From cf31789bd1d48f5f44982b846b078c9fd03c708e Mon Sep 17 00:00:00 2001 From: rakeshkumar1019 Date: Wed, 13 Mar 2024 12:46:44 +0530 Subject: [PATCH 01/45] WEBUI-1377: integrate-veracode in github action --- .github/workflows/veracode.yml | 108 ++++++++++++++------------------- 1 file changed, 45 insertions(+), 63 deletions(-) diff --git a/.github/workflows/veracode.yml b/.github/workflows/veracode.yml index 9b3ab5e9d3..7ed1ffb44e 100644 --- a/.github/workflows/veracode.yml +++ b/.github/workflows/veracode.yml @@ -12,8 +12,8 @@ on: # The branches below must be a subset of the branches above branches: [ "maintenance-3.0.x" ] schedule: - # At 01:00 on Sunday - - cron: '0 1 * * SUN' + # At 20:00 every day + - cron: '0 20 * * *' workflow_call: inputs: branch: @@ -65,7 +65,7 @@ jobs: - uses: actions/setup-node@v1 with: registry-url: ${{ env.NPM_REPOSITORY }} - node-version: 14 + node-version: 18 scope: '@nuxeo' - uses: actions/setup-java@v2 @@ -113,6 +113,7 @@ jobs: echo "ELEMENTS_HELPERS=$(npm pack 2>&1 | tail -1)" >> $GITHUB_ENV popd popd + - name: Link elements to Web UI run: | npm install --no-package-lock --@nuxeo:registry="${{ env.NPM_REPOSITORY }}" nuxeo-elements/core/${ELEMENTS_CORE} @@ -130,64 +131,45 @@ jobs: ' > ~/.m2/settings.xml - - name: Nuxeo package build - run: mvn install -DskipInstall - - name: Archive packages - uses: actions/upload-artifact@v2 - with: - name: packages - path: | - plugin/web-ui/marketplace/target/nuxeo-web-ui-marketplace-*.zip - - # download the Veracode Static Analysis Pipeline scan jar - - run: curl --silent --show-error --fail -O https://downloads.veracode.com/securityscan/pipeline-scan-LATEST.zip - - run: unzip -o pipeline-scan-LATEST.zip - - name: Code Scanning - id: code_scanning - run: java -jar pipeline-scan.jar --veracode_api_id "${{secrets.VERACODE_API_ID}}" --veracode_api_key "${{secrets.VERACODE_API_KEY}}" --fail_on_severity="Very High, High" --summary_output=true --file plugin/web-ui/marketplace/target/nuxeo-web-ui-marketplace-*.zip - continue-on-error: true - - name: Convert pipeline scan output to SARIF format - id: convert - uses: Veracode/veracode-pipeline-scan-results-to-sarif@v1.0.5 - with: - pipeline-results-json: results.json - output-results-sarif: veracode-results.sarif - finding-rule-level: "4:3:0" - - name: Upload SARIF file to repository - uses: github/codeql-action/upload-sarif@v2 - with: - # Path to SARIF file relative to the root of the repository - sarif_file: veracode-results.sarif - - name: Slack notification - if: (github.event_name == 'pull_request' || github.event_name == 'schedule') - uses: slackapi/slack-github-action@v1.23.0 - env: - REPO_URL: ${{ github.server_url }}/${{ github.repository }} - SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} - SLACK_CHANNEL_ID: ${{ secrets.SLACK_CHANNEL_ID }} - with: - channel-id: ${{ env.SLACK_CHANNEL_ID }} - payload: | - { - "text": "<${{ env.REPO_URL }}/actions/runs/${{ github.run_id }}|Code scanning> ${{ steps.code_scanning.outcome }} in nuxeo/nuxeo-web-ui <${{ env.REPO_URL }}/commit/${{ github.sha }}|${{ github.ref_name }}>", - "blocks": [ - { - "type": "section", - "text": { - "type": "mrkdwn", - "text": "<${{ env.REPO_URL }}/actions/runs/${{ github.run_id }}|Code scanning> ${{ job.status }} in nuxeo/nuxeo-WEB-UI <${{ env.REPO_URL }}/commit/${{ github.sha }}|${{ github.ref_name }}>" - } - } - ] - } - - name: Send scan result summary to slack - uses: crederauk/slack-workflow-summary@v1.2.2 - with: - github-token: ${{ secrets.GITHUB_TOKEN }} - slack-webhook-url: ${{ secrets.SLACK_WEBHOOK_URL }} - - name: Send scan result file to slack - uses: adrey/slack-file-upload-action@master + + - name: Delete Node Modules + run: | + rm -rf node_modules + rm -rf packages/nuxeo-designer-catalog/node_modules + rm -rf packages/nuxeo-web-ui-ftest/node_modules + rm -rf plugin/a11y/node_modules + + - name: Delete Test Folders + run: | + rm -rf nuxeo-elements/testing-helpers/ + rm -rf nuxeo-elements/ui/test/ + rm -rf nuxeo-elements/storybook/ + rm -rf ftest/ + rm -rf plugin/ + rm -rf scripts/ + rm -rf test/ + rm -rf packages/nuxeo-web-ui-ftest/ + + - name: Install zip + run: sudo apt-get install zip + + - name: Zip nuxeo-web-ui + run: zip -r nuxeo-web-ui-${{ steps.get-tag.outputs.TAG }}.zip * + + - name: Get Latest Tag + id: get-tag + run: echo "::set-output name=TAG::$(git describe --tags --abbrev=0)" + + - name: Veracode Upload And Scan + uses: veracode/veracode-uploadandscan-action@0.2.6 with: - token: ${{ secrets.SLACK_BOT_TOKEN }} - path: results.txt - channel: ${{ secrets.SLACK_CHANNEL_ID }} + appname: 'Nuxeo Web UI' + createprofile: false + filepath: 'nuxeo-web-ui-${{ steps.get-tag.outputs.TAG }}.zip' + vid: '${{ secrets.VERACODE_SECRET_API_ID }}' + vkey: '${{ secrets.VERACODE_SECRET_KEY }}' + sandboxname: 'master' + scantimeout: 600 + include: '*.war, *.zip, *.js, *.html, *.css, *.json' + criticality: 'VeryHigh' + includenewmodules: 'true' \ No newline at end of file From 9be84e7821c7a4fa4250382d7123b1ed45dd1140 Mon Sep 17 00:00:00 2001 From: rakeshkumar1019 Date: Thu, 14 Mar 2024 12:35:44 +0530 Subject: [PATCH 02/45] add .npmrc --- .github/workflows/veracode.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/.github/workflows/veracode.yml b/.github/workflows/veracode.yml index 7ed1ffb44e..a74a3b18fb 100644 --- a/.github/workflows/veracode.yml +++ b/.github/workflows/veracode.yml @@ -96,6 +96,16 @@ jobs: path: nuxeo-elements fetch-depth: 1 ref: ${{ steps.pick_nuxeo_elements_branch.outputs.branch }} + + - name: add .npmrc + run: | + touch .npmrc + echo ' + packages.nuxeo.com/repository/npm-public/:_auth=${NODE_AUTH_TOKEN} + @nuxeo:registry=https://packages.nuxeo.com/repository/npm-public/ + always-auth=true + ' >> .npmrc + cat .npmrc - name: Pack Elements modules run: | From d9ff737fd1c07d1f665615aa2731395bed9edec0 Mon Sep 17 00:00:00 2001 From: rakeshkumar1019 Date: Thu, 14 Mar 2024 12:45:48 +0530 Subject: [PATCH 03/45] add .npmrc --- .github/workflows/veracode.yml | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/.github/workflows/veracode.yml b/.github/workflows/veracode.yml index a74a3b18fb..328045d6ea 100644 --- a/.github/workflows/veracode.yml +++ b/.github/workflows/veracode.yml @@ -96,15 +96,18 @@ jobs: path: nuxeo-elements fetch-depth: 1 ref: ${{ steps.pick_nuxeo_elements_branch.outputs.branch }} - + - name: add .npmrc run: | + cat .npmrc + echo "-------------------" touch .npmrc echo ' - packages.nuxeo.com/repository/npm-public/:_auth=${NODE_AUTH_TOKEN} - @nuxeo:registry=https://packages.nuxeo.com/repository/npm-public/ - always-auth=true + packages.nuxeo.com/repository/npm-public/:_auth=${NODE_AUTH_TOKEN} + @nuxeo:registry=https://packages.nuxeo.com/repository/npm-public/ + always-auth=true ' >> .npmrc + echo "-------------------" cat .npmrc - name: Pack Elements modules From 8c43267ad0e9bcc5ed8e067f08aa0d9215cde482 Mon Sep 17 00:00:00 2001 From: rakeshkumar1019 Date: Thu, 14 Mar 2024 12:49:53 +0530 Subject: [PATCH 04/45] add .npmrc --- .github/workflows/veracode.yml | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/.github/workflows/veracode.yml b/.github/workflows/veracode.yml index 328045d6ea..76e75d5ee3 100644 --- a/.github/workflows/veracode.yml +++ b/.github/workflows/veracode.yml @@ -110,6 +110,21 @@ jobs: echo "-------------------" cat .npmrc + - name: add .npmrc again + run: | + pushd /tmp/_temp/ + echo "-------------------" + ls + echo "-------------------" + rm .npmrc + touch .npmrc + popd + echo ' + packages.nuxeo.com/repository/npm-public/:_auth=${NODE_AUTH_TOKEN} + @nuxeo:registry=https://packages.nuxeo.com/repository/npm-public/ + always-auth=true + ' >> /tmp/_temp/.npmrc + - name: Pack Elements modules run: | pushd nuxeo-elements From cd352b4f2a37b2abe29846602869cd30478a05f2 Mon Sep 17 00:00:00 2001 From: rakeshkumar1019 Date: Thu, 14 Mar 2024 12:54:45 +0530 Subject: [PATCH 05/45] add .npmrc --- .github/workflows/veracode.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/veracode.yml b/.github/workflows/veracode.yml index 76e75d5ee3..a5c3d85350 100644 --- a/.github/workflows/veracode.yml +++ b/.github/workflows/veracode.yml @@ -110,6 +110,9 @@ jobs: echo "-------------------" cat .npmrc + - name: Create Temp Folder + run: mkdir -p /tmp/_temp/ + - name: add .npmrc again run: | pushd /tmp/_temp/ From 507a42196c6628cad899aa5276c296a375f80f4e Mon Sep 17 00:00:00 2001 From: rakeshkumar1019 Date: Thu, 14 Mar 2024 13:05:14 +0530 Subject: [PATCH 06/45] add .npmrc --- .github/workflows/veracode.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/veracode.yml b/.github/workflows/veracode.yml index a5c3d85350..6edf579ded 100644 --- a/.github/workflows/veracode.yml +++ b/.github/workflows/veracode.yml @@ -119,7 +119,6 @@ jobs: echo "-------------------" ls echo "-------------------" - rm .npmrc touch .npmrc popd echo ' From b120de06122e97b81998cd706ce87de0b162ca7d Mon Sep 17 00:00:00 2001 From: rakeshkumar1019 Date: Thu, 14 Mar 2024 13:09:55 +0530 Subject: [PATCH 07/45] ls -al --- .github/workflows/veracode.yml | 28 +--------------------------- 1 file changed, 1 insertion(+), 27 deletions(-) diff --git a/.github/workflows/veracode.yml b/.github/workflows/veracode.yml index 6edf579ded..560d4939b6 100644 --- a/.github/workflows/veracode.yml +++ b/.github/workflows/veracode.yml @@ -99,33 +99,7 @@ jobs: - name: add .npmrc run: | - cat .npmrc - echo "-------------------" - touch .npmrc - echo ' - packages.nuxeo.com/repository/npm-public/:_auth=${NODE_AUTH_TOKEN} - @nuxeo:registry=https://packages.nuxeo.com/repository/npm-public/ - always-auth=true - ' >> .npmrc - echo "-------------------" - cat .npmrc - - - name: Create Temp Folder - run: mkdir -p /tmp/_temp/ - - - name: add .npmrc again - run: | - pushd /tmp/_temp/ - echo "-------------------" - ls - echo "-------------------" - touch .npmrc - popd - echo ' - packages.nuxeo.com/repository/npm-public/:_auth=${NODE_AUTH_TOKEN} - @nuxeo:registry=https://packages.nuxeo.com/repository/npm-public/ - always-auth=true - ' >> /tmp/_temp/.npmrc + ls -al - name: Pack Elements modules run: | From f7e1cb44340cdad31021ae7f0b10e39fd58e08c9 Mon Sep 17 00:00:00 2001 From: rakeshkumar1019 Date: Thu, 14 Mar 2024 13:24:06 +0530 Subject: [PATCH 08/45] disable other checks --- .github/workflows/a11y.yaml | 79 ---------- .github/workflows/catalog.yaml | 155 ------------------- .github/workflows/cross-repo.yaml | 241 ------------------------------ .github/workflows/crowdin.yaml | 59 -------- .github/workflows/ftest.yaml | 165 -------------------- .github/workflows/lint.yaml | 42 ------ .github/workflows/main.yaml | 147 ------------------ .github/workflows/preview.yaml | 197 ------------------------ .github/workflows/promote.yaml | 164 -------------------- .github/workflows/test.yaml | 48 ------ .github/workflows/veracode.yml | 5 +- 11 files changed, 4 insertions(+), 1298 deletions(-) diff --git a/.github/workflows/a11y.yaml b/.github/workflows/a11y.yaml index f7b058ec7f..e69de29bb2 100644 --- a/.github/workflows/a11y.yaml +++ b/.github/workflows/a11y.yaml @@ -1,79 +0,0 @@ -name: A11y - -on: - pull_request: - branches: - - maintenance-3.0.x - workflow_call: - inputs: - branch: - description: 'The current branch' - default: maintenance-3.0.x - type: string - required: false - secrets: - NPM_PACKAGES_TOKEN: - description: 'NPM_PACKAGES_TOKEN' - required: true - PACKAGES_AUTH_USER: - description: 'PACKAGES_AUTH_USER' - required: true - PACKAGES_AUTH_TOKEN: - description: 'PACKAGES_AUTH_TOKEN' - required: true - -env: - REFERENCE_BRANCH: maintenance-3.0.x - NPM_REPOSITORY: https://packages.nuxeo.com/repository/npm-public/ - BRANCH_NAME: ${{ github.head_ref || inputs.branch || 'maintenance-3.0.x' }} - -jobs: - a11y: - runs-on: [self-hosted, master] - steps: - - uses: actions/checkout@v2 - with: - ref: ${{ env.BRANCH_NAME }} - - - run: git config user.name "nuxeo-webui-jx-bot" && git config user.email "webui@hyland.com" - - - uses: actions/setup-node@v3 - with: - registry-url: ${{ env.NPM_REPOSITORY }} - node-version: 18 - scope: '@nuxeo' - - - name: Install Web UI - env: - NODE_AUTH_TOKEN: ${{ secrets.NPM_PACKAGES_TOKEN }} - run: | - npm install - pushd packages/nuxeo-web-ui-ftest - npm install - popd - pushd packages/nuxeo-designer-catalog - npm install - popd - - - uses: actions/setup-java@v2 - with: - distribution: 'zulu' - java-version: '11' - - - name: 'Update settings.xml with server configuration' - run: | - echo ' - - - maven-internal - ${{ secrets.PACKAGES_AUTH_USER }} - ${{ secrets.PACKAGES_AUTH_TOKEN }} - - - ' > ~/.m2/settings.xml - - - name: Web UI build - run: mvn -B -ntp install - - - name: A11y checks - run: mvn -B -ntp -f plugin/a11y install diff --git a/.github/workflows/catalog.yaml b/.github/workflows/catalog.yaml index 77e0756c3d..e69de29bb2 100644 --- a/.github/workflows/catalog.yaml +++ b/.github/workflows/catalog.yaml @@ -1,155 +0,0 @@ -# This workflow generates a new version of the catalog used by Nuxeo Studio Designer. -# Note: some Catalog dependencies require Node 10.x to work. -name: Designer Catalog Generator - -on: - workflow_dispatch: - inputs: - target_platform: - description: 'The Nuxeo server target platform to build the catalog for.' - default: '11.3' - required: true - branch_name: - description: 'The name of the Nuxeo Web UI branch to generate the catalog for.' - default: 'maintenance-3.0.x' - required: true - classifier: - description: 'Classifier to name a custom version of the catalog (used for testing purposes).' - default: '' - required: false - - release: - types: [published] - -env: - ARTIFACT_ID: view-designer-catalog - GROUP_ID: org.nuxeo.web.ui.studio - -jobs: - catalog: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - - run: git config --global user.name "nuxeo-webui-jx-bot" && git config --global user.email "webui@hyland.com" - - - uses: actions/setup-node@v3 - with: - node-version: 14 - - - uses: actions/setup-java@v3 - with: - distribution: 'zulu' - java-version: '11' - - - name: 'Update settings.xml with server configuration' - run: | - echo ' - - - maven-internal - external:* - https://packages.nuxeo.com/repository/maven-internal/ - - - - - nos-team - nuxeo-webui-jx-bot - ${{ secrets.WEBUI_JX_BOT_GITHUB_ACTIONS_TOKEN }} - - - maven-internal - ${{ secrets.PACKAGES_AUTH_USER }} - ${{ secrets.PACKAGES_AUTH_TOKEN }} - - - maven-public-releases - ${{ secrets.PACKAGES_AUTH_USER }} - ${{ secrets.PACKAGES_AUTH_TOKEN }} - - - maven-public-snapshots - ${{ secrets.PACKAGES_AUTH_USER }} - ${{ secrets.PACKAGES_AUTH_TOKEN }} - - - ' > ~/.m2/settings.xml - - - name: Install libxml2-utils (xmllint) - run: sudo apt-get update && sudo apt-get install -y libxml2-utils - - - name: Setup parameters (release) - if: github.event_name == 'release' - working-directory: packages/nuxeo-designer-catalog - run: | - echo "BRANCH_NAME=v${GITHUB_HEAD_REF##*/}" >> $GITHUB_ENV - echo "TARGET_PLATFORM=11.3" >> $GITHUB_ENV - - - name: Setup parameters (workflow_dispatch) - if: github.event_name == 'workflow_dispatch' - run: | - echo "BRANCH_NAME=${{ github.event.inputs.branch_name }}" >> $GITHUB_ENV - echo "TARGET_PLATFORM=${{ github.event.inputs.target_platform }}" >> $GITHUB_ENV - - - name: Install dependencies - working-directory: packages/nuxeo-designer-catalog - run: | - npm install - npm install -g gulp - - - name: Generate catalog - working-directory: packages/nuxeo-designer-catalog - run: | - gulp catalog --tp $TARGET_PLATFORM --webui-branch $BRANCH_NAME - gulp hints --tp $TARGET_PLATFORM - - - name: Bundle the catalog - run: | - sudo chmod +r pom.xml - CATALOG_VERSION=$(xmllint --xpath "//*[local-name()='project']/*[local-name()='version']/text()" pom.xml)${{ github.event.inputs.classifier }} - pushd packages/nuxeo-designer-catalog/data/applications/nuxeo/${{ env.TARGET_PLATFORM }} - echo "CATALOG_VERSION=$CATALOG_VERSION" >> $GITHUB_ENV - CATALOG_NAME=$ARTIFACT_ID-$CATALOG_VERSION.zip - echo "CATALOG_NAME=$CATALOG_NAME" >> $GITHUB_ENV - zip -q -r $CATALOG_NAME nuxeo-web-ui data hints catalog.json - popd - - - name: Archive catalog - uses: actions/upload-artifact@v3 - with: - name: catalog - path: packages/nuxeo-designer-catalog/data/applications/nuxeo/${{ env.TARGET_PLATFORM }}/${{ env.CATALOG_NAME }} - - - name: Upload catalog - working-directory: packages/nuxeo-designer-catalog - run: | - MVN_REPO_ID=maven-public-releases - MVN_REPO_URL=https://packages.nuxeo.com/repository/maven-public-releases/ - if [[ $CATALOG_VERSION == *-SNAPSHOT ]]; then - MVN_REPO_ID=maven-public-snapshots - MVN_REPO_URL=https://packages.nuxeo.com/repository/maven-public-snapshots/ - fi - - pushd data/applications/nuxeo/$TARGET_PLATFORM - mvn deploy:deploy-file -Dfile=$CATALOG_NAME -DgroupId=$GROUP_ID -DartifactId=$ARTIFACT_ID -Dversion=$CATALOG_VERSION -Dpackaging=zip -DrepositoryId=$MVN_REPO_ID -Durl=$MVN_REPO_URL - popd - - - name: Checkout NOS repository - uses: actions/checkout@v3 - with: - repository: nuxeo/nos - token: ${{ secrets.WEBUI_JX_BOT_GITHUB_ACTIONS_TOKEN }} - path: nos - - - name: Create pull request for catalog update in NOS - working-directory: nos - env: - GH_TOKEN: ${{ secrets.WEBUI_JX_BOT_GITHUB_ACTIONS_TOKEN }} - run: | - git checkout -b designer-catalog-update-$CATALOG_VERSION - mvn versions:set-property -Dproperty=view.designer.catalog.11.3 -DnewVersion=$CATALOG_VERSION - git add . - git commit -m "Update Designer catalog with version $CATALOG_VERSION" - git push origin designer-catalog-update-$CATALOG_VERSION - gh pr create --base master --fill \ No newline at end of file diff --git a/.github/workflows/cross-repo.yaml b/.github/workflows/cross-repo.yaml index dd907a26ca..e69de29bb2 100644 --- a/.github/workflows/cross-repo.yaml +++ b/.github/workflows/cross-repo.yaml @@ -1,241 +0,0 @@ -# This workflow is not intended to be triggered manually from the Web UI repository, -# but to be called from the Elements repository cross repo check instead. -name: Cross repo check - -on: - workflow_dispatch: - inputs: - branch_name: - description: 'The name of the branch to build.' - default: 'maintenance-3.0.x' - required: true - sauce_labs: - description: 'Run unit tests on Sauce Labs?' - default: true - type: boolean - required: false - skip_ftests: - description: 'Skip functional tests?' - type: boolean - required: false - skip_a11y: - description: 'Skip accessibility tests?' - type: boolean - required: false - skip_unit_tests: - description: 'Skip unit tests?' - type: boolean - required: false - generate_metrics: - description: 'Generate metrics report?' - type: boolean - required: false - run_all: - description: 'Skip fail fast premise?' - type: boolean - required: false - bail: - description: 'Number of failed features to stop test runner (0 means not applicable).' - default: 0 - required: false - caller_id: - description: 'run identifier' - default: 'maintenance-3.0.x' - type: string - required: false - -env: - REFERENCE_BRANCH: maintenance-3.0.x - NPM_REPOSITORY: https://packages.nuxeo.com/repository/npm-public/ - -jobs: - id: - name: Remote Caller ID ${{ github.event.inputs.caller_id }} - runs-on: ubuntu-latest - steps: - - name: ${{ github.event.inputs.id }} - run: echo run identifier ${{ github.event.inputs.id }} - build: - name: Build - needs: id - runs-on: [ self-hosted, master ] - steps: - - name: Build parameters - run: echo '${{ toJSON(github.event.inputs) }}' - - - uses: actions/setup-node@v3 - with: - registry-url: ${{ env.NPM_REPOSITORY }} - scope: '@nuxeo' - node-version: 18 - - - uses: actions/setup-java@v2 - with: - distribution: 'zulu' - java-version: '11' - - - name: Determine nuxeo-web-ui branch to use - uses: nuxeo/ui-team-gh-actions/get-branch@ca09d5c52a62e297502d3572c36d813be927982a - id: pick_nuxeo_web_ui_branch - with: - repository: nuxeo/nuxeo-web-ui - branch: ${{ github.event.inputs.branch_name }} - default-branch: ${{ env.REFERENCE_BRANCH }} - - - name: Determine nuxeo-elements branch to use - id: pick_nuxeo_elements_branch - uses: nuxeo/ui-team-gh-actions/get-branch@ca09d5c52a62e297502d3572c36d813be927982a - with: - repository: nuxeo/nuxeo-elements - branch: ${{ github.event.inputs.branch_name }} - default-branch: ${{ env.REFERENCE_BRANCH }} - - - name: Checkout nuxeo-web-ui repo - uses: actions/checkout@v2 - with: - repository: nuxeo/nuxeo-web-ui - ref: ${{ steps.pick_nuxeo_web_ui_branch.outputs.branch }} - - - name: Install Web UI - env: - NODE_AUTH_TOKEN: ${{ secrets.NPM_PACKAGES_TOKEN }} - run: | - npm install - pushd packages/nuxeo-web-ui-ftest - npm install - popd - pushd packages/nuxeo-designer-catalog - npm install - popd - - - name: Lint Web UI - run: npm run lint - - - name: Checkout the nuxeo-elements repo - uses: actions/checkout@v2 - with: - repository: nuxeo/nuxeo-elements - path: nuxeo-elements - fetch-depth: 1 - ref: ${{ steps.pick_nuxeo_elements_branch.outputs.branch }} - - - name: Pack Elements modules - run: | - pushd nuxeo-elements - pushd core - echo "ELEMENTS_CORE=$(npm pack 2>&1 | tail -1)" >> $GITHUB_ENV - popd - - pushd ui - echo "ELEMENTS_UI=$(npm pack 2>&1 | tail -1)" >> $GITHUB_ENV - popd - - pushd dataviz - echo "ELEMENTS_DATAVIZ=$(npm pack 2>&1 | tail -1)" >> $GITHUB_ENV - popd - - pushd testing-helpers - echo "ELEMENTS_HELPERS=$(npm pack 2>&1 | tail -1)" >> $GITHUB_ENV - popd - popd - - - name: Add .npmrc - run: | - pushd /tmp/_temp/ - rm .npmrc - touch .npmrc - popd - echo ' - packages.nuxeo.com/repository/npm-public/:_auth=${NODE_AUTH_TOKEN} - @nuxeo:registry=https://packages.nuxeo.com/repository/npm-public/ - always-auth=true - ' >> /tmp/_temp/.npmrc - - - name: Link elements to Web UI - run: | - npm install --no-package-lock --@nuxeo:registry="${{ env.NPM_REPOSITORY }}" nuxeo-elements/core/${ELEMENTS_CORE} - npm install --no-package-lock --@nuxeo:registry="${{ env.NPM_REPOSITORY }}" nuxeo-elements/ui/${ELEMENTS_UI} - npm install --no-package-lock --@nuxeo:registry="${{ env.NPM_REPOSITORY }}" nuxeo-elements/dataviz/${ELEMENTS_DATAVIZ} - npm install --no-package-lock --@nuxeo:registry="${{ env.NPM_REPOSITORY }}" nuxeo-elements/testing-helpers/${ELEMENTS_HELPERS} - - - name: Web UI Unit tests - if: ${{ github.event.inputs.skip_unit_tests == 'false' && github.event.inputs.sauce_labs == 'false' }} - run: npm run test - - - name: Web UI Unit tests (Sauce Labs) - if: ${{ github.event.inputs.skip_unit_tests == 'false' && github.event.inputs.sauce_labs == 'true' }} - env: - SAUCE_USERNAME: nuxeo-web-ui - SAUCE_ACCESS_KEY: ${{ secrets.SAUCE_ACCESS_KEY }} - run: npm run test - - - name: 'Update settings.xml with server configuration' - run: | - echo ' - - - maven-internal - ${{ secrets.PACKAGES_AUTH_USER }} - ${{ secrets.PACKAGES_AUTH_TOKEN }} - - - ' > ~/.m2/settings.xml - - - name: Nuxeo package build and Ftests - env: - RUN_ALL: ${{ github.event.inputs.run_all }} - BAIL: ${{ github.event.inputs.bail }} - run: | - profiles=() - if [ ${{ github.event.inputs.skip_ftests }} = "false" ] - then - profiles+=('ftest') - fi - if ${{ github.event.inputs.generate_metrics }} - then - profiles+=('metrics') - fi - active_profiles="" - if [ ${#profiles[@]} -gt 0 ] - then - active_profiles="-P$(printf -v active_profiles '%s,' "${profiles[@]}" && echo "${active_profiles%,}")" - fi - mvn install -ntp $active_profiles -DskipInstall - - - name: A11y checks - if: ${{ github.event.inputs.skip_a11y == 'false' }} - run: | - mvn -B -nsu -f plugin/a11y -ntp install - - - name: Archive cucumber reports - if: ${{ always() }} - uses: actions/upload-artifact@v2 - with: - name: cucumber-reports - path: | - ftest/target/cucumber-reports/ - - - name: Archive screenshots - if: ${{ failure() }} - uses: actions/upload-artifact@v2 - with: - name: screenshots - path: ftest/target/screenshots/ - - - name: Archive logs - if: ${{ always() }} - uses: actions/upload-artifact@v2 - with: - name: logs - path: | - **/log/*.log - **/nxserver/config/distribution.properties - - - name: Archive packages - if: ${{ always() }} - uses: actions/upload-artifact@v2 - with: - name: packages - path: | - plugin/web-ui/marketplace/target/nuxeo-web-ui-marketplace-*.zip - plugin/itests/marketplace/target/nuxeo-web-ui-marketplace-itests-*.zip diff --git a/.github/workflows/crowdin.yaml b/.github/workflows/crowdin.yaml index e16599742d..e69de29bb2 100644 --- a/.github/workflows/crowdin.yaml +++ b/.github/workflows/crowdin.yaml @@ -1,59 +0,0 @@ -# Workflow that syncronizes translations from Crowdin -name: Crowdin Sync - -on: - # Check for updates every day - schedule: - - cron: '0 0 * * *' - - # Sync when a commit is done on maintenance-3.0.x - push: - branches: - - maintenance-3.0.x - paths: - - 'i18n/messages.json' - - # Manually trigger the workflow - workflow_dispatch: - -jobs: - crowdin: - runs-on: ubuntu-latest - - steps: - - name: Checkout - uses: actions/checkout@v3 - - - name: Crowdin Action - uses: crowdin/github-action@v1 - with: - # Tokens - project_id: ${{ secrets.CROWDIN_PROJECT_ID }} - token: ${{ secrets.CROWDIN_PERSONAL_TOKEN }} - # Load external configuration file (to support translation rename) - config: crowdin-conf.yml - - # Upload sources for translation - upload_sources: true - - # Auto-approve reference sentences we are pushing (english) - auto_approve_imported: true - - # Name of the branch where to merge the translations - localization_branch_name: crowdin-translations-update - create_pull_request: true - pull_request_title: 'New Crowdin translations' - pull_request_body: 'New Crowdin pull request with translations' - - # The commit message - commit_message: 'Automatic update of translations from Crowdin' - - # Automatically download all the new translations - download_translations: true - - # User properties - github_user_name: nuxeo-webui-jx-bot - github_user_email: webui@hyland.com - - env: - GITHUB_TOKEN: ${{ secrets.WEBUI_JX_BOT_GITHUB_ACTIONS_TOKEN }} diff --git a/.github/workflows/ftest.yaml b/.github/workflows/ftest.yaml index 994d71fbfc..e69de29bb2 100644 --- a/.github/workflows/ftest.yaml +++ b/.github/workflows/ftest.yaml @@ -1,165 +0,0 @@ -name: Functional tests - -on: - pull_request: - branches: - - maintenance-3.0.x - workflow_call: - inputs: - branch: - description: 'The current branch' - default: maintenance-3.0.x - type: string - required: false - secrets: - NPM_PACKAGES_TOKEN: - description: 'NPM_PACKAGES_TOKEN' - required: true - PACKAGES_AUTH_USER: - description: 'PACKAGES_AUTH_USER' - required: true - PACKAGES_AUTH_TOKEN: - description: 'PACKAGES_AUTH_TOKEN' - required: true - -env: - REFERENCE_BRANCH: maintenance-3.0.x - NPM_REPOSITORY: https://packages.nuxeo.com/repository/npm-public/ - BRANCH_NAME: ${{ github.head_ref || inputs.branch || 'maintenance-3.0.x' }} - -jobs: - ftests: - runs-on: [ self-hosted, master ] - steps: - - uses: actions/checkout@v2 - with: - ref: ${{ env.BRANCH_NAME }} - - - uses: actions/setup-node@v3 - with: - registry-url: ${{ env.NPM_REPOSITORY }} - scope: '@nuxeo' - node-version: 18 - - - uses: actions/setup-java@v2 - with: - distribution: 'zulu' - java-version: '11' - - - name: Determine nuxeo-elements branch to link - id: pick_nuxeo_elements_branch - run: | - if git ls-remote --exit-code --heads https://github.com/nuxeo/nuxeo-elements ${{ env.BRANCH_NAME }}; then - echo ::set-output name=branch::${{ env.BRANCH_NAME }} - else - echo ::set-output name=branch::${{ env.REFERENCE_BRANCH }} - fi - - - name: Install Web UI - env: - NODE_AUTH_TOKEN: ${{ secrets.NPM_PACKAGES_TOKEN }} - run: | - npm install - pushd packages/nuxeo-web-ui-ftest - npm install - popd - pushd packages/nuxeo-designer-catalog - npm install - popd - - - name: Checkout the nuxeo-elements repo - uses: actions/checkout@v2 - with: - repository: nuxeo/nuxeo-elements - path: nuxeo-elements - fetch-depth: 1 - ref: ${{ steps.pick_nuxeo_elements_branch.outputs.branch }} - - - name: Pack Elements modules - run: | - pushd nuxeo-elements - pushd core - echo "ELEMENTS_CORE=$(npm pack 2>&1 | tail -1)" >> $GITHUB_ENV - popd - - pushd ui - echo "ELEMENTS_UI=$(npm pack 2>&1 | tail -1)" >> $GITHUB_ENV - popd - - pushd dataviz - echo "ELEMENTS_DATAVIZ=$(npm pack 2>&1 | tail -1)" >> $GITHUB_ENV - popd - - pushd testing-helpers - echo "ELEMENTS_HELPERS=$(npm pack 2>&1 | tail -1)" >> $GITHUB_ENV - popd - popd - - - name: Add .npmrc - run: | - pushd /tmp/_temp/ - rm .npmrc - touch .npmrc - popd - echo ' - packages.nuxeo.com/repository/npm-public/:_auth=${NODE_AUTH_TOKEN} - @nuxeo:registry=https://packages.nuxeo.com/repository/npm-public/ - always-auth=true - ' >> /tmp/_temp/.npmrc - - - name: Link elements to Web UI - run: | - npm install --no-package-lock --@nuxeo:registry="${{ env.NPM_REPOSITORY }}" nuxeo-elements/core/${ELEMENTS_CORE} - npm install --no-package-lock --@nuxeo:registry="${{ env.NPM_REPOSITORY }}" nuxeo-elements/ui/${ELEMENTS_UI} - npm install --no-package-lock --@nuxeo:registry="${{ env.NPM_REPOSITORY }}" nuxeo-elements/dataviz/${ELEMENTS_DATAVIZ} - npm install --no-package-lock --@nuxeo:registry="${{ env.NPM_REPOSITORY }}" nuxeo-elements/testing-helpers/${ELEMENTS_HELPERS} - - - name: 'Update settings.xml with server configuration' - run: | - echo ' - - - maven-internal - ${{ secrets.PACKAGES_AUTH_USER }} - ${{ secrets.PACKAGES_AUTH_TOKEN }} - - - ' > ~/.m2/settings.xml - - - name: Functional tests - env: - RUN_ALL: false - BAIL: 0 - run: mvn -ntp install -Pftest -DskipInstall - - - name: Archive cucumber reports - if: ${{ always() }} - uses: actions/upload-artifact@v2 - with: - name: cucumber-reports - path: ftest/target/cucumber-reports/ - - - name: Archive screenshots - if: ${{ failure() }} - uses: actions/upload-artifact@v2 - with: - name: screenshots - path: ftest/target/screenshots/ - - - name: Archive logs - if: ${{ always() }} - uses: actions/upload-artifact@v2 - with: - name: logs - path: | - **/log/*.log - **/nxserver/config/distribution.properties - - - name: Archive packages - if: ${{ always() }} - uses: actions/upload-artifact@v2 - with: - name: packages - path: | - plugin/web-ui/marketplace/target/nuxeo-web-ui-marketplace-*.zip - plugin/itests/marketplace/target/nuxeo-web-ui-marketplace-itests-*.zip diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index dd625b005d..e69de29bb2 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -1,42 +0,0 @@ -name: Lint - -on: - pull_request: - branches: - - maintenance-3.0.x - workflow_call: - inputs: - branch: - description: 'The current branch' - default: maintenance-3.0.x - type: string - required: false - secrets: - NPM_PACKAGES_TOKEN: - description: 'NPM_PACKAGES_TOKEN' - required: true - -env: - BRANCH_NAME: ${{ github.head_ref || inputs.branch || 'maintenance-3.0.x' }} - -jobs: - lint: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - with: - ref: ${{ env.BRANCH_NAME }} - - - uses: actions/setup-node@v3 - with: - registry-url: 'https://packages.nuxeo.com/repository/npm-public/' - node-version: 18 - scope: '@nuxeo' - - - name: Install - env: - NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} - run: npm install - - - name: Lint - run: npm run lint diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml index 4ceda98307..e69de29bb2 100644 --- a/.github/workflows/main.yaml +++ b/.github/workflows/main.yaml @@ -1,147 +0,0 @@ -name: Main - -on: - push: - branches: - - maintenance-3.0.x - - # Manually trigger the workflow - workflow_dispatch: - -jobs: - lint: - uses: nuxeo/nuxeo-web-ui/.github/workflows/lint.yaml@maintenance-3.0.x - secrets: - NPM_PACKAGES_TOKEN: ${{ secrets.NPM_PACKAGES_TOKEN }} - - test: - uses: nuxeo/nuxeo-web-ui/.github/workflows/test.yaml@maintenance-3.0.x - secrets: - NPM_PACKAGES_TOKEN: ${{ secrets.NPM_PACKAGES_TOKEN }} - SAUCE_ACCESS_KEY: ${{ secrets.SAUCE_ACCESS_KEY }} - with: - branch: maintenance-3.0.x - - a11y: - uses: nuxeo/nuxeo-web-ui/.github/workflows/a11y.yaml@maintenance-3.0.x - secrets: - NPM_PACKAGES_TOKEN: ${{ secrets.NPM_PACKAGES_TOKEN }} - PACKAGES_AUTH_USER: ${{ secrets.PACKAGES_AUTH_USER }} - PACKAGES_AUTH_TOKEN: ${{ secrets.PACKAGES_AUTH_TOKEN }} - with: - branch: maintenance-3.0.x - - ftest: - uses: nuxeo/nuxeo-web-ui/.github/workflows/ftest.yaml@maintenance-3.0.x - secrets: - NPM_PACKAGES_TOKEN: ${{ secrets.NPM_PACKAGES_TOKEN }} - PACKAGES_AUTH_USER: ${{ secrets.PACKAGES_AUTH_USER }} - PACKAGES_AUTH_TOKEN: ${{ secrets.PACKAGES_AUTH_TOKEN }} - with: - branch: maintenance-3.0.x - - build: - needs: [ lint, test, a11y, ftest ] - runs-on: [ self-hosted, master ] - steps: - - uses: actions/checkout@v2 - - - run: git config user.name "nuxeo-webui-jx-bot" && git config user.email "webui@hyland.com" - - - uses: actions/setup-node@v3 - with: - registry-url: 'https://packages.nuxeo.com/repository/npm-public/' - scope: '@nuxeo' - - - name: Prepare environment - run: | - echo "BRANCH_NAME=${GITHUB_HEAD_REF##*/}" >> $GITHUB_ENV - echo "PACKAGE_VERSION=$(npx -c 'echo "$npm_package_version"')" >> $GITHUB_ENV - - - name: Get prerelease version - run: | - git fetch origin --tags - RC_VERSION=$(git tag --sort=taggerdate --list "v${PACKAGE_VERSION/-SNAPSHOT}*" | tail -1 | tr -d '\n') - echo "VERSION=$(npx semver -i prerelease --preid rc ${RC_VERSION:-$PACKAGE_VERSION} | tr -d '\n')" >> $GITHUB_ENV - - - name: Update versions - run: | - find . -type f -not -path "./node_modules/*" -regex ".*\.\(yaml\|sample\|xml\)" -exec sed -i 's/'"$PACKAGE_VERSION"'/'"$VERSION"'/g' {} \; - - # set padded version to build package for connect preprod - PADDED=$(printf '%03d' $(echo $VERSION | sed -r s/[0-9]+\.[0-9]+\.[0-9]+-rc\.\([0-9]+\)/\\1/g)) - PADDED_VERSION=$(echo $VERSION | sed -E "s/([0-9]+\.[0-9]+\.[0-9]+-rc\.)[0-9]+/\\1$PADDED/g") - echo "PADDED_VERSION=$PADDED_VERSION" >> $GITHUB_ENV - sed -i -e 's/\${project.version}/'"$PADDED_VERSION"'/g' plugin/web-ui/marketplace/pom.xml - - npm version ${VERSION} --no-git-tag-version - pushd packages/nuxeo-web-ui-ftest - npm version ${VERSION} --no-git-tag-version - popd - - - name: Install - env: - NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} - run: | - npm install - pushd packages/nuxeo-web-ui-ftest - npm install - popd - pushd packages/nuxeo-designer-catalog - npm install - popd - - - name: 'Update settings.xml with server configuration' - run: | - echo ' - - - maven-internal - ${{ secrets.PACKAGES_AUTH_USER }} - ${{ secrets.PACKAGES_AUTH_TOKEN }} - - - ' > ~/.m2/settings.xml - - - name: Nuxeo package build - run: | - mvn -ntp install -DskipInstall - mvn -B -nsu -ntp -f plugin/itests/addon install - mvn -B -nsu -ntp -f plugin/itests/marketplace install - - - name: Archive packages - uses: actions/upload-artifact@v2 - with: - name: packages - path: | - plugin/web-ui/marketplace/target/nuxeo-web-ui-marketplace-*.zip - plugin/itests/marketplace/target/nuxeo-web-ui-marketplace-itests-*.zip - - - name: Tag - run: | - git add package-lock.json packages/nuxeo-web-ui-ftest/package-lock.json - git commit -a -m "Release ${VERSION}" - git tag -a v${VERSION} -m "Release ${VERSION}" - git push origin v${VERSION} - - - name: Publish Nuxeo packages - env: - CONNECT_PREPROD_URL: https://nos-preprod-connect.nuxeocloud.com/nuxeo - run: | - PACKAGE="plugin/web-ui/marketplace/target/nuxeo-web-ui-marketplace-${PADDED_VERSION}.zip" - STATUS_CODE=`curl -i --silent --output publish-req.output -w "%{http_code}" -u "${{ secrets.CONNECT_PREPROD_AUTH }}" -F package=@$PACKAGE "$CONNECT_PREPROD_URL/site/marketplace/upload?batch=true"` - cat publish-req.output - if [[ "$STATUS_CODE" != "200" ]] - then - exit 1 - else - exit 0 - fi - - - name: Publish Web UI FTest framework - env: - NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} - run: | - pushd packages/nuxeo-web-ui-ftest/ - npm publish --@nuxeo:registry=https://packages.nuxeo.com/repository/npm-public/ --tag SNAPSHOT - popd diff --git a/.github/workflows/preview.yaml b/.github/workflows/preview.yaml index 6cb902fb5c..e69de29bb2 100644 --- a/.github/workflows/preview.yaml +++ b/.github/workflows/preview.yaml @@ -1,197 +0,0 @@ -name: Preview - -on: - pull_request: - types: [opened, synchronize, reopened, labeled] - branches: - - maintenance-3.0.x - - workflow_dispatch: - inputs: - branch_name: - description: 'The name of the branch to preview.' - default: 'maintenance-3.0.x' - required: true - caller_id: - description: 'run identifier' - default: 'maintenance-3.0.x' - type: string - required: false - -env: - DOCKER_REGISTRY: us-east1-docker.pkg.dev - DOCKER_IMAGE: ${{ secrets.GKE_PROJECT }}/webui/nuxeo-web-ui - GKE_CLUSTER: jx-prod - GKE_ZONE: us-east1-b - -jobs: - id: - name: Remote Caller ID ${{ github.event.inputs.caller_id }} - runs-on: ubuntu-latest - steps: - - name: ${{ github.event.inputs.id }} - run: echo run identifier ${{ github.event.inputs.id }} - preview: - needs: id - name: Setup - outputs: - url: ${{ steps.preview.outputs.url }} - if: (github.event.action == 'labeled' && github.event.label.name == 'preview') || contains(github.event.pull_request.labels.*.name, 'preview') || github.event_name == 'workflow_dispatch' - runs-on: ubuntu-latest - steps: - - uses: actions/setup-node@v3 - with: - node-version: 18 - registry-url: 'https://packages.nuxeo.com/repository/npm-public/' - scope: '@nuxeo' - - - name: Setup branch name (pull_request) - if: github.event_name == 'pull_request' - run: | - BRANCH_NAME=${GITHUB_HEAD_REF##*/} - echo "BRANCH_NAME=$BRANCH_NAME" >> $GITHUB_ENV - - - name: Setup branch name (workflow_dispatch) - if: github.event_name == 'workflow_dispatch' - run: | - BRANCH_NAME=${{ github.event.inputs.branch_name }} - echo "BRANCH_NAME=$BRANCH_NAME" >> $GITHUB_ENV - - - name: Determine nuxeo-web-ui branch to use - uses: nuxeo/ui-team-gh-actions/get-branch@ca09d5c52a62e297502d3572c36d813be927982a - id: pick_nuxeo_web_ui_branch - with: - repository: nuxeo/nuxeo-web-ui - branch: ${BRANCH_NAME} - default-branch: maintenance-3.0.x - - - uses: actions/checkout@v3 - with: - ref: ${{ steps.pick_nuxeo_web_ui_branch.outputs.branch }} - - - name: Prepare environment - run: | - echo "VERSION=$(npx -c 'echo "$npm_package_version"')-$BRANCH_NAME" >> $GITHUB_ENV - echo "PREVIEW_NAMESPACE=$(printf '%.53s' $(echo nuxeo-web-ui-$(echo $BRANCH_NAME | sed 's/[^[:alnum:]-]/-/g' | tr '[:upper:]' '[:lower:]')))" >> $GITHUB_ENV - - - name: Determine nuxeo-elements branch to use - id: pick_nuxeo_elements_branch - uses: nuxeo/ui-team-gh-actions/get-branch@ca09d5c52a62e297502d3572c36d813be927982a - with: - repository: nuxeo/nuxeo-elements - branch: ${BRANCH_NAME} - default-branch: maintenance-3.0.x - - - name: Checkout the nuxeo-elements repo - uses: actions/checkout@v2 - with: - repository: nuxeo/nuxeo-elements - path: nuxeo-elements - fetch-depth: 1 - ref: ${{ steps.pick_nuxeo_elements_branch.outputs.branch }} - - - name: Install - env: - NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} - run: | - npm install nuxeo-elements/core - npm install nuxeo-elements/ui - npm install nuxeo-elements/dataviz - npm install - - - name: Webpack build - run: | - npm run build - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 - - - name: Login to DockerHub - uses: docker/login-action@v1 - with: - registry: ${{ env.DOCKER_REGISTRY }} - username: _json_key - password: ${{ secrets.GKE_SA_KEY }} - - - name: Build and push server image - uses: docker/build-push-action@v2 - with: - context: server - pull: true - push: true - file: server/Dockerfile - tags: ${{ env.DOCKER_REGISTRY }}/${{ env.DOCKER_IMAGE }}/server:${{ env.VERSION }} - - - name: Build and push image - uses: docker/build-push-action@v2 - with: - context: . - pull: true - push: true - file: Dockerfile - tags: ${{ env.DOCKER_REGISTRY }}/${{ env.DOCKER_IMAGE }}:${{ env.VERSION }} - build-args: SERVER_IMAGE=${{ env.DOCKER_REGISTRY }}/${{ env.DOCKER_IMAGE }}/server:${{ env.VERSION }} - - - name: Get GKE credentials - uses: google-github-actions/get-gke-credentials@v0.2.1 - with: - cluster_name: ${{ env.GKE_CLUSTER }} - location: ${{ env.GKE_ZONE }} - project_id: ${{ secrets.GKE_PROJECT }} - credentials: ${{ secrets.GKE_SA_KEY }} - - - name: Check preview namespace - id: preview_ns - run: | - echo ::set-output name=exists::$(kubectl get namespace ${PREVIEW_NAMESPACE}) - - - name: Create preview namespace - if: ${{ !steps.preview_ns.outputs.exists }} - run: | - kubectl create namespace ${PREVIEW_NAMESPACE} - - - name: Install preview - id: preview - working-directory: ./charts/preview - run: | - # add helm jx repo - helm repo add jx https://jenkins-x-charts.github.io/v2/ - - # substitute env variables in values.yaml - mv values.yaml values.yaml.tosubst - envsubst < values.yaml.tosubst > values.yaml - - # update helm deps - helm dependency update . - - # install - helm upgrade --install --namespace ${PREVIEW_NAMESPACE} ${PREVIEW_NAMESPACE} . - - # ensure the deployment is restarted to pull the new preview image - kubectl rollout restart deployment ${PREVIEW_NAMESPACE}-preview --namespace ${PREVIEW_NAMESPACE} - - echo "PREVIEW_URL=https://preview-${PREVIEW_NAMESPACE}.webui.dev.nuxeo.com" >> $GITHUB_ENV - - echo ::set-output name=url::"https://preview-${PREVIEW_NAMESPACE}.webui.dev.nuxeo.com" - - - uses: actions/github-script@0.9.0 - if: github.event_name == 'pull_request' - with: - github-token: ${{ secrets.GITHUB_TOKEN }} - script: | - github.issues.createComment({ - issue_number: context.issue.number, - owner: context.repo.owner, - repo: context.repo.repo, - body: `:star: PR built and available [here](${process.env.PREVIEW_URL})` - }) - - result: - name: "Result: ${{ needs.preview.outputs.url }}" - needs: preview - runs-on: ubuntu-latest - if: github.event_name == 'workflow_dispatch' - steps: - - name: "Result: ${{ needs.preview.outputs.url }}" - run: | - echo ${{ needs.preview.outputs.url }} diff --git a/.github/workflows/promote.yaml b/.github/workflows/promote.yaml index 9f8dbd3237..e69de29bb2 100644 --- a/.github/workflows/promote.yaml +++ b/.github/workflows/promote.yaml @@ -1,164 +0,0 @@ -name: Promote release - -on: - workflow_dispatch: - inputs: - version: - description: 'Version to promote (e.g.: 3.0.6-rc.6)' - required: true - referenceBranch: - description: 'Branch to be updated after the promotion' - required: true - default: 'maintenance-3.0.x' - dryRun: - description: 'Run the workflow without pushing code or publishing artifacts' - type: boolean - required: false - -jobs: - promote: - runs-on: ubuntu-latest - steps: - - uses: actions/setup-node@v3 - with: - node-version: 18 - registry-url: 'https://packages.nuxeo.com/repository/npm-public/' - scope: '@nuxeo' - - - uses: actions/checkout@v2 - with: - ref: v${{ github.event.inputs.version }} - - - run: git config user.name "nuxeo-webui-jx-bot" && git config user.email "webui@hyland.com" - - - run: echo "VERSION=$(echo '${{ github.event.inputs.version }}' | sed -e 's/-rc.[0-9]*//')" >> $GITHUB_ENV - - - name: Update Nuxeo Web UI version to ${{ env.VERSION }} - env: - NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} - run: | - OLD_VERSION=$(npx -c 'echo "$npm_package_version"') - npm version $VERSION --no-git-tag-version - pushd packages/nuxeo-web-ui-ftest/ - npm version $VERSION --no-git-tag-version - popd - - find . -type f -not -path "./node_modules/*" -regex ".*\.\(yaml\|sample\|xml\)" -exec sed -i 's/'"$OLD_VERSION"'/'"$VERSION"'/g' {} \; - # XXX: undo the padded lock (see WEBUI-140) - sed -i -e 's/.*<\/webui.package.version>/${project.version}<\/webui.package.version>/g' plugin/web-ui/marketplace/pom.xml - - # align on same promoted version of elements - npm i @nuxeo/nuxeo-elements@$VERSION --save-exact - npm i @nuxeo/nuxeo-dataviz-elements@$VERSION --save-exact - npm i @nuxeo/nuxeo-ui-elements@$VERSION --save-exact - npm i @nuxeo/testing-helpers@$VERSION --save-exact - - - name: Perform git release of Nuxeo Web UI ${{ env.VERSION }} - run: | - git commit -a -m "Release $VERSION" - git tag -a v$VERSION -m "Release $VERSION" - - - if: ${{ github.event.inputs.dryRun == 'false' }} - run: git push origin v$VERSION - - - name: Create Github release v${{ env.VERSION }} - if: ${{ github.event.inputs.dryRun == 'false' }} - uses: actions/create-release@v1 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - tag_name: v${{ env.VERSION }} - release_name: Release ${{ env.VERSION }} - - - name: Publish Nuxeo Web UI FTest ${{ env.VERSION }} - if: ${{ github.event.inputs.dryRun == 'false' }} - env: - NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} - run: | - pushd packages/nuxeo-web-ui-ftest/ - npm publish --@nuxeo:registry=https://packages.nuxeo.com/repository/npm-public/ - popd - - - name: Promote Web UI ${{ github.event.inputs.version }} to ${{ env.VERSION }} - env: - PACKAGE: nuxeo-web-ui-${{ env.VERSION }} - CONNECT_PREPROD_URL: https://nos-preprod-connect.nuxeocloud.com/nuxeo - run: | - PADDED=$(printf '%03d' $(echo ${{ github.event.inputs.version }} | sed -r s/[0-9]+\.[0-9]+\.[0-9]+-rc\.\([0-9]+\)/\\1/g)) - PADDED_VERSION=$(echo ${{ github.event.inputs.version }} | sed -E "s/([0-9]+\.[0-9]+\.[0-9]+-rc\.)[0-9]+/\\1$PADDED/g") - curl -o $PACKAGE.zip -L -u "${{ secrets.CONNECT_PREPROD_AUTH }}" "$CONNECT_PREPROD_URL/site/marketplace/package/nuxeo-web-ui/download?version=$PADDED_VERSION" - unzip -d $PACKAGE $PACKAGE.zip && rm $PACKAGE.zip - pushd $PACKAGE - sed -i 's/-rc.[0-9]*//' package.xml - for f in install/bundles/*.jar; do mv $f $(echo $f | sed -e 's/-rc.[0-9]*//'); done - zip -r ../$PACKAGE.zip . - popd - - - name: Push promoted Web UI to Connect PREPROD - if: ${{ github.event.inputs.dryRun == 'false' }} - env: - PACKAGE: nuxeo-web-ui-${{ env.VERSION }} - CONNECT_PREPROD_URL: https://nos-preprod-connect.nuxeocloud.com/nuxeo - run: curl -i -u "${{ secrets.CONNECT_PREPROD_AUTH }}" -F package=@$PACKAGE.zip "$CONNECT_PREPROD_URL/site/marketplace/upload?batch=true" - - - name: Push promoted Web UI to Connect PROD - if: ${{ github.event.inputs.dryRun == 'false' }} - env: - PACKAGE: nuxeo-web-ui-${{ env.VERSION }} - CONNECT_URL: https://connect.nuxeo.com/nuxeo - run: curl -i -u "${{ secrets.CONNECT_AUTH }}" -F package=@$PACKAGE.zip "$CONNECT_URL/site/marketplace/upload?batch=true" - - - uses: actions/checkout@v2 - with: - token: ${{ secrets.GIT_ADMIN_TOKEN }} - ref: ${{ github.event.inputs.referenceBranch }} - - - if: ${{ github.event.inputs.referenceBranch == 'master' }} - run: echo "NEW_VERSION=$(npx semver -i minor $VERSION)" >> $GITHUB_ENV - - - if: ${{ github.event.inputs.referenceBranch != 'master' }} - run: echo "NEW_VERSION=$(npx semver -i patch $VERSION)" >> $GITHUB_ENV - - - name: Align ${{ github.event.inputs.referenceBranch }} branch on next version ${{ env.NEW_VERSION }}-SNAPSHOT - env: - NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} - run: | - echo "OLD_SNAPSHOT=$(npx -c 'echo "$npm_package_version"')" >> $GITHUB_ENV - - # bump version to next SNAPSHOT and align on the corresponding Elements release candidate - NEW_SNAPSHOT=$NEW_VERSION-SNAPSHOT - npm version $NEW_SNAPSHOT --no-git-tag-version - pushd packages/nuxeo-web-ui-ftest/ - npm version $NEW_SNAPSHOT --no-git-tag-version - popd - - - if: ${{ github.event.inputs.referenceBranch == 'master' }} - env: - NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} - run: | - NEW_ELEMENTS_VERSION="^$NEW_VERSION-rc" - npm i @nuxeo/nuxeo-elements@$NEW_ELEMENTS_VERSION --save-prefix="^" - npm i @nuxeo/nuxeo-dataviz-elements@$NEW_ELEMENTS_VERSION --save-prefix="^" - npm i @nuxeo/nuxeo-ui-elements@$NEW_ELEMENTS_VERSION --save-prefix="^" - npm i @nuxeo/testing-helpers@$NEW_ELEMENTS_VERSION --save-prefix="^" - - - if: ${{ github.event.inputs.referenceBranch != 'master' }} - env: - NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} - run: | - NEW_ELEMENTS_VERSION="~$NEW_VERSION-rc" - npm i @nuxeo/nuxeo-elements@$NEW_ELEMENTS_VERSION --save-prefix="~" - npm i @nuxeo/nuxeo-dataviz-elements@$NEW_ELEMENTS_VERSION --save-prefix="~" - npm i @nuxeo/nuxeo-ui-elements@$NEW_ELEMENTS_VERSION --save-prefix="~" - npm i @nuxeo/testing-helpers@$NEW_ELEMENTS_VERSION --save-prefix="~" - - - run: | - NEW_SNAPSHOT="$NEW_VERSION-SNAPSHOT" - - find . -type f -not -path "./node_modules/*" -regex ".*\.\(yaml\|sample\|xml\)" -exec sed -i 's/'"$OLD_SNAPSHOT"'/'"$NEW_SNAPSHOT"'/g' {} \; - - # commit and push - git commit -a -m "Update $OLD_SNAPSHOT to $NEW_SNAPSHOT" - - - if: ${{ github.event.inputs.dryRun == 'false' }} - run: git push origin ${{ github.event.inputs.referenceBranch }} diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index a5d475d62f..e69de29bb2 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -1,48 +0,0 @@ -name: Test - -on: - pull_request: - branches: - - maintenance-3.0.x - workflow_call: - inputs: - branch: - description: 'The current branch' - default: maintenance-3.0.x - type: string - required: false - secrets: - NPM_PACKAGES_TOKEN: - description: 'NPM_PACKAGES_TOKEN' - required: true - SAUCE_ACCESS_KEY: - description: 'SAUCE_ACCESS_KEY' - required: true - -env: - BRANCH_NAME: ${{ github.head_ref || inputs.branch || 'maintenance-3.0.x' }} - -jobs: - unit-test: - runs-on: [ self-hosted, master ] - steps: - - uses: actions/checkout@v2 - with: - ref: ${{ env.BRANCH_NAME }} - - - uses: actions/setup-node@v3 - with: - registry-url: 'https://packages.nuxeo.com/repository/npm-public/' - scope: '@nuxeo' - node-version: 18 - - - name: Install - env: - NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} - run: npm install - - - name: Unit tests - env: - SAUCE_USERNAME: nuxeo-web-ui - SAUCE_ACCESS_KEY: ${{ secrets.SAUCE_ACCESS_KEY }} - run: npm run test diff --git a/.github/workflows/veracode.yml b/.github/workflows/veracode.yml index 560d4939b6..aa2ccada2f 100644 --- a/.github/workflows/veracode.yml +++ b/.github/workflows/veracode.yml @@ -99,7 +99,10 @@ jobs: - name: add .npmrc run: | - ls -al + cat .npmrc + echo ' + packages.nuxeo.com/repository/npm-public/:_auth=${NODE_AUTH_TOKEN} + ' >> .npmrc - name: Pack Elements modules run: | From fb82fef9b621f4e5b47396410930995636aa656d Mon Sep 17 00:00:00 2001 From: rakeshkumar1019 Date: Fri, 15 Mar 2024 11:03:57 +0530 Subject: [PATCH 09/45] update node to v3 --- .github/workflows/veracode.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/veracode.yml b/.github/workflows/veracode.yml index aa2ccada2f..f662823d3e 100644 --- a/.github/workflows/veracode.yml +++ b/.github/workflows/veracode.yml @@ -62,7 +62,7 @@ jobs: with: ref: ${{ env.BRANCH_NAME }} - - uses: actions/setup-node@v1 + - uses: actions/setup-node@v3 with: registry-url: ${{ env.NPM_REPOSITORY }} node-version: 18 From a68bdf4b0ee8860b4c7e2877ed2aab83f96f947e Mon Sep 17 00:00:00 2001 From: rakeshkumar1019 Date: Fri, 15 Mar 2024 11:09:51 +0530 Subject: [PATCH 10/45] run on self hosted --- .github/workflows/veracode.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/veracode.yml b/.github/workflows/veracode.yml index f662823d3e..bd830b9259 100644 --- a/.github/workflows/veracode.yml +++ b/.github/workflows/veracode.yml @@ -54,7 +54,7 @@ jobs: contents: read # for actions/checkout to fetch code security-events: write # for github/codeql-action/upload-sarif to upload SARIF results actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status - runs-on: ubuntu-latest + runs-on: [ self-hosted, master ] steps: # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it and copies all sources into ZIP file for submitting for analysis. Replace this section with your applications build steps From 582d76ee24429ba4c3fbcbe5e90ce5a67cba197c Mon Sep 17 00:00:00 2001 From: rakeshkumar1019 Date: Fri, 15 Mar 2024 11:10:46 +0530 Subject: [PATCH 11/45] update node to v3 --- .github/workflows/veracode.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/veracode.yml b/.github/workflows/veracode.yml index bd830b9259..f662823d3e 100644 --- a/.github/workflows/veracode.yml +++ b/.github/workflows/veracode.yml @@ -54,7 +54,7 @@ jobs: contents: read # for actions/checkout to fetch code security-events: write # for github/codeql-action/upload-sarif to upload SARIF results actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status - runs-on: [ self-hosted, master ] + runs-on: ubuntu-latest steps: # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it and copies all sources into ZIP file for submitting for analysis. Replace this section with your applications build steps From 952d64ad46b313b14093eb71c41d9fa8a5c049e9 Mon Sep 17 00:00:00 2001 From: rakeshkumar1019 Date: Fri, 15 Mar 2024 11:18:08 +0530 Subject: [PATCH 12/45] set registry --- .github/workflows/veracode.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/veracode.yml b/.github/workflows/veracode.yml index f662823d3e..3fc04c84bd 100644 --- a/.github/workflows/veracode.yml +++ b/.github/workflows/veracode.yml @@ -123,6 +123,7 @@ jobs: - name: Link elements to Web UI run: | + npm config set @nuxeo:registry https://packages.nuxeo.com/repository/npm-public/ npm install --no-package-lock --@nuxeo:registry="${{ env.NPM_REPOSITORY }}" nuxeo-elements/core/${ELEMENTS_CORE} npm install --no-package-lock --@nuxeo:registry="${{ env.NPM_REPOSITORY }}" nuxeo-elements/ui/${ELEMENTS_UI} npm install --no-package-lock --@nuxeo:registry="${{ env.NPM_REPOSITORY }}" nuxeo-elements/dataviz/${ELEMENTS_DATAVIZ} From f891ce0469253a5d063607a47df719c123395b90 Mon Sep 17 00:00:00 2001 From: rakeshkumar1019 Date: Fri, 15 Mar 2024 11:36:32 +0530 Subject: [PATCH 13/45] self hosted --- .github/workflows/veracode.yml | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/.github/workflows/veracode.yml b/.github/workflows/veracode.yml index 3fc04c84bd..9f61c52378 100644 --- a/.github/workflows/veracode.yml +++ b/.github/workflows/veracode.yml @@ -54,7 +54,7 @@ jobs: contents: read # for actions/checkout to fetch code security-events: write # for github/codeql-action/upload-sarif to upload SARIF results actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status - runs-on: ubuntu-latest + runs-on: [ self-hosted, master ] steps: # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it and copies all sources into ZIP file for submitting for analysis. Replace this section with your applications build steps @@ -168,16 +168,16 @@ jobs: id: get-tag run: echo "::set-output name=TAG::$(git describe --tags --abbrev=0)" - - name: Veracode Upload And Scan - uses: veracode/veracode-uploadandscan-action@0.2.6 - with: - appname: 'Nuxeo Web UI' - createprofile: false - filepath: 'nuxeo-web-ui-${{ steps.get-tag.outputs.TAG }}.zip' - vid: '${{ secrets.VERACODE_SECRET_API_ID }}' - vkey: '${{ secrets.VERACODE_SECRET_KEY }}' - sandboxname: 'master' - scantimeout: 600 - include: '*.war, *.zip, *.js, *.html, *.css, *.json' - criticality: 'VeryHigh' - includenewmodules: 'true' \ No newline at end of file + # - name: Veracode Upload And Scan + # uses: veracode/veracode-uploadandscan-action@0.2.6 + # with: + # appname: 'Nuxeo Web UI' + # createprofile: false + # filepath: 'nuxeo-web-ui-${{ steps.get-tag.outputs.TAG }}.zip' + # vid: '${{ secrets.VERACODE_SECRET_API_ID }}' + # vkey: '${{ secrets.VERACODE_SECRET_KEY }}' + # sandboxname: 'master' + # scantimeout: 600 + # include: '*.war, *.zip, *.js, *.html, *.css, *.json' + # criticality: 'VeryHigh' + # includenewmodules: 'true' \ No newline at end of file From 1731aa46f57687e333cb87e5b4f4bd65b8a937d3 Mon Sep 17 00:00:00 2001 From: rakeshkumar1019 Date: Fri, 15 Mar 2024 11:48:01 +0530 Subject: [PATCH 14/45] add .npmrc --- .github/workflows/veracode.yml | 53 ++++++++++++++++++++++------------ 1 file changed, 35 insertions(+), 18 deletions(-) diff --git a/.github/workflows/veracode.yml b/.github/workflows/veracode.yml index 9f61c52378..cae55ceff0 100644 --- a/.github/workflows/veracode.yml +++ b/.github/workflows/veracode.yml @@ -73,6 +73,25 @@ jobs: distribution: 'zulu' java-version: '11' + - name: 'Update settings.xml with server configuration' + run: | + echo ' + + + maven-internal + ${{ secrets.PACKAGES_AUTH_USER }} + ${{ secrets.PACKAGES_AUTH_TOKEN }} + + + ' > ~/.m2/settings.xml + + - name: view settings.xml + run : cat ~/.m2/settings.xml + + - name: Check Nexus Repository Authentication + run: | + curl -u ${{ secrets.PACKAGES_AUTH_USER }}:${{ secrets.PACKAGES_AUTH_TOKEN }} ${{ env.NPM_REPOSITORY }} + - name: Determine nuxeo-elements branch to link id: pick_nuxeo_elements_branch run: | @@ -81,6 +100,7 @@ jobs: else echo ::set-output name=branch::${{ env.REFERENCE_BRANCH }} fi + - name: Install Web UI env: NODE_AUTH_TOKEN: ${{ secrets.NPM_PACKAGES_TOKEN }} @@ -89,6 +109,7 @@ jobs: pushd packages/nuxeo-web-ui-ftest npm install popd + - name: Checkout the nuxeo-elements repo uses: actions/checkout@v2 with: @@ -97,12 +118,6 @@ jobs: fetch-depth: 1 ref: ${{ steps.pick_nuxeo_elements_branch.outputs.branch }} - - name: add .npmrc - run: | - cat .npmrc - echo ' - packages.nuxeo.com/repository/npm-public/:_auth=${NODE_AUTH_TOKEN} - ' >> .npmrc - name: Pack Elements modules run: | @@ -121,6 +136,19 @@ jobs: popd popd + - name: add .npmrc + run: | + pushd /tmp/_temp/ + ls + rm .npmrc + touch .npmrc + popd + echo ' + packages.nuxeo.com/repository/npm-public/:_auth=${NODE_AUTH_TOKEN} + @nuxeo:registry=https://packages.nuxeo.com/repository/npm-public/ + always-auth=true + ' >> /tmp/_temp/.npmrc + - name: Link elements to Web UI run: | npm config set @nuxeo:registry https://packages.nuxeo.com/repository/npm-public/ @@ -128,18 +156,7 @@ jobs: npm install --no-package-lock --@nuxeo:registry="${{ env.NPM_REPOSITORY }}" nuxeo-elements/ui/${ELEMENTS_UI} npm install --no-package-lock --@nuxeo:registry="${{ env.NPM_REPOSITORY }}" nuxeo-elements/dataviz/${ELEMENTS_DATAVIZ} npm install --no-package-lock --@nuxeo:registry="${{ env.NPM_REPOSITORY }}" nuxeo-elements/testing-helpers/${ELEMENTS_HELPERS} - - name: 'Update settings.xml with server configuration' - run: | - echo ' - - - maven-internal - ${{ secrets.PACKAGES_AUTH_USER }} - ${{ secrets.PACKAGES_AUTH_TOKEN }} - - - ' > ~/.m2/settings.xml - + - name: Delete Node Modules run: | rm -rf node_modules From 165bca9d4902ae6617a347f775689cac14ec3047 Mon Sep 17 00:00:00 2001 From: rakeshkumar1019 Date: Fri, 15 Mar 2024 12:00:40 +0530 Subject: [PATCH 15/45] os info --- .github/workflows/veracode.yml | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/.github/workflows/veracode.yml b/.github/workflows/veracode.yml index cae55ceff0..9b88d45577 100644 --- a/.github/workflows/veracode.yml +++ b/.github/workflows/veracode.yml @@ -84,6 +84,21 @@ jobs: ' > ~/.m2/settings.xml + + - name: Get OS Details + run: | + if [ -f /etc/os-release ]; then + source /etc/os-release + echo "Operating System: $PRETTY_NAME" + elif [ -f /etc/redhat-release ]; then + cat /etc/redhat-release + elif [ -f /etc/centos-release ]; then + cat /etc/centos-release + elif [ -f /etc/debian_version ]; then + cat /etc/debian_version + else + echo "Unable to determine operating system" + fi - name: view settings.xml run : cat ~/.m2/settings.xml From cba193a0e1dd67068aeb842afd77cc9b1a699b26 Mon Sep 17 00:00:00 2001 From: rakeshkumar1019 Date: Fri, 15 Mar 2024 12:16:48 +0530 Subject: [PATCH 16/45] install docker --- .github/workflows/veracode.yml | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/.github/workflows/veracode.yml b/.github/workflows/veracode.yml index 9b88d45577..75b631602e 100644 --- a/.github/workflows/veracode.yml +++ b/.github/workflows/veracode.yml @@ -100,6 +100,34 @@ jobs: echo "Unable to determine operating system" fi + - name: Install Docker + run: | + # Update the package index + sudo apt-get update + + # Install necessary packages to allow apt to use a repository over HTTPS + sudo apt-get install -y \ + apt-transport-https \ + ca-certificates \ + curl \ + software-properties-common + + # Add Docker's official GPG key + curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - + + # Add Docker repository to APT sources + sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" + + # Update the package index again + sudo apt-get update + + # Install Docker + sudo apt-get install -y docker-ce + + # Verify Docker installation + sudo docker --version + + - name: view settings.xml run : cat ~/.m2/settings.xml From bfebef768d8be7145c86c7702f0513dc6293976e Mon Sep 17 00:00:00 2001 From: rakeshkumar1019 Date: Fri, 15 Mar 2024 12:21:27 +0530 Subject: [PATCH 17/45] install docker --- .github/workflows/veracode.yml | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/.github/workflows/veracode.yml b/.github/workflows/veracode.yml index 75b631602e..05c73a3504 100644 --- a/.github/workflows/veracode.yml +++ b/.github/workflows/veracode.yml @@ -102,11 +102,8 @@ jobs: - name: Install Docker run: | - # Update the package index - sudo apt-get update - # Install necessary packages to allow apt to use a repository over HTTPS - sudo apt-get install -y \ + apt-get install -y \ apt-transport-https \ ca-certificates \ curl \ @@ -116,16 +113,13 @@ jobs: curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - # Add Docker repository to APT sources - sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" - - # Update the package index again - sudo apt-get update + add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" # Install Docker - sudo apt-get install -y docker-ce + apt-get install -y docker-ce # Verify Docker installation - sudo docker --version + docker --version - name: view settings.xml From 0d0c58b6ccd7e926328e895d72346b3b68bcdf4b Mon Sep 17 00:00:00 2001 From: rakeshkumar1019 Date: Fri, 15 Mar 2024 12:23:44 +0530 Subject: [PATCH 18/45] install docker --- .github/workflows/veracode.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/veracode.yml b/.github/workflows/veracode.yml index 05c73a3504..1305068d86 100644 --- a/.github/workflows/veracode.yml +++ b/.github/workflows/veracode.yml @@ -110,7 +110,7 @@ jobs: software-properties-common # Add Docker's official GPG key - curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - + curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - # Add Docker repository to APT sources add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" From a43fcc3a29a9167db51e5c4e1a7bba843dc9a8ce Mon Sep 17 00:00:00 2001 From: rakeshkumar1019 Date: Fri, 15 Mar 2024 12:33:43 +0530 Subject: [PATCH 19/45] install zip --- .github/workflows/veracode.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/veracode.yml b/.github/workflows/veracode.yml index 1305068d86..2a7adea461 100644 --- a/.github/workflows/veracode.yml +++ b/.github/workflows/veracode.yml @@ -213,7 +213,7 @@ jobs: rm -rf packages/nuxeo-web-ui-ftest/ - name: Install zip - run: sudo apt-get install zip + run: apt-get install zip - name: Zip nuxeo-web-ui run: zip -r nuxeo-web-ui-${{ steps.get-tag.outputs.TAG }}.zip * From 282bfac722a5e3d85d78c8278f69db2af9bc4d28 Mon Sep 17 00:00:00 2001 From: rakeshkumar1019 Date: Fri, 15 Mar 2024 12:41:18 +0530 Subject: [PATCH 20/45] install zip --- .github/workflows/veracode.yml | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/.github/workflows/veracode.yml b/.github/workflows/veracode.yml index 2a7adea461..d259f9c541 100644 --- a/.github/workflows/veracode.yml +++ b/.github/workflows/veracode.yml @@ -222,16 +222,16 @@ jobs: id: get-tag run: echo "::set-output name=TAG::$(git describe --tags --abbrev=0)" - # - name: Veracode Upload And Scan - # uses: veracode/veracode-uploadandscan-action@0.2.6 - # with: - # appname: 'Nuxeo Web UI' - # createprofile: false - # filepath: 'nuxeo-web-ui-${{ steps.get-tag.outputs.TAG }}.zip' - # vid: '${{ secrets.VERACODE_SECRET_API_ID }}' - # vkey: '${{ secrets.VERACODE_SECRET_KEY }}' - # sandboxname: 'master' - # scantimeout: 600 - # include: '*.war, *.zip, *.js, *.html, *.css, *.json' - # criticality: 'VeryHigh' - # includenewmodules: 'true' \ No newline at end of file + - name: Veracode Upload And Scan + uses: veracode/veracode-uploadandscan-action@0.2.6 + with: + appname: 'Nuxeo Web UI' + createprofile: false + filepath: 'nuxeo-web-ui-${{ steps.get-tag.outputs.TAG }}.zip' + vid: '${{ secrets.VERACODE_SECRET_API_ID }}' + vkey: '${{ secrets.VERACODE_SECRET_KEY }}' + sandboxname: 'master' + scantimeout: 600 + include: '*.war, *.zip, *.js, *.html, *.css, *.json' + criticality: 'VeryHigh' + includenewmodules: 'true' \ No newline at end of file From c8ffdda1d8e7b40ed6bf2d6fad949c292aa3a980 Mon Sep 17 00:00:00 2001 From: rakeshkumar1019 Date: Fri, 15 Mar 2024 12:53:44 +0530 Subject: [PATCH 21/45] upload scan --- .github/workflows/veracode.yml | 31 +++++++++++++++++++++---------- 1 file changed, 21 insertions(+), 10 deletions(-) diff --git a/.github/workflows/veracode.yml b/.github/workflows/veracode.yml index d259f9c541..be38bc6fb3 100644 --- a/.github/workflows/veracode.yml +++ b/.github/workflows/veracode.yml @@ -222,16 +222,27 @@ jobs: id: get-tag run: echo "::set-output name=TAG::$(git describe --tags --abbrev=0)" - - name: Veracode Upload And Scan - uses: veracode/veracode-uploadandscan-action@0.2.6 + - name: pipeline-scan action step + id: pipeline-scan + uses: veracode/Veracode-pipeline-scan-action@latest with: - appname: 'Nuxeo Web UI' - createprofile: false - filepath: 'nuxeo-web-ui-${{ steps.get-tag.outputs.TAG }}.zip' vid: '${{ secrets.VERACODE_SECRET_API_ID }}' vkey: '${{ secrets.VERACODE_SECRET_KEY }}' - sandboxname: 'master' - scantimeout: 600 - include: '*.war, *.zip, *.js, *.html, *.css, *.json' - criticality: 'VeryHigh' - includenewmodules: 'true' \ No newline at end of file + file: 'nuxeo-web-ui-${{ steps.get-tag.outputs.TAG }}.zip' + request_policy: "VeraDemo Policy" + fail_build: true + + + # - name: Veracode Upload And Scan + # uses: veracode/veracode-uploadandscan-action@0.2.6 + # with: + # appname: 'Nuxeo Web UI' + # createprofile: false + # filepath: 'nuxeo-web-ui-${{ steps.get-tag.outputs.TAG }}.zip' + # vid: '${{ secrets.VERACODE_SECRET_API_ID }}' + # vkey: '${{ secrets.VERACODE_SECRET_KEY }}' + # sandboxname: 'master' + # scantimeout: 600 + # include: '*.war, *.zip, *.js, *.html, *.css, *.json' + # criticality: 'VeryHigh' + # includenewmodules: 'true' \ No newline at end of file From 7bdeae02dbb3bbfcd1274a3d89f99808ac8792f2 Mon Sep 17 00:00:00 2001 From: rakeshkumar1019 Date: Fri, 15 Mar 2024 12:57:59 +0530 Subject: [PATCH 22/45] ubuntu --- .github/workflows/veracode.yml | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/.github/workflows/veracode.yml b/.github/workflows/veracode.yml index be38bc6fb3..037ec64bf1 100644 --- a/.github/workflows/veracode.yml +++ b/.github/workflows/veracode.yml @@ -54,7 +54,7 @@ jobs: contents: read # for actions/checkout to fetch code security-events: write # for github/codeql-action/upload-sarif to upload SARIF results actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status - runs-on: [ self-hosted, master ] + runs-on: ubuntu-latest steps: # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it and copies all sources into ZIP file for submitting for analysis. Replace this section with your applications build steps @@ -233,16 +233,16 @@ jobs: fail_build: true - # - name: Veracode Upload And Scan - # uses: veracode/veracode-uploadandscan-action@0.2.6 - # with: - # appname: 'Nuxeo Web UI' - # createprofile: false - # filepath: 'nuxeo-web-ui-${{ steps.get-tag.outputs.TAG }}.zip' - # vid: '${{ secrets.VERACODE_SECRET_API_ID }}' - # vkey: '${{ secrets.VERACODE_SECRET_KEY }}' - # sandboxname: 'master' - # scantimeout: 600 - # include: '*.war, *.zip, *.js, *.html, *.css, *.json' - # criticality: 'VeryHigh' - # includenewmodules: 'true' \ No newline at end of file + - name: Veracode Upload And Scan + uses: veracode/veracode-uploadandscan-action@0.2.6 + with: + appname: 'Nuxeo Web UI' + createprofile: false + filepath: 'nuxeo-web-ui-${{ steps.get-tag.outputs.TAG }}.zip' + vid: '${{ secrets.VERACODE_SECRET_API_ID }}' + vkey: '${{ secrets.VERACODE_SECRET_KEY }}' + sandboxname: 'master' + scantimeout: 600 + include: '*.war, *.zip, *.js, *.html, *.css, *.json' + criticality: 'VeryHigh' + includenewmodules: 'true' \ No newline at end of file From 2f74af42b30eb10f781ac7dae8eea4d713ddf7a1 Mon Sep 17 00:00:00 2001 From: rakeshkumar1019 Date: Fri, 15 Mar 2024 12:59:17 +0530 Subject: [PATCH 23/45] ubuntu --- .github/workflows/veracode.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/veracode.yml b/.github/workflows/veracode.yml index 037ec64bf1..ae87c9f0a1 100644 --- a/.github/workflows/veracode.yml +++ b/.github/workflows/veracode.yml @@ -224,7 +224,7 @@ jobs: - name: pipeline-scan action step id: pipeline-scan - uses: veracode/Veracode-pipeline-scan-action@latest + uses: veracode/Veracode-pipeline-scan-action@1.0.14 with: vid: '${{ secrets.VERACODE_SECRET_API_ID }}' vkey: '${{ secrets.VERACODE_SECRET_KEY }}' From 473e1242abe6231d45a28518bdb07787c4c53378 Mon Sep 17 00:00:00 2001 From: rakeshkumar1019 Date: Fri, 15 Mar 2024 13:00:47 +0530 Subject: [PATCH 24/45] ubuntu --- .github/workflows/veracode.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/veracode.yml b/.github/workflows/veracode.yml index ae87c9f0a1..ed9b82ff6b 100644 --- a/.github/workflows/veracode.yml +++ b/.github/workflows/veracode.yml @@ -224,7 +224,7 @@ jobs: - name: pipeline-scan action step id: pipeline-scan - uses: veracode/Veracode-pipeline-scan-action@1.0.14 + uses: veracode/Veracode-pipeline-scan-action@v1.0.12 with: vid: '${{ secrets.VERACODE_SECRET_API_ID }}' vkey: '${{ secrets.VERACODE_SECRET_KEY }}' From ca543ad1c739ca24cc8131f929857b6c6f808db8 Mon Sep 17 00:00:00 2001 From: rakeshkumar1019 Date: Mon, 18 Mar 2024 11:38:48 +0530 Subject: [PATCH 25/45] two yml --- .github/workflows/veracode-build.yml | 166 +++++++++++++++++++++++++++ .github/workflows/veracode-scan.yml | 65 +++++++++++ 2 files changed, 231 insertions(+) create mode 100644 .github/workflows/veracode-build.yml create mode 100644 .github/workflows/veracode-scan.yml diff --git a/.github/workflows/veracode-build.yml b/.github/workflows/veracode-build.yml new file mode 100644 index 0000000000..c60e7b7e3d --- /dev/null +++ b/.github/workflows/veracode-build.yml @@ -0,0 +1,166 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +# This workflow will initiate a Veracode Static Analysis Pipeline scan, return a results.json and convert to SARIF for upload as a code scanning alert + +name: Veracode Build + +on: + pull_request: + # The branches below must be a subset of the branches above + branches: [ "maintenance-3.0.x" ] + schedule: + # At 20:00 every day + - cron: '0 20 * * *' + workflow_call: + inputs: + branch: + description: 'The branch to Analyze' + type: string + required: true + secrets: + NPM_PACKAGES_TOKEN: + description: 'NPM_PACKAGES_TOKEN' + required: true + PACKAGES_AUTH_USER: + description: 'PACKAGES_AUTH_USER' + required: true + PACKAGES_AUTH_TOKEN: + description: 'PACKAGES_AUTH_TOKEN' + required: true + VERACODE_API_ID: + description: 'VERACODE_API_ID' + required: true + VERACODE_API_KEY: + description: 'VERACODE_API_KEY' + required: true + +env: + REFERENCE_BRANCH: maintenance-3.0.x + NPM_REPOSITORY: https://packages.nuxeo.com/repository/npm-public/ + BRANCH_NAME: ${{ github.head_ref || inputs.branch || 'maintenance-3.0.x' }} + +# A workflow run is made up of one or more jobs that can run sequentially or in parallel +permissions: + contents: read + +jobs: + # This workflow contains a job to build and submit pipeline scan, you will need to customize the build process accordingly and make sure the artifact you build is used as the file input to the pipeline scan file parameter + sast-scan: + # The type of runner that the job will run on + permissions: + contents: read # for actions/checkout to fetch code + security-events: write # for github/codeql-action/upload-sarif to upload SARIF results + actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status + runs-on: [self-hosted, master] + steps: + + # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it and copies all sources into ZIP file for submitting for analysis. Replace this section with your applications build steps + - uses: actions/checkout@v2 + with: + ref: ${{ env.BRANCH_NAME }} + + - uses: actions/setup-node@v1 + with: + registry-url: ${{ env.NPM_REPOSITORY }} + node-version: 18 + scope: '@nuxeo' + + - uses: actions/setup-java@v2 + with: + distribution: 'zulu' + java-version: '11' + + - name: Determine nuxeo-elements branch to link + id: pick_nuxeo_elements_branch + run: | + if git ls-remote --exit-code --heads https://github.com/nuxeo/nuxeo-elements ${{ env.BRANCH_NAME }}; then + echo ::set-output name=branch::${{ env.BRANCH_NAME }} + else + echo ::set-output name=branch::${{ env.REFERENCE_BRANCH }} + fi + - name: Install Web UI + env: + NODE_AUTH_TOKEN: ${{ secrets.NPM_PACKAGES_TOKEN }} + run: | + npm install + pushd packages/nuxeo-web-ui-ftest + npm install + popd + - name: Checkout the nuxeo-elements repo + uses: actions/checkout@v2 + with: + repository: nuxeo/nuxeo-elements + path: nuxeo-elements + fetch-depth: 1 + ref: ${{ steps.pick_nuxeo_elements_branch.outputs.branch }} + + - name: Pack Elements modules + run: | + pushd nuxeo-elements + pushd core + echo "ELEMENTS_CORE=$(npm pack 2>&1 | tail -1)" >> $GITHUB_ENV + popd + pushd ui + echo "ELEMENTS_UI=$(npm pack 2>&1 | tail -1)" >> $GITHUB_ENV + popd + pushd dataviz + echo "ELEMENTS_DATAVIZ=$(npm pack 2>&1 | tail -1)" >> $GITHUB_ENV + popd + pushd testing-helpers + echo "ELEMENTS_HELPERS=$(npm pack 2>&1 | tail -1)" >> $GITHUB_ENV + popd + popd + + - name: Link elements to Web UI + run: | + npm install --no-package-lock --@nuxeo:registry="${{ env.NPM_REPOSITORY }}" nuxeo-elements/core/${ELEMENTS_CORE} + npm install --no-package-lock --@nuxeo:registry="${{ env.NPM_REPOSITORY }}" nuxeo-elements/ui/${ELEMENTS_UI} + npm install --no-package-lock --@nuxeo:registry="${{ env.NPM_REPOSITORY }}" nuxeo-elements/dataviz/${ELEMENTS_DATAVIZ} + npm install --no-package-lock --@nuxeo:registry="${{ env.NPM_REPOSITORY }}" nuxeo-elements/testing-helpers/${ELEMENTS_HELPERS} + - name: 'Update settings.xml with server configuration' + run: | + echo ' + + + maven-internal + ${{ secrets.PACKAGES_AUTH_USER }} + ${{ secrets.PACKAGES_AUTH_TOKEN }} + + + ' > ~/.m2/settings.xml + + - name: Delete Node Modules + run: | + rm -rf node_modules + rm -rf packages/nuxeo-designer-catalog/node_modules + rm -rf packages/nuxeo-web-ui-ftest/node_modules + rm -rf plugin/a11y/node_modules + + - name: Delete Test Folders + run: | + rm -rf nuxeo-elements/testing-helpers/ + rm -rf nuxeo-elements/ui/test/ + rm -rf nuxeo-elements/storybook/ + rm -rf ftest/ + rm -rf plugin/ + rm -rf scripts/ + rm -rf test/ + rm -rf packages/nuxeo-web-ui-ftest/ + + - name: Install zip + run: sudo apt-get install zip + + - name: Zip nuxeo-web-ui + run: | + echo nuxeo-web-ui-${{ steps.get-tag.outputs.TAG }}.zip + zip -r nuxeo-web-ui-${{ steps.get-tag.outputs.TAG }}.zip * + + - name: Upload ZIP as artifact + uses: actions/upload-artifact@v2 + with: + name: nuxeo-web-ui + path: nuxeo-web-ui.zip + \ No newline at end of file diff --git a/.github/workflows/veracode-scan.yml b/.github/workflows/veracode-scan.yml new file mode 100644 index 0000000000..56b49d32d0 --- /dev/null +++ b/.github/workflows/veracode-scan.yml @@ -0,0 +1,65 @@ +name: Veracode Build + +on: + workflow_run: + workflows: ["Veracode Build"] + types: + - completed + workflow_call: + inputs: + branch: + description: 'The branch to Analyze' + type: string + required: true + secrets: + NPM_PACKAGES_TOKEN: + description: 'NPM_PACKAGES_TOKEN' + required: true + PACKAGES_AUTH_USER: + description: 'PACKAGES_AUTH_USER' + required: true + PACKAGES_AUTH_TOKEN: + description: 'PACKAGES_AUTH_TOKEN' + required: true + VERACODE_API_ID: + description: 'VERACODE_API_ID' + required: true + VERACODE_API_KEY: + description: 'VERACODE_API_KEY' + required: true + +env: + REFERENCE_BRANCH: maintenance-3.0.x + NPM_REPOSITORY: https://packages.nuxeo.com/repository/npm-public/ + BRANCH_NAME: ${{ github.head_ref || inputs.branch || 'maintenance-3.0.x' }} + +permissions: + contents: read + +jobs: + sast-scan: + permissions: + contents: read + security-events: write + actions: read + runs-on: ubuntu-latest + steps: + - name: Download artifact + uses: actions/download-artifact@v2 + with: + name: nuxeo-web-ui + path: . + + - name: Veracode Upload And Scan + uses: veracode/veracode-uploadandscan-action@0.2.6 + with: + appname: 'Nuxeo Web UI' + createprofile: false + filepath: 'nuxeo-web-ui.zip' + vid: '${{ secrets.VERACODE_SECRET_API_ID }}' + vkey: '${{ secrets.VERACODE_SECRET_KEY }}' + sandboxname: 'master' + scantimeout: 600 + include: '*.war, *.zip, *.js, *.html, *.css, *.json' + criticality: 'VeryHigh' + includenewmodules: 'true' From 760f67ffc3c1542b3ab93f4fa18617f3832a5906 Mon Sep 17 00:00:00 2001 From: rakeshkumar1019 Date: Mon, 18 Mar 2024 12:09:30 +0530 Subject: [PATCH 26/45] two yml --- .github/workflows/veracode-build.yml | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/.github/workflows/veracode-build.yml b/.github/workflows/veracode-build.yml index c60e7b7e3d..c079f1753e 100644 --- a/.github/workflows/veracode-build.yml +++ b/.github/workflows/veracode-build.yml @@ -114,6 +114,19 @@ jobs: popd popd + - name: add .npmrc + run: | + pushd /tmp/_temp/ + ls + rm .npmrc + touch .npmrc + popd + echo ' + packages.nuxeo.com/repository/npm-public/:_auth=${NODE_AUTH_TOKEN} + @nuxeo:registry=https://packages.nuxeo.com/repository/npm-public/ + always-auth=true + ' >> /tmp/_temp/.npmrc + - name: Link elements to Web UI run: | npm install --no-package-lock --@nuxeo:registry="${{ env.NPM_REPOSITORY }}" nuxeo-elements/core/${ELEMENTS_CORE} @@ -156,7 +169,7 @@ jobs: - name: Zip nuxeo-web-ui run: | echo nuxeo-web-ui-${{ steps.get-tag.outputs.TAG }}.zip - zip -r nuxeo-web-ui-${{ steps.get-tag.outputs.TAG }}.zip * + zip -r nuxeo-web-ui.zip * - name: Upload ZIP as artifact uses: actions/upload-artifact@v2 From 91c87142ad5f524a21d071831992aada6fd38b3e Mon Sep 17 00:00:00 2001 From: rakeshkumar1019 Date: Mon, 18 Mar 2024 12:11:56 +0530 Subject: [PATCH 27/45] split vercode --- .github/workflows/veracode-scan.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/veracode-scan.yml b/.github/workflows/veracode-scan.yml index 56b49d32d0..070a8c4226 100644 --- a/.github/workflows/veracode-scan.yml +++ b/.github/workflows/veracode-scan.yml @@ -1,4 +1,4 @@ -name: Veracode Build +name: Veracode Scan on: workflow_run: From bb75155b67ac6e271975a05494fc08af1055e95e Mon Sep 17 00:00:00 2001 From: rakeshkumar1019 Date: Mon, 18 Mar 2024 12:16:07 +0530 Subject: [PATCH 28/45] split vercode --- .github/workflows/veracode.yml | 248 --------------------------------- 1 file changed, 248 deletions(-) delete mode 100644 .github/workflows/veracode.yml diff --git a/.github/workflows/veracode.yml b/.github/workflows/veracode.yml deleted file mode 100644 index ed9b82ff6b..0000000000 --- a/.github/workflows/veracode.yml +++ /dev/null @@ -1,248 +0,0 @@ -# This workflow uses actions that are not certified by GitHub. -# They are provided by a third-party and are governed by -# separate terms of service, privacy policy, and support -# documentation. - -# This workflow will initiate a Veracode Static Analysis Pipeline scan, return a results.json and convert to SARIF for upload as a code scanning alert - -name: Veracode - -on: - pull_request: - # The branches below must be a subset of the branches above - branches: [ "maintenance-3.0.x" ] - schedule: - # At 20:00 every day - - cron: '0 20 * * *' - workflow_call: - inputs: - branch: - description: 'The branch to Analyze' - type: string - required: true - secrets: - NPM_PACKAGES_TOKEN: - description: 'NPM_PACKAGES_TOKEN' - required: true - PACKAGES_AUTH_USER: - description: 'PACKAGES_AUTH_USER' - required: true - PACKAGES_AUTH_TOKEN: - description: 'PACKAGES_AUTH_TOKEN' - required: true - VERACODE_API_ID: - description: 'VERACODE_API_ID' - required: true - VERACODE_API_KEY: - description: 'VERACODE_API_KEY' - required: true - -env: - REFERENCE_BRANCH: maintenance-3.0.x - NPM_REPOSITORY: https://packages.nuxeo.com/repository/npm-public/ - BRANCH_NAME: ${{ github.head_ref || inputs.branch || 'maintenance-3.0.x' }} - -# A workflow run is made up of one or more jobs that can run sequentially or in parallel -permissions: - contents: read - -jobs: - # This workflow contains a job to build and submit pipeline scan, you will need to customize the build process accordingly and make sure the artifact you build is used as the file input to the pipeline scan file parameter - sast-scan: - # The type of runner that the job will run on - permissions: - contents: read # for actions/checkout to fetch code - security-events: write # for github/codeql-action/upload-sarif to upload SARIF results - actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status - runs-on: ubuntu-latest - steps: - - # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it and copies all sources into ZIP file for submitting for analysis. Replace this section with your applications build steps - - uses: actions/checkout@v2 - with: - ref: ${{ env.BRANCH_NAME }} - - - uses: actions/setup-node@v3 - with: - registry-url: ${{ env.NPM_REPOSITORY }} - node-version: 18 - scope: '@nuxeo' - - - uses: actions/setup-java@v2 - with: - distribution: 'zulu' - java-version: '11' - - - name: 'Update settings.xml with server configuration' - run: | - echo ' - - - maven-internal - ${{ secrets.PACKAGES_AUTH_USER }} - ${{ secrets.PACKAGES_AUTH_TOKEN }} - - - ' > ~/.m2/settings.xml - - - name: Get OS Details - run: | - if [ -f /etc/os-release ]; then - source /etc/os-release - echo "Operating System: $PRETTY_NAME" - elif [ -f /etc/redhat-release ]; then - cat /etc/redhat-release - elif [ -f /etc/centos-release ]; then - cat /etc/centos-release - elif [ -f /etc/debian_version ]; then - cat /etc/debian_version - else - echo "Unable to determine operating system" - fi - - - name: Install Docker - run: | - # Install necessary packages to allow apt to use a repository over HTTPS - apt-get install -y \ - apt-transport-https \ - ca-certificates \ - curl \ - software-properties-common - - # Add Docker's official GPG key - curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - - - # Add Docker repository to APT sources - add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" - - # Install Docker - apt-get install -y docker-ce - - # Verify Docker installation - docker --version - - - - name: view settings.xml - run : cat ~/.m2/settings.xml - - - name: Check Nexus Repository Authentication - run: | - curl -u ${{ secrets.PACKAGES_AUTH_USER }}:${{ secrets.PACKAGES_AUTH_TOKEN }} ${{ env.NPM_REPOSITORY }} - - - name: Determine nuxeo-elements branch to link - id: pick_nuxeo_elements_branch - run: | - if git ls-remote --exit-code --heads https://github.com/nuxeo/nuxeo-elements ${{ env.BRANCH_NAME }}; then - echo ::set-output name=branch::${{ env.BRANCH_NAME }} - else - echo ::set-output name=branch::${{ env.REFERENCE_BRANCH }} - fi - - - name: Install Web UI - env: - NODE_AUTH_TOKEN: ${{ secrets.NPM_PACKAGES_TOKEN }} - run: | - npm install - pushd packages/nuxeo-web-ui-ftest - npm install - popd - - - name: Checkout the nuxeo-elements repo - uses: actions/checkout@v2 - with: - repository: nuxeo/nuxeo-elements - path: nuxeo-elements - fetch-depth: 1 - ref: ${{ steps.pick_nuxeo_elements_branch.outputs.branch }} - - - - name: Pack Elements modules - run: | - pushd nuxeo-elements - pushd core - echo "ELEMENTS_CORE=$(npm pack 2>&1 | tail -1)" >> $GITHUB_ENV - popd - pushd ui - echo "ELEMENTS_UI=$(npm pack 2>&1 | tail -1)" >> $GITHUB_ENV - popd - pushd dataviz - echo "ELEMENTS_DATAVIZ=$(npm pack 2>&1 | tail -1)" >> $GITHUB_ENV - popd - pushd testing-helpers - echo "ELEMENTS_HELPERS=$(npm pack 2>&1 | tail -1)" >> $GITHUB_ENV - popd - popd - - - name: add .npmrc - run: | - pushd /tmp/_temp/ - ls - rm .npmrc - touch .npmrc - popd - echo ' - packages.nuxeo.com/repository/npm-public/:_auth=${NODE_AUTH_TOKEN} - @nuxeo:registry=https://packages.nuxeo.com/repository/npm-public/ - always-auth=true - ' >> /tmp/_temp/.npmrc - - - name: Link elements to Web UI - run: | - npm config set @nuxeo:registry https://packages.nuxeo.com/repository/npm-public/ - npm install --no-package-lock --@nuxeo:registry="${{ env.NPM_REPOSITORY }}" nuxeo-elements/core/${ELEMENTS_CORE} - npm install --no-package-lock --@nuxeo:registry="${{ env.NPM_REPOSITORY }}" nuxeo-elements/ui/${ELEMENTS_UI} - npm install --no-package-lock --@nuxeo:registry="${{ env.NPM_REPOSITORY }}" nuxeo-elements/dataviz/${ELEMENTS_DATAVIZ} - npm install --no-package-lock --@nuxeo:registry="${{ env.NPM_REPOSITORY }}" nuxeo-elements/testing-helpers/${ELEMENTS_HELPERS} - - - name: Delete Node Modules - run: | - rm -rf node_modules - rm -rf packages/nuxeo-designer-catalog/node_modules - rm -rf packages/nuxeo-web-ui-ftest/node_modules - rm -rf plugin/a11y/node_modules - - - name: Delete Test Folders - run: | - rm -rf nuxeo-elements/testing-helpers/ - rm -rf nuxeo-elements/ui/test/ - rm -rf nuxeo-elements/storybook/ - rm -rf ftest/ - rm -rf plugin/ - rm -rf scripts/ - rm -rf test/ - rm -rf packages/nuxeo-web-ui-ftest/ - - - name: Install zip - run: apt-get install zip - - - name: Zip nuxeo-web-ui - run: zip -r nuxeo-web-ui-${{ steps.get-tag.outputs.TAG }}.zip * - - - name: Get Latest Tag - id: get-tag - run: echo "::set-output name=TAG::$(git describe --tags --abbrev=0)" - - - name: pipeline-scan action step - id: pipeline-scan - uses: veracode/Veracode-pipeline-scan-action@v1.0.12 - with: - vid: '${{ secrets.VERACODE_SECRET_API_ID }}' - vkey: '${{ secrets.VERACODE_SECRET_KEY }}' - file: 'nuxeo-web-ui-${{ steps.get-tag.outputs.TAG }}.zip' - request_policy: "VeraDemo Policy" - fail_build: true - - - - name: Veracode Upload And Scan - uses: veracode/veracode-uploadandscan-action@0.2.6 - with: - appname: 'Nuxeo Web UI' - createprofile: false - filepath: 'nuxeo-web-ui-${{ steps.get-tag.outputs.TAG }}.zip' - vid: '${{ secrets.VERACODE_SECRET_API_ID }}' - vkey: '${{ secrets.VERACODE_SECRET_KEY }}' - sandboxname: 'master' - scantimeout: 600 - include: '*.war, *.zip, *.js, *.html, *.css, *.json' - criticality: 'VeryHigh' - includenewmodules: 'true' \ No newline at end of file From ae4b34741feb05780c97525ff4801b1d1085cce2 Mon Sep 17 00:00:00 2001 From: rakeshkumar1019 Date: Mon, 18 Mar 2024 12:23:56 +0530 Subject: [PATCH 29/45] split vercode --- .github/workflows/veracode-build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/veracode-build.yml b/.github/workflows/veracode-build.yml index c079f1753e..e9cb6412fa 100644 --- a/.github/workflows/veracode-build.yml +++ b/.github/workflows/veracode-build.yml @@ -164,7 +164,7 @@ jobs: rm -rf packages/nuxeo-web-ui-ftest/ - name: Install zip - run: sudo apt-get install zip + run: apt-get install zip - name: Zip nuxeo-web-ui run: | From ba7a0dc761a1cefdc6119017243250ea3a6d4cf4 Mon Sep 17 00:00:00 2001 From: rakeshkumar1019 Date: Mon, 18 Mar 2024 12:51:00 +0530 Subject: [PATCH 30/45] latest tag --- .github/workflows/veracode-build.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/veracode-build.yml b/.github/workflows/veracode-build.yml index e9cb6412fa..12b567a813 100644 --- a/.github/workflows/veracode-build.yml +++ b/.github/workflows/veracode-build.yml @@ -57,6 +57,12 @@ jobs: runs-on: [self-hosted, master] steps: + + - name: Determine latest tag + id: latest_tag + run: | + echo "::set-output name=TAG::$(git describe --tags `git rev-list --tags --max-count=1`)" + echo nuxeo-web-ui-${{ steps.latest_tag.outputs.TAG }}.zip # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it and copies all sources into ZIP file for submitting for analysis. Replace this section with your applications build steps - uses: actions/checkout@v2 with: From c5063478500d407b1d10b6c12beddf460ecee58b Mon Sep 17 00:00:00 2001 From: rakeshkumar1019 Date: Mon, 18 Mar 2024 13:04:10 +0530 Subject: [PATCH 31/45] latest tag rc --- .github/workflows/veracode-build.yml | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/.github/workflows/veracode-build.yml b/.github/workflows/veracode-build.yml index 12b567a813..5da05c98f3 100644 --- a/.github/workflows/veracode-build.yml +++ b/.github/workflows/veracode-build.yml @@ -58,11 +58,14 @@ jobs: steps: - - name: Determine latest tag - id: latest_tag + - name: Set env + run: echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV + + - name: Test run: | - echo "::set-output name=TAG::$(git describe --tags `git rev-list --tags --max-count=1`)" - echo nuxeo-web-ui-${{ steps.latest_tag.outputs.TAG }}.zip + echo $RELEASE_VERSION + echo ${{ env.RELEASE_VERSION }} + # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it and copies all sources into ZIP file for submitting for analysis. Replace this section with your applications build steps - uses: actions/checkout@v2 with: From 41fe1563b701ca99e859e9910099c1226b3eb6ea Mon Sep 17 00:00:00 2001 From: rakeshkumar1019 Date: Mon, 18 Mar 2024 13:17:59 +0530 Subject: [PATCH 32/45] latest tag rc --- .github/workflows/veracode-build.yml | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/.github/workflows/veracode-build.yml b/.github/workflows/veracode-build.yml index 5da05c98f3..e23df582c2 100644 --- a/.github/workflows/veracode-build.yml +++ b/.github/workflows/veracode-build.yml @@ -58,13 +58,20 @@ jobs: steps: - - name: Set env - run: echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV + - name: Get Tags + id: tags + run: | + git fetch --tags + echo "Tags fetched" + - name: Get Latest Tag + id: latest-tag + run: | + latest_tag=$(git describe --tags `git rev-list --tags --max-count=1`) + echo "LATEST_TAG=$latest_tag" >> $GITHUB_ENV - - name: Test + - name: Use Latest Tag run: | - echo $RELEASE_VERSION - echo ${{ env.RELEASE_VERSION }} + echo "The latest tag is $LATEST_TAG" # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it and copies all sources into ZIP file for submitting for analysis. Replace this section with your applications build steps - uses: actions/checkout@v2 From f69f70bcdfb8ddef3ef144dd6ccf4117514ee90d Mon Sep 17 00:00:00 2001 From: rakeshkumar1019 Date: Mon, 18 Mar 2024 13:27:49 +0530 Subject: [PATCH 33/45] build with maintaince branch --- .github/workflows/veracode-build.yml | 28 ++-------------------------- 1 file changed, 2 insertions(+), 26 deletions(-) diff --git a/.github/workflows/veracode-build.yml b/.github/workflows/veracode-build.yml index e23df582c2..cac0f125c7 100644 --- a/.github/workflows/veracode-build.yml +++ b/.github/workflows/veracode-build.yml @@ -40,7 +40,7 @@ on: env: REFERENCE_BRANCH: maintenance-3.0.x NPM_REPOSITORY: https://packages.nuxeo.com/repository/npm-public/ - BRANCH_NAME: ${{ github.head_ref || inputs.branch || 'maintenance-3.0.x' }} + BRANCH_NAME: ${{ 'maintenance-3.0.x' }} # A workflow run is made up of one or more jobs that can run sequentially or in parallel permissions: @@ -57,22 +57,6 @@ jobs: runs-on: [self-hosted, master] steps: - - - name: Get Tags - id: tags - run: | - git fetch --tags - echo "Tags fetched" - - name: Get Latest Tag - id: latest-tag - run: | - latest_tag=$(git describe --tags `git rev-list --tags --max-count=1`) - echo "LATEST_TAG=$latest_tag" >> $GITHUB_ENV - - - name: Use Latest Tag - run: | - echo "The latest tag is $LATEST_TAG" - # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it and copies all sources into ZIP file for submitting for analysis. Replace this section with your applications build steps - uses: actions/checkout@v2 with: @@ -89,14 +73,6 @@ jobs: distribution: 'zulu' java-version: '11' - - name: Determine nuxeo-elements branch to link - id: pick_nuxeo_elements_branch - run: | - if git ls-remote --exit-code --heads https://github.com/nuxeo/nuxeo-elements ${{ env.BRANCH_NAME }}; then - echo ::set-output name=branch::${{ env.BRANCH_NAME }} - else - echo ::set-output name=branch::${{ env.REFERENCE_BRANCH }} - fi - name: Install Web UI env: NODE_AUTH_TOKEN: ${{ secrets.NPM_PACKAGES_TOKEN }} @@ -111,7 +87,7 @@ jobs: repository: nuxeo/nuxeo-elements path: nuxeo-elements fetch-depth: 1 - ref: ${{ steps.pick_nuxeo_elements_branch.outputs.branch }} + ref: ${{ env.BRANCH_NAME }} - name: Pack Elements modules run: | From 8f31f4f04e5f1a1238ce0a40d6e78339d17fe6fa Mon Sep 17 00:00:00 2001 From: rakeshkumar1019 Date: Mon, 18 Mar 2024 13:38:04 +0530 Subject: [PATCH 34/45] snapshot issue --- package.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/package.json b/package.json index ed0622cf0a..8cc7bc6ed4 100644 --- a/package.json +++ b/package.json @@ -14,7 +14,7 @@ }, "devDependencies": { "@nuxeo/nuxeo-web-ui-ftest": "file:./packages/nuxeo-web-ui-ftest", - "@nuxeo/testing-helpers": "~3.0.32-rc", + "@nuxeo/testing-helpers": "~3.0.32-rc.0", "@open-wc/eslint-config": "^0.3.0", "@open-wc/karma-esm": "^2.13.21", "@open-wc/prettier-config": "^0.1.0", @@ -109,9 +109,9 @@ "@material/mwc-snackbar": "^0.26.1", "@nuxeo/chart-elements": "^4.0.0-nx.1", "@nuxeo/moment": "^2.24.0-nx.0", - "@nuxeo/nuxeo-dataviz-elements": "~3.0.32-rc", - "@nuxeo/nuxeo-elements": "~3.0.32-rc", - "@nuxeo/nuxeo-ui-elements": "~3.0.32-rc", + "@nuxeo/nuxeo-dataviz-elements": "~3.0.32-rc.0", + "@nuxeo/nuxeo-elements": "~3.0.32-rc.0", + "@nuxeo/nuxeo-ui-elements": "~3.0.32-rc.0", "@nuxeo/page": "^1.11.4-nx.0", "@polymer/app-layout": "^3.1.0", "@polymer/iron-a11y-announcer": "^3.2.0", From 45f7b15cc8277cabbc857161151fe9923dcbee13 Mon Sep 17 00:00:00 2001 From: rakeshkumar1019 Date: Mon, 18 Mar 2024 14:00:39 +0530 Subject: [PATCH 35/45] snapshot test cuurent branch --- .github/workflows/veracode-build.yml | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/.github/workflows/veracode-build.yml b/.github/workflows/veracode-build.yml index cac0f125c7..e9cb6412fa 100644 --- a/.github/workflows/veracode-build.yml +++ b/.github/workflows/veracode-build.yml @@ -40,7 +40,7 @@ on: env: REFERENCE_BRANCH: maintenance-3.0.x NPM_REPOSITORY: https://packages.nuxeo.com/repository/npm-public/ - BRANCH_NAME: ${{ 'maintenance-3.0.x' }} + BRANCH_NAME: ${{ github.head_ref || inputs.branch || 'maintenance-3.0.x' }} # A workflow run is made up of one or more jobs that can run sequentially or in parallel permissions: @@ -73,6 +73,14 @@ jobs: distribution: 'zulu' java-version: '11' + - name: Determine nuxeo-elements branch to link + id: pick_nuxeo_elements_branch + run: | + if git ls-remote --exit-code --heads https://github.com/nuxeo/nuxeo-elements ${{ env.BRANCH_NAME }}; then + echo ::set-output name=branch::${{ env.BRANCH_NAME }} + else + echo ::set-output name=branch::${{ env.REFERENCE_BRANCH }} + fi - name: Install Web UI env: NODE_AUTH_TOKEN: ${{ secrets.NPM_PACKAGES_TOKEN }} @@ -87,7 +95,7 @@ jobs: repository: nuxeo/nuxeo-elements path: nuxeo-elements fetch-depth: 1 - ref: ${{ env.BRANCH_NAME }} + ref: ${{ steps.pick_nuxeo_elements_branch.outputs.branch }} - name: Pack Elements modules run: | From 964bcde36cfcc413745504e822dead62740f90a3 Mon Sep 17 00:00:00 2001 From: rakeshkumar1019 Date: Mon, 18 Mar 2024 14:04:59 +0530 Subject: [PATCH 36/45] 3.0.31-rc.0 --- package.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/package.json b/package.json index 8cc7bc6ed4..ca02841d38 100644 --- a/package.json +++ b/package.json @@ -14,7 +14,7 @@ }, "devDependencies": { "@nuxeo/nuxeo-web-ui-ftest": "file:./packages/nuxeo-web-ui-ftest", - "@nuxeo/testing-helpers": "~3.0.32-rc.0", + "@nuxeo/testing-helpers": "~3.0.31-rc.0", "@open-wc/eslint-config": "^0.3.0", "@open-wc/karma-esm": "^2.13.21", "@open-wc/prettier-config": "^0.1.0", @@ -109,9 +109,9 @@ "@material/mwc-snackbar": "^0.26.1", "@nuxeo/chart-elements": "^4.0.0-nx.1", "@nuxeo/moment": "^2.24.0-nx.0", - "@nuxeo/nuxeo-dataviz-elements": "~3.0.32-rc.0", - "@nuxeo/nuxeo-elements": "~3.0.32-rc.0", - "@nuxeo/nuxeo-ui-elements": "~3.0.32-rc.0", + "@nuxeo/nuxeo-dataviz-elements": "~3.0.31-rc.0", + "@nuxeo/nuxeo-elements": "~3.0.31-rc.0", + "@nuxeo/nuxeo-ui-elements": "~3.0.31-rc.0", "@nuxeo/page": "^1.11.4-nx.0", "@polymer/app-layout": "^3.1.0", "@polymer/iron-a11y-announcer": "^3.2.0", From 3527cbeea9d702071af5f8c3178ceec3b830ec66 Mon Sep 17 00:00:00 2001 From: rakeshkumar1019 Date: Mon, 18 Mar 2024 14:29:44 +0530 Subject: [PATCH 37/45] workflow_dispatch: --- .github/workflows/veracode-scan.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/veracode-scan.yml b/.github/workflows/veracode-scan.yml index 070a8c4226..54fb3fca09 100644 --- a/.github/workflows/veracode-scan.yml +++ b/.github/workflows/veracode-scan.yml @@ -5,6 +5,7 @@ on: workflows: ["Veracode Build"] types: - completed + workflow_dispatch: workflow_call: inputs: branch: From 54b05bda9263be974ea68714344963e7165adacb Mon Sep 17 00:00:00 2001 From: rakeshkumar1019 Date: Mon, 18 Mar 2024 14:46:03 +0530 Subject: [PATCH 38/45] two in one --- .github/workflows/veracode-build.yml | 355 ++++++++++++------------ .github/workflows/veracode-scan.yml | 122 ++++---- .github/workflows/veracode-sec-scan.yml | 205 ++++++++++++++ 3 files changed, 443 insertions(+), 239 deletions(-) create mode 100644 .github/workflows/veracode-sec-scan.yml diff --git a/.github/workflows/veracode-build.yml b/.github/workflows/veracode-build.yml index e9cb6412fa..cd619b4943 100644 --- a/.github/workflows/veracode-build.yml +++ b/.github/workflows/veracode-build.yml @@ -1,179 +1,178 @@ -# This workflow uses actions that are not certified by GitHub. -# They are provided by a third-party and are governed by -# separate terms of service, privacy policy, and support -# documentation. - -# This workflow will initiate a Veracode Static Analysis Pipeline scan, return a results.json and convert to SARIF for upload as a code scanning alert - -name: Veracode Build - -on: - pull_request: - # The branches below must be a subset of the branches above - branches: [ "maintenance-3.0.x" ] - schedule: - # At 20:00 every day - - cron: '0 20 * * *' - workflow_call: - inputs: - branch: - description: 'The branch to Analyze' - type: string - required: true - secrets: - NPM_PACKAGES_TOKEN: - description: 'NPM_PACKAGES_TOKEN' - required: true - PACKAGES_AUTH_USER: - description: 'PACKAGES_AUTH_USER' - required: true - PACKAGES_AUTH_TOKEN: - description: 'PACKAGES_AUTH_TOKEN' - required: true - VERACODE_API_ID: - description: 'VERACODE_API_ID' - required: true - VERACODE_API_KEY: - description: 'VERACODE_API_KEY' - required: true - -env: - REFERENCE_BRANCH: maintenance-3.0.x - NPM_REPOSITORY: https://packages.nuxeo.com/repository/npm-public/ - BRANCH_NAME: ${{ github.head_ref || inputs.branch || 'maintenance-3.0.x' }} - -# A workflow run is made up of one or more jobs that can run sequentially or in parallel -permissions: - contents: read - -jobs: - # This workflow contains a job to build and submit pipeline scan, you will need to customize the build process accordingly and make sure the artifact you build is used as the file input to the pipeline scan file parameter - sast-scan: - # The type of runner that the job will run on - permissions: - contents: read # for actions/checkout to fetch code - security-events: write # for github/codeql-action/upload-sarif to upload SARIF results - actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status - runs-on: [self-hosted, master] - steps: - - # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it and copies all sources into ZIP file for submitting for analysis. Replace this section with your applications build steps - - uses: actions/checkout@v2 - with: - ref: ${{ env.BRANCH_NAME }} - - - uses: actions/setup-node@v1 - with: - registry-url: ${{ env.NPM_REPOSITORY }} - node-version: 18 - scope: '@nuxeo' - - - uses: actions/setup-java@v2 - with: - distribution: 'zulu' - java-version: '11' - - - name: Determine nuxeo-elements branch to link - id: pick_nuxeo_elements_branch - run: | - if git ls-remote --exit-code --heads https://github.com/nuxeo/nuxeo-elements ${{ env.BRANCH_NAME }}; then - echo ::set-output name=branch::${{ env.BRANCH_NAME }} - else - echo ::set-output name=branch::${{ env.REFERENCE_BRANCH }} - fi - - name: Install Web UI - env: - NODE_AUTH_TOKEN: ${{ secrets.NPM_PACKAGES_TOKEN }} - run: | - npm install - pushd packages/nuxeo-web-ui-ftest - npm install - popd - - name: Checkout the nuxeo-elements repo - uses: actions/checkout@v2 - with: - repository: nuxeo/nuxeo-elements - path: nuxeo-elements - fetch-depth: 1 - ref: ${{ steps.pick_nuxeo_elements_branch.outputs.branch }} - - - name: Pack Elements modules - run: | - pushd nuxeo-elements - pushd core - echo "ELEMENTS_CORE=$(npm pack 2>&1 | tail -1)" >> $GITHUB_ENV - popd - pushd ui - echo "ELEMENTS_UI=$(npm pack 2>&1 | tail -1)" >> $GITHUB_ENV - popd - pushd dataviz - echo "ELEMENTS_DATAVIZ=$(npm pack 2>&1 | tail -1)" >> $GITHUB_ENV - popd - pushd testing-helpers - echo "ELEMENTS_HELPERS=$(npm pack 2>&1 | tail -1)" >> $GITHUB_ENV - popd - popd - - - name: add .npmrc - run: | - pushd /tmp/_temp/ - ls - rm .npmrc - touch .npmrc - popd - echo ' - packages.nuxeo.com/repository/npm-public/:_auth=${NODE_AUTH_TOKEN} - @nuxeo:registry=https://packages.nuxeo.com/repository/npm-public/ - always-auth=true - ' >> /tmp/_temp/.npmrc - - - name: Link elements to Web UI - run: | - npm install --no-package-lock --@nuxeo:registry="${{ env.NPM_REPOSITORY }}" nuxeo-elements/core/${ELEMENTS_CORE} - npm install --no-package-lock --@nuxeo:registry="${{ env.NPM_REPOSITORY }}" nuxeo-elements/ui/${ELEMENTS_UI} - npm install --no-package-lock --@nuxeo:registry="${{ env.NPM_REPOSITORY }}" nuxeo-elements/dataviz/${ELEMENTS_DATAVIZ} - npm install --no-package-lock --@nuxeo:registry="${{ env.NPM_REPOSITORY }}" nuxeo-elements/testing-helpers/${ELEMENTS_HELPERS} - - name: 'Update settings.xml with server configuration' - run: | - echo ' - - - maven-internal - ${{ secrets.PACKAGES_AUTH_USER }} - ${{ secrets.PACKAGES_AUTH_TOKEN }} - - - ' > ~/.m2/settings.xml - - - name: Delete Node Modules - run: | - rm -rf node_modules - rm -rf packages/nuxeo-designer-catalog/node_modules - rm -rf packages/nuxeo-web-ui-ftest/node_modules - rm -rf plugin/a11y/node_modules +# # This workflow uses actions that are not certified by GitHub. +# # They are provided by a third-party and are governed by +# # separate terms of service, privacy policy, and support +# # documentation. + +# # This workflow will initiate a Veracode Static Analysis Pipeline scan, return a results.json and convert to SARIF for upload as a code scanning alert + +# name: Veracode Build + +# on: +# pull_request: +# # The branches below must be a subset of the branches above +# branches: [ "maintenance-3.0.x" ] +# schedule: +# # At 20:00 every day +# - cron: '0 20 * * *' +# workflow_call: +# inputs: +# branch: +# description: 'The branch to Analyze' +# type: string +# required: true +# secrets: +# NPM_PACKAGES_TOKEN: +# description: 'NPM_PACKAGES_TOKEN' +# required: true +# PACKAGES_AUTH_USER: +# description: 'PACKAGES_AUTH_USER' +# required: true +# PACKAGES_AUTH_TOKEN: +# description: 'PACKAGES_AUTH_TOKEN' +# required: true +# VERACODE_API_ID: +# description: 'VERACODE_API_ID' +# required: true +# VERACODE_API_KEY: +# description: 'VERACODE_API_KEY' +# required: true + +# env: +# REFERENCE_BRANCH: maintenance-3.0.x +# NPM_REPOSITORY: https://packages.nuxeo.com/repository/npm-public/ +# BRANCH_NAME: ${{ github.head_ref || inputs.branch || 'maintenance-3.0.x' }} + +# # A workflow run is made up of one or more jobs that can run sequentially or in parallel +# permissions: +# contents: read + +# jobs: +# # This workflow contains a job to build and submit pipeline scan, you will need to customize the build process accordingly and make sure the artifact you build is used as the file input to the pipeline scan file parameter +# sast-scan: +# # The type of runner that the job will run on +# permissions: +# contents: read # for actions/checkout to fetch code +# security-events: write # for github/codeql-action/upload-sarif to upload SARIF results +# actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status +# runs-on: [self-hosted, master] +# steps: + +# # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it and copies all sources into ZIP file for submitting for analysis. Replace this section with your applications build steps +# - uses: actions/checkout@v2 +# with: +# ref: ${{ env.BRANCH_NAME }} + +# - uses: actions/setup-node@v1 +# with: +# registry-url: ${{ env.NPM_REPOSITORY }} +# node-version: 18 +# scope: '@nuxeo' + +# - uses: actions/setup-java@v2 +# with: +# distribution: 'zulu' +# java-version: '11' + +# - name: Determine nuxeo-elements branch to link +# id: pick_nuxeo_elements_branch +# run: | +# if git ls-remote --exit-code --heads https://github.com/nuxeo/nuxeo-elements ${{ env.BRANCH_NAME }}; then +# echo ::set-output name=branch::${{ env.BRANCH_NAME }} +# else +# echo ::set-output name=branch::${{ env.REFERENCE_BRANCH }} +# fi +# - name: Install Web UI +# env: +# NODE_AUTH_TOKEN: ${{ secrets.NPM_PACKAGES_TOKEN }} +# run: | +# npm install +# pushd packages/nuxeo-web-ui-ftest +# npm install +# popd +# - name: Checkout the nuxeo-elements repo +# uses: actions/checkout@v2 +# with: +# repository: nuxeo/nuxeo-elements +# path: nuxeo-elements +# fetch-depth: 1 +# ref: ${{ steps.pick_nuxeo_elements_branch.outputs.branch }} + +# - name: Pack Elements modules +# run: | +# pushd nuxeo-elements +# pushd core +# echo "ELEMENTS_CORE=$(npm pack 2>&1 | tail -1)" >> $GITHUB_ENV +# popd +# pushd ui +# echo "ELEMENTS_UI=$(npm pack 2>&1 | tail -1)" >> $GITHUB_ENV +# popd +# pushd dataviz +# echo "ELEMENTS_DATAVIZ=$(npm pack 2>&1 | tail -1)" >> $GITHUB_ENV +# popd +# pushd testing-helpers +# echo "ELEMENTS_HELPERS=$(npm pack 2>&1 | tail -1)" >> $GITHUB_ENV +# popd +# popd + +# - name: add .npmrc +# run: | +# pushd /tmp/_temp/ +# ls +# rm .npmrc +# touch .npmrc +# popd +# echo ' +# packages.nuxeo.com/repository/npm-public/:_auth=${NODE_AUTH_TOKEN} +# @nuxeo:registry=https://packages.nuxeo.com/repository/npm-public/ +# always-auth=true +# ' >> /tmp/_temp/.npmrc + +# - name: Link elements to Web UI +# run: | +# npm install --no-package-lock --@nuxeo:registry="${{ env.NPM_REPOSITORY }}" nuxeo-elements/core/${ELEMENTS_CORE} +# npm install --no-package-lock --@nuxeo:registry="${{ env.NPM_REPOSITORY }}" nuxeo-elements/ui/${ELEMENTS_UI} +# npm install --no-package-lock --@nuxeo:registry="${{ env.NPM_REPOSITORY }}" nuxeo-elements/dataviz/${ELEMENTS_DATAVIZ} +# npm install --no-package-lock --@nuxeo:registry="${{ env.NPM_REPOSITORY }}" nuxeo-elements/testing-helpers/${ELEMENTS_HELPERS} +# - name: 'Update settings.xml with server configuration' +# run: | +# echo ' +# +# +# maven-internal +# ${{ secrets.PACKAGES_AUTH_USER }} +# ${{ secrets.PACKAGES_AUTH_TOKEN }} +# +# +# ' > ~/.m2/settings.xml + +# - name: Delete Node Modules +# run: | +# rm -rf node_modules +# rm -rf packages/nuxeo-designer-catalog/node_modules +# rm -rf packages/nuxeo-web-ui-ftest/node_modules +# rm -rf plugin/a11y/node_modules - - name: Delete Test Folders - run: | - rm -rf nuxeo-elements/testing-helpers/ - rm -rf nuxeo-elements/ui/test/ - rm -rf nuxeo-elements/storybook/ - rm -rf ftest/ - rm -rf plugin/ - rm -rf scripts/ - rm -rf test/ - rm -rf packages/nuxeo-web-ui-ftest/ - - - name: Install zip - run: apt-get install zip - - - name: Zip nuxeo-web-ui - run: | - echo nuxeo-web-ui-${{ steps.get-tag.outputs.TAG }}.zip - zip -r nuxeo-web-ui.zip * - - - name: Upload ZIP as artifact - uses: actions/upload-artifact@v2 - with: - name: nuxeo-web-ui - path: nuxeo-web-ui.zip - \ No newline at end of file +# - name: Delete Test Folders +# run: | +# rm -rf nuxeo-elements/testing-helpers/ +# rm -rf nuxeo-elements/ui/test/ +# rm -rf nuxeo-elements/storybook/ +# rm -rf ftest/ +# rm -rf plugin/ +# rm -rf scripts/ +# rm -rf test/ +# rm -rf packages/nuxeo-web-ui-ftest/ + +# - name: Install zip +# run: apt-get install zip + +# - name: Zip nuxeo-web-ui +# run: | +# echo nuxeo-web-ui-${{ steps.get-tag.outputs.TAG }}.zip +# zip -r nuxeo-web-ui.zip * + +# - name: Upload ZIP as artifact +# uses: actions/upload-artifact@v2 +# with: +# name: nuxeo-web-ui +# path: nuxeo-web-ui.zip \ No newline at end of file diff --git a/.github/workflows/veracode-scan.yml b/.github/workflows/veracode-scan.yml index 54fb3fca09..9d25fc997a 100644 --- a/.github/workflows/veracode-scan.yml +++ b/.github/workflows/veracode-scan.yml @@ -1,66 +1,66 @@ -name: Veracode Scan +# name: Veracode Scan -on: - workflow_run: - workflows: ["Veracode Build"] - types: - - completed - workflow_dispatch: - workflow_call: - inputs: - branch: - description: 'The branch to Analyze' - type: string - required: true - secrets: - NPM_PACKAGES_TOKEN: - description: 'NPM_PACKAGES_TOKEN' - required: true - PACKAGES_AUTH_USER: - description: 'PACKAGES_AUTH_USER' - required: true - PACKAGES_AUTH_TOKEN: - description: 'PACKAGES_AUTH_TOKEN' - required: true - VERACODE_API_ID: - description: 'VERACODE_API_ID' - required: true - VERACODE_API_KEY: - description: 'VERACODE_API_KEY' - required: true +# on: +# workflow_run: +# workflows: ["Veracode Build"] +# types: +# - completed +# workflow_dispatch: +# workflow_call: +# inputs: +# branch: +# description: 'The branch to Analyze' +# type: string +# required: true +# secrets: +# NPM_PACKAGES_TOKEN: +# description: 'NPM_PACKAGES_TOKEN' +# required: true +# PACKAGES_AUTH_USER: +# description: 'PACKAGES_AUTH_USER' +# required: true +# PACKAGES_AUTH_TOKEN: +# description: 'PACKAGES_AUTH_TOKEN' +# required: true +# VERACODE_API_ID: +# description: 'VERACODE_API_ID' +# required: true +# VERACODE_API_KEY: +# description: 'VERACODE_API_KEY' +# required: true -env: - REFERENCE_BRANCH: maintenance-3.0.x - NPM_REPOSITORY: https://packages.nuxeo.com/repository/npm-public/ - BRANCH_NAME: ${{ github.head_ref || inputs.branch || 'maintenance-3.0.x' }} +# env: +# REFERENCE_BRANCH: maintenance-3.0.x +# NPM_REPOSITORY: https://packages.nuxeo.com/repository/npm-public/ +# BRANCH_NAME: ${{ github.head_ref || inputs.branch || 'maintenance-3.0.x' }} -permissions: - contents: read +# permissions: +# contents: read -jobs: - sast-scan: - permissions: - contents: read - security-events: write - actions: read - runs-on: ubuntu-latest - steps: - - name: Download artifact - uses: actions/download-artifact@v2 - with: - name: nuxeo-web-ui - path: . +# jobs: +# sast-scan: +# permissions: +# contents: read +# security-events: write +# actions: read +# runs-on: ubuntu-latest +# steps: +# - name: Download artifact +# uses: actions/download-artifact@v2 +# with: +# name: nuxeo-web-ui +# path: . - - name: Veracode Upload And Scan - uses: veracode/veracode-uploadandscan-action@0.2.6 - with: - appname: 'Nuxeo Web UI' - createprofile: false - filepath: 'nuxeo-web-ui.zip' - vid: '${{ secrets.VERACODE_SECRET_API_ID }}' - vkey: '${{ secrets.VERACODE_SECRET_KEY }}' - sandboxname: 'master' - scantimeout: 600 - include: '*.war, *.zip, *.js, *.html, *.css, *.json' - criticality: 'VeryHigh' - includenewmodules: 'true' +# - name: Veracode Upload And Scan +# uses: veracode/veracode-uploadandscan-action@0.2.6 +# with: +# appname: 'Nuxeo Web UI' +# createprofile: false +# filepath: 'nuxeo-web-ui.zip' +# vid: '${{ secrets.VERACODE_SECRET_API_ID }}' +# vkey: '${{ secrets.VERACODE_SECRET_KEY }}' +# sandboxname: 'master' +# scantimeout: 600 +# include: '*.war, *.zip, *.js, *.html, *.css, *.json' +# criticality: 'VeryHigh' +# includenewmodules: 'true' diff --git a/.github/workflows/veracode-sec-scan.yml b/.github/workflows/veracode-sec-scan.yml new file mode 100644 index 0000000000..fd0f8715a7 --- /dev/null +++ b/.github/workflows/veracode-sec-scan.yml @@ -0,0 +1,205 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +# This workflow will initiate a Veracode Static Analysis Pipeline scan, return a results.json and convert to SARIF for upload as a code scanning alert + +name: Veracode Build + +on: + pull_request: + # The branches below must be a subset of the branches above + branches: [ "maintenance-3.0.x" ] + schedule: + # At 20:00 every day + - cron: '0 20 * * *' + workflow_call: + inputs: + branch: + description: 'The branch to Analyze' + type: string + required: true + secrets: + NPM_PACKAGES_TOKEN: + description: 'NPM_PACKAGES_TOKEN' + required: true + PACKAGES_AUTH_USER: + description: 'PACKAGES_AUTH_USER' + required: true + PACKAGES_AUTH_TOKEN: + description: 'PACKAGES_AUTH_TOKEN' + required: true + VERACODE_API_ID: + description: 'VERACODE_API_ID' + required: true + VERACODE_API_KEY: + description: 'VERACODE_API_KEY' + required: true + +env: + REFERENCE_BRANCH: maintenance-3.0.x + NPM_REPOSITORY: https://packages.nuxeo.com/repository/npm-public/ + BRANCH_NAME: ${{ github.head_ref || inputs.branch || 'maintenance-3.0.x' }} + +# A workflow run is made up of one or more jobs that can run sequentially or in parallel +permissions: + contents: read + +jobs: + # This workflow contains a job to build and submit pipeline scan, you will need to customize the build process accordingly and make sure the artifact you build is used as the file input to the pipeline scan file parameter + sast-scan-build: + # The type of runner that the job will run on + permissions: + contents: read # for actions/checkout to fetch code + security-events: write # for github/codeql-action/upload-sarif to upload SARIF results + actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status + runs-on: [self-hosted, master] + steps: + + # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it and copies all sources into ZIP file for submitting for analysis. Replace this section with your applications build steps + - uses: actions/checkout@v2 + with: + ref: ${{ env.BRANCH_NAME }} + + - uses: actions/setup-node@v1 + with: + registry-url: ${{ env.NPM_REPOSITORY }} + node-version: 18 + scope: '@nuxeo' + + - uses: actions/setup-java@v2 + with: + distribution: 'zulu' + java-version: '11' + + - name: Determine nuxeo-elements branch to link + id: pick_nuxeo_elements_branch + run: | + if git ls-remote --exit-code --heads https://github.com/nuxeo/nuxeo-elements ${{ env.BRANCH_NAME }}; then + echo ::set-output name=branch::${{ env.BRANCH_NAME }} + else + echo ::set-output name=branch::${{ env.REFERENCE_BRANCH }} + fi + - name: Install Web UI + env: + NODE_AUTH_TOKEN: ${{ secrets.NPM_PACKAGES_TOKEN }} + run: | + npm install + pushd packages/nuxeo-web-ui-ftest + npm install + popd + - name: Checkout the nuxeo-elements repo + uses: actions/checkout@v2 + with: + repository: nuxeo/nuxeo-elements + path: nuxeo-elements + fetch-depth: 1 + ref: ${{ steps.pick_nuxeo_elements_branch.outputs.branch }} + + - name: Pack Elements modules + run: | + pushd nuxeo-elements + pushd core + echo "ELEMENTS_CORE=$(npm pack 2>&1 | tail -1)" >> $GITHUB_ENV + popd + pushd ui + echo "ELEMENTS_UI=$(npm pack 2>&1 | tail -1)" >> $GITHUB_ENV + popd + pushd dataviz + echo "ELEMENTS_DATAVIZ=$(npm pack 2>&1 | tail -1)" >> $GITHUB_ENV + popd + pushd testing-helpers + echo "ELEMENTS_HELPERS=$(npm pack 2>&1 | tail -1)" >> $GITHUB_ENV + popd + popd + + - name: add .npmrc + run: | + pushd /tmp/_temp/ + ls + rm .npmrc + touch .npmrc + popd + echo ' + packages.nuxeo.com/repository/npm-public/:_auth=${NODE_AUTH_TOKEN} + @nuxeo:registry=https://packages.nuxeo.com/repository/npm-public/ + always-auth=true + ' >> /tmp/_temp/.npmrc + + - name: Link elements to Web UI + run: | + npm install --no-package-lock --@nuxeo:registry="${{ env.NPM_REPOSITORY }}" nuxeo-elements/core/${ELEMENTS_CORE} + npm install --no-package-lock --@nuxeo:registry="${{ env.NPM_REPOSITORY }}" nuxeo-elements/ui/${ELEMENTS_UI} + npm install --no-package-lock --@nuxeo:registry="${{ env.NPM_REPOSITORY }}" nuxeo-elements/dataviz/${ELEMENTS_DATAVIZ} + npm install --no-package-lock --@nuxeo:registry="${{ env.NPM_REPOSITORY }}" nuxeo-elements/testing-helpers/${ELEMENTS_HELPERS} + - name: 'Update settings.xml with server configuration' + run: | + echo ' + + + maven-internal + ${{ secrets.PACKAGES_AUTH_USER }} + ${{ secrets.PACKAGES_AUTH_TOKEN }} + + + ' > ~/.m2/settings.xml + + - name: Delete Node Modules + run: | + rm -rf node_modules + rm -rf packages/nuxeo-designer-catalog/node_modules + rm -rf packages/nuxeo-web-ui-ftest/node_modules + rm -rf plugin/a11y/node_modules + + - name: Delete Test Folders + run: | + rm -rf nuxeo-elements/testing-helpers/ + rm -rf nuxeo-elements/ui/test/ + rm -rf nuxeo-elements/storybook/ + rm -rf ftest/ + rm -rf plugin/ + rm -rf scripts/ + rm -rf test/ + rm -rf packages/nuxeo-web-ui-ftest/ + + - name: Install zip + run: apt-get install zip + + - name: Zip nuxeo-web-ui + run: | + echo nuxeo-web-ui-${{ steps.get-tag.outputs.TAG }}.zip + zip -r nuxeo-web-ui.zip * + + - name: Upload ZIP as artifact + uses: actions/upload-artifact@v2 + with: + name: nuxeo-web-ui + path: nuxeo-web-ui.zip + + sast-scan: + permissions: + contents: read + security-events: write + actions: read + runs-on: ubuntu-latest + steps: + - name: Download artifact + uses: actions/download-artifact@v2 + with: + name: nuxeo-web-ui + path: . + + - name: Veracode Upload And Scan + uses: veracode/veracode-uploadandscan-action@0.2.6 + with: + appname: 'Nuxeo Web UI' + createprofile: false + filepath: 'nuxeo-web-ui.zip' + vid: '${{ secrets.VERACODE_SECRET_API_ID }}' + vkey: '${{ secrets.VERACODE_SECRET_KEY }}' + sandboxname: 'master' + scantimeout: 600 + include: '*.war, *.zip, *.js, *.html, *.css, *.json' + criticality: 'VeryHigh' + includenewmodules: 'true' \ No newline at end of file From b3698767f444b8351b3fa2e6b47b67132ddc7236 Mon Sep 17 00:00:00 2001 From: rakeshkumar1019 Date: Mon, 18 Mar 2024 14:49:04 +0530 Subject: [PATCH 39/45] two in one --- .github/workflows/veracode-sec-scan.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/veracode-sec-scan.yml b/.github/workflows/veracode-sec-scan.yml index fd0f8715a7..50b965baee 100644 --- a/.github/workflows/veracode-sec-scan.yml +++ b/.github/workflows/veracode-sec-scan.yml @@ -178,6 +178,7 @@ jobs: path: nuxeo-web-ui.zip sast-scan: + needs: sast-scan-build permissions: contents: read security-events: write From 9b3f15a050900839e916fe0bc64aa7c91fb4dc50 Mon Sep 17 00:00:00 2001 From: rakeshkumar1019 Date: Mon, 18 Mar 2024 15:04:10 +0530 Subject: [PATCH 40/45] two in one --- .github/workflows/veracode-sec-scan.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/veracode-sec-scan.yml b/.github/workflows/veracode-sec-scan.yml index 50b965baee..16955cb191 100644 --- a/.github/workflows/veracode-sec-scan.yml +++ b/.github/workflows/veracode-sec-scan.yml @@ -191,6 +191,11 @@ jobs: name: nuxeo-web-ui path: . + - name: List downloaded artifact + run: | + ls -l + pwd + - name: Veracode Upload And Scan uses: veracode/veracode-uploadandscan-action@0.2.6 with: From 925806d0bc014eb5cce461f6d7136f6d917b5df3 Mon Sep 17 00:00:00 2001 From: rakeshkumar1019 Date: Mon, 18 Mar 2024 15:12:24 +0530 Subject: [PATCH 41/45] filepath --- .github/workflows/veracode-sec-scan.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/veracode-sec-scan.yml b/.github/workflows/veracode-sec-scan.yml index 16955cb191..8e24ef3d1c 100644 --- a/.github/workflows/veracode-sec-scan.yml +++ b/.github/workflows/veracode-sec-scan.yml @@ -201,7 +201,7 @@ jobs: with: appname: 'Nuxeo Web UI' createprofile: false - filepath: 'nuxeo-web-ui.zip' + filepath: '/home/runner/work/nuxeo-web-ui/nuxeo-web-ui/nuxeo-web-ui.zip' vid: '${{ secrets.VERACODE_SECRET_API_ID }}' vkey: '${{ secrets.VERACODE_SECRET_KEY }}' sandboxname: 'master' From 07a07b9671bc52cd3cbdea1d284d0beb4b12a460 Mon Sep 17 00:00:00 2001 From: rakeshkumar1019 Date: Mon, 18 Mar 2024 15:20:41 +0530 Subject: [PATCH 42/45] filepath --- .github/workflows/veracode-sec-scan.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/veracode-sec-scan.yml b/.github/workflows/veracode-sec-scan.yml index 8e24ef3d1c..16955cb191 100644 --- a/.github/workflows/veracode-sec-scan.yml +++ b/.github/workflows/veracode-sec-scan.yml @@ -201,7 +201,7 @@ jobs: with: appname: 'Nuxeo Web UI' createprofile: false - filepath: '/home/runner/work/nuxeo-web-ui/nuxeo-web-ui/nuxeo-web-ui.zip' + filepath: 'nuxeo-web-ui.zip' vid: '${{ secrets.VERACODE_SECRET_API_ID }}' vkey: '${{ secrets.VERACODE_SECRET_KEY }}' sandboxname: 'master' From 441194926df74f28973d47de4fc0176d36857fb6 Mon Sep 17 00:00:00 2001 From: rakeshkumar1019 Date: Mon, 18 Mar 2024 16:13:35 +0530 Subject: [PATCH 43/45] delete artifacts --- .github/workflows/veracode-sec-scan.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/.github/workflows/veracode-sec-scan.yml b/.github/workflows/veracode-sec-scan.yml index 16955cb191..eeccd5c69a 100644 --- a/.github/workflows/veracode-sec-scan.yml +++ b/.github/workflows/veracode-sec-scan.yml @@ -208,4 +208,9 @@ jobs: scantimeout: 600 include: '*.war, *.zip, *.js, *.html, *.css, *.json' criticality: 'VeryHigh' - includenewmodules: 'true' \ No newline at end of file + includenewmodules: 'true' + + - name: Delete artifact + uses: actions/delete-artifact@v2 + with: + name: nuxeo-web-ui From ac137b2b476561a1049ce460ea616defe5142855 Mon Sep 17 00:00:00 2001 From: rakeshkumar1019 Date: Mon, 18 Mar 2024 16:48:04 +0530 Subject: [PATCH 44/45] criticality:high --- .github/workflows/veracode-sec-scan.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/veracode-sec-scan.yml b/.github/workflows/veracode-sec-scan.yml index eeccd5c69a..459e88283b 100644 --- a/.github/workflows/veracode-sec-scan.yml +++ b/.github/workflows/veracode-sec-scan.yml @@ -207,7 +207,7 @@ jobs: sandboxname: 'master' scantimeout: 600 include: '*.war, *.zip, *.js, *.html, *.css, *.json' - criticality: 'VeryHigh' + criticality: 'High' includenewmodules: 'true' - name: Delete artifact From b1470050abf3d522089e967f63e7880148f61dc0 Mon Sep 17 00:00:00 2001 From: rakeshkumar1019 Date: Mon, 18 Mar 2024 17:02:05 +0530 Subject: [PATCH 45/45] criticality:high --- .github/workflows/veracode-sec-scan.yml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/.github/workflows/veracode-sec-scan.yml b/.github/workflows/veracode-sec-scan.yml index 459e88283b..3e1965bbe8 100644 --- a/.github/workflows/veracode-sec-scan.yml +++ b/.github/workflows/veracode-sec-scan.yml @@ -209,8 +209,3 @@ jobs: include: '*.war, *.zip, *.js, *.html, *.css, *.json' criticality: 'High' includenewmodules: 'true' - - - name: Delete artifact - uses: actions/delete-artifact@v2 - with: - name: nuxeo-web-ui