Skip to content

Implement Certificate Revocation List (2) #7086

Implement Certificate Revocation List (2)

Implement Certificate Revocation List (2) #7086

Workflow file for this run

# This is a basic workflow to help you get started with Actions
name: Test
# Controls when the action will run. Triggers the workflow push is only on main branch and PR on any branch.
on:
push:
branches:
- main
tags:
- "*"
pull_request:
workflow_dispatch:
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: ${{ github.ref_name != 'main' }}
# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
# This workflow contains a single job called "build"
test:
# The type of runner that the job will run on
runs-on: ubuntu-24.04
strategy:
fail-fast: false
matrix:
include:
# test with check race with coverage and sonarcloud
- name: test
cmd: test
checkRace: "true"
coapGateway:
log:
level: "debug"
dumpBody: "true"
- name: test/cqldb
cmd: test
checkRace: "true"
database: "cqldb"
coapGateway:
log:
level: "debug"
dumpBody: "true"
# test without check race
- name: test/norace
cmd: test
coapGateway:
log:
level: "debug"
dumpBody: "true"
- name: test/norace/cqldb
cmd: test
database: "cqldb"
coapGateway:
log:
level: "debug"
dumpBody: "true"
# test
# - without check race
# - with ECDSA-SHA256 signature and P384 elliptic curve certificates
# - with TEST_LEAD_RESOURCE_TYPE_FILTER, TEST_LEAD_RESOURCE_TYPE_USE_UUID
- name: test/norace-384
cmd: test
args: CERT_TOOL_SIGN_ALG=ECDSA-SHA384 CERT_TOOL_ELLIPTIC_CURVE=P384 TEST_LEAD_RESOURCE_TYPE_FILTER=last TEST_LEAD_RESOURCE_TYPE_USE_UUID=true
# test
# - without check race
# - with TEST_LEAD_RESOURCE_TYPE_FILTER, TEST_LEAD_RESOURCE_TYPE_REGEX_FILTER
# - with logs from all services
- name: test/norace/logs
cmd: test
args: TEST_LEAD_RESOURCE_TYPE_REGEX_FILTER='oic\.wk\.d,^/light/\d+$$' TEST_LEAD_RESOURCE_TYPE_FILTER=first
coapGateway:
log:
level: "debug"
dumpBody: "true"
grpcGateway:
log:
level: "debug"
dumpBody: "true"
resourceAggregate:
log:
level: "debug"
dumpBody: "true"
identityStore:
log:
level: "debug"
dumpBody: "true"
snippetService:
log:
level: "debug"
dumpBody: "true"
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
- name: CPU Info
run: |
cat /proc/cpuinfo
echo "Number of cores: $(nproc)"
echo "Number of threads: $(nproc --all)"
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- uses: actions/checkout@v4
with:
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
# login to ghcr.io so we can download device/bridge-device package
- name: Log in to the Container registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Run a test
run: |
make ${{ matrix.cmd }} TEST_CHECK_RACE=${{ matrix.checkRace }} \
TEST_COAP_GATEWAY_LOG_LEVEL=${{ matrix.coapGateway.log.level }} TEST_COAP_GATEWAY_LOG_DUMP_BODY=${{ matrix.coapGateway.log.dumpBody }} \
TEST_RESOURCE_AGGREGATE_LOG_LEVEL=${{ matrix.resourceAggregate.log.level }} TEST_RESOURCE_AGGREGATE_LOG_DUMP_BODY=${{ matrix.resourceAggregate.log.dumpBody }} \
TEST_GRPC_GATEWAY_LOG_LEVEL=${{ matrix.grpcGateway.log.level }} TEST_GRPC_GATEWAY_LOG_DUMP_BODY=${{ matrix.grpcGateway.log.dumpBody }} \
TEST_IDENTITY_STORE_LOG_LEVEL=${{ matrix.identityStore.log.level }} TEST_IDENTITY_STORE_LOG_DUMP_BODY=${{ matrix.identityStore.log.dumpBody }} \
TEST_SNIPPET_SERVICE_LOG_LEVEL=${{ matrix.snippetService.log.level }} TEST_SNIPPET_SERVICE_LOG_DUMP_BODY=${{ matrix.snippetService.log.dumpBody }} \
TEST_DATABASE=${{ matrix.database }} \
${{ matrix.args }}
- name: Remove simulators container
if: ${{ always() }}
run: |
make simulators/remove simulators/bridge/remove simulators/dps/remove
- name: Collect cloud server logs when the test fails
if: ${{ failure() }}
run: |
cat .tmp/devsim*/*.log
- name: Prepare upload files
run: |
mkdir -p ./outputs
cp -r .tmp/coverage ./outputs/
cp -r .tmp/report ./outputs/
- name: Upload coverage and report files
uses: actions/upload-artifact@v4
with:
name: ${{ hashFiles('./outputs') || 'none' }}
path: ./outputs
retention-days: 1
if-no-files-found: warn
test-helm:
runs-on: ubuntu-24.04
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- uses: actions/checkout@v4
with:
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
- name: Set up Helm
uses: azure/[email protected]
- name: Add Helm dependency repositories
run: |
helm repo add stable https://charts.helm.sh/stable
helm repo add nats https://nats-io.github.io/k8s/helm/charts
helm repo add bitnami https://charts.bitnami.com/bitnami
helm repo add scylla https://scylla-operator-charts.storage.googleapis.com/stable
helm repo update
- uses: actions/setup-python@v5
with:
python-version: '3.x'
check-latest: true
- name: Set up chart-testing
uses: helm/[email protected]
- name: Run chart-testing (list-changed)
id: list-changed
run: |
changed=$(ct list-changed --target-branch ${{ github.event.repository.default_branch }})
if [[ -n "$changed" ]]; then
echo "changed=true" >> "$GITHUB_OUTPUT"
fi
- name: Run chart-testing (lint)
if: steps.list-changed.outputs.changed == 'true'
run: ct lint --config test/helm/lint/ct.yaml --lint-conf ./test/helm/lint/lintconf.yaml --chart-yaml-schema ./test/helm/lint/chart_schema.yaml --target-branch ${{ github.event.repository.default_branch }}
- name: Template values
if: steps.list-changed.outputs.changed == 'true'
run: |
for values in $(find ./test/helm -mindepth 1 -maxdepth 1 -type f); do
echo "Processing $values"
helm template plgd-hub charts/plgd-hub -f $values
echo "Processing $values done"
done
coverage-sonar-cloud-scan:
needs: test
# The type of runner that the job will run on
runs-on: ubuntu-24.04
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- uses: actions/checkout@v4
with:
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
- name: Download artifacts
uses: actions/download-artifact@v4
with:
path: ./outputs
- name: Prepare coverage and report files
run: |
mkdir -p .tmp/coverage
mkdir -p .tmp/report
find ./outputs -name "*.coverage.txt" -exec sh -c 'cp $1 .tmp/coverage/$(echo $1 | sed "s/[\/.]/-/g" ).coverage.txt' _ {} \;
find ./outputs -name "*.report.json" -exec sh -c 'cp $1 .tmp/report/$(echo $1 | sed "s/[\/.]/-/g" ).report.json' _ {} \;
- name: Publish the coverage for main branch
if: ${{ github.ref == 'refs/heads/main' }}
run: bash <(curl -s https://codecov.io/bash)
- name: SonarCloud Scan
uses: SonarSource/sonarcloud-github-action@master
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}