From 51292d304e342bd8833bbe608d34218d959e1561 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nicol=C3=B2=20Boschi?= Date: Fri, 9 Sep 2022 09:28:39 +0200 Subject: [PATCH] move after itests --- .github/workflows/pulsar-ci.yaml | 147 ++++++++++++++++--------------- 1 file changed, 74 insertions(+), 73 deletions(-) diff --git a/.github/workflows/pulsar-ci.yaml b/.github/workflows/pulsar-ci.yaml index 3e05145eca0f8f..ed1f6aef662d76 100644 --- a/.github/workflows/pulsar-ci.yaml +++ b/.github/workflows/pulsar-ci.yaml @@ -128,79 +128,6 @@ jobs: with: action: wait - owasp-dep-check: - name: OWASP dependency check - runs-on: ubuntu-20.04 - timeout-minutes: 120 - needs: [ 'changed_files_job', 'build-and-license-check' ] - if: ${{ needs.changed_files_job.outputs.need_owasp == 'true' }} - - steps: - - name: checkout - uses: actions/checkout@v2 - - - name: Tune Runner VM - uses: ./.github/actions/tune-runner-vm - - - name: Setup ssh access to build runner VM - # ssh access is enabled for builds in own forks - if: ${{ github.repository != 'apache/pulsar' }} - uses: ./.github/actions/ssh-access - with: - limit-access-to-actor: true - - - name: Cache Maven dependencies - uses: actions/cache@v2 - with: - path: | - ~/.m2/repository/*/*/* - !~/.m2/repository/org/apache/pulsar - key: ${{ runner.os }}-m2-dependencies-core-modules-${{ hashFiles('**/pom.xml') }} - restore-keys: | - ${{ runner.os }}-m2-dependencies-core-modules- - - - name: Set up JDK ${{ matrix.jdk || '17' }} - uses: actions/setup-java@v2 - with: - distribution: 'temurin' - java-version: ${{ matrix.jdk || '17' }} - - - name: clean disk - run: | - sudo swapoff -a - sudo rm -rf /swapfile /usr/share/dotnet /usr/local/lib/android /opt/ghc - sudo apt clean - docker rmi $(docker images -q) -f - df -h - - - name: Install gh-actions-artifact-client.js - uses: apache/pulsar-test-infra/gh-actions-artifact-client/dist@master - - - name: Restore maven build results from Github artifact cache - run: | - cd $HOME - $GITHUB_WORKSPACE/build/pulsar_ci_tool.sh restore_tar_from_github_actions_artifacts pulsar-maven-repository-binaries - - # Projects dependent on flume, hdfs, hbase, and presto currently excluded from the scan. - - name: run "verify" to trigger dependency check - run: mvn -q -B -ntp verify -PskipDocker,owasp-dependency-check -DskipTests -pl '!pulsar-sql,!distribution/io,!distribution/offloaders,!tiered-storage/file-system,!pulsar-io/flume,!pulsar-io/hbase,!pulsar-io/hdfs2,!pulsar-io/hdfs3,!pulsar-io/docs,!pulsar-io/jdbc/openmldb' - - - name: Upload report - uses: actions/upload-artifact@v3 - if: ${{ cancelled() || failure() }} - continue-on-error: true - with: - name: dependency report - path: target/dependency-check-report.html - - - name: Wait for ssh connection when build fails - # ssh access is enabled for builds in own forks - uses: ./.github/actions/ssh-access - if: ${{ failure() && github.repository != 'apache/pulsar' }} - continue-on-error: true - with: - action: wait - macos-build: name: runs-on: macos-latest @@ -574,6 +501,80 @@ jobs: run: | gh-actions-artifact-client.js delete pulsar-java-test-image.zst + owasp-dep-check: + name: OWASP dependency check + runs-on: ubuntu-20.04 + timeout-minutes: 120 + # Put it after integration-tests to run only if the branch is stable + needs: [ 'integration-tests' ] + if: ${{ needs.changed_files_job.outputs.need_owasp == 'true' }} + + steps: + - name: checkout + uses: actions/checkout@v2 + + - name: Tune Runner VM + uses: ./.github/actions/tune-runner-vm + + - name: Setup ssh access to build runner VM + # ssh access is enabled for builds in own forks + if: ${{ github.repository != 'apache/pulsar' }} + uses: ./.github/actions/ssh-access + with: + limit-access-to-actor: true + + - name: Cache Maven dependencies + uses: actions/cache@v2 + with: + path: | + ~/.m2/repository/*/*/* + !~/.m2/repository/org/apache/pulsar + key: ${{ runner.os }}-m2-dependencies-core-modules-${{ hashFiles('**/pom.xml') }} + restore-keys: | + ${{ runner.os }}-m2-dependencies-core-modules- + + - name: Set up JDK 17 + uses: actions/setup-java@v2 + with: + distribution: 'temurin' + java-version: 17 + + - name: clean disk + run: | + sudo swapoff -a + sudo rm -rf /swapfile /usr/share/dotnet /usr/local/lib/android /opt/ghc + sudo apt clean + docker rmi $(docker images -q) -f + df -h + + - name: Install gh-actions-artifact-client.js + uses: apache/pulsar-test-infra/gh-actions-artifact-client/dist@master + + - name: Restore maven build results from Github artifact cache + run: | + cd $HOME + $GITHUB_WORKSPACE/build/pulsar_ci_tool.sh restore_tar_from_github_actions_artifacts pulsar-maven-repository-binaries + + # Projects dependent on flume, hdfs, hbase, and presto currently excluded from the scan. + - name: run "verify" to trigger dependency check + run: mvn -q -B -ntp verify -PskipDocker,owasp-dependency-check -DskipTests -pl '!pulsar-sql,!distribution/io,!distribution/offloaders,!tiered-storage/file-system,!pulsar-io/flume,!pulsar-io/hbase,!pulsar-io/hdfs2,!pulsar-io/hdfs3,!pulsar-io/docs,!pulsar-io/jdbc/openmldb' + + - name: Upload report + uses: actions/upload-artifact@v3 + if: ${{ cancelled() || failure() }} + continue-on-error: true + with: + name: dependency report + path: target/dependency-check-report.html + + - name: Wait for ssh connection when build fails + # ssh access is enabled for builds in own forks + uses: ./.github/actions/ssh-access + if: ${{ failure() && github.repository != 'apache/pulsar' }} + continue-on-error: true + with: + action: wait + pulsar-test-latest-version-image: name: Build Pulsar docker image runs-on: ubuntu-20.04