fix(tls): use TLS by default in the Agent Client #1196
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI build and push | |
concurrency: | |
group: ci-${{ github.run_id }} | |
cancel-in-progress: true | |
on: | |
issue_comment: | |
types: | |
- created | |
jobs: | |
check-before-build: | |
runs-on: ubuntu-latest | |
if: github.repository_owner == 'cryostatio' && github.event.issue.pull_request && startsWith(github.event.comment.body, '/build_test') | |
permissions: | |
pull-requests: write | |
steps: | |
- name: Fail if needs-triage label applied | |
if: ${{ contains(github.event.issue.labels.*.name, 'needs-triage') }} | |
run: exit 1 | |
- name: Show warning if permission is denied | |
if: | | |
!(github.event.comment.author_association == 'MEMBER' || github.event.comment.author_association == 'OWNER') | |
&& (!contains(github.event.issue.labels.*.name, 'safe-to-test') || github.event.issue.user.name != github.event.comment.user.name) | |
uses: thollander/actions-comment-pull-request@v2 | |
with: | |
message: |- | |
You do not have permission to run the /build_test command. Please ask @cryostatio/reviewers | |
to resolve the issue. | |
- name: Fail if command permission is denied | |
if: | | |
!(github.event.comment.author_association == 'MEMBER' || github.event.comment.author_association == 'OWNER') | |
&& (!contains(github.event.issue.labels.*.name, 'safe-to-test') || github.event.issue.user.name != github.event.comment.user.name) | |
run: exit 1 | |
- name: React to comment | |
uses: actions/github-script@v7 | |
with: | |
script: | | |
const {owner, repo} = context.issue | |
github.rest.reactions.createForIssueComment({ | |
owner, | |
repo, | |
comment_id: context.payload.comment.id, | |
content: "+1", | |
}); | |
checkout-branch: | |
runs-on: ubuntu-latest | |
needs: [check-before-build] | |
outputs: | |
PR_head_ref: ${{ fromJSON(steps.comment-branch.outputs.result).ref }} | |
PR_head_sha: ${{ fromJSON(steps.comment-branch.outputs.result).sha }} | |
PR_num: ${{ fromJSON(steps.comment-branch.outputs.result).num }} | |
PR_repo: ${{ fromJSON(steps.comment-branch.outputs.result).repo }} | |
permissions: | |
pull-requests: read | |
steps: | |
- uses: actions/github-script@v7 | |
id: comment-branch | |
with: | |
script: | | |
const result = await github.rest.pulls.get ({ | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
pull_number: context.issue.number | |
}) | |
return { repo: result.data.head.repo.full_name, num: result.data.number, sha: result.data.head.sha, ref: result.data.head.ref } | |
start-comment: | |
runs-on: ubuntu-latest | |
needs: [check-before-build] | |
permissions: | |
pull-requests: write | |
steps: | |
- name: Leave Actions Run Comment | |
uses: actions/github-script@v7 | |
with: | |
script: | | |
const runURL = `https://github.com/${context.repo.owner}/${context.repo.repo}/actions/runs/${{ github.run_id }}`; | |
const currentTime = new Date().toLocaleString('en-US', { timeZone: 'America/Toronto' }); | |
const commentBody = `Workflow started at ${currentTime}. [View Actions Run](${runURL}).`; | |
github.rest.issues.createComment({ | |
issue_number: context.issue.number, | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
body: commentBody | |
}); | |
build-and-test: | |
needs: [checkout-branch] | |
# runs-on: ubuntu-latest | |
runs-on: ubuntu-24.04 | |
env: | |
deps-cache-name: cache-yarn | |
build-cache-name: cache-webpack | |
name: Build and test | |
permissions: | |
packages: write | |
contents: read | |
pull-requests: write | |
statuses: write | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
repository: ${{ needs.checkout-branch.outputs.PR_repo }} | |
ref: ${{ needs.checkout-branch.outputs.PR_head_ref }} | |
submodules: true | |
fetch-depth: 0 | |
- uses: actions/setup-java@v4 | |
with: | |
java-version: '21' | |
distribution: 'temurin' | |
cache: 'maven' | |
- run: git submodule init && git submodule update | |
- name: Cache yarn packages | |
uses: actions/cache@v4 | |
with: | |
path: "./src/main/webui/.yarn/cache" | |
key: ${{ runner.os }}-build-${{ env.deps-cache-name }}-${{ hashFiles('**/yarn.lock') }} | |
restore-keys: | | |
${{ runner.os }}-build-${{ env.deps-cache-name }}- | |
${{ runner.os }}-build- | |
${{ runner.os }}- | |
- name: Cache frontend build | |
uses: actions/cache@v4 | |
with: | |
path: "./src/main/webui/.build_cache" | |
key: ${{ runner.os }}-build-${{ env.build-cache-name }}-${{ hashFiles('**/yarn.lock') }} | |
restore-keys: | | |
${{ runner.os }}-build-${{ env.build-cache-name }}- | |
${{ runner.os }}-build- | |
${{ runner.os }}- | |
- name: Initialize web assets | |
run: | | |
cd src/main/webui | |
yarn install && yarn yarn:frzinstall | |
cd - | |
- name: Ensure podman 4+ and podman-docker installed | |
run: sudo apt update && sudo apt -y satisfy "podman (>= 4.0), podman-docker" | |
- name: Set up testcontainers for podman | |
run: | | |
echo ryuk.container.privileged=true > ~/.testcontainers.properties | |
echo docker.client.strategy=org.testcontainers.dockerclient.UnixSocketClientProviderStrategy >> ~/.testcontainers.properties | |
echo testcontainers.reuse.enable=false >> ~/.testcontainers.properties | |
- name: Start Podman API | |
run: systemctl --user enable --now podman.socket | |
- name: Set DOCKER_HOST environment variable | |
run: echo "DOCKER_HOST=unix:///run/user/$(id -u)/podman/podman.sock" >> "$GITHUB_ENV" | |
- name: Build application | |
run: ./mvnw -B -U clean verify | |
- name: Add workflow result as comment on PR | |
uses: actions/github-script@v7 | |
if: always() | |
with: | |
script: | | |
const name = '${{github.workflow}}'; | |
const url = '${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}'; | |
const success = '${{ job.status }}' === 'success'; | |
const body = `${name}: ${success ? 'All tests pass ✅' : 'At least one test failed ❌'}\n${url}`; | |
github.rest.issues.createComment({ | |
issue_number: context.issue.number, | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
body: body | |
}) | |
- name: Set latest commit status as ${{ job.status }} | |
uses: myrotvorets/set-commit-status-action@master | |
if: always() | |
with: | |
sha: ${{ needs.checkout-branch.outputs.PR_head_sha}} | |
token: ${{ secrets.GITHUB_TOKEN }} | |
status: ${{ job.status }} | |
update-schemas: | |
needs: [checkout-branch] | |
runs-on: ubuntu-latest | |
outputs: | |
OPENAPI_STATUS: ${{ steps.schema-update.outputs.openapi_status }} | |
OPENAPI_DIFF_FILE: ${{ steps.schema-update.outputs.openapi_diff_file }} | |
GRAPHQL_STATUS: ${{ steps.schema-update.outputs.graphql_status }} | |
GRAPHQL_DIFF_FILE: ${{ steps.schema-update.outputs.graphql_diff_file }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
repository: ${{ needs.checkout-branch.outputs.PR_repo }} | |
ref: ${{ needs.checkout-branch.outputs.PR_head_ref }} | |
submodules: true | |
fetch-depth: 0 | |
- uses: actions/setup-java@v4 | |
with: | |
java-version: '21' | |
distribution: 'temurin' | |
cache: 'maven' | |
- run: git submodule init && git submodule update | |
- name: Update schemas | |
id: schema-update | |
run: | | |
set -x | |
mkdir "${HOME}/bin" | |
wget https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 -O "${HOME}/bin/yq" | |
chmod +x "${HOME}/bin/yq" | |
export PATH="${HOME}/bin:${PATH}" | |
bash /home/runner/work/cryostat/cryostat/schema/update.bash 90 15 | |
set +e | |
git diff -U10 --exit-code /home/runner/work/cryostat/cryostat/schema/openapi.yaml > /home/runner/work/openapi.diff | |
echo "openapi_status=$?" >> "$GITHUB_OUTPUT" | |
echo "openapi_diff_file=openapi.diff" >> "$GITHUB_OUTPUT" | |
git diff -U10 --exit-code /home/runner/work/cryostat/cryostat/schema/schema.graphql > /home/runner/work/graphql.diff | |
echo "graphql_status=$?" >> "$GITHUB_OUTPUT" | |
echo "graphql_diff_file=graphql.diff" >> "$GITHUB_OUTPUT" | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: openapi-diff | |
path: /home/runner/work/openapi.diff | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: graphql-diff | |
path: /home/runner/work/graphql.diff | |
compare-openapi-schema: | |
needs: [update-schemas] | |
runs-on: ubuntu-latest | |
permissions: | |
pull-requests: write | |
steps: | |
- uses: actions/download-artifact@v4 | |
with: | |
name: openapi-diff | |
- name: Comment schema check result | |
uses: actions/github-script@v7 | |
with: | |
script: | | |
const diffFmt = s => { | |
return "```diff\n" + s + "\n```"; | |
}; | |
const commentBody = ${{ needs.update-schemas.outputs.OPENAPI_STATUS }} == '0' | |
? `No OpenAPI schema changes detected.` | |
: `OpenAPI schema change detected:\n\n${diffFmt(require('fs').readFileSync('${{ needs.update-schemas.outputs.OPENAPI_DIFF_FILE }}'))}`; | |
github.rest.issues.createComment({ | |
issue_number: context.issue.number, | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
body: commentBody | |
}); | |
compare-graphql-schema: | |
needs: [update-schemas] | |
runs-on: ubuntu-latest | |
permissions: | |
pull-requests: write | |
steps: | |
- uses: actions/download-artifact@v4 | |
with: | |
name: graphql-diff | |
- name: Comment schema check result | |
uses: actions/github-script@v7 | |
with: | |
script: | | |
const diffFmt = s => { | |
return "```diff\n" + s + "\n```"; | |
}; | |
const commentBody = ${{ needs.update-schemas.outputs.GRAPHQL_STATUS }} == '0' | |
? `No GraphQL schema changes detected.` | |
: `GraphQL schema change detected:\n\n${diffFmt(require('fs').readFileSync('${{ needs.update-schemas.outputs.GRAPHQL_DIFF_FILE }}'))}`; | |
github.rest.issues.createComment({ | |
issue_number: context.issue.number, | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
body: commentBody | |
}); | |
auto-commit-schemas: | |
needs: [compare-graphql-schema, compare-openapi-schema, checkout-branch, update-schemas] | |
runs-on: ubuntu-latest | |
permissions: | |
contents: write | |
pull-requests: write | |
if: needs.update-schemas.outputs.OPENAPI_STATUS != '0' || needs.update-schemas.outputs.GRAPHQL_STATUS != '0' | |
steps: | |
- name: Check out PR branch | |
uses: actions/checkout@v4 | |
with: | |
repository: ${{ needs.checkout-branch.outputs.PR_repo }} | |
ref: ${{ needs.checkout-branch.outputs.PR_head_ref }} | |
submodules: true | |
fetch-depth: 0 | |
- name: Import GPG key | |
uses: crazy-max/ghaction-import-gpg@v6 | |
with: | |
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} | |
passphrase: ${{ secrets.GPG_PASSPHRASE }} | |
git_config_global: true | |
git_user_signingkey: true | |
git_commit_gpgsign: true | |
- name: Download OpenAPI diff | |
uses: actions/download-artifact@v4 | |
with: | |
name: openapi-diff | |
path: diffs | |
- name: Download GraphQL diff | |
uses: actions/download-artifact@v4 | |
with: | |
name: graphql-diff | |
path: diffs | |
- name: List downloaded files | |
run: ls -l diffs/ | |
- name: Apply OpenAPI diff | |
if: needs.update-schemas.outputs.OPENAPI_STATUS != '0' | |
run: | | |
patch -p1 < diffs/openapi.diff | |
echo "Contents of OpenAPI schema after patch:" | |
cat schema/openapi.yaml | |
- name: Apply GraphQL diff | |
if: needs.update-schemas.outputs.GRAPHQL_STATUS != '0' | |
run: | | |
patch -p1 < diffs/graphql.diff | |
echo "Contents of GraphQL schema after patch:" | |
cat schema/schema.graphql | |
- name: Commit and push schema changes | |
run: | | |
git add schema/openapi.yaml schema/schema.graphql | |
git commit -S -m "chore(schema): automatic update" | |
git push origin ${{ needs.checkout-branch.outputs.PR_head_ref }} | |
- name: Comment on schema update | |
uses: actions/github-script@v7 | |
with: | |
script: | | |
const prNumber = ${{ needs.checkout-branch.outputs.PR_num }}; | |
const comment = "Schema changes committed by the CI."; | |
github.rest.issues.createComment({ | |
issue_number: prNumber, | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
body: comment | |
}); |