mirror of
https://github.com/Frooodle/Stirling-PDF.git
synced 2025-08-16 13:47:28 +02:00
1468df3e21
Merging JWT feature from main into V2 ## Checklist ### General - [ ] I have read the [Contribution Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md) - [ ] I have read the [Stirling-PDF Developer Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md) (if applicable) - [ ] I have read the [How to add new languages to Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md) (if applicable) - [ ] I have performed a self-review of my own code - [ ] My changes generate no new warnings ### Documentation - [ ] I have updated relevant docs on [Stirling-PDF's doc repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/) (if functionality has heavily changed) - [ ] I have read the section [Add New Translation Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md#add-new-translation-tags) (for new translation tags only) ### UI Changes (if applicable) - [ ] Screenshots or videos demonstrating the UI changes are attached (e.g., as comments or direct attachments in the PR) ### Testing (if applicable) - [ ] I have tested my changes locally. Refer to the [Testing Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md#6-testing) for more details. --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: stirlingbot[bot] <stirlingbot[bot]@users.noreply.github.com> Co-authored-by: Ludy <Ludy87@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: EthanHealy01 <80844253+EthanHealy01@users.noreply.github.com> Co-authored-by: Ethan <ethan@MacBook-Pro.local> Co-authored-by: Anthony Stirling <77850077+Frooodle@users.noreply.github.com> Co-authored-by: stirlingbot[bot] <195170888+stirlingbot[bot]@users.noreply.github.com> Co-authored-by: albanobattistella <34811668+albanobattistella@users.noreply.github.com>
312 lines
11 KiB
YAML
312 lines
11 KiB
YAML
name: Build and Test Workflow
|
|
|
|
on:
|
|
pull_request:
|
|
branches: ["main", "V2", "V2-gha"]
|
|
workflow_dispatch:
|
|
|
|
# cancel in-progress jobs if a new job is triggered
|
|
# This is useful to avoid running multiple builds for the same branch if a new commit is pushed
|
|
# or a pull request is updated.
|
|
# It helps to save resources and time by ensuring that only the latest commit is built and tested
|
|
# This is particularly useful for long-running jobs that may take a while to complete.
|
|
# The `group` is set to a combination of the workflow name, event name, and branch name.
|
|
# This ensures that jobs are grouped by the workflow and branch, allowing for cancellation of
|
|
# in-progress jobs when a new commit is pushed to the same branch or a new pull request is opened.
|
|
concurrency:
|
|
group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.event.pull_request.number || github.ref_name || github.ref }}
|
|
cancel-in-progress: true
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
files-changed:
|
|
name: detect what files changed
|
|
runs-on: ubuntu-latest
|
|
timeout-minutes: 3
|
|
outputs:
|
|
build: ${{ steps.changes.outputs.build }}
|
|
app: ${{ steps.changes.outputs.app }}
|
|
project: ${{ steps.changes.outputs.project }}
|
|
openapi: ${{ steps.changes.outputs.openapi }}
|
|
steps:
|
|
- uses: actions/checkout@v4.3.0
|
|
|
|
- name: Check for file changes
|
|
uses: dorny/paths-filter@v3.0.2
|
|
id: changes
|
|
with:
|
|
filters: .github/config/.files.yaml
|
|
|
|
build:
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
actions: read
|
|
security-events: write
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
jdk-version: [17, 21]
|
|
spring-security: [true, false]
|
|
steps:
|
|
- name: Harden Runner
|
|
uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
|
|
with:
|
|
egress-policy: audit
|
|
- name: Checkout repository
|
|
uses: actions/checkout@v4.3.0
|
|
|
|
- name: Set up JDK ${{ matrix.jdk-version }}
|
|
uses: actions/setup-java@v4.7.1
|
|
with:
|
|
java-version: ${{ matrix.jdk-version }}
|
|
distribution: "temurin"
|
|
- name: Setup Gradle
|
|
uses: gradle/actions/setup-gradle@v4.4.2
|
|
with:
|
|
gradle-version: 8.14
|
|
- name: Build with Gradle and spring security ${{ matrix.spring-security }}
|
|
run: ./gradlew clean build -PnoSpotless
|
|
env:
|
|
DISABLE_ADDITIONAL_FEATURES: ${{ matrix.spring-security }}
|
|
- name: Check Test Reports Exist
|
|
if: always()
|
|
run: |
|
|
declare -a dirs=(
|
|
"app/core/build/reports/tests/"
|
|
"app/core/build/test-results/"
|
|
"app/common/build/reports/tests/"
|
|
"app/common/build/test-results/"
|
|
"app/proprietary/build/reports/tests/"
|
|
"app/proprietary/build/test-results/"
|
|
)
|
|
for dir in "${dirs[@]}"; do
|
|
if [ ! -d "$dir" ]; then
|
|
echo "Missing $dir"
|
|
exit 1
|
|
fi
|
|
done
|
|
- name: Upload Test Reports
|
|
if: always()
|
|
uses: actions/upload-artifact@v4.6.2
|
|
with:
|
|
name: test-reports-jdk-${{ matrix.jdk-version }}-spring-security-${{ matrix.spring-security }}
|
|
path: |
|
|
app/**/build/reports/tests/
|
|
app/**/build/test-results/
|
|
app/**/build/reports/problems/
|
|
build/reports/problems/
|
|
retention-days: 3
|
|
if-no-files-found: warn
|
|
|
|
check-generateOpenApiDocs:
|
|
if: needs.files-changed.outputs.openapi == 'true'
|
|
needs: [files-changed]
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Harden Runner
|
|
uses: step-security/harden-runner@v2.13.0
|
|
with:
|
|
egress-policy: audit
|
|
|
|
- name: Checkout repository
|
|
uses: actions/checkout@v4.3.0
|
|
|
|
- name: Set up JDK 17
|
|
uses: actions/setup-java@v4.7.1
|
|
with:
|
|
java-version: "17"
|
|
distribution: "temurin"
|
|
- uses: gradle/actions/setup-gradle@v4.4.2
|
|
- name: Generate OpenAPI documentation
|
|
run: ./gradlew :stirling-pdf:generateOpenApiDocs
|
|
env:
|
|
DISABLE_ADDITIONAL_FEATURES: true
|
|
|
|
- name: Upload OpenAPI Documentation
|
|
uses: actions/upload-artifact@v4.6.2
|
|
with:
|
|
name: openapi-docs
|
|
path: ./SwaggerDoc.json
|
|
|
|
frontend-validation:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Harden Runner
|
|
uses: step-security/harden-runner@v2.12.2
|
|
with:
|
|
egress-policy: audit
|
|
- name: Checkout repository
|
|
uses: actions/checkout@v4.2.2
|
|
- name: Set up Node.js
|
|
uses: actions/setup-node@v4.1.0
|
|
with:
|
|
node-version: '20'
|
|
cache: 'npm'
|
|
cache-dependency-path: frontend/package-lock.json
|
|
- name: Install frontend dependencies
|
|
run: cd frontend && npm ci
|
|
- name: Build frontend
|
|
run: cd frontend && npm run build
|
|
- name: Run frontend tests
|
|
run: cd frontend && npm run test -- --run
|
|
- name: Upload frontend build artifacts
|
|
uses: actions/upload-artifact@v4.6.2
|
|
with:
|
|
name: frontend-build
|
|
path: frontend/dist/
|
|
retention-days: 3
|
|
|
|
check-licence:
|
|
if: needs.files-changed.outputs.build == 'true'
|
|
needs: [files-changed, build]
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Harden Runner
|
|
uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
|
|
with:
|
|
egress-policy: audit
|
|
- name: Checkout repository
|
|
uses: actions/checkout@v4.3.0
|
|
- name: Set up JDK 17
|
|
uses: actions/setup-java@v4.7.1
|
|
with:
|
|
java-version: "17"
|
|
distribution: "temurin"
|
|
- name: check the licenses for compatibility
|
|
run: ./gradlew clean checkLicense
|
|
- name: FAILED - check the licenses for compatibility
|
|
if: failure()
|
|
uses: actions/upload-artifact@v4.6.2
|
|
with:
|
|
name: dependencies-without-allowed-license.json
|
|
path: build/reports/dependency-license/dependencies-without-allowed-license.json
|
|
retention-days: 3
|
|
|
|
docker-compose-tests:
|
|
if: needs.files-changed.outputs.project == 'true'
|
|
needs: files-changed
|
|
# if: github.event_name == 'push' && github.ref == 'refs/heads/main' ||
|
|
# (github.event_name == 'pull_request' &&
|
|
# contains(github.event.pull_request.labels.*.name, 'licenses') == false &&
|
|
# (
|
|
# contains(github.event.pull_request.labels.*.name, 'Front End') ||
|
|
# contains(github.event.pull_request.labels.*.name, 'Java') ||
|
|
# contains(github.event.pull_request.labels.*.name, 'Back End') ||
|
|
# contains(github.event.pull_request.labels.*.name, 'Security') ||
|
|
# contains(github.event.pull_request.labels.*.name, 'API') ||
|
|
# contains(github.event.pull_request.labels.*.name, 'Docker') ||
|
|
# contains(github.event.pull_request.labels.*.name, 'Test')
|
|
# )
|
|
# )
|
|
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- name: Harden Runner
|
|
uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
|
|
with:
|
|
egress-policy: audit
|
|
|
|
- name: Checkout Repository
|
|
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
|
|
|
|
- name: Set up Java 17
|
|
uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
|
|
with:
|
|
java-version: "17"
|
|
distribution: "temurin"
|
|
|
|
- name: Set up Docker Buildx
|
|
uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
|
|
|
|
- name: Install Docker Compose
|
|
run: |
|
|
sudo curl -SL "https://github.com/docker/compose/releases/download/v2.37.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
|
|
sudo chmod +x /usr/local/bin/docker-compose
|
|
|
|
- name: Set up Python
|
|
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
|
|
with:
|
|
python-version: "3.12"
|
|
cache: 'pip' # caching pip dependencies
|
|
cache-dependency-path: ./testing/cucumber/requirements.txt
|
|
|
|
- name: Pip requirements
|
|
run: |
|
|
pip install --require-hashes -r ./testing/cucumber/requirements.txt
|
|
|
|
- name: Run Docker Compose Tests
|
|
run: |
|
|
chmod +x ./testing/test_webpages.sh
|
|
chmod +x ./testing/test.sh
|
|
chmod +x ./testing/test_disabledEndpoints.sh
|
|
./testing/test.sh
|
|
|
|
test-build-docker-images:
|
|
if: github.event_name == 'pull_request' && needs.files-changed.outputs.project == 'true'
|
|
needs: [files-changed, build, check-generateOpenApiDocs, check-licence]
|
|
runs-on: ubuntu-latest
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
docker-rev: ["Dockerfile", "Dockerfile.ultra-lite", "Dockerfile.fat"]
|
|
steps:
|
|
- name: Harden Runner
|
|
uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
|
|
with:
|
|
egress-policy: audit
|
|
|
|
- name: Checkout Repository
|
|
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
|
|
|
|
- name: Set up JDK 17
|
|
uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
|
|
with:
|
|
java-version: "17"
|
|
distribution: "temurin"
|
|
|
|
- name: Set up Gradle
|
|
uses: gradle/actions/setup-gradle@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2
|
|
with:
|
|
gradle-version: 8.14
|
|
|
|
- name: Build application
|
|
run: ./gradlew clean build
|
|
env:
|
|
DISABLE_ADDITIONAL_FEATURES: true
|
|
STIRLING_PDF_DESKTOP_UI: false
|
|
|
|
- name: Set up QEMU
|
|
uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0
|
|
|
|
- name: Set up Docker Buildx
|
|
id: buildx
|
|
uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
|
|
|
|
- name: Build ${{ matrix.docker-rev }}
|
|
uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
|
|
with:
|
|
builder: ${{ steps.buildx.outputs.name }}
|
|
context: .
|
|
file: ./docker/backend/${{ matrix.docker-rev }}
|
|
push: false
|
|
cache-from: type=gha
|
|
cache-to: type=gha,mode=max
|
|
platforms: linux/amd64,linux/arm64/v8
|
|
provenance: true
|
|
sbom: true
|
|
|
|
- name: Upload Reports
|
|
if: always()
|
|
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
|
|
with:
|
|
name: reports-docker-${{ matrix.docker-rev }}
|
|
path: |
|
|
build/reports/tests/
|
|
build/test-results/
|
|
build/reports/problems/
|
|
retention-days: 3
|
|
if-no-files-found: warn
|