Authorization, audit logging, optional OIDC authN, UI error handling #4427
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build | |
on: | |
push: | |
branches: | |
- 'main' | |
- '[0-9]+.[0-9]+.x' | |
pull_request: | |
branches: | |
- 'main' | |
- '[0-9]+.[0-9]+.x' | |
types: [ opened, reopened, synchronize ] | |
jobs: | |
build-api: | |
runs-on: ubuntu-latest | |
services: | |
registry: | |
image: registry:2 | |
ports: | |
- 5000:5000 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Set Image Tag Env | |
run: echo "PROJECT_VERSION=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout | tr '[:upper:]' '[:lower:]')" >> $GITHUB_ENV | |
- name: Set up JDK 17 | |
uses: actions/setup-java@v4 | |
with: | |
java-version: '17' | |
distribution: 'adopt' | |
- name: Cache Maven Packages | |
uses: actions/cache@v4 | |
with: | |
path: ~/.m2/repository | |
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} | |
restore-keys: | | |
${{ runner.os }}-maven- | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v3 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
with: | |
driver-opts: network=host | |
- name: Build and Test | |
env: | |
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} | |
SONAR_ORG: ${{secrets.SONAR_ORG}} | |
SONAR_PROJECT: ${{secrets.SONAR_PROJECT}} | |
SONAR_TOKEN: ${{secrets.SONAR_TOKEN}} | |
run: | | |
# | |
# Set write-transformed-bytecode-to-build-output for IT coverage. Do NOT use the container image | |
# created by this step. | |
# | |
# See: https://quarkus.io/guides/tests-with-coverage#coverage-for-integration-tests | |
# | |
export QUARKUS_CONTAINER_IMAGE_REGISTRY="localhost:5000" | |
export QUARKUS_CONTAINER_IMAGE_PUSH=true | |
export QUARKUS_CONTAINER_IMAGE_TAG="${{ env.PROJECT_VERSION }}" | |
export QUARKUS_KUBERNETES_VERSION="${{ env.PROJECT_VERSION }}" | |
mvn verify -P container-image -B --no-transfer-progress \ | |
-Dquarkus.kubernetes.namespace='$${NAMESPACE}' \ | |
-Dquarkus.package.write-transformed-bytecode-to-build-output=true \ | |
-Dquarkus.docker.buildx.platform=linux/amd64,linux/arm64 | |
- name: Modify CSV Annotation | |
run: ./operator/bin/modify-bundle-metadata.sh "SKIP_RANGE=>=0.0.1 <${{ env.PROJECT_VERSION }}" | |
- name: Build Operator Bundle Image | |
uses: docker/build-push-action@v6 | |
with: | |
context: operator/target/bundle/console-operator/ | |
platforms: linux/amd64,linux/arm64 | |
provenance: false | |
push: true | |
file: operator/target/bundle/console-operator/bundle.Dockerfile | |
tags: | | |
localhost:5000/streamshub/console-operator-bundle:${{ env.PROJECT_VERSION }} | |
- name: Build Operator Catalog | |
run: | | |
curl -L -o opm https://github.com/operator-framework/operator-registry/releases/download/v1.43.1/linux-amd64-opm | |
chmod +x opm | |
sudo cp -v opm /usr/bin/ | |
rm -vf opm | |
operator/bin/generate-catalog.sh ${{ env.PROJECT_VERSION }} | |
- name: Build Operator Catalog Image | |
uses: docker/build-push-action@v6 | |
with: | |
context: operator/target/ | |
platforms: linux/amd64,linux/arm64 | |
provenance: false | |
push: true | |
file: operator/target/catalog.Dockerfile | |
tags: | | |
localhost:5000/streamshub/console-operator-catalog:${{ env.PROJECT_VERSION }} | |
- name: Attach Kubernetes Resources | |
uses: actions/upload-artifact@v4 | |
with: | |
name: k8s-resources | |
path: | | |
operator/target/bundle/ | |
operator/target/catalog/ | |
operator/target/kubernetes/*.yml | |
- name: Archive Results | |
uses: actions/upload-artifact@v4 | |
if: failure() | |
with: | |
name: artifacts | |
path: api/target/failsafe-reports/ | |
## Save the context information for use in Sonar analysis | |
- name: Save Build Context | |
run: | | |
mkdir -vp target | |
echo "$GITHUB_CONTEXT" > target/build-context.json | |
env: | |
GITHUB_CONTEXT: ${{ toJson(github) }} | |
## Attach the target directory for use in Sonar analysis | |
- name: Attach Build Output | |
uses: actions/upload-artifact@v4 | |
with: | |
name: target | |
path: | | |
**/target/ | |
!**/target/**/*.jar | |
!**/target/failsafe-reports/**/* | |
!**/target/surefire-reports/**/* | |
- name: Save Images | |
run: | | |
docker pull localhost:5000/streamshub/console-api:${{ env.PROJECT_VERSION }} | |
docker pull localhost:5000/streamshub/console-operator:${{ env.PROJECT_VERSION }} | |
docker pull localhost:5000/streamshub/console-operator-bundle:${{ env.PROJECT_VERSION }} | |
docker pull localhost:5000/streamshub/console-operator-catalog:${{ env.PROJECT_VERSION }} | |
docker save -o console-api-${{ env.PROJECT_VERSION }}.tar localhost:5000/streamshub/console-api:${{ env.PROJECT_VERSION }} | |
docker save -o console-operator-${{ env.PROJECT_VERSION }}.tar localhost:5000/streamshub/console-operator:${{ env.PROJECT_VERSION }} | |
docker save -o console-operator-bundle-${{ env.PROJECT_VERSION }}.tar localhost:5000/streamshub/console-operator-bundle:${{ env.PROJECT_VERSION }} | |
docker save -o console-operator-catalog-${{ env.PROJECT_VERSION }}.tar localhost:5000/streamshub/console-operator-catalog:${{ env.PROJECT_VERSION }} | |
- name: Archive Images | |
uses: actions/upload-artifact@v4 | |
with: | |
name: backend-images | |
path: | | |
console-api-${{ env.PROJECT_VERSION }}.tar | |
console-operator-${{ env.PROJECT_VERSION }}.tar | |
console-operator-bundle-${{ env.PROJECT_VERSION }}.tar | |
console-operator-catalog-${{ env.PROJECT_VERSION }}.tar | |
build-ui: | |
runs-on: ubuntu-latest | |
services: | |
registry: | |
image: registry:2 | |
ports: | |
- 5000:5000 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Set Image Tag Env | |
run: echo "PROJECT_VERSION=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout | tr '[:upper:]' '[:lower:]')" >> $GITHUB_ENV | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v3 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
with: | |
driver-opts: network=host | |
- name: Build UI | |
working-directory: ui | |
run: | | |
npm ci --omit=dev | |
export BACKEND_URL=http://example | |
export CONSOLE_METRICS_PROMETHEUS_URL=http://example | |
export NEXTAUTH_SECRET=examplesecret | |
export LOG_LEVEL=info | |
export CONSOLE_MODE=read-only | |
npm run build | |
- name: Build UI Image | |
uses: docker/build-push-action@v6 | |
with: | |
context: ui/ | |
platforms: linux/amd64,linux/arm64 | |
provenance: false | |
push: true | |
tags: | | |
localhost:5000/streamshub/console-ui:${{ env.PROJECT_VERSION }} | |
- name: Save Image | |
run: | | |
docker pull localhost:5000/streamshub/console-ui:${{ env.PROJECT_VERSION }} | |
docker save -o console-ui-${{ env.PROJECT_VERSION }}.tar localhost:5000/streamshub/console-ui:${{ env.PROJECT_VERSION }} | |
- name: Archive Image | |
uses: actions/upload-artifact@v4 | |
with: | |
name: frontend-images | |
path: | | |
console-ui-${{ env.PROJECT_VERSION }}.tar | |
test-storybook: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Build Storybook | |
working-directory: ./ui | |
run: | | |
npm ci | |
npx playwright install | |
npm run build-storybook | |
- name: Test Storybook | |
working-directory: ./ui | |
run: | | |
npx --yes concurrently -k -s first -n "SB,TEST" -c "magenta,blue" \ | |
"npx http-server storybook-static --port 6006 --silent" \ | |
"npx wait-on tcp:127.0.0.1:6006 && npm run test-storybook" | |
Playwright: | |
if: ${{ contains(github.event.pull_request.labels.*.name, 'safe to test') || github.repository == 'streamshub/console' }} | |
uses: ./.github/workflows/playwright-tests.yml | |
needs: | |
- build-api | |
- build-ui |