Subtracted one from vulnerability version id as this is the proper id… #437
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # CI for NVIP | |
| name: Patchfinder Workflow | |
| on: | |
| pull_request: | |
| branches: | |
| - main | |
| - dev | |
| push: | |
| branches: | |
| - main | |
| - dev | |
| - 'cicd/**' | |
| paths-ignore: | |
| - '.github/workflows/crawler-workflow.yml' | |
| - '.github/workflows/pne-workflow.yml' | |
| - '.github/workflows/reconciler-workflow.yml' | |
| - 'crawler/**' | |
| - 'exploitfinder/**' | |
| - 'productnameextractor/**' | |
| - 'reconciler/**' | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} | |
| cancel-in-progress: true | |
| env: | |
| AWS_REGION: 'us-east-1' | |
| DB_TYPE: 'mysql' | |
| HIKARI_URL: 'jdbc:mysql://localhost:3306/nvip?useSSL=false&allowPublicKeyRetrieval=true' | |
| HIKARI_USER: 'root' | |
| HIKARI_PASSWORD: 'root' | |
| OUTPUT_DIR: 'output' | |
| CLONE_PATH: 'src/main/resources/patch-repos' | |
| PATCH_SRC_URL_PATH: 'src/main/resources/source_dict.json' | |
| jobs: | |
| # Build and Test Patchfinder Component | |
| build-test-patchfinder: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: checkout | |
| uses: actions/checkout@v3 | |
| with: | |
| lfs: 'true' | |
| - name: Set up JDK 17 | |
| uses: actions/setup-java@v3 | |
| with: | |
| java-version: '17' | |
| distribution: 'temurin' | |
| cache: 'maven' | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v2 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: ${{ env.AWS_REGION }} | |
| # Setup MySQL DB for tests that require connection (Might not need this) | |
| - name: Start MySQL Service | |
| run: sudo /etc/init.d/mysql start | |
| # run: | | |
| # sudo /etc/init.d/mysql start | |
| # mysql -e 'CREATE DATABASE nvip;' -uroot -proot | |
| # mysql -e 'SHOW DATABASES;' -uroot -proot | |
| # mysql -e 'source nvip_data/mysql-database/CreateAndInitializeDb.sql' -uroot -proot | |
| - name: Initialize DB | |
| env: | |
| LIQUIBASE_COMMAND_URL: ${{ env.HIKARI_URL }} | |
| LIQUIBASE_COMMAND_USERNAME: ${{ env.HIKARI_USER }} | |
| LIQUIBASE_COMMAND_PASSWORD: ${{ env.HIKARI_PASSWORD }} | |
| run: | | |
| mysql -e 'CREATE DATABASE nvip;' -u${{ env.HIKARI_USER }} -p${{ env.HIKARI_PASSWORD }} | |
| mvn liquibase:update --no-transfer-progress --projects=db | |
| - name: Test and Build PatchFinder with Maven | |
| run: | | |
| mvn test --projects=db,patchfinder | |
| - name: Publish Test Report | |
| if: success() || failure() | |
| uses: scacap/action-surefire-report@v1 | |
| with: | |
| check_name: Patchfinder Test Report | |
| # Deploy patchfinder component project to container registry | |
| staging-deploy: | |
| runs-on: ubuntu-latest | |
| needs: build-test-patchfinder | |
| if: ${{ success() && github.ref == 'refs/heads/main' }} | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v2 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: ${{ env.AWS_REGION }} | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@v2 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Build and Push Docker Image for Patchfinder | |
| run: | | |
| docker build . -f patchfinder/Dockerfile -t nvip-patchfinder:staging -t ghcr.io/softwaredesignlab/nvip-patchfinder:staging | |
| docker push ghcr.io/softwaredesignlab/nvip-patchfinder:staging | |
| # Deploy patchfinder component project to container registry | |
| production-deploy: | |
| runs-on: ubuntu-latest | |
| environment: production | |
| needs: staging-deploy | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v2 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: ${{ env.AWS_REGION }} | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@v2 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Build and Push Docker Image for Patchfinder | |
| run: | | |
| docker build . -f patchfinder/Dockerfile -t nvip-patchfinder -t ghcr.io/softwaredesignlab/nvip-patchfinder | |
| docker push ghcr.io/softwaredesignlab/nvip-patchfinder | |