Skip to content

Bump com.amazonaws:aws-java-sdk-apigatewaymanagementapi from 1.12.769 to 1.12.770 in /deploy/aws/java11Exec #1656

Bump com.amazonaws:aws-java-sdk-apigatewaymanagementapi from 1.12.769 to 1.12.770 in /deploy/aws/java11Exec

Bump com.amazonaws:aws-java-sdk-apigatewaymanagementapi from 1.12.769 to 1.12.770 in /deploy/aws/java11Exec #1656

Workflow file for this run

name: CI
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
env:
NOMAD_VERSION: '1.8.3'
CNI_VERSION: '1.5.0'
jobs:
compile:
runs-on: ubuntu-latest
env:
CGO_ENABLED: 0
# Enable additional processor optimizations: https://golang.org/wiki/MinimumRequirements#amd64
GOAMD64: v3
steps:
- uses: actions/checkout@v4
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version-file: go.mod
- name: Update last trim for Go build cache
# Go usually trims all builds not used for at least five days. We simulate that the last trim just occurred recently.
# Otherwise, the cache restored in the previous step would not be used for the build resulting in a longer workflow run.
# More details: https://github.com/golang/go/blob/d60ad1e068263832c711aaf17b6ccb1b7f71b000/src/cmd/go/internal/cache/cache.go#L255-L326
run: date +%s > ~/.cache/go-build/trim.txt
continue-on-error: true
- name: Build
run: make build-cover
- name: Upload Poseidon binary
uses: actions/upload-artifact@v4
with:
name: poseidon
path: poseidon
lint:
name: lint
runs-on: ubuntu-latest
permissions:
# Required: allow read access to the content for analysis.
contents: read
# Optional: allow read access to pull request. Use with `only-new-issues` option.
pull-requests: read
# Optional: Allow write access to checks to allow the action to annotate code in the PR.
checks: write
steps:
- uses: actions/checkout@v4
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version-file: go.mod
- name: golangci-lint
uses: golangci/golangci-lint-action@v6
with:
version: latest
args: --timeout=3m
# We rely on the setup-go action to cache the Go pkg and build directories.
skip-pkg-cache: true
skip-build-cache: true
test:
runs-on: ubuntu-latest
needs: [ compile ]
steps:
- uses: actions/checkout@v4
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version-file: go.mod
- name: Update last trim for Go build cache
# Go usually trims all builds not used for at least five days. We simulate that the last trim just occurred recently.
# Otherwise, the cache restored in the previous step would not be used for the build resulting in a longer workflow run.
# More details: https://github.com/golang/go/blob/d60ad1e068263832c711aaf17b6ccb1b7f71b000/src/cmd/go/internal/cache/cache.go#L255-L326
run: date +%s > ~/.cache/go-build/trim.txt
continue-on-error: true
- name: Run tests
run: make coverhtml
- name: Upload coverage reports to Codecov
uses: codecov/codecov-action@v4
if: ${{ success() || failure() }}
with:
token: ${{ secrets.CODECOV_TOKEN }}
- name: Upload coverage report
uses: actions/upload-artifact@v4
if: ${{ success() || failure() }}
with:
name: coverage_unit
path: coverage/coverage_unit.html
dep-scan:
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write
needs: [ compile ]
if: github.event_name != 'push' || github.actor != 'dependabot[bot]' && github.actor != 'dependabot-preview[bot]' && github.actor != 'dependabot'
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Run Trivy vulnerability scanner in repo mode
uses: aquasecurity/trivy-action@master
with:
scan-type: 'fs'
format: 'template'
template: '@/contrib/sarif.tpl'
output: 'trivy-results.sarif'
severity: 'HIGH,CRITICAL'
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: 'trivy-results.sarif'
e2e-test:
runs-on: ubuntu-latest
needs: [ compile, test ]
env:
POSEIDON_AWS_ENDPOINT: ${{ secrets.POSEIDON_AWS_ENDPOINT }}
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Write secrets to environment file
run: cat ./.github/workflows/resources/.env | envsubst > ./.env
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version-file: go.mod
- name: Update last trim for Go build cache
# Go usually trims all builds not used for at least five days. We simulate that the last trim just occurred recently.
# Otherwise, the cache restored in the previous step would not be used for the build resulting in a longer workflow run.
# More details: https://github.com/golang/go/blob/d60ad1e068263832c711aaf17b6ccb1b7f71b000/src/cmd/go/internal/cache/cache.go#L255-L326
run: date +%s > ~/.cache/go-build/trim.txt
continue-on-error: true
- name: Cache Nomad and CNI binaries
uses: actions/cache@v4
with:
path: |
${{ github.workspace }}/nomad
${{ github.workspace }}/cni/bin
key: ${{ runner.os }}-nomad-${{ env.NOMAD_VERSION }}
restore-keys: |
${{ runner.os }}-nomad-${{ env.NOMAD_VERSION }}
- name: Download Nomad binary
run: |
if [[ -f ./nomad ]]; then exit 0; fi
wget -q "https://releases.hashicorp.com/nomad/${NOMAD_VERSION}/nomad_${NOMAD_VERSION}_linux_amd64.zip"
wget -q "https://releases.hashicorp.com/nomad/${NOMAD_VERSION}/nomad_${NOMAD_VERSION}_SHA256SUMS"
grep "nomad_${NOMAD_VERSION}_linux_amd64.zip" nomad_${NOMAD_VERSION}_SHA256SUMS | sha256sum -c -
unzip nomad_${NOMAD_VERSION}_linux_amd64.zip
- name: Download CNI binaries
run: |
if [[ -f ./cni/bin ]]; then exit 0; fi
wget -q "https://github.com/containernetworking/plugins/releases/download/v${CNI_VERSION}/cni-plugins-linux-amd64-v${CNI_VERSION}.tgz"
wget -q "https://github.com/containernetworking/plugins/releases/download/v${CNI_VERSION}/cni-plugins-linux-amd64-v${CNI_VERSION}.tgz.sha256"
grep "cni-plugins-linux-amd64-v${CNI_VERSION}.tgz" cni-plugins-linux-amd64-v${CNI_VERSION}.tgz.sha256 | sha256sum -c -
mkdir -p ./cni/bin
tar zxvf cni-plugins-linux-amd64-v${CNI_VERSION}.tgz -C ./cni/bin
- name: Set Nomad Config
run: |
cp ./docs/resources/secure-bridge.conflist ./cni/secure-bridge.conflist
echo "server { default_scheduler_config { memory_oversubscription_enabled = true } }, client { cni_path = \"${{ github.workspace }}/cni/bin\", cni_config_dir = \"${{ github.workspace }}/cni\" }" > e2e-config.hcl
- name: Download Poseidon binary
uses: actions/download-artifact@v4
with:
name: poseidon
- name: Get current branch name
id: branch-name
uses: tj-actions/branch-names@v8
- name: Checkout matching branch for Dockerfiles (optional)
id: checkout-dockerfiles
if: steps.branch-name.outputs.is_default == 'false'
uses: actions/checkout@v4
continue-on-error: true
with:
repository: openHPI/dockerfiles
path: deploy/dockerfiles
ref: ${{ steps.branch-name.outputs.current_branch }}
- name: Build new e2e test image (optional)
if: steps.checkout-dockerfiles.outcome == 'success'
run: make e2e-test-docker-image
- name: Run e2e tests
run: |
export $(cat ./.env | xargs)
sudo ./nomad agent -dev -log-level=WARN -config e2e-config.hcl &
until curl -s --fail http://localhost:4646/v1/agent/health ; do sleep 1; done
chmod +x ./poseidon
mkdir -p ${GOCOVERDIR}
./poseidon | tee poseidon.log &
until curl -s --fail http://localhost:7200/api/v1/health ; do sleep 1; done
make e2e-test
if: ${{ success() || failure() }}
- name: Setup Poseidon Socket
run: |
export $(cat ./.env | xargs)
killall poseidon
mkdir -p ~/.config/systemd/user
cp ./.github/workflows/resources/poseidon-minimal.socket ~/.config/systemd/user/poseidon.socket
cat ./.github/workflows/resources/poseidon-minimal.service | envsubst > ~/.config/systemd/user/poseidon.service
echo "POSEIDON_SERVER_SYSTEMDSOCKETACTIVATION=TRUE" >> ./.env
systemctl --user daemon-reload
systemctl --user start poseidon.socket
if: ${{ success() || failure() }}
- name: Print Poseidon Failure logs
if: failure()
run: journalctl --user -xen --no-pager
- name: Run e2e recovery tests
run: make e2e-test-recovery
if: ${{ success() || failure() }}
- name: Print Systemd Failure logs
run: |
/usr/bin/systemctl --user show poseidon.service -p NRestarts
journalctl --user -xe -u poseidon.service --no-pager
if: failure()
- name: Stop Poseidon to flush the coverage file
run: systemctl --user stop poseidon.service poseidon.socket
if: ${{ success() || failure() }}
- name: Convert coverage reports
run: make convert-run-coverage
if: ${{ success() || failure() }}
- name: Upload coverage reports to Codecov
uses: codecov/codecov-action@v4
if: ${{ success() || failure() }}
with:
token: ${{ secrets.CODECOV_TOKEN }}
- name: Upload coverage report
uses: actions/upload-artifact@v4
if: ${{ success() || failure() }}
with:
name: coverage_run
path: coverage/coverage_run.html