Skip to content

Authorization, audit logging, optional OIDC authN, UI error handling #4427

Authorization, audit logging, optional OIDC authN, UI error handling

Authorization, audit logging, optional OIDC authN, UI error handling #4427

Workflow file for this run

name: Build
on:
push:
branches:
- 'main'
- '[0-9]+.[0-9]+.x'
pull_request:
branches:
- 'main'
- '[0-9]+.[0-9]+.x'
types: [ opened, reopened, synchronize ]
jobs:
build-api:
runs-on: ubuntu-latest
services:
registry:
image: registry:2
ports:
- 5000:5000
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set Image Tag Env
run: echo "PROJECT_VERSION=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout | tr '[:upper:]' '[:lower:]')" >> $GITHUB_ENV
- name: Set up JDK 17
uses: actions/setup-java@v4
with:
java-version: '17'
distribution: 'adopt'
- name: Cache Maven Packages
uses: actions/cache@v4
with:
path: ~/.m2/repository
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
restore-keys: |
${{ runner.os }}-maven-
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
driver-opts: network=host
- name: Build and Test
env:
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
SONAR_ORG: ${{secrets.SONAR_ORG}}
SONAR_PROJECT: ${{secrets.SONAR_PROJECT}}
SONAR_TOKEN: ${{secrets.SONAR_TOKEN}}
run: |
#
# Set write-transformed-bytecode-to-build-output for IT coverage. Do NOT use the container image
# created by this step.
#
# See: https://quarkus.io/guides/tests-with-coverage#coverage-for-integration-tests
#
export QUARKUS_CONTAINER_IMAGE_REGISTRY="localhost:5000"
export QUARKUS_CONTAINER_IMAGE_PUSH=true
export QUARKUS_CONTAINER_IMAGE_TAG="${{ env.PROJECT_VERSION }}"
export QUARKUS_KUBERNETES_VERSION="${{ env.PROJECT_VERSION }}"
mvn verify -P container-image -B --no-transfer-progress \
-Dquarkus.kubernetes.namespace='$${NAMESPACE}' \
-Dquarkus.package.write-transformed-bytecode-to-build-output=true \
-Dquarkus.docker.buildx.platform=linux/amd64,linux/arm64
- name: Modify CSV Annotation
run: ./operator/bin/modify-bundle-metadata.sh "SKIP_RANGE=>=0.0.1 <${{ env.PROJECT_VERSION }}"
- name: Build Operator Bundle Image
uses: docker/build-push-action@v6
with:
context: operator/target/bundle/console-operator/
platforms: linux/amd64,linux/arm64
provenance: false
push: true
file: operator/target/bundle/console-operator/bundle.Dockerfile
tags: |
localhost:5000/streamshub/console-operator-bundle:${{ env.PROJECT_VERSION }}
- name: Build Operator Catalog
run: |
curl -L -o opm https://github.com/operator-framework/operator-registry/releases/download/v1.43.1/linux-amd64-opm
chmod +x opm
sudo cp -v opm /usr/bin/
rm -vf opm
operator/bin/generate-catalog.sh ${{ env.PROJECT_VERSION }}
- name: Build Operator Catalog Image
uses: docker/build-push-action@v6
with:
context: operator/target/
platforms: linux/amd64,linux/arm64
provenance: false
push: true
file: operator/target/catalog.Dockerfile
tags: |
localhost:5000/streamshub/console-operator-catalog:${{ env.PROJECT_VERSION }}
- name: Attach Kubernetes Resources
uses: actions/upload-artifact@v4
with:
name: k8s-resources
path: |
operator/target/bundle/
operator/target/catalog/
operator/target/kubernetes/*.yml
- name: Archive Results
uses: actions/upload-artifact@v4
if: failure()
with:
name: artifacts
path: api/target/failsafe-reports/
## Save the context information for use in Sonar analysis
- name: Save Build Context
run: |
mkdir -vp target
echo "$GITHUB_CONTEXT" > target/build-context.json
env:
GITHUB_CONTEXT: ${{ toJson(github) }}
## Attach the target directory for use in Sonar analysis
- name: Attach Build Output
uses: actions/upload-artifact@v4
with:
name: target
path: |
**/target/
!**/target/**/*.jar
!**/target/failsafe-reports/**/*
!**/target/surefire-reports/**/*
- name: Save Images
run: |
docker pull localhost:5000/streamshub/console-api:${{ env.PROJECT_VERSION }}
docker pull localhost:5000/streamshub/console-operator:${{ env.PROJECT_VERSION }}
docker pull localhost:5000/streamshub/console-operator-bundle:${{ env.PROJECT_VERSION }}
docker pull localhost:5000/streamshub/console-operator-catalog:${{ env.PROJECT_VERSION }}
docker save -o console-api-${{ env.PROJECT_VERSION }}.tar localhost:5000/streamshub/console-api:${{ env.PROJECT_VERSION }}
docker save -o console-operator-${{ env.PROJECT_VERSION }}.tar localhost:5000/streamshub/console-operator:${{ env.PROJECT_VERSION }}
docker save -o console-operator-bundle-${{ env.PROJECT_VERSION }}.tar localhost:5000/streamshub/console-operator-bundle:${{ env.PROJECT_VERSION }}
docker save -o console-operator-catalog-${{ env.PROJECT_VERSION }}.tar localhost:5000/streamshub/console-operator-catalog:${{ env.PROJECT_VERSION }}
- name: Archive Images
uses: actions/upload-artifact@v4
with:
name: backend-images
path: |
console-api-${{ env.PROJECT_VERSION }}.tar
console-operator-${{ env.PROJECT_VERSION }}.tar
console-operator-bundle-${{ env.PROJECT_VERSION }}.tar
console-operator-catalog-${{ env.PROJECT_VERSION }}.tar
build-ui:
runs-on: ubuntu-latest
services:
registry:
image: registry:2
ports:
- 5000:5000
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set Image Tag Env
run: echo "PROJECT_VERSION=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout | tr '[:upper:]' '[:lower:]')" >> $GITHUB_ENV
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
driver-opts: network=host
- name: Build UI
working-directory: ui
run: |
npm ci --omit=dev
export BACKEND_URL=http://example
export CONSOLE_METRICS_PROMETHEUS_URL=http://example
export NEXTAUTH_SECRET=examplesecret
export LOG_LEVEL=info
export CONSOLE_MODE=read-only
npm run build
- name: Build UI Image
uses: docker/build-push-action@v6
with:
context: ui/
platforms: linux/amd64,linux/arm64
provenance: false
push: true
tags: |
localhost:5000/streamshub/console-ui:${{ env.PROJECT_VERSION }}
- name: Save Image
run: |
docker pull localhost:5000/streamshub/console-ui:${{ env.PROJECT_VERSION }}
docker save -o console-ui-${{ env.PROJECT_VERSION }}.tar localhost:5000/streamshub/console-ui:${{ env.PROJECT_VERSION }}
- name: Archive Image
uses: actions/upload-artifact@v4
with:
name: frontend-images
path: |
console-ui-${{ env.PROJECT_VERSION }}.tar
test-storybook:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Build Storybook
working-directory: ./ui
run: |
npm ci
npx playwright install
npm run build-storybook
- name: Test Storybook
working-directory: ./ui
run: |
npx --yes concurrently -k -s first -n "SB,TEST" -c "magenta,blue" \
"npx http-server storybook-static --port 6006 --silent" \
"npx wait-on tcp:127.0.0.1:6006 && npm run test-storybook"
Playwright:
if: ${{ contains(github.event.pull_request.labels.*.name, 'safe to test') || github.repository == 'streamshub/console' }}
uses: ./.github/workflows/playwright-tests.yml
needs:
- build-api
- build-ui