chore: 1.4.13 updates (#1344) #91
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Test API Generate Coverage, and Run SonarCloud Analysis | |
on: | |
workflow_dispatch: | |
pull_request: | |
branches: | |
- main | |
- test-coverage | |
paths: | |
- "api/source/**" | |
- "test/api/**" | |
- ".github/workflows/api-audit-test-coverage-response.yml" | |
push: | |
branches: | |
- main | |
- test-coverage | |
paths: | |
- "api/source/**" | |
- "test/api/**" | |
- ".github/workflows/api-audit-test-coverage-response.yml" | |
env: | |
STIGMAN_API_PORT: 64001 | |
STIGMAN_DB_HOST: localhost | |
STIGMAN_DB_PORT: 3306 | |
STIGMAN_DB_PASSWORD: stigman | |
STIGMAN_API_AUTHORITY: http://127.0.0.1:8080/auth/realms/stigman | |
STIGMAN_SWAGGER_ENABLED: true | |
STIGMAN_SWAGGER_SERVER: http://localhost:64001/api | |
STIGMAN_SWAGGER_REDIRECT: http://localhost:64001/api-docs/oauth2-redirect.html | |
STIGMAN_DEV_RESPONSE_VALIDATION: logOnly | |
NODE_V8_COVERAGE: /home/runner/work/stig-manager/stig-manager/api/source/coverage/tmp/ | |
permissions: | |
pull-requests: read # allows SonarCloud to decorate PRs with analysis results | |
jobs: | |
npm_audit: | |
name: npm audit | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: install dependencies | |
run: npm ci | |
working-directory: ./api/source/ | |
- name: Audit Dependencies and Create PR Comment if needed | |
uses: oke-py/npm-audit-action@2c6b2da234031fbf72af81a04c76b3a152bb2222 # pin@v2 | |
with: | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
create_issues: false | |
create_pr_comments: true | |
working_directory: ./api/source/ | |
test_api: | |
name: Run tests with coverage | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out the repo | |
uses: actions/checkout@v4 | |
- uses: actions/setup-node@v4 | |
with: | |
node-version: 18 | |
- name: coverage directory | |
run: printenv NODE_V8_COVERAGE | |
- name: Install app dependencies | |
working-directory: ./api/source | |
run: npm ci | |
- name: Run mock Keycloak | |
id: idp-run | |
working-directory: ./test/api/mock-keycloak | |
run: | | |
python3 -m http.server 8080 & | |
- name: Run MySQL container | |
id: mysql-run | |
run: | | |
docker run -d --name stig-manager-db \ | |
-p 3306:3306 \ | |
-e MYSQL_ROOT_PASSWORD=rootpw \ | |
-e MYSQL_DATABASE=stigman \ | |
-e MYSQL_USER=stigman \ | |
-e MYSQL_PASSWORD=stigman \ | |
mysql:8.0.21 | |
- name: Install c8 coverage reporter | |
run: | | |
sudo npm install -g c8 | |
- name: Install Newman reporter | |
id: newman-reporter-install | |
run: | | |
sudo npm install -g newman-reporter-htmlextra | |
- name: Run app and echo pid | |
working-directory: ./api/source | |
run: sh -c 'echo $$ > /tmp/test.pid ; exec c8 -r html node index.js > api-log.json 2>&1' & | |
- name: pid file check | |
working-directory: ./api/source | |
run: cat /tmp/test.pid | |
- name: Wait for bootstrap | |
run: for i in {1..10}; do [ $i -gt 1 ] && sleep 5; curl --output /dev/null --silent --fail http://localhost:64001/api/op/configuration && s=0 && break || s=$?; printf '.'; done; (exit $s) | |
- name: Run Newman Collection LoadTestData | |
id: newman-run-loadTestData | |
working-directory: ./test/api | |
run: | | |
set -o pipefail | |
newman run postman_collection.json -e postman_environment.json -d collectionRunnerData.json -n 1 --folder LoadTestData -r cli,htmlextra --reporter-cli-no-assertions --reporter-cli-no-console --reporter-htmlextra-showOnlyFails --reporter-htmlextra-export ./newman/dataPreloadReport.html | grep -A18 '┌─────' | |
- name: Run Newman Collection GETS | |
id: newman-run-gets | |
if: steps.newman-run-loadTestData.conclusion == 'success' | |
working-directory: ./test/api | |
run: | | |
set -o pipefail | |
newman run postman_collection.json -e postman_environment.json -d collectionRunnerData.json -n 6 --folder GETs -r cli,htmlextra --reporter-cli-no-assertions --reporter-cli-no-console --reporter-htmlextra-showOnlyFails --reporter-htmlextra-export ./newman/GetsReport.html | grep -A18 '┌─────' | |
- name: Run Newman Collection Posts, Puts, Patches, Deletes | |
id: newman-run-pppd | |
if: steps.newman-run-loadTestData.conclusion == 'success' | |
working-directory: ./test/api | |
run: | | |
set -o pipefail | |
newman run postman_collection.json -e postman_environment.json -d collectionRunnerData.json -n 6 --folder "POSTS, Puts, Patches, and Deletes" -r cli,htmlextra --reporter-cli-no-assertions --reporter-cli-no-console --reporter-htmlextra-showOnlyFails --reporter-htmlextra-export ./newman/PPPDReport.html | grep -A18 '┌─────' | |
- name: Run Newman Collection STIGS | |
id: newman-run-stigs | |
if: steps.newman-run-loadTestData.conclusion == 'success' | |
working-directory: ./test/api | |
run: | | |
set -o pipefail | |
newman run postman_collection.json -e postman_environment.json -d collectionRunnerData.json -n 2 --folder "STIGS" -r cli,htmlextra --reporter-cli-no-assertions --reporter-cli-no-console --reporter-htmlextra-showOnlyFails --reporter-htmlextra-export ./newman/stigsReport.html | grep -A18 '┌─────' | |
- name: Run Newman Collection LVL1 Cross-Boundary Tests | |
id: newman-run-lvl1-cross-boundary | |
if: steps.newman-run-loadTestData.conclusion == 'success' | |
working-directory: ./test/api | |
run: | | |
set -o pipefail | |
newman run postman_collection.json -e postman_environment.json -d collectionRunnerData.json -n 1 --folder "LVL1 cross-boundary tests" -r cli,htmlextra --reporter-cli-no-assertions --reporter-cli-no-console --reporter-htmlextra-showEnvironmentData --reporter-htmlextra-export ./newman/lvl1Report.html | grep -A18 '┌─────' | |
- name: Run Newman Collection Additional Sundry Tests | |
id: newman-run-additional-sundry | |
if: steps.newman-run-loadTestData.conclusion == 'success' | |
working-directory: ./test/api | |
run: | | |
set -o pipefail | |
newman run postman_collection.json -e postman_environment.json -d collectionRunnerData.json -n 1 --folder "Additional sundry tests" -r cli,htmlextra --reporter-cli-no-assertions --reporter-cli-no-console --reporter-htmlextra-showEnvironmentData --reporter-htmlextra-export ./newman/AdditionalSundryReport.html | grep -A18 '┌─────' | |
- name: Kill child pid | |
working-directory: ./api/source | |
run: kill -SIGINT $(ps -ef --ppid `cat /tmp/test.pid` -o pid= ) | |
- name: Wait until c8 process ends, or 60 seconds, whichever is shorter. | |
run: timeout 60 tail --pid=`cat /tmp/test.pid` -f /dev/null | |
- name: run c8 text/lcov report | |
working-directory: ./api/source | |
run: c8 report -r lcov -r text | |
- name: Upload Newman artifact | |
id: artifact-upload-newman | |
uses: actions/upload-artifact@v4 | |
if: ${{ always() }} | |
with: | |
name: newman-htmlextra | |
path: ./test/api/newman | |
- name: Upload coverage artifact | |
id: artifact-upload-coverage | |
uses: actions/upload-artifact@v4 | |
if: ${{ always() }} | |
with: | |
name: coverage-report | |
path: ./api/source/coverage | |
- name: Upload API logs | |
id: artifact-upload-api-logs | |
uses: actions/upload-artifact@v4 | |
if: ${{ always() }} | |
with: | |
name: api-log | |
path: ./api/source/api-log.json | |
response_validation: | |
name: Response validation | |
needs: | |
- test_api | |
runs-on: ubuntu-latest | |
steps: | |
- name: Download API log artifact | |
uses: actions/download-artifact@v4 | |
with: | |
name: api-log | |
path: ./logs | |
- name: Test for response validation messages | |
working-directory: ./logs | |
run: | | |
jq -s 'map(select(.type=="responseValidation")|{method:.data.request.method,url:.data.request.url,errors:.data.error.errors,body:.data.body})' api-log.json > response-validation.json | |
exit $(jq '. | length' response-validation.json) | |
- name: Upload response validation artifact | |
if: ${{ failure() }} | |
uses: actions/upload-artifact@v4 | |
with: | |
name: response-validation | |
path: ./logs/response-validation.json | |
SonarCloudAnalysis-API: | |
name: SonarCloud Analysis API | |
needs: test_api | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 # Important to fetch all history for accurate blame information | |
- name: Download lcov artifact | |
uses: actions/download-artifact@v4 | |
with: | |
name: coverage-report | |
- name: Move lcov.info to api/source | |
run: mv lcov.info ./api/source/ | |
- name: Analyze API with SonarCloud | |
uses: SonarSource/[email protected] | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information | |
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN_API }} # Needed to push to SonarCloud | |
with: | |
# Additional arguments for the sonarcloud scanner | |
projectBaseDir: ./api/source | |
args: -Dsonar.projectKey=nuwcdivnpt_stig-manager-api | |
-Dsonar.projectName=nuwcdivnpt_stig-manager-api | |
-Dsonar.organization=nuwcdivnpt | |
-Dsonar.inclusions=**/*.js | |
-Dsonar.exclusions=**/node_modules/**,**/coverage-report/** | |
-Dsonar.javascript.lcov.reportPaths=./lcov.info | |
# This will fail the action if Quality Gate fails (leaving out for now ) | |
# - name: Check Quality Gate | |
# uses: sonarsource/sonarqube-quality-gate-action@master | |
# env: | |
# SONAR_TOKEN: |