From 44001337400e735f8e9e871fbb563c0f559c9e06 Mon Sep 17 00:00:00 2001 From: Ludy87 Date: Fri, 24 Jan 2025 20:54:47 +0100 Subject: [PATCH 1/2] Fix: test failure on pull request from dependabot --- .github/workflows/build.yml | 10 ++++-- .github/workflows/sync_files.yml | 59 ++++++++++++++++++++++++-------- .pre-commit-config.yaml | 5 --- test.sh | 38 ++++++++++---------- 4 files changed, 73 insertions(+), 39 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index fa0bbebc040..f1aa6b73d63 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -37,6 +37,12 @@ jobs: java-version: ${{ matrix.jdk-version }} distribution: "temurin" + - name: PR | Generate verification metadata with signatures and checksums for dependabot[bot] + if: github.event.pull_request.user.login == 'dependabot[bot]' + run: | + ./gradlew clean dependencies buildEnvironment spotlessApply --write-verification-metadata sha256 --refresh-dependencies help + ./gradlew clean dependencies buildEnvironment spotlessApply --write-verification-metadata sha256,pgp --refresh-keys --export-keys --refresh-dependencies help + - name: Build with Gradle and no spring security run: ./gradlew clean build env: @@ -95,7 +101,7 @@ jobs: - name: Install Docker Compose run: | - sudo curl -SL "https://github.com/docker/compose/releases/download/v2.32.1/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose + sudo curl -SL "https://github.com/docker/compose/releases/download/v2.32.4/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose sudo chmod +x /usr/local/bin/docker-compose - name: Set up Python @@ -112,4 +118,4 @@ jobs: run: | chmod +x ./cucumber/test_webpages.sh chmod +x ./test.sh - ./test.sh + ./test.sh "${{ github.event.pull_request.user.login == 'dependabot[bot]' }}" diff --git a/.github/workflows/sync_files.yml b/.github/workflows/sync_files.yml index 93173550af5..c1dc4cc536e 100644 --- a/.github/workflows/sync_files.yml +++ b/.github/workflows/sync_files.yml @@ -1,12 +1,17 @@ name: Sync Files on: + workflow_dispatch: push: branches: - main paths: - "build.gradle" + - "README.md" + - "gradle/verification-keyring.keys" + - "gradle/verification-metadata.xml" - "src/main/resources/messages_*.properties" + - "src/main/resources/static/3rdPartyLicenses.json" - "scripts/ignore_translation.toml" permissions: @@ -84,21 +89,33 @@ jobs: - name: Run git add run: | - git add . + git add src/main/resources/messages_*.properties git diff --staged --quiet || git commit -m ":memo: Sync translation files" || echo "no changes" - name: Install dependencies run: pip install --require-hashes -r ./.github/scripts/requirements_sync_readme.txt - - name: Sync README + - name: Sync README.md run: | python scripts/counter_translation.py - name: Run git add run: | - git add . + git add README.md git diff --staged --quiet || git commit -m ":memo: Sync README.md" || echo "no changes" + - name: Generate verification metadata with signatures and checksums + run: | + ./gradlew clean dependencies buildEnvironment spotlessApply --write-verification-metadata sha256 --refresh-dependencies help + ./gradlew clean dependencies buildEnvironment spotlessApply --write-verification-metadata pgp,sha256 --refresh-keys --export-keys --refresh-dependencies help + ./gradlew clean build + + - name: Run git add + run: | + git add gradle/verification-keyring.keys + git add gradle/verification-metadata.xml + git diff --staged --quiet || git commit -m ":memo: Generate verification metadata with signatures and checksums" || echo "no changes" + - name: Create Pull Request uses: peter-evans/create-pull-request@67ccf781d68cd99b580ae25a5c18a1cc84ffff1f # v7.0.6 with: @@ -108,28 +125,42 @@ jobs: author: ${{ needs.read_bot_entries.outputs.committer }} signoff: true branch: sync_readme - title: ":memo: Sync translation files + Update README.md (Translation Progress Table)" + title: ":globe_with_meridians: Sync Translations + Update README Progress Table + Update Verification Metadata" body: | - #### Description + ### Description of Changes + + This Pull Request was automatically generated to synchronize updates to translation files, verification metadata, and documentation. Below are the details of the changes made: - This Pull Request was automatically generated to synchronize updates to translation files and documentation. The changes include: + #### **1. Synchronization of Translation Files** + - Updated translation files (`messages_*.properties`) to reflect changes in the reference file `messages_en_GB.properties`. + - Ensured consistency and synchronization across all supported language files. + - Highlighted any missing or incomplete translations. - 1. **Synchronization of Translation Files:** - - Updated content based on the latest changes in `messages_en_GB.properties`. - - Ensured consistency between all language files and the reference file. + #### **2. Update README.md** + - Generated the translation progress table in `README.md`. + - Added a summary of the current translation status for all supported languages. + - Included up-to-date statistics on translation coverage. - 2. **Update README.md:** - - Generated the translation progress table. - - Displayed the current status of translations for all supported languages. + #### **3. Verification Metadata Updates** + - Generated or refreshed the `verification-keyring.keys` and `verification-metadata.xml` files. + - Included the latest dependency signatures and checksums to enhance the build's integrity. + + #### **Why these changes are necessary** + - Keeps translation files aligned with the latest reference updates. + - Ensures the documentation reflects the current translation progress. + - Strengthens dependency verification for a more secure build process. --- - Auto-generated by [create-pull-request][1] + + Auto-generated by [create-pull-request][1]. [1]: https://github.com/peter-evans/create-pull-request draft: false delete-branch: true - labels: Documentation,Translation,github-actions + labels: github-actions sign-commits: true add-paths: | README.md src/main/resources/messages_*.properties + gradle/verification-keyring.keys + gradle/verification-metadata.xml diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 9edd51a9a8e..46dcf9e994c 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -25,11 +25,6 @@ repos: rev: v8.22.0 hooks: - id: gitleaks - - repo: https://github.com/jumanjihouse/pre-commit-hooks - rev: 3.0.0 - hooks: - - id: shellcheck - files: ^.*(\.bash|\.sh|\.ksh|\.zsh)$ - repo: https://github.com/pre-commit/pre-commit-hooks rev: v5.0.0 hooks: diff --git a/test.sh b/test.sh index 58468598d66..46fcd815d52 100644 --- a/test.sh +++ b/test.sh @@ -1,5 +1,8 @@ #!/bin/bash +# Default value for the Boolean parameter +VERIFICATION=${1:-false} # Default is "false" if no parameter is passed + # Function to check the health of the service with a timeout of 80 seconds check_health() { local service_name=$1 @@ -64,8 +67,13 @@ run_tests() { main() { SECONDS=0 - export DOCKER_ENABLE_SECURITY=false # Run the gradlew build command and check if it fails + if [[ "$VERIFICATION" == "true" ]]; then + ./gradlew clean dependencies buildEnvironment spotlessApply --write-verification-metadata sha256 --refresh-dependencies help + ./gradlew clean dependencies buildEnvironment spotlessApply --write-verification-metadata sha256,pgp --refresh-keys --export-keys --refresh-dependencies help + fi + + export DOCKER_ENABLE_SECURITY=false if ! ./gradlew clean build; then echo "Gradle build failed with security disabled, exiting script." exit 1 @@ -75,10 +83,10 @@ main() { # Building Docker images # docker build --no-cache --pull --build-arg VERSION_TAG=alpha -t stirlingtools/stirling-pdf:latest -f ./Dockerfile . docker build --no-cache --pull --build-arg VERSION_TAG=alpha -t stirlingtools/stirling-pdf:latest-ultra-lite -f ./Dockerfile.ultra-lite . - + # Test each configuration run_tests "Stirling-PDF-Ultra-Lite" "./exampleYmlFiles/docker-compose-latest-ultra-lite.yml" - + echo "Testing webpage accessibility..." if ./cucumber/test_webpages.sh; then passed_tests+=("Webpage-Accessibility") @@ -88,7 +96,6 @@ main() { fi docker-compose -f "./exampleYmlFiles/docker-compose-latest-ultra-lite.yml" down - #run_tests "Stirling-PDF" "./exampleYmlFiles/docker-compose-latest.yml" #docker-compose -f "./exampleYmlFiles/docker-compose-latest.yml" down @@ -100,18 +107,16 @@ main() { exit 1 fi - # Building Docker images with security enabled - # docker build --no-cache --pull --build-arg VERSION_TAG=alpha -t stirlingtools/stirling-pdf:latest -f ./Dockerfile . - # docker build --no-cache --pull --build-arg VERSION_TAG=alpha -t stirlingtools/stirling-pdf:latest-ultra-lite -f ./Dockerfile.ultra-lite . + # docker build --no-cache --pull --build-arg VERSION_TAG=alpha -t stirlingtools/stirling-pdf:latest -f ./Dockerfile . + # docker build --no-cache --pull --build-arg VERSION_TAG=alpha -t stirlingtools/stirling-pdf:latest-ultra-lite -f ./Dockerfile.ultra-lite . docker build --no-cache --pull --build-arg VERSION_TAG=alpha -t stirlingtools/stirling-pdf:latest-fat -f ./Dockerfile.fat . - - + # Test each configuration with security - # run_tests "Stirling-PDF-Ultra-Lite-Security" "./exampleYmlFiles/docker-compose-latest-ultra-lite-security.yml" - #docker-compose -f "./exampleYmlFiles/docker-compose-latest-ultra-lite-security.yml" down - # run_tests "Stirling-PDF-Security" "./exampleYmlFiles/docker-compose-latest-security.yml" -# docker-compose -f "./exampleYmlFiles/docker-compose-latest-security.yml" down + # run_tests "Stirling-PDF-Ultra-Lite-Security" "./exampleYmlFiles/docker-compose-latest-ultra-lite-security.yml" + # docker-compose -f "./exampleYmlFiles/docker-compose-latest-ultra-lite-security.yml" down + # run_tests "Stirling-PDF-Security" "./exampleYmlFiles/docker-compose-latest-security.yml" + # docker-compose -f "./exampleYmlFiles/docker-compose-latest-security.yml" down run_tests "Stirling-PDF-Security-Fat" "./exampleYmlFiles/test_cicd.yml" if [ $? -eq 0 ]; then @@ -127,7 +132,7 @@ main() { cd .. fi docker-compose -f "./exampleYmlFiles/docker-compose-latest-fat-security.yml" down - + # Report results echo "All tests completed in $SECONDS seconds." @@ -146,8 +151,6 @@ main() { echo -e "\e[31m$test\e[0m" # Red color for failed tests done - - # Check if there are any failed tests and exit with an error code if so if [ ${#failed_tests[@]} -ne 0 ]; then echo "Some tests failed." @@ -156,7 +159,6 @@ main() { echo "All tests passed successfully." exit 0 fi - } -main \ No newline at end of file +main From cdb715b3d0b65c8e11ad377e06f37f3bb85a23ca Mon Sep 17 00:00:00 2001 From: Ludy87 Date: Sat, 25 Jan 2025 14:33:02 +0100 Subject: [PATCH 2/2] Update sync_files.yml --- .github/workflows/sync_files.yml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/.github/workflows/sync_files.yml b/.github/workflows/sync_files.yml index c1dc4cc536e..33a6d858258 100644 --- a/.github/workflows/sync_files.yml +++ b/.github/workflows/sync_files.yml @@ -106,8 +106,12 @@ jobs: - name: Generate verification metadata with signatures and checksums run: | - ./gradlew clean dependencies buildEnvironment spotlessApply --write-verification-metadata sha256 --refresh-dependencies help - ./gradlew clean dependencies buildEnvironment spotlessApply --write-verification-metadata pgp,sha256 --refresh-keys --export-keys --refresh-dependencies help + set -e + if [ -f ./gradle/verification-metadata.xml ]; then + rm ./gradle/verification-metadata.xml + fi + ./gradlew clean dependencies buildEnvironment spotlessApply --write-verification-metadata sha256 help + ./gradlew clean dependencies buildEnvironment spotlessApply --write-verification-metadata sha256,pgp --refresh-keys --export-keys --refresh-dependencies help ./gradlew clean build - name: Run git add