Implement Certificate Revocation List (1) #7093
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This is a basic workflow to help you get started with Actions | |
name: Test | |
# Controls when the action will run. Triggers the workflow push is only on main branch and PR on any branch. | |
on: | |
push: | |
branches: | |
- main | |
tags: | |
- "*" | |
pull_request: | |
workflow_dispatch: | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: ${{ github.ref_name != 'main' }} | |
# A workflow run is made up of one or more jobs that can run sequentially or in parallel | |
jobs: | |
# This workflow contains a single job called "build" | |
test: | |
# The type of runner that the job will run on | |
runs-on: ubuntu-24.04 | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
# test with check race with coverage and sonarcloud | |
- name: test | |
cmd: test | |
checkRace: "true" | |
coapGateway: | |
log: | |
level: "debug" | |
dumpBody: "true" | |
- name: test/cqldb | |
cmd: test | |
checkRace: "true" | |
database: "cqldb" | |
coapGateway: | |
log: | |
level: "debug" | |
dumpBody: "true" | |
# test without check race | |
- name: test/norace | |
cmd: test | |
coapGateway: | |
log: | |
level: "debug" | |
dumpBody: "true" | |
- name: test/norace/cqldb | |
cmd: test | |
database: "cqldb" | |
coapGateway: | |
log: | |
level: "debug" | |
dumpBody: "true" | |
# test | |
# - without check race | |
# - with ECDSA-SHA256 signature and P384 elliptic curve certificates | |
# - with TEST_LEAD_RESOURCE_TYPE_FILTER, TEST_LEAD_RESOURCE_TYPE_USE_UUID | |
- name: test/norace-384 | |
cmd: test | |
args: CERT_TOOL_SIGN_ALG=ECDSA-SHA384 CERT_TOOL_ELLIPTIC_CURVE=P384 TEST_LEAD_RESOURCE_TYPE_FILTER=last TEST_LEAD_RESOURCE_TYPE_USE_UUID=true | |
# test | |
# - without check race | |
# - with TEST_LEAD_RESOURCE_TYPE_FILTER, TEST_LEAD_RESOURCE_TYPE_REGEX_FILTER | |
# - with logs from all services | |
- name: test/norace/logs | |
cmd: test | |
args: TEST_LEAD_RESOURCE_TYPE_REGEX_FILTER='oic\.wk\.d,^/light/\d+$$' TEST_LEAD_RESOURCE_TYPE_FILTER=first | |
coapGateway: | |
log: | |
level: "debug" | |
dumpBody: "true" | |
grpcGateway: | |
log: | |
level: "debug" | |
dumpBody: "true" | |
resourceAggregate: | |
log: | |
level: "debug" | |
dumpBody: "true" | |
identityStore: | |
log: | |
level: "debug" | |
dumpBody: "true" | |
snippetService: | |
log: | |
level: "debug" | |
dumpBody: "true" | |
# Steps represent a sequence of tasks that will be executed as part of the job | |
steps: | |
- name: CPU Info | |
run: | | |
cat /proc/cpuinfo | |
echo "Number of cores: $(nproc)" | |
echo "Number of threads: $(nproc --all)" | |
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis | |
# login to ghcr.io so we can download device/bridge-device package | |
- name: Log in to the Container registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Run a test | |
run: | | |
make ${{ matrix.cmd }} TEST_CHECK_RACE=${{ matrix.checkRace }} \ | |
TEST_COAP_GATEWAY_LOG_LEVEL=${{ matrix.coapGateway.log.level }} TEST_COAP_GATEWAY_LOG_DUMP_BODY=${{ matrix.coapGateway.log.dumpBody }} \ | |
TEST_RESOURCE_AGGREGATE_LOG_LEVEL=${{ matrix.resourceAggregate.log.level }} TEST_RESOURCE_AGGREGATE_LOG_DUMP_BODY=${{ matrix.resourceAggregate.log.dumpBody }} \ | |
TEST_GRPC_GATEWAY_LOG_LEVEL=${{ matrix.grpcGateway.log.level }} TEST_GRPC_GATEWAY_LOG_DUMP_BODY=${{ matrix.grpcGateway.log.dumpBody }} \ | |
TEST_IDENTITY_STORE_LOG_LEVEL=${{ matrix.identityStore.log.level }} TEST_IDENTITY_STORE_LOG_DUMP_BODY=${{ matrix.identityStore.log.dumpBody }} \ | |
TEST_SNIPPET_SERVICE_LOG_LEVEL=${{ matrix.snippetService.log.level }} TEST_SNIPPET_SERVICE_LOG_DUMP_BODY=${{ matrix.snippetService.log.dumpBody }} \ | |
TEST_DATABASE=${{ matrix.database }} \ | |
${{ matrix.args }} | |
- name: Remove simulators container | |
if: ${{ always() }} | |
run: | | |
make simulators/remove simulators/bridge/remove simulators/dps/remove | |
- name: Collect cloud server logs when the test fails | |
if: ${{ failure() }} | |
run: | | |
cat .tmp/devsim*/*.log | |
- name: Prepare upload files | |
run: | | |
mkdir -p ./outputs | |
cp -r .tmp/coverage ./outputs/ | |
cp -r .tmp/report ./outputs/ | |
- name: Upload coverage and report files | |
uses: actions/upload-artifact@v4 | |
with: | |
name: ${{ hashFiles('./outputs') || 'none' }} | |
path: ./outputs | |
retention-days: 1 | |
if-no-files-found: warn | |
test-helm: | |
runs-on: ubuntu-24.04 | |
steps: | |
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis | |
- name: Set up Helm | |
uses: azure/[email protected] | |
- name: Add Helm dependency repositories | |
run: | | |
helm repo add stable https://charts.helm.sh/stable | |
helm repo add nats https://nats-io.github.io/k8s/helm/charts | |
helm repo add bitnami https://charts.bitnami.com/bitnami | |
helm repo add scylla https://scylla-operator-charts.storage.googleapis.com/stable | |
helm repo update | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: '3.x' | |
check-latest: true | |
- name: Set up chart-testing | |
uses: helm/[email protected] | |
- name: Run chart-testing (list-changed) | |
id: list-changed | |
run: | | |
changed=$(ct list-changed --target-branch ${{ github.event.repository.default_branch }}) | |
if [[ -n "$changed" ]]; then | |
echo "changed=true" >> "$GITHUB_OUTPUT" | |
fi | |
- name: Run chart-testing (lint) | |
if: steps.list-changed.outputs.changed == 'true' | |
run: ct lint --config test/helm/lint/ct.yaml --lint-conf ./test/helm/lint/lintconf.yaml --chart-yaml-schema ./test/helm/lint/chart_schema.yaml --target-branch ${{ github.event.repository.default_branch }} | |
- name: Template values | |
if: steps.list-changed.outputs.changed == 'true' | |
run: | | |
for values in $(find ./test/helm -mindepth 1 -maxdepth 1 -type f); do | |
echo "Processing $values" | |
helm template plgd-hub charts/plgd-hub -f $values | |
echo "Processing $values done" | |
done | |
coverage-sonar-cloud-scan: | |
needs: test | |
# The type of runner that the job will run on | |
runs-on: ubuntu-24.04 | |
steps: | |
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis | |
- name: Download artifacts | |
uses: actions/download-artifact@v4 | |
with: | |
path: ./outputs | |
- name: Prepare coverage and report files | |
run: | | |
mkdir -p .tmp/coverage | |
mkdir -p .tmp/report | |
find ./outputs -name "*.coverage.txt" -exec sh -c 'cp $1 .tmp/coverage/$(echo $1 | sed "s/[\/.]/-/g" ).coverage.txt' _ {} \; | |
find ./outputs -name "*.report.json" -exec sh -c 'cp $1 .tmp/report/$(echo $1 | sed "s/[\/.]/-/g" ).report.json' _ {} \; | |
- name: Publish the coverage for main branch | |
if: ${{ github.ref == 'refs/heads/main' }} | |
run: bash <(curl -s https://codecov.io/bash) | |
- name: SonarCloud Scan | |
uses: SonarSource/sonarcloud-github-action@master | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} |