inputs:
GERRIT_BRANCH:
description: "Branch that change is against"
- required: true
+ required: false
type: string
GERRIT_CHANGE_ID:
description: "The ID for the change"
- required: true
+ required: false
type: string
GERRIT_CHANGE_NUMBER:
description: "The Gerrit number"
- required: true
+ required: false
type: string
GERRIT_CHANGE_URL:
description: "URL to the change"
- required: true
+ required: false
type: string
GERRIT_EVENT_TYPE:
description: "Type of Gerrit event"
- required: true
+ required: false
type: string
GERRIT_PATCHSET_NUMBER:
description: "The patch number for the change"
- required: true
+ required: false
type: string
GERRIT_PATCHSET_REVISION:
description: "The revision sha"
- required: true
+ required: false
type: string
GERRIT_PROJECT:
description: "Project in Gerrit"
- required: true
+ required: false
type: string
GERRIT_REFSPEC:
description: "Gerrit refspec of change"
- required: true
+ required: false
type: string
+ GERRIT_DISABLED:
+ description: "Run without Gerrit components"
+ required: false
+ default: false
+ type: boolean
permissions: {}
jobs:
notify:
+ if: github.event_name == 'workflow_dispatch' && inputs.GERRIT_DISABLED != true
runs-on: ubuntu-latest
steps:
# Harden the runner used by this workflow
# yamllint disable-line rule:line-length
- - uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
+ - uses: step-security/harden-runner@df199fb7be9f65074067a9eb93f12bb4c5547cf2 # v2.13.3
with:
egress-policy: audit
- name: Notify job start
# yamllint disable-line rule:line-length
- uses: lfreleng-actions/gerrit-review-action@537251ec667665b386f70b330b05446e3fc29087 # v0.9
+ uses: lfreleng-actions/gerrit-review-action@6d2e00dfd3173cd9a36d11350c8fba44731c7b4e # v0.10.0
with:
host: ${{ vars.GERRIT_SERVER }}
username: ${{ vars.GERRIT_SSH_USER }}
cbom-create:
name: 'Generate PQCA CBOM'
runs-on: ubuntu-latest
+ if: always()
needs: [notify]
permissions:
contents: write
steps:
# Harden the runner used by this workflow
# yamllint disable-line rule:line-length
- - uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
+ - uses: step-security/harden-runner@df199fb7be9f65074067a9eb93f12bb4c5547cf2 # v2.13.3
with:
egress-policy: audit
gerrit-url: ${{ vars.GERRIT_URL }}
delay: "0s"
+ - name: 'Find Python projects'
+ id: find-python
+ run: |
+ # Find all directories containing setup.py or pyproject.toml
+ PYTHON_DIRS=()
+ while IFS= read -r file; do
+ if [ -n "$file" ]; then
+ dir=$(dirname "$file" | sed 's|^\./||')
+ PYTHON_DIRS+=("$dir")
+ fi
+ done < <(find . -type f \( -name "setup.py" -o -name "pyproject.toml" \))
+
+ echo "Found ${#PYTHON_DIRS[@]} Python project(s)"
+
+ if [ ${#PYTHON_DIRS[@]} -gt 0 ]; then
+ echo "has-python=true" >> "$GITHUB_OUTPUT"
+ echo "Python projects found in:"
+ printf '%s\n' "${PYTHON_DIRS[@]}"
+
+ # Save directories for iteration
+ printf '%s\n' "${PYTHON_DIRS[@]}" > /tmp/python_dirs.txt
+ echo "DEBUG: has-python output set to: true"
+ else
+ echo "has-python=false" >> "$GITHUB_OUTPUT"
+ echo "No Python projects found"
+ echo "DEBUG: has-python output set to: false"
+ fi
+
+ - name: 'Check for pom.xml'
+ id: check-pom-xml
+ # yamllint disable-line rule:line-length
+ uses: lfreleng-actions/path-check-action@9606e61c870025bc956e63156d1d55c5df54426c # v0.2.0
+ with:
+ path: 'pom.xml'
+
+ - name: 'Build Python projects'
+ id: python-build
+ if: steps.find-python.outputs.has-python == 'true'
+ run: |
+ # Build each Python project found
+ while IFS= read -r python_dir; do
+ echo "Building Python project in: $python_dir"
+ cd "$GITHUB_WORKSPACE/$python_dir"
+
+ # Determine Python version and build
+ if [ -f "pyproject.toml" ]; then
+ echo "Using pyproject.toml build"
+ python -m pip install --upgrade pip build
+ python -m build
+ elif [ -f "setup.py" ]; then
+ echo "Using setup.py build"
+ python -m pip install --upgrade pip setuptools wheel
+ python setup.py sdist bdist_wheel
+ fi
+
+ cd "$GITHUB_WORKSPACE"
+ done < /tmp/python_dirs.txt
+
- name: 'Extract project name from .gitreview'
id: extract-project
+ if: steps.check-pom-xml.outputs.exists == 'true'
run: |
if [ -f .gitreview ]; then
PROJECT_NAME=$(grep '^project=' .gitreview | cut -d'=' -f2 | sed 's/\.git$//' | tr '/' '-')
fi
- name: Load secret from 1Password
+ if: steps.check-pom-xml.outputs.exists == 'true'
uses: 1password/load-secrets-action@13f58eec611f8e5db52ec16247f58c508398f3e6 # v3.0.0
with:
export-env: true
env:
OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
- NEXUS_PASSWORD: op://elnqtgip7eqavqvgodjbiiaqd4/${{ steps.extract-project.outputs.project-name }}/password
+ NEXUS_PASSWORD: "op://elnqtgip7eqavqvgodjbiiaqd4/${{ steps.extract-project.outputs.project-name }}/password"
- name: 'Output SHA1 sum of password'
+ if: steps.check-pom-xml.outputs.exists == 'true'
env:
NEXUS_PASSWORD: $NEXUS_PASSWORD
run: |
# Output SHA1 sum of password
- VALUE_SHA1=$(echo -n "$NEXUS_PASSWORD" | sha1sum | awk '{print $1}')
+ VALUE_SHA1=$(printf '%s' "$NEXUS_PASSWORD" | shasum -a 1 | awk '{print $1}')
echo "SHA1 sum of NEXUS_PASSWORD is: $VALUE_SHA1"
- - name: 'Generate Maven global settings'
+ - name: 'Generate Maven global settings content'
id: create-settings
+ if: steps.check-pom-xml.outputs.exists == 'true'
env:
NEXUS_PASSWORD: ${{ env.NEXUS_PASSWORD }}
run: |
echo "Error: .gitreview file not found"
exit 1
fi
-
- cat > global-settings.xml << EOF
+
+ # Generate settings content for maven-build-action
+ {
+ echo 'settings-content<<SETTINGS_EOF'
+ cat << EOF
<settings>
<servers>
<server>
</activeProfiles>
</settings>
EOF
- {
- echo 'settings-content<<SETTINGS_EOF'
- cat global-settings.xml
echo 'SETTINGS_EOF'
} >> $GITHUB_OUTPUT
- name: 'Build with Maven'
+ if: steps.check-pom-xml.outputs.exists == 'true'
+ continue-on-error: true
# yamllint disable-line rule:line-length
- uses: lfreleng-actions/maven-build-action@main
+ uses: lfreleng-actions/maven-build-action@5be56aed8bed4f0bf9d699f2817eaef37c94ac02 # v0.2.0
with:
- jdk-version: '17'
+ java-version: |
+ 17
+ 21
distribution: 'temurin'
- mvn-version: '3.8.2'
+ mvn-version: '3.9.5'
mvn-phases: 'clean package'
- mvn-params: '-DskipTests -Djib.skip=true'
+ mvn-params: '-DskipTests -Djib.skip=true --fail-at-end'
# yamllint disable-line rule:line-length
mvn-opts: '-Ddocker.push.registry=nexus3.onap.org:10003 -Ddocker.pull.registry=nexus3.onap.org:10003 -Dmaven.repo.local=/tmp/r -Dorg.ops4j.pax.url.mvn.localRepository=/tmp/r -DaltDeploymentRepository=staging::default::file:"${GITHUB_WORKSPACE}"/m2repo -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn'
global-settings: |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: 'Create CBOM'
+ if: steps.check-pom-xml.outputs.exists == 'true' || steps.find-python.outputs.has-python == 'true'
# yamllint disable-line rule:line-length
uses: PQCA/cbomkit-action@fe04ae510fe80fcfa7d145859fcba8e5dbd0b649 # v2.1.2
id: cbom
if-no-files-found: warn
report-status:
- if: ${{ always() }}
+ if: ${{ always() && github.event_name == 'workflow_dispatch' && inputs.GERRIT_DISABLED != true }}
needs: [notify, cbom-create]
runs-on: ubuntu-latest
steps:
# Harden the runner used by this workflow
# yamllint disable-line rule:line-length
- - uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
+ - uses: step-security/harden-runner@df199fb7be9f65074067a9eb93f12bb4c5547cf2 # v2.13.3
with:
egress-policy: audit
- name: Get workflow conclusion
- uses: technote-space/workflow-conclusion-action@v3
+ uses: im-open/workflow-conclusion@e4f7c4980600fbe0818173e30931d3550801b992 # v2.2.3
- name: Report workflow conclusion
# yamllint disable-line rule:line-length
- uses: lfreleng-actions/gerrit-review-action@537251ec667665b386f70b330b05446e3fc29087 # v0.9
+ uses: lfreleng-actions/gerrit-review-action@6d2e00dfd3173cd9a36d11350c8fba44731c7b4e # v0.10.0
with:
host: ${{ vars.GERRIT_SERVER }}
username: ${{ vars.GERRIT_SSH_USER }}
known_hosts: ${{ vars.GERRIT_KNOWN_HOSTS }}
gerrit-change-number: ${{ inputs.GERRIT_CHANGE_NUMBER }}
gerrit-patchset-number: ${{ inputs.GERRIT_PATCHSET_NUMBER }}
- vote-type: ${{ env.WORKFLOW_CONCLUSION }}
\ No newline at end of file
+ vote-type: ${{ env.WORKFLOW_CONCLUSION }}
Code Review / ccsdk / apps.git / commitdiff