Skip to content

fix(tls): use TLS by default in the Agent Client #1196

fix(tls): use TLS by default in the Agent Client

fix(tls): use TLS by default in the Agent Client #1196

Workflow file for this run

name: CI build and push
concurrency:
group: ci-${{ github.run_id }}
cancel-in-progress: true
on:
issue_comment:
types:
- created
jobs:
check-before-build:
runs-on: ubuntu-latest
if: github.repository_owner == 'cryostatio' && github.event.issue.pull_request && startsWith(github.event.comment.body, '/build_test')
permissions:
pull-requests: write
steps:
- name: Fail if needs-triage label applied
if: ${{ contains(github.event.issue.labels.*.name, 'needs-triage') }}
run: exit 1
- name: Show warning if permission is denied
if: |
!(github.event.comment.author_association == 'MEMBER' || github.event.comment.author_association == 'OWNER')
&& (!contains(github.event.issue.labels.*.name, 'safe-to-test') || github.event.issue.user.name != github.event.comment.user.name)
uses: thollander/actions-comment-pull-request@v2
with:
message: |-
You do not have permission to run the /build_test command. Please ask @cryostatio/reviewers
to resolve the issue.
- name: Fail if command permission is denied
if: |
!(github.event.comment.author_association == 'MEMBER' || github.event.comment.author_association == 'OWNER')
&& (!contains(github.event.issue.labels.*.name, 'safe-to-test') || github.event.issue.user.name != github.event.comment.user.name)
run: exit 1
- name: React to comment
uses: actions/github-script@v7
with:
script: |
const {owner, repo} = context.issue
github.rest.reactions.createForIssueComment({
owner,
repo,
comment_id: context.payload.comment.id,
content: "+1",
});
checkout-branch:
runs-on: ubuntu-latest
needs: [check-before-build]
outputs:
PR_head_ref: ${{ fromJSON(steps.comment-branch.outputs.result).ref }}
PR_head_sha: ${{ fromJSON(steps.comment-branch.outputs.result).sha }}
PR_num: ${{ fromJSON(steps.comment-branch.outputs.result).num }}
PR_repo: ${{ fromJSON(steps.comment-branch.outputs.result).repo }}
permissions:
pull-requests: read
steps:
- uses: actions/github-script@v7
id: comment-branch
with:
script: |
const result = await github.rest.pulls.get ({
owner: context.repo.owner,
repo: context.repo.repo,
pull_number: context.issue.number
})
return { repo: result.data.head.repo.full_name, num: result.data.number, sha: result.data.head.sha, ref: result.data.head.ref }
start-comment:
runs-on: ubuntu-latest
needs: [check-before-build]
permissions:
pull-requests: write
steps:
- name: Leave Actions Run Comment
uses: actions/github-script@v7
with:
script: |
const runURL = `https://github.com/${context.repo.owner}/${context.repo.repo}/actions/runs/${{ github.run_id }}`;
const currentTime = new Date().toLocaleString('en-US', { timeZone: 'America/Toronto' });
const commentBody = `Workflow started at ${currentTime}. [View Actions Run](${runURL}).`;
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: commentBody
});
build-and-test:
needs: [checkout-branch]
# runs-on: ubuntu-latest
runs-on: ubuntu-24.04
env:
deps-cache-name: cache-yarn
build-cache-name: cache-webpack
name: Build and test
permissions:
packages: write
contents: read
pull-requests: write
statuses: write
steps:
- uses: actions/checkout@v4
with:
repository: ${{ needs.checkout-branch.outputs.PR_repo }}
ref: ${{ needs.checkout-branch.outputs.PR_head_ref }}
submodules: true
fetch-depth: 0
- uses: actions/setup-java@v4
with:
java-version: '21'
distribution: 'temurin'
cache: 'maven'
- run: git submodule init && git submodule update
- name: Cache yarn packages
uses: actions/cache@v4
with:
path: "./src/main/webui/.yarn/cache"
key: ${{ runner.os }}-build-${{ env.deps-cache-name }}-${{ hashFiles('**/yarn.lock') }}
restore-keys: |
${{ runner.os }}-build-${{ env.deps-cache-name }}-
${{ runner.os }}-build-
${{ runner.os }}-
- name: Cache frontend build
uses: actions/cache@v4
with:
path: "./src/main/webui/.build_cache"
key: ${{ runner.os }}-build-${{ env.build-cache-name }}-${{ hashFiles('**/yarn.lock') }}
restore-keys: |
${{ runner.os }}-build-${{ env.build-cache-name }}-
${{ runner.os }}-build-
${{ runner.os }}-
- name: Initialize web assets
run: |
cd src/main/webui
yarn install && yarn yarn:frzinstall
cd -
- name: Ensure podman 4+ and podman-docker installed
run: sudo apt update && sudo apt -y satisfy "podman (>= 4.0), podman-docker"
- name: Set up testcontainers for podman
run: |
echo ryuk.container.privileged=true > ~/.testcontainers.properties
echo docker.client.strategy=org.testcontainers.dockerclient.UnixSocketClientProviderStrategy >> ~/.testcontainers.properties
echo testcontainers.reuse.enable=false >> ~/.testcontainers.properties
- name: Start Podman API
run: systemctl --user enable --now podman.socket
- name: Set DOCKER_HOST environment variable
run: echo "DOCKER_HOST=unix:///run/user/$(id -u)/podman/podman.sock" >> "$GITHUB_ENV"
- name: Build application
run: ./mvnw -B -U clean verify
- name: Add workflow result as comment on PR
uses: actions/github-script@v7
if: always()
with:
script: |
const name = '${{github.workflow}}';
const url = '${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}';
const success = '${{ job.status }}' === 'success';
const body = `${name}: ${success ? 'All tests pass ✅' : 'At least one test failed ❌'}\n${url}`;
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: body
})
- name: Set latest commit status as ${{ job.status }}
uses: myrotvorets/set-commit-status-action@master
if: always()
with:
sha: ${{ needs.checkout-branch.outputs.PR_head_sha}}
token: ${{ secrets.GITHUB_TOKEN }}
status: ${{ job.status }}
update-schemas:
needs: [checkout-branch]
runs-on: ubuntu-latest
outputs:
OPENAPI_STATUS: ${{ steps.schema-update.outputs.openapi_status }}
OPENAPI_DIFF_FILE: ${{ steps.schema-update.outputs.openapi_diff_file }}
GRAPHQL_STATUS: ${{ steps.schema-update.outputs.graphql_status }}
GRAPHQL_DIFF_FILE: ${{ steps.schema-update.outputs.graphql_diff_file }}
steps:
- uses: actions/checkout@v4
with:
repository: ${{ needs.checkout-branch.outputs.PR_repo }}
ref: ${{ needs.checkout-branch.outputs.PR_head_ref }}
submodules: true
fetch-depth: 0
- uses: actions/setup-java@v4
with:
java-version: '21'
distribution: 'temurin'
cache: 'maven'
- run: git submodule init && git submodule update
- name: Update schemas
id: schema-update
run: |
set -x
mkdir "${HOME}/bin"
wget https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 -O "${HOME}/bin/yq"
chmod +x "${HOME}/bin/yq"
export PATH="${HOME}/bin:${PATH}"
bash /home/runner/work/cryostat/cryostat/schema/update.bash 90 15
set +e
git diff -U10 --exit-code /home/runner/work/cryostat/cryostat/schema/openapi.yaml > /home/runner/work/openapi.diff
echo "openapi_status=$?" >> "$GITHUB_OUTPUT"
echo "openapi_diff_file=openapi.diff" >> "$GITHUB_OUTPUT"
git diff -U10 --exit-code /home/runner/work/cryostat/cryostat/schema/schema.graphql > /home/runner/work/graphql.diff
echo "graphql_status=$?" >> "$GITHUB_OUTPUT"
echo "graphql_diff_file=graphql.diff" >> "$GITHUB_OUTPUT"
- uses: actions/upload-artifact@v4
with:
name: openapi-diff
path: /home/runner/work/openapi.diff
- uses: actions/upload-artifact@v4
with:
name: graphql-diff
path: /home/runner/work/graphql.diff
compare-openapi-schema:
needs: [update-schemas]
runs-on: ubuntu-latest
permissions:
pull-requests: write
steps:
- uses: actions/download-artifact@v4
with:
name: openapi-diff
- name: Comment schema check result
uses: actions/github-script@v7
with:
script: |
const diffFmt = s => {
return "```diff\n" + s + "\n```";
};
const commentBody = ${{ needs.update-schemas.outputs.OPENAPI_STATUS }} == '0'
? `No OpenAPI schema changes detected.`
: `OpenAPI schema change detected:\n\n${diffFmt(require('fs').readFileSync('${{ needs.update-schemas.outputs.OPENAPI_DIFF_FILE }}'))}`;
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: commentBody
});
compare-graphql-schema:
needs: [update-schemas]
runs-on: ubuntu-latest
permissions:
pull-requests: write
steps:
- uses: actions/download-artifact@v4
with:
name: graphql-diff
- name: Comment schema check result
uses: actions/github-script@v7
with:
script: |
const diffFmt = s => {
return "```diff\n" + s + "\n```";
};
const commentBody = ${{ needs.update-schemas.outputs.GRAPHQL_STATUS }} == '0'
? `No GraphQL schema changes detected.`
: `GraphQL schema change detected:\n\n${diffFmt(require('fs').readFileSync('${{ needs.update-schemas.outputs.GRAPHQL_DIFF_FILE }}'))}`;
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: commentBody
});
auto-commit-schemas:
needs: [compare-graphql-schema, compare-openapi-schema, checkout-branch, update-schemas]
runs-on: ubuntu-latest
permissions:
contents: write
pull-requests: write
if: needs.update-schemas.outputs.OPENAPI_STATUS != '0' || needs.update-schemas.outputs.GRAPHQL_STATUS != '0'
steps:
- name: Check out PR branch
uses: actions/checkout@v4
with:
repository: ${{ needs.checkout-branch.outputs.PR_repo }}
ref: ${{ needs.checkout-branch.outputs.PR_head_ref }}
submodules: true
fetch-depth: 0
- name: Import GPG key
uses: crazy-max/ghaction-import-gpg@v6
with:
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
passphrase: ${{ secrets.GPG_PASSPHRASE }}
git_config_global: true
git_user_signingkey: true
git_commit_gpgsign: true
- name: Download OpenAPI diff
uses: actions/download-artifact@v4
with:
name: openapi-diff
path: diffs
- name: Download GraphQL diff
uses: actions/download-artifact@v4
with:
name: graphql-diff
path: diffs
- name: List downloaded files
run: ls -l diffs/
- name: Apply OpenAPI diff
if: needs.update-schemas.outputs.OPENAPI_STATUS != '0'
run: |
patch -p1 < diffs/openapi.diff
echo "Contents of OpenAPI schema after patch:"
cat schema/openapi.yaml
- name: Apply GraphQL diff
if: needs.update-schemas.outputs.GRAPHQL_STATUS != '0'
run: |
patch -p1 < diffs/graphql.diff
echo "Contents of GraphQL schema after patch:"
cat schema/schema.graphql
- name: Commit and push schema changes
run: |
git add schema/openapi.yaml schema/schema.graphql
git commit -S -m "chore(schema): automatic update"
git push origin ${{ needs.checkout-branch.outputs.PR_head_ref }}
- name: Comment on schema update
uses: actions/github-script@v7
with:
script: |
const prNumber = ${{ needs.checkout-branch.outputs.PR_num }};
const comment = "Schema changes committed by the CI.";
github.rest.issues.createComment({
issue_number: prNumber,
owner: context.repo.owner,
repo: context.repo.repo,
body: comment
});