Update release workflow #1832
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Tessera Gradle Build | |
on: | |
pull_request: | |
push: | |
branches: | |
- master | |
env: | |
GRADLE_CACHE_KEY: ${{ github.run_id }}-gradle-${{ github.run_number }}-${{ github.run_number }}-${{ github.sha }} | |
DIST_TAR: tessera-dist/build/distributions/tessera-*.tar | |
TESSERA_DOCKER_IMAGE: quorumengineering/tessera | |
QUORUM_DOCKER_IMAGE: quorumengineering/quorum | |
jobs: | |
build: | |
name: Build and upload binaries | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code from SCM | |
uses: actions/checkout@v2 | |
- name: Set up Java | |
uses: actions/setup-java@v2 | |
with: | |
distribution: 'adopt' | |
java-version: 17 | |
check-latest: true | |
- name: Grant execute permission for gradlew | |
run: chmod +x gradlew | |
- name: Build with Gradle | |
run: ./gradlew build -x dependencyCheckAnalyze -x javadoc -x test --info | |
- name: Upload tessera dist | |
uses: actions/upload-artifact@v2 | |
if: success() | |
with: | |
name: tessera-dists | |
path: /home/runner/work/tessera/tessera/tessera-dist/build/distributions/ | |
- name: Upload tessera enclave dist | |
uses: actions/upload-artifact@v2 | |
with: | |
name: enclave-dists | |
path: /home/runner/work/tessera/tessera/enclave/enclave-jaxrs/build/distributions/ | |
- name: Upload aws key vault dist | |
uses: actions/upload-artifact@v2 | |
with: | |
name: aws-key-vault-dist | |
path: /home/runner/work/tessera/tessera/key-vault/aws-key-vault/build/distributions/ | |
- name: Upload azure key vault dist | |
uses: actions/upload-artifact@v2 | |
with: | |
name: azure-key-vault-dist | |
path: /home/runner/work/tessera/tessera/key-vault/azure-key-vault/build/distributions/ | |
- name: Upload hashicorp key vault dist | |
uses: actions/upload-artifact@v2 | |
with: | |
name: hashicorp-key-vault-dist | |
path: /home/runner/work/tessera/tessera/key-vault/hashicorp-key-vault/build/distributions/ | |
- name: Upload kalium encryptor dist | |
uses: actions/upload-artifact@v2 | |
with: | |
name: kalium-dist | |
path: /home/runner/work/tessera/tessera/encryption/encryption-kalium/build/distributions/ | |
checkdependencies: | |
name: Check dependencies for any security advisories | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code from SCM | |
uses: actions/checkout@v2 | |
- name: Set up Java | |
uses: actions/setup-java@v2 | |
with: | |
distribution: 'adopt' | |
java-version: 17 | |
check-latest: true | |
- name: Execute gradle dependencyCheckAnalyze task | |
run: ./gradlew dependencyCheckAnalyze -x test | |
test: | |
name: Unit tests | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code from SCM | |
uses: actions/checkout@v2 | |
- name: Set up Java | |
uses: actions/setup-java@v2 | |
with: | |
distribution: 'adopt' | |
java-version: 17 | |
check-latest: true | |
- name: Execute gradle test | |
run: ./gradlew test -x dependencyCheckAnalyze -x :tests:acceptance-test:test -x javadoc --info | |
itest: | |
name: Integration tests | |
needs: [build] | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code from SCM | |
uses: actions/checkout@v2 | |
- name: Set up Java | |
uses: actions/setup-java@v2 | |
with: | |
distribution: 'adopt' | |
java-version: 17 | |
check-latest: true | |
- name: Download tessera dist | |
uses: actions/download-artifact@v2 | |
with: | |
name: tessera-dists | |
path: /home/runner/work/tessera/tessera/tessera-dist/build/distributions/ | |
- name: Download tessera enclave dist | |
uses: actions/download-artifact@v2 | |
with: | |
name: enclave-dists | |
path: /home/runner/work/tessera/tessera/enclave/enclave-jaxrs/build/distributions/ | |
- name: Download aws key vault dist | |
uses: actions/download-artifact@v2 | |
with: | |
name: aws-key-vault-dist | |
path: /home/runner/work/tessera/tessera/key-vault/aws-key-vault/build/distributions/ | |
- name: Download azure key vault dist | |
uses: actions/download-artifact@v2 | |
with: | |
name: azure-key-vault-dist | |
path: /home/runner/work/tessera/tessera/key-vault/azure-key-vault/build/distributions/ | |
- name: Download hashicorp key vault dist | |
uses: actions/download-artifact@v2 | |
with: | |
name: hashicorp-key-vault-dist | |
path: /home/runner/work/tessera/tessera/key-vault/hashicorp-key-vault/build/distributions/ | |
- name: Download kalium encryptor dist | |
uses: actions/download-artifact@v2 | |
with: | |
name: kalium-dist | |
path: /home/runner/work/tessera/tessera/encryption/encryption-kalium/build/distributions/ | |
- name: Execute gradle integration tests | |
run: | | |
./gradlew :tests:acceptance-test:clean :tests:acceptance-test:test --fail-fast -PexcludeTests="RunHashicorpIT,AwsKeyVaultIT,RecoverIT,RunAzureIT,RestSuiteHttpH2RemoteEnclaveEncTypeEC,CucumberTestSuite" --info | |
- name: Upload Junit reports | |
uses: actions/upload-artifact@v2 | |
if: always() | |
with: | |
name: itest-junit-report | |
path: /home/runner/work/tessera/tessera/tests/acceptance-test/build/reports/tests/ | |
- name: Upload test logs | |
uses: actions/upload-artifact@v2 | |
if: always() | |
with: | |
name: itest-logs | |
path: /home/runner/work/tessera/tessera/tests/acceptance-test/build/logs | |
remote_enclave_itest: | |
name: Remote enclave integration tests | |
needs: [build] | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code from SCM | |
uses: actions/checkout@v2 | |
- name: Set up Java | |
uses: actions/setup-java@v2 | |
with: | |
distribution: 'adopt' | |
java-version: 17 | |
check-latest: true | |
- name: Download tessera dist | |
uses: actions/download-artifact@v2 | |
with: | |
name: tessera-dists | |
path: /home/runner/work/tessera/tessera/tessera-dist/build/distributions/ | |
- name: Download tessera enclave dist | |
uses: actions/download-artifact@v2 | |
with: | |
name: enclave-dists | |
path: /home/runner/work/tessera/tessera/enclave/enclave-jaxrs/build/distributions/ | |
- name: Download aws key vault dist | |
uses: actions/download-artifact@v2 | |
with: | |
name: aws-key-vault-dist | |
path: /home/runner/work/tessera/tessera/key-vault/aws-key-vault/build/distributions/ | |
- name: Download azure key vault dist | |
uses: actions/download-artifact@v2 | |
with: | |
name: azure-key-vault-dist | |
path: /home/runner/work/tessera/tessera/key-vault/azure-key-vault/build/distributions/ | |
- name: Download hashicorp key vault dist | |
uses: actions/download-artifact@v2 | |
with: | |
name: hashicorp-key-vault-dist | |
path: /home/runner/work/tessera/tessera/key-vault/hashicorp-key-vault/build/distributions/ | |
- name: Download kalium encryptor dist | |
uses: actions/download-artifact@v2 | |
with: | |
name: kalium-dist | |
path: /home/runner/work/tessera/tessera/encryption/encryption-kalium/build/distributions/ | |
- name: Execute gradle integration tests | |
run: | | |
./gradlew :tests:acceptance-test:test --tests RestSuiteHttpH2RemoteEnclave --tests RestSuiteHttpH2RemoteEnclaveEncTypeEC --info | |
- name: Upload junit reports | |
uses: actions/upload-artifact@v2 | |
if: always() | |
with: | |
name: remote_enclave_itest-junit-report | |
path: /home/runner/work/tessera/tessera/tests/acceptance-test/build/reports/tests/ | |
- name: Upload test logs | |
uses: actions/upload-artifact@v2 | |
if: always() | |
with: | |
name: remote_enclave_itest-logs | |
path: /home/runner/work/tessera/tessera/tests/acceptance-test/build/logs | |
cucumber_itest: | |
name: Cucumber itests | |
needs: [build] | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code from SCM | |
uses: actions/checkout@v2 | |
- name: Set up Java | |
uses: actions/setup-java@v2 | |
with: | |
distribution: 'adopt' | |
java-version: 17 | |
check-latest: true | |
- name: Download tessera dist | |
uses: actions/download-artifact@v2 | |
with: | |
name: tessera-dists | |
path: /home/runner/work/tessera/tessera/tessera-dist/build/distributions/ | |
- name: Download tessera enclave dist | |
uses: actions/download-artifact@v2 | |
with: | |
name: enclave-dists | |
path: /home/runner/work/tessera/tessera/enclave/enclave-jaxrs/build/distributions/ | |
- name: Download aws key vault dist | |
uses: actions/download-artifact@v2 | |
with: | |
name: aws-key-vault-dist | |
path: /home/runner/work/tessera/tessera/key-vault/aws-key-vault/build/distributions/ | |
- name: Download azure key vault dist | |
uses: actions/download-artifact@v2 | |
with: | |
name: azure-key-vault-dist | |
path: /home/runner/work/tessera/tessera/key-vault/azure-key-vault/build/distributions/ | |
- name: Download hashicorp key vault dist | |
uses: actions/download-artifact@v2 | |
with: | |
name: hashicorp-key-vault-dist | |
path: /home/runner/work/tessera/tessera/key-vault/hashicorp-key-vault/build/distributions/ | |
- name: Download kalium encryptor dist | |
uses: actions/download-artifact@v2 | |
with: | |
name: kalium-dist | |
path: /home/runner/work/tessera/tessera/encryption/encryption-kalium/build/distributions/ | |
- name: Execute gradle | |
run: | | |
./gradlew :tests:acceptance-test:clean :tests:acceptance-test:test --tests CucumberTestSuite --info | |
- name: Upload junit reports | |
uses: actions/upload-artifact@v2 | |
if: always() | |
with: | |
name: cucumber_itest-junit-report | |
path: /home/runner/work/tessera/tessera/tests/acceptance-test/build/reports/tests/ | |
- name: Upload test logs | |
uses: actions/upload-artifact@v2 | |
if: always() | |
with: | |
name: cucumber_itest-logs | |
path: /home/runner/work/tessera/tessera/tests/acceptance-test/build/logs | |
vaultTests: | |
name: Key vault integration tests | |
needs: [build] | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code from SCM | |
uses: actions/checkout@v2 | |
- uses: actions/setup-java@v2 | |
with: | |
distribution: 'adopt' | |
java-version: 17 | |
check-latest: true | |
- name: Download tessera dist | |
uses: actions/download-artifact@v2 | |
with: | |
name: tessera-dists | |
path: /home/runner/work/tessera/tessera/tessera-dist/build/distributions/ | |
- name: Download tessera enclave dist | |
uses: actions/download-artifact@v2 | |
with: | |
name: enclave-dists | |
path: /home/runner/work/tessera/tessera/enclave/enclave-jaxrs/build/distributions/ | |
- name: Download aws key vault dist | |
uses: actions/download-artifact@v2 | |
with: | |
name: aws-key-vault-dist | |
path: /home/runner/work/tessera/tessera/key-vault/aws-key-vault/build/distributions/ | |
- name: Download azure key vault dist | |
uses: actions/download-artifact@v2 | |
with: | |
name: azure-key-vault-dist | |
path: /home/runner/work/tessera/tessera/key-vault/azure-key-vault/build/distributions/ | |
- name: Download hashicorp key vault dist | |
uses: actions/download-artifact@v2 | |
with: | |
name: hashicorp-key-vault-dist | |
path: /home/runner/work/tessera/tessera/key-vault/hashicorp-key-vault/build/distributions/ | |
- name: Download kalium encryptor dist | |
uses: actions/download-artifact@v2 | |
with: | |
name: kalium-dist | |
path: /home/runner/work/tessera/tessera/encryption/encryption-kalium/build/distributions/ | |
- name: Run AWS tests | |
run: | | |
./gradlew :tests:acceptance-test:test --tests AwsKeyVaultIT --info | |
# - name: Run azure tests | |
# run: | | |
# ./gradlew :tests:acceptance-test:test --tests RunAzureIT --info | |
- name: Run hashicorp tests | |
run: | | |
wget https://releases.hashicorp.com/vault/1.2.2/vault_1.2.2_linux_amd64.zip -O /tmp/vault_1.2.2_linux_amd64.zip | |
mkdir -p vault/bin && pushd $_ | |
unzip /tmp/vault_1.2.2_linux_amd64.zip | |
export PATH=$PATH:$PWD && popd | |
./gradlew :tests:acceptance-test:test --tests RunHashicorpIT --info | |
- name: Upload junit reports | |
uses: actions/upload-artifact@v2 | |
if: failure() | |
with: | |
name: vault-itest-junit-report | |
path: /home/runner/work/tessera/tessera/tests/acceptance-test/build/reports/tests/ | |
- name: Upload test logs | |
uses: actions/upload-artifact@v2 | |
if: failure() | |
with: | |
name: vault-itest-logs | |
path: /home/runner/work/tessera/tessera/tests/acceptance-test/build/logs | |
recovery_itest: | |
name: Recovery integration tests | |
needs: [build] | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code from SCM | |
uses: actions/checkout@v2 | |
- name: Set up java | |
uses: actions/setup-java@v2 | |
with: | |
distribution: 'adopt' | |
java-version: 17 | |
check-latest: true | |
- name: Download tessera dist | |
uses: actions/download-artifact@v2 | |
with: | |
name: tessera-dists | |
path: /home/runner/work/tessera/tessera/tessera-dist/build/distributions/ | |
- name: Download tessera enclave dist | |
uses: actions/download-artifact@v2 | |
with: | |
name: enclave-dists | |
path: /home/runner/work/tessera/tessera/enclave/enclave-jaxrs/build/distributions/ | |
- name: Download aws key vault dist | |
uses: actions/download-artifact@v2 | |
with: | |
name: aws-key-vault-dist | |
path: /home/runner/work/tessera/tessera/key-vault/aws-key-vault/build/distributions/ | |
- name: Download azure key vault dist | |
uses: actions/download-artifact@v2 | |
with: | |
name: azure-key-vault-dist | |
path: /home/runner/work/tessera/tessera/key-vault/azure-key-vault/build/distributions/ | |
- name: Download hashicorp key vault dist | |
uses: actions/download-artifact@v2 | |
with: | |
name: hashicorp-key-vault-dist | |
path: /home/runner/work/tessera/tessera/key-vault/hashicorp-key-vault/build/distributions/ | |
- name: Download kalium encryptor dist | |
uses: actions/download-artifact@v2 | |
with: | |
name: kalium-dist | |
path: /home/runner/work/tessera/tessera/encryption/encryption-kalium/build/distributions/ | |
- name: Execute tests | |
run: | | |
./gradlew :tests:acceptance-test:clean :tests:acceptance-test:test --tests RecoverIT --info | |
- name: Upload junit reports | |
uses: actions/upload-artifact@v2 | |
if: always() | |
with: | |
name: recovery_itest-junit-report | |
path: /home/runner/work/tessera/tessera/tests/acceptance-test/build/reports/tests/ | |
- name: Upload test logs | |
uses: actions/upload-artifact@v2 | |
if: always() | |
with: | |
name: recovery-itest-logs | |
path: /home/runner/work/tessera/tessera/tests/acceptance-test/build/logs | |
build_image: | |
name: Build develop Docker image | |
needs: [build] | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code from SCM | |
uses: actions/checkout@v2 | |
- name: Download tessera dist | |
uses: actions/download-artifact@v2 | |
with: | |
name: tessera-dists | |
path: /home/runner/work/tessera/tessera/tessera-dist/build/distributions/ | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v1 | |
- name: Get current date-time (RFC 3339 standard) | |
id: date | |
run: echo "::set-output name=now::$(date -u '+%Y-%m-%dT%H:%M:%SZ')" | |
- name: Build Docker image as portable tar | |
uses: docker/build-push-action@v2 | |
with: | |
tags: ${{ env.TESSERA_DOCKER_IMAGE }}:develop | |
labels: | | |
org.opencontainers.image.source=https://github.com/${{ github.repository }} | |
org.opencontainers.image.revision=${{ github.sha }} | |
org.opencontainers.image.created=${{ steps.date.outputs.now }} | |
push: false | |
file: docker/tessera.Dockerfile | |
# context must be explicitly provided to prevent docker/build-push-action checking out the repo again and deleting the downloaded artifacts | |
context: . | |
outputs: type=docker,dest=/tmp/tessera-develop-image.tar | |
- name: upload-artifact portable Docker image | |
uses: actions/upload-artifact@v2 | |
with: | |
name: tessera-develop-image | |
path: /tmp/tessera-develop-image.tar | |
atest: | |
name: Quorum acceptance tests | |
needs: [build, build_image] | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code from SCM | |
uses: actions/checkout@v2 | |
- name: Set up java | |
uses: actions/setup-java@v2 | |
with: | |
distribution: 'adopt' | |
java-version: 14 | |
check-latest: true | |
- name: download-artifact portable Docker image | |
uses: actions/download-artifact@v2 | |
with: | |
name: tessera-develop-image | |
path: /tmp | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v1 | |
- name: Load image | |
run: | | |
docker load --input /tmp/tessera-develop-image.tar | |
docker image ls -a | |
- name: Execute acceptance tests | |
run: | |
docker run --entrypoint /bin/sh --network host -v /tmp/run/sh:/tmp/run.sh -v /var/run/docker.sock:/var/run/docker.sock -v /tmp/acctests:/tmp/acctests -e TF_VAR_tessera_docker_image='{name="${{ env.TESSERA_DOCKER_IMAGE }}:develop",local=true}' -e TF_VAR_quorum_docker_image='{name="${{ env.QUORUM_DOCKER_IMAGE }}:latest",local=false}' quorumengineering/acctests:latest -c "./mvnw --no-transfer-progress -B -DskipToolsCheck test -Pauto -Dtags='\!async && (basic || basic-istanbul || networks/typical::istanbul)' -Dauto.outputDir=/tmp/acctests -Dnetwork.forceDestroy=true && cp -R /workspace/target/gauge /tmp/acctests/gauge && chmod -R 775 /tmp/acctests/gauge" | |
- name: Upload Gauge report | |
uses: actions/upload-artifact@v2 | |
if: always() | |
with: | |
name: gauge-reports | |
path: /tmp/acctests/gauge | |
push_docker_develop: | |
name: Push develop image to DockerHub | |
if: ${{ github.ref == 'refs/heads/master' }} | |
# arguably we should depend on all test steps, but this job only runs on pushes to master so all tests will have | |
# already passed in the PR. At a minimum we depend on atest as it actually uses the image. | |
needs: [build_image, atest] | |
runs-on: ubuntu-latest | |
steps: | |
- name: download-artifact portable Docker image | |
uses: actions/download-artifact@v2 | |
with: | |
name: tessera-develop-image | |
path: /tmp | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v1 | |
- name: Load image | |
run: | | |
docker load --input /tmp/tessera-develop-image.tar | |
docker image ls -a | |
- name: Login to DockerHub | |
uses: docker/login-action@v1 | |
with: | |
username: ${{ secrets.DOCKER_USERNAME }} | |
password: ${{ secrets.DOCKER_ACCESS_TOKEN }} | |
- name: Push image | |
run : | | |
docker push ${TESSERA_DOCKER_IMAGE}:develop |