Skip to content
Tessera Gradle Build

Merge pull request #1527 from QuorumEx/azure-23.4.0-CVEs #1827

Sign in to view logs

Merge pull request #1527 from QuorumEx/azure-23.4.0-CVEs

Merge pull request #1527 from QuorumEx/azure-23.4.0-CVEs #1827

Workflow file for this run

.github/workflows/gradle.yml at f0be97e
name: Tessera Gradle Build
on:
pull_request:
push:
branches:
- master
env:
GRADLE_CACHE_KEY: ${{ github.run_id }}-gradle-${{ github.run_number }}-${{ github.run_number }}-${{ github.sha }}
DIST_TAR: tessera-dist/build/distributions/tessera-*.tar
TESSERA_DOCKER_IMAGE: quorumengineering/tessera
QUORUM_DOCKER_IMAGE: quorumengineering/quorum
jobs:
build:
name: Build and upload binaries
runs-on: ubuntu-latest
steps:
- name: Checkout code from SCM
uses: actions/checkout@v2
- name: Set up Java
uses: actions/setup-java@v2
with:
distribution: 'adopt'
java-version: 17
check-latest: true
- name: Grant execute permission for gradlew
run: chmod +x gradlew
- name: Build with Gradle
run: ./gradlew build -x dependencyCheckAnalyze -x javadoc -x test --info
- name: Upload tessera dist
uses: actions/upload-artifact@v2
if: success()
with:
name: tessera-dists
path: /home/runner/work/tessera/tessera/tessera-dist/build/distributions/
- name: Upload tessera enclave dist
uses: actions/upload-artifact@v2
with:
name: enclave-dists
path: /home/runner/work/tessera/tessera/enclave/enclave-jaxrs/build/distributions/
- name: Upload aws key vault dist
uses: actions/upload-artifact@v2
with:
name: aws-key-vault-dist
path: /home/runner/work/tessera/tessera/key-vault/aws-key-vault/build/distributions/
- name: Upload azure key vault dist
uses: actions/upload-artifact@v2
with:
name: azure-key-vault-dist
path: /home/runner/work/tessera/tessera/key-vault/azure-key-vault/build/distributions/
- name: Upload hashicorp key vault dist
uses: actions/upload-artifact@v2
with:
name: hashicorp-key-vault-dist
path: /home/runner/work/tessera/tessera/key-vault/hashicorp-key-vault/build/distributions/
- name: Upload kalium encryptor dist
uses: actions/upload-artifact@v2
with:
name: kalium-dist
path: /home/runner/work/tessera/tessera/encryption/encryption-kalium/build/distributions/
checkdependencies:
name: Check dependencies for any security advisories
runs-on: ubuntu-latest
steps:
- name: Checkout code from SCM
uses: actions/checkout@v2
- name: Set up Java
uses: actions/setup-java@v2
with:
distribution: 'adopt'
java-version: 17
check-latest: true
- name: Execute gradle dependencyCheckAnalyze task
run: ./gradlew dependencyCheckAnalyze -x test
test:
name: Unit tests
runs-on: ubuntu-latest
steps:
- name: Checkout code from SCM
uses: actions/checkout@v2
- name: Set up Java
uses: actions/setup-java@v2
with:
distribution: 'adopt'
java-version: 17
check-latest: true
- name: Execute gradle test
run: ./gradlew test -x dependencyCheckAnalyze -x :tests:acceptance-test:test -x javadoc --info
itest:
name: Integration tests
needs: [build]
runs-on: ubuntu-latest
steps:
- name: Checkout code from SCM
uses: actions/checkout@v2
- name: Set up Java
uses: actions/setup-java@v2
with:
distribution: 'adopt'
java-version: 17
check-latest: true
- name: Download tessera dist
uses: actions/download-artifact@v2
with:
name: tessera-dists
path: /home/runner/work/tessera/tessera/tessera-dist/build/distributions/
- name: Download tessera enclave dist
uses: actions/download-artifact@v2
with:
name: enclave-dists
path: /home/runner/work/tessera/tessera/enclave/enclave-jaxrs/build/distributions/
- name: Download aws key vault dist
uses: actions/download-artifact@v2
with:
name: aws-key-vault-dist
path: /home/runner/work/tessera/tessera/key-vault/aws-key-vault/build/distributions/
- name: Download azure key vault dist
uses: actions/download-artifact@v2
with:
name: azure-key-vault-dist
path: /home/runner/work/tessera/tessera/key-vault/azure-key-vault/build/distributions/
- name: Download hashicorp key vault dist
uses: actions/download-artifact@v2
with:
name: hashicorp-key-vault-dist
path: /home/runner/work/tessera/tessera/key-vault/hashicorp-key-vault/build/distributions/
- name: Download kalium encryptor dist
uses: actions/download-artifact@v2
with:
name: kalium-dist
path: /home/runner/work/tessera/tessera/encryption/encryption-kalium/build/distributions/
- name: Execute gradle integration tests
run: |
./gradlew :tests:acceptance-test:clean :tests:acceptance-test:test --fail-fast -PexcludeTests="RunHashicorpIT,AwsKeyVaultIT,RecoverIT,RunAzureIT,RestSuiteHttpH2RemoteEnclaveEncTypeEC,CucumberTestSuite" --info
- name: Upload Junit reports
uses: actions/upload-artifact@v2
if: always()
with:
name: itest-junit-report
path: /home/runner/work/tessera/tessera/tests/acceptance-test/build/reports/tests/
- name: Upload test logs
uses: actions/upload-artifact@v2
if: always()
with:
name: itest-logs
path: /home/runner/work/tessera/tessera/tests/acceptance-test/build/logs
remote_enclave_itest:
name: Remote enclave integration tests
needs: [build]
runs-on: ubuntu-latest
steps:
- name: Checkout code from SCM
uses: actions/checkout@v2
- name: Set up Java
uses: actions/setup-java@v2
with:
distribution: 'adopt'
java-version: 17
check-latest: true
- name: Download tessera dist
uses: actions/download-artifact@v2
with:
name: tessera-dists
path: /home/runner/work/tessera/tessera/tessera-dist/build/distributions/
- name: Download tessera enclave dist
uses: actions/download-artifact@v2
with:
name: enclave-dists
path: /home/runner/work/tessera/tessera/enclave/enclave-jaxrs/build/distributions/
- name: Download aws key vault dist
uses: actions/download-artifact@v2
with:
name: aws-key-vault-dist
path: /home/runner/work/tessera/tessera/key-vault/aws-key-vault/build/distributions/
- name: Download azure key vault dist
uses: actions/download-artifact@v2
with:
name: azure-key-vault-dist
path: /home/runner/work/tessera/tessera/key-vault/azure-key-vault/build/distributions/
- name: Download hashicorp key vault dist
uses: actions/download-artifact@v2
with:
name: hashicorp-key-vault-dist
path: /home/runner/work/tessera/tessera/key-vault/hashicorp-key-vault/build/distributions/
- name: Download kalium encryptor dist
uses: actions/download-artifact@v2
with:
name: kalium-dist
path: /home/runner/work/tessera/tessera/encryption/encryption-kalium/build/distributions/
- name: Execute gradle integration tests
run: |
./gradlew :tests:acceptance-test:test --tests RestSuiteHttpH2RemoteEnclave --tests RestSuiteHttpH2RemoteEnclaveEncTypeEC --info
- name: Upload junit reports
uses: actions/upload-artifact@v2
if: always()
with:
name: remote_enclave_itest-junit-report
path: /home/runner/work/tessera/tessera/tests/acceptance-test/build/reports/tests/
- name: Upload test logs
uses: actions/upload-artifact@v2
if: always()
with:
name: remote_enclave_itest-logs
path: /home/runner/work/tessera/tessera/tests/acceptance-test/build/logs
cucumber_itest:
name: Cucumber itests
needs: [build]
runs-on: ubuntu-latest
steps:
- name: Checkout code from SCM
uses: actions/checkout@v2
- name: Set up Java
uses: actions/setup-java@v2
with:
distribution: 'adopt'
java-version: 17
check-latest: true
- name: Download tessera dist
uses: actions/download-artifact@v2
with:
name: tessera-dists
path: /home/runner/work/tessera/tessera/tessera-dist/build/distributions/
- name: Download tessera enclave dist
uses: actions/download-artifact@v2
with:
name: enclave-dists
path: /home/runner/work/tessera/tessera/enclave/enclave-jaxrs/build/distributions/
- name: Download aws key vault dist
uses: actions/download-artifact@v2
with:
name: aws-key-vault-dist
path: /home/runner/work/tessera/tessera/key-vault/aws-key-vault/build/distributions/
- name: Download azure key vault dist
uses: actions/download-artifact@v2
with:
name: azure-key-vault-dist
path: /home/runner/work/tessera/tessera/key-vault/azure-key-vault/build/distributions/
- name: Download hashicorp key vault dist
uses: actions/download-artifact@v2
with:
name: hashicorp-key-vault-dist
path: /home/runner/work/tessera/tessera/key-vault/hashicorp-key-vault/build/distributions/
- name: Download kalium encryptor dist
uses: actions/download-artifact@v2
with:
name: kalium-dist
path: /home/runner/work/tessera/tessera/encryption/encryption-kalium/build/distributions/
- name: Execute gradle
run: |
./gradlew :tests:acceptance-test:clean :tests:acceptance-test:test --tests CucumberTestSuite --info
- name: Upload junit reports
uses: actions/upload-artifact@v2
if: always()
with:
name: cucumber_itest-junit-report
path: /home/runner/work/tessera/tessera/tests/acceptance-test/build/reports/tests/
- name: Upload test logs
uses: actions/upload-artifact@v2
if: always()
with:
name: cucumber_itest-logs
path: /home/runner/work/tessera/tessera/tests/acceptance-test/build/logs
vaultTests:
name: Key vault integration tests
needs: [build]
runs-on: ubuntu-latest
steps:
- name: Checkout code from SCM
uses: actions/checkout@v2
- uses: actions/setup-java@v2
with:
distribution: 'adopt'
java-version: 17
check-latest: true
- name: Download tessera dist
uses: actions/download-artifact@v2
with:
name: tessera-dists
path: /home/runner/work/tessera/tessera/tessera-dist/build/distributions/
- name: Download tessera enclave dist
uses: actions/download-artifact@v2
with:
name: enclave-dists
path: /home/runner/work/tessera/tessera/enclave/enclave-jaxrs/build/distributions/
- name: Download aws key vault dist
uses: actions/download-artifact@v2
with:
name: aws-key-vault-dist
path: /home/runner/work/tessera/tessera/key-vault/aws-key-vault/build/distributions/
- name: Download azure key vault dist
uses: actions/download-artifact@v2
with:
name: azure-key-vault-dist
path: /home/runner/work/tessera/tessera/key-vault/azure-key-vault/build/distributions/
- name: Download hashicorp key vault dist
uses: actions/download-artifact@v2
with:
name: hashicorp-key-vault-dist
path: /home/runner/work/tessera/tessera/key-vault/hashicorp-key-vault/build/distributions/
- name: Download kalium encryptor dist
uses: actions/download-artifact@v2
with:
name: kalium-dist
path: /home/runner/work/tessera/tessera/encryption/encryption-kalium/build/distributions/
- name: Run AWS tests
run: |
./gradlew :tests:acceptance-test:test --tests AwsKeyVaultIT --info
# - name: Run azure tests
# run: |
# ./gradlew :tests:acceptance-test:test --tests RunAzureIT --info
- name: Run hashicorp tests
run: |
wget https://releases.hashicorp.com/vault/1.2.2/vault_1.2.2_linux_amd64.zip -O /tmp/vault_1.2.2_linux_amd64.zip
mkdir -p vault/bin && pushd $_
unzip /tmp/vault_1.2.2_linux_amd64.zip
export PATH=$PATH:$PWD && popd
./gradlew :tests:acceptance-test:test --tests RunHashicorpIT --info
- name: Upload junit reports
uses: actions/upload-artifact@v2
if: failure()
with:
name: vault-itest-junit-report
path: /home/runner/work/tessera/tessera/tests/acceptance-test/build/reports/tests/
- name: Upload test logs
uses: actions/upload-artifact@v2
if: failure()
with:
name: vault-itest-logs
path: /home/runner/work/tessera/tessera/tests/acceptance-test/build/logs
recovery_itest:
name: Recovery integration tests
needs: [build]
runs-on: ubuntu-latest
steps:
- name: Checkout code from SCM
uses: actions/checkout@v2
- name: Set up java
uses: actions/setup-java@v2
with:
distribution: 'adopt'
java-version: 17
check-latest: true
- name: Download tessera dist
uses: actions/download-artifact@v2
with:
name: tessera-dists
path: /home/runner/work/tessera/tessera/tessera-dist/build/distributions/
- name: Download tessera enclave dist
uses: actions/download-artifact@v2
with:
name: enclave-dists
path: /home/runner/work/tessera/tessera/enclave/enclave-jaxrs/build/distributions/
- name: Download aws key vault dist
uses: actions/download-artifact@v2
with:
name: aws-key-vault-dist
path: /home/runner/work/tessera/tessera/key-vault/aws-key-vault/build/distributions/
- name: Download azure key vault dist
uses: actions/download-artifact@v2
with:
name: azure-key-vault-dist
path: /home/runner/work/tessera/tessera/key-vault/azure-key-vault/build/distributions/
- name: Download hashicorp key vault dist
uses: actions/download-artifact@v2
with:
name: hashicorp-key-vault-dist
path: /home/runner/work/tessera/tessera/key-vault/hashicorp-key-vault/build/distributions/
- name: Download kalium encryptor dist
uses: actions/download-artifact@v2
with:
name: kalium-dist
path: /home/runner/work/tessera/tessera/encryption/encryption-kalium/build/distributions/
- name: Execute tests
run: |
./gradlew :tests:acceptance-test:clean :tests:acceptance-test:test --tests RecoverIT --info
- name: Upload junit reports
uses: actions/upload-artifact@v2
if: always()
with:
name: recovery_itest-junit-report
path: /home/runner/work/tessera/tessera/tests/acceptance-test/build/reports/tests/
- name: Upload test logs
uses: actions/upload-artifact@v2
if: always()
with:
name: recovery-itest-logs
path: /home/runner/work/tessera/tessera/tests/acceptance-test/build/logs
build_image:
name: Build develop Docker image
needs: [build]
runs-on: ubuntu-latest
steps:
- name: Checkout code from SCM
uses: actions/checkout@v2
- name: Download tessera dist
uses: actions/download-artifact@v2
with:
name: tessera-dists
path: /home/runner/work/tessera/tessera/tessera-dist/build/distributions/
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
- name: Get current date-time (RFC 3339 standard)
id: date
run: echo "::set-output name=now::$(date -u '+%Y-%m-%dT%H:%M:%SZ')"
- name: Build Docker image as portable tar
uses: docker/build-push-action@v2
with:
tags: ${{ env.TESSERA_DOCKER_IMAGE }}:develop
labels: |
org.opencontainers.image.source=https://github.com/${{ github.repository }}
org.opencontainers.image.revision=${{ github.sha }}
org.opencontainers.image.created=${{ steps.date.outputs.now }}
push: false
file: docker/tessera.Dockerfile
# context must be explicitly provided to prevent docker/build-push-action checking out the repo again and deleting the downloaded artifacts
context: .
outputs: type=docker,dest=/tmp/tessera-develop-image.tar
- name: upload-artifact portable Docker image
uses: actions/upload-artifact@v2
with:
name: tessera-develop-image
path: /tmp/tessera-develop-image.tar
atest:
name: Quorum acceptance tests
needs: [build, build_image]
runs-on: ubuntu-latest
steps:
- name: Checkout code from SCM
uses: actions/checkout@v2
- name: Set up java
uses: actions/setup-java@v2
with:
distribution: 'adopt'
java-version: 14
check-latest: true
- name: download-artifact portable Docker image
uses: actions/download-artifact@v2
with:
name: tessera-develop-image
path: /tmp
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
- name: Load image
run: |
docker load --input /tmp/tessera-develop-image.tar
docker image ls -a
- name: Execute acceptance tests
run:
docker run --entrypoint /bin/sh --network host -v /tmp/run/sh:/tmp/run.sh -v /var/run/docker.sock:/var/run/docker.sock -v /tmp/acctests:/tmp/acctests -e TF_VAR_tessera_docker_image='{name="${{ env.TESSERA_DOCKER_IMAGE }}:develop",local=true}' -e TF_VAR_quorum_docker_image='{name="${{ env.QUORUM_DOCKER_IMAGE }}:latest",local=false}' quorumengineering/acctests:latest -c "./mvnw --no-transfer-progress -B -DskipToolsCheck test -Pauto -Dtags='\!async && (basic || basic-istanbul || networks/typical::istanbul)' -Dauto.outputDir=/tmp/acctests -Dnetwork.forceDestroy=true && cp -R /workspace/target/gauge /tmp/acctests/gauge && chmod -R 775 /tmp/acctests/gauge"
- name: Upload Gauge report
uses: actions/upload-artifact@v2
if: always()
with:
name: gauge-reports
path: /tmp/acctests/gauge
push_docker_develop:
name: Push develop image to DockerHub
if: ${{ github.ref == 'refs/heads/master' }}
# arguably we should depend on all test steps, but this job only runs on pushes to master so all tests will have
# already passed in the PR. At a minimum we depend on atest as it actually uses the image.
needs: [build_image, atest]
runs-on: ubuntu-latest
steps:
- name: download-artifact portable Docker image
uses: actions/download-artifact@v2
with:
name: tessera-develop-image
path: /tmp
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
- name: Load image
run: |
docker load --input /tmp/tessera-develop-image.tar
docker image ls -a
- name: Login to DockerHub
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_ACCESS_TOKEN }}
- name: Push image
run : |
docker push ${TESSERA_DOCKER_IMAGE}:develop