feat: allow integration of Agama flows into the authz challenge enpoi… #536
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Please do not attempt to edit this flow without the direct consent from the DevOps team. This file is managed centrally. | |
# Contact @moabu | |
# Sonar cloud https://sonarcloud.io/organizations/janssenproject/projects | |
name: Code quality check | |
on: | |
push: | |
branches: | |
- main | |
- '!update-pycloud-in-**' | |
paths: | |
- 'jans-link/**' | |
- 'jans-keycloak-integration/**' | |
- 'jans-keycloak-link/**' | |
- 'jans-auth-server/**' | |
- 'jans-lock/**' | |
- 'jans-orm/**' | |
- 'jans-config-api/**' | |
- 'jans-scim/**' | |
- 'jans-core/**' | |
- 'jans-fido2/**' | |
- 'agama/**' | |
- 'jans-linux-setup/**' | |
- 'jans-cli-tui/**' | |
- 'jans-pycloudlib/**' | |
- 'jans-casa/**' | |
- '!**/CHANGELOG.md' | |
- '!**.txt' | |
pull_request: | |
branches: | |
- master | |
- main | |
- '!update-pycloud-in-**' | |
types: | |
- opened | |
- synchronize | |
paths: | |
- 'jans-link/**' | |
- 'jans-keycloak-integration/**' | |
- 'jans-keycloak-link/**' | |
- 'jans-auth-server/**' | |
- 'jans-lock/**' | |
- 'jans-orm/**' | |
- 'jans-config-api/**' | |
- 'jans-scim/**' | |
- 'jans-core/**' | |
- 'jans-fido2/**' | |
- 'agama/**' | |
- 'jans-linux-setup/**' | |
- 'jans-cli-tui/**' | |
- 'jans-pycloudlib/**' | |
- 'jans-casa/**' | |
- '!**/CHANGELOG.md' | |
- '!**.txt' | |
workflow_dispatch: | |
permissions: | |
contents: read | |
jobs: | |
sonar-scan: | |
name: sonar scan | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
module: [jans-keycloak-link, jans-keycloak-integration, jans-auth-server, agama, jans-config-api, jans-core, jans-linux-setup, jans-cli-tui, jans-fido2, jans-orm, jans-scim, jans-pycloudlib, jans-link, jans-casa, jans-lock] | |
env: | |
JVM_PROJECTS: | | |
jans-keycloak-integration | |
jans-keycloak-link | |
jans-link | |
jans-auth-server | |
jans-lock | |
jans-orm | |
jans-config-api | |
jans-scim | |
jans-core | |
jans-fido2 | |
jans-casa | |
agama | |
NON_JVM_PROJECTS: | | |
jans-linux-setup | |
jans-cli-tui | |
jans-pycloudlib | |
permissions: | |
contents: read | |
pull-requests: read | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1 | |
with: | |
egress-policy: audit | |
- name: check out code | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
with: | |
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of sonarqube analysis | |
- name: find changed directories | |
run: | | |
if [ $GITHUB_BASE_REF ]; then | |
# Pull Request | |
echo "Triggering event: pull request" | |
echo Pull request base ref: $GITHUB_BASE_REF | |
git fetch origin $GITHUB_BASE_REF --depth=1 | |
if [ ${{ github.event.action }} = "opened" ]; then | |
echo "Triggering action: opened" | |
echo "CHANGED_DIR=$( git diff --name-only ${{ github.event.pull_request.base.sha }} ${{ github.event.pull_request.head.sha }} | cut -d/ -f1 | sort -u | sed -z 's/\n/,/g;s/^/[/;s/,$/]/;s/$/\n/')" >> ${GITHUB_ENV} | |
fi | |
if [ ${{ github.event.action }} = "synchronize" ]; then | |
echo "Triggering action: synchronize" | |
echo "CHANGED_DIR=$( git diff --name-only ${{ github.event.before }} ${{ github.event.pull_request.head.sha }} | cut -d/ -f1 | sort -u | sed -z 's/\n/,/g;s/^/[/;s/,$/]/;s/$/\n/')" >>${GITHUB_ENV} | |
fi | |
else | |
# Push | |
echo "Triggerring event: push" | |
git fetch origin ${{ github.event.before }} --depth=1 | |
echo "CHANGED_DIR=$( git diff --name-only ${{ github.event.before }} $GITHUB_SHA | cut -d/ -f1 | sort -u | sed -z 's/\n/,/g;s/^/[/;s/,$/]/;s/$/\n/')" >> ${GITHUB_ENV} | |
fi | |
- name: check env | |
run: | | |
echo changed dir list: ${{ env.CHANGED_DIR }} | |
echo Matrix module: ${{ matrix.module }} | |
echo GH event action: ${{ github.event.action }} | |
echo PR base sha: ${{ github.event.pull_request.base.sha }} | |
echo PR head sha: ${{ github.event.pull_request.head.sha }} | |
echo event before: ${{ github.event.before }} | |
echo GH sha: $GITHUB_SHA | |
- name: Set up JDK 17 | |
# JanssenProject/jans-cli-tui is too similar to JanssenProject/jans-client-api as the contains function is returning it belonging to the JVM_PROJECT | |
if: contains(env.CHANGED_DIR, matrix.module) && contains(env.JVM_PROJECTS, matrix.module) && matrix.module != 'jans-cli-tui' | |
uses: actions/setup-java@387ac29b308b003ca37ba93a6cab5eb57c8f5f93 # v4.0.0 | |
with: | |
java-version: '17' | |
distribution: 'adopt' | |
- name: Cache SonarCloud packages for JVM based project | |
# JanssenProject/jans-cli-tui is too similar to JanssenProject/jans-client-api as the contains function is returning it belonging to the JVM_PROJECT | |
if: contains(env.CHANGED_DIR, matrix.module) && contains(env.JVM_PROJECTS, matrix.module) && matrix.module != 'jans-cli-tui' | |
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 | |
with: | |
path: ~/.sonar/cache | |
key: ${{ runner.os }}-sonar | |
restore-keys: ${{ runner.os }}-sonar | |
- name: Build and analyze JVM based project | |
# JanssenProject/jans-cli-tui is too similar to JanssenProject/jans-client-api as the contains function is returning it belonging to the JVM_PROJECT | |
if: contains(env.CHANGED_DIR, matrix.module) && contains(env.JVM_PROJECTS, matrix.module) && matrix.module != 'jans-cli-tui' | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any | |
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
run: | | |
cd ${{ matrix.module }} | |
case ${{ matrix.module }} in | |
"jans-auth-server") | |
;& | |
"jans-lock") | |
;& | |
"jans-scim") | |
;& | |
"jans-config-api") | |
echo "Run Sonar analysis without test execution" | |
mvn -B -DskipTests=true install org.sonarsource.scanner.maven:sonar-maven-plugin:sonar | |
;; | |
*) | |
echo "Run Sonar analysis with test execution" | |
mvn -B install org.sonarsource.scanner.maven:sonar-maven-plugin:sonar | |
;; | |
esac | |
- name: Convert repo org name to lowercase for non JVM projects | |
if: contains(env.CHANGED_DIR, matrix.module) && contains(env.NON_JVM_PROJECTS, matrix.module) | |
env: | |
REPO_OWNER: ${{ github.repository_owner }} | |
run: | | |
echo "REPO_ORG=${REPO_OWNER,,}" >>${GITHUB_ENV} | |
- name: SonarCloud Scan for non-JVM project | |
if: contains(env.CHANGED_DIR, matrix.module) && contains(env.NON_JVM_PROJECTS, matrix.module) | |
uses: SonarSource/sonarcloud-github-action@49e6cd3b187936a73b8280d59ffd9da69df63ec9 # master | |
with: | |
args: > | |
-Dsonar.organization=${{ env.REPO_ORG }} | |
-Dsonar.projectKey=${{ github.repository_owner }}_${{ matrix.module }} | |
projectBaseDir: ${{ matrix.module }} | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any | |
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} |