Skip to content

feat: allow integration of Agama flows into the authz challenge enpoi… #536

feat: allow integration of Agama flows into the authz challenge enpoi…

feat: allow integration of Agama flows into the authz challenge enpoi… #536

Workflow file for this run

# Please do not attempt to edit this flow without the direct consent from the DevOps team. This file is managed centrally.
# Contact @moabu
# Sonar cloud https://sonarcloud.io/organizations/janssenproject/projects
name: Code quality check
on:
push:
branches:
- main
- '!update-pycloud-in-**'
paths:
- 'jans-link/**'
- 'jans-keycloak-integration/**'
- 'jans-keycloak-link/**'
- 'jans-auth-server/**'
- 'jans-lock/**'
- 'jans-orm/**'
- 'jans-config-api/**'
- 'jans-scim/**'
- 'jans-core/**'
- 'jans-fido2/**'
- 'agama/**'
- 'jans-linux-setup/**'
- 'jans-cli-tui/**'
- 'jans-pycloudlib/**'
- 'jans-casa/**'
- '!**/CHANGELOG.md'
- '!**.txt'
pull_request:
branches:
- master
- main
- '!update-pycloud-in-**'
types:
- opened
- synchronize
paths:
- 'jans-link/**'
- 'jans-keycloak-integration/**'
- 'jans-keycloak-link/**'
- 'jans-auth-server/**'
- 'jans-lock/**'
- 'jans-orm/**'
- 'jans-config-api/**'
- 'jans-scim/**'
- 'jans-core/**'
- 'jans-fido2/**'
- 'agama/**'
- 'jans-linux-setup/**'
- 'jans-cli-tui/**'
- 'jans-pycloudlib/**'
- 'jans-casa/**'
- '!**/CHANGELOG.md'
- '!**.txt'
workflow_dispatch:
permissions:
contents: read
jobs:
sonar-scan:
name: sonar scan
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
module: [jans-keycloak-link, jans-keycloak-integration, jans-auth-server, agama, jans-config-api, jans-core, jans-linux-setup, jans-cli-tui, jans-fido2, jans-orm, jans-scim, jans-pycloudlib, jans-link, jans-casa, jans-lock]
env:
JVM_PROJECTS: |
jans-keycloak-integration
jans-keycloak-link
jans-link
jans-auth-server
jans-lock
jans-orm
jans-config-api
jans-scim
jans-core
jans-fido2
jans-casa
agama
NON_JVM_PROJECTS: |
jans-linux-setup
jans-cli-tui
jans-pycloudlib
permissions:
contents: read
pull-requests: read
steps:
- name: Harden Runner
uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
with:
egress-policy: audit
- name: check out code
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of sonarqube analysis
- name: find changed directories
run: |
if [ $GITHUB_BASE_REF ]; then
# Pull Request
echo "Triggering event: pull request"
echo Pull request base ref: $GITHUB_BASE_REF
git fetch origin $GITHUB_BASE_REF --depth=1
if [ ${{ github.event.action }} = "opened" ]; then
echo "Triggering action: opened"
echo "CHANGED_DIR=$( git diff --name-only ${{ github.event.pull_request.base.sha }} ${{ github.event.pull_request.head.sha }} | cut -d/ -f1 | sort -u | sed -z 's/\n/,/g;s/^/[/;s/,$/]/;s/$/\n/')" >> ${GITHUB_ENV}
fi
if [ ${{ github.event.action }} = "synchronize" ]; then
echo "Triggering action: synchronize"
echo "CHANGED_DIR=$( git diff --name-only ${{ github.event.before }} ${{ github.event.pull_request.head.sha }} | cut -d/ -f1 | sort -u | sed -z 's/\n/,/g;s/^/[/;s/,$/]/;s/$/\n/')" >>${GITHUB_ENV}
fi
else
# Push
echo "Triggerring event: push"
git fetch origin ${{ github.event.before }} --depth=1
echo "CHANGED_DIR=$( git diff --name-only ${{ github.event.before }} $GITHUB_SHA | cut -d/ -f1 | sort -u | sed -z 's/\n/,/g;s/^/[/;s/,$/]/;s/$/\n/')" >> ${GITHUB_ENV}
fi
- name: check env
run: |
echo changed dir list: ${{ env.CHANGED_DIR }}
echo Matrix module: ${{ matrix.module }}
echo GH event action: ${{ github.event.action }}
echo PR base sha: ${{ github.event.pull_request.base.sha }}
echo PR head sha: ${{ github.event.pull_request.head.sha }}
echo event before: ${{ github.event.before }}
echo GH sha: $GITHUB_SHA
- name: Set up JDK 17
# JanssenProject/jans-cli-tui is too similar to JanssenProject/jans-client-api as the contains function is returning it belonging to the JVM_PROJECT
if: contains(env.CHANGED_DIR, matrix.module) && contains(env.JVM_PROJECTS, matrix.module) && matrix.module != 'jans-cli-tui'
uses: actions/setup-java@387ac29b308b003ca37ba93a6cab5eb57c8f5f93 # v4.0.0
with:
java-version: '17'
distribution: 'adopt'
- name: Cache SonarCloud packages for JVM based project
# JanssenProject/jans-cli-tui is too similar to JanssenProject/jans-client-api as the contains function is returning it belonging to the JVM_PROJECT
if: contains(env.CHANGED_DIR, matrix.module) && contains(env.JVM_PROJECTS, matrix.module) && matrix.module != 'jans-cli-tui'
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0
with:
path: ~/.sonar/cache
key: ${{ runner.os }}-sonar
restore-keys: ${{ runner.os }}-sonar
- name: Build and analyze JVM based project
# JanssenProject/jans-cli-tui is too similar to JanssenProject/jans-client-api as the contains function is returning it belonging to the JVM_PROJECT
if: contains(env.CHANGED_DIR, matrix.module) && contains(env.JVM_PROJECTS, matrix.module) && matrix.module != 'jans-cli-tui'
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
run: |
cd ${{ matrix.module }}
case ${{ matrix.module }} in
"jans-auth-server")
;&
"jans-lock")
;&
"jans-scim")
;&
"jans-config-api")
echo "Run Sonar analysis without test execution"
mvn -B -DskipTests=true install org.sonarsource.scanner.maven:sonar-maven-plugin:sonar
;;
*)
echo "Run Sonar analysis with test execution"
mvn -B install org.sonarsource.scanner.maven:sonar-maven-plugin:sonar
;;
esac
- name: Convert repo org name to lowercase for non JVM projects
if: contains(env.CHANGED_DIR, matrix.module) && contains(env.NON_JVM_PROJECTS, matrix.module)
env:
REPO_OWNER: ${{ github.repository_owner }}
run: |
echo "REPO_ORG=${REPO_OWNER,,}" >>${GITHUB_ENV}
- name: SonarCloud Scan for non-JVM project
if: contains(env.CHANGED_DIR, matrix.module) && contains(env.NON_JVM_PROJECTS, matrix.module)
uses: SonarSource/sonarcloud-github-action@49e6cd3b187936a73b8280d59ffd9da69df63ec9 # master
with:
args: >
-Dsonar.organization=${{ env.REPO_ORG }}
-Dsonar.projectKey=${{ github.repository_owner }}_${{ matrix.module }}
projectBaseDir: ${{ matrix.module }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}