}"
           vkey: "vera01es-${{ secrets.veracode_api_key }}"
           createprofile: true