/
a1exx.y
/
juice-shop
GigaCode
beta
ОбзорЦентр заботыВойти

juice-shop

Форк
0
Ветки: 13Коммиты: 20082Теги: 213
juice-shop
/.github
/workflows
/
ci.yml 
373 строки · 16.8 Кб
1
name: "CI/CD Pipeline"
2
on:
3
  push:
4
    branches-ignore:
5
      - l10n_develop
6
      - gh-pages
7
    paths-ignore:
8
      - '*.md'
9
      - 'LICENSE'
10
      - 'monitoring/grafana-dashboard.json'
11
      - 'screenshots/**'
12
    tags-ignore:
13
      - '*'
14
  pull_request:
15
    paths-ignore:
16
      - '*.md'
17
      - 'LICENSE'
18
      - 'data/static/i18n/*.json'
19
      - 'frontend/src/assets/i18n/*.json'
20
env:
21
  NODE_DEFAULT_VERSION: 20
22
  ANGULAR_CLI_VERSION: 17
23
  CYCLONEDX_NPM_VERSION: '^1.12.0'
24
jobs:
25
  lint:
26
    runs-on: ubuntu-latest
27
    steps:
28
      - name: "Check out Git repository"
29
        uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac #v4.0.0
30
      - name: "Use Node.js 18"
31
        uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d #v3.8.1
32
        with:
33
          node-version: ${{ env.NODE_DEFAULT_VERSION }}
34
      - name: "Install CLI tools"
35
        run: npm install -g @angular/cli@$ANGULAR_CLI_VERSION
36
      - name: "Install application minimalistically"
37
        run: |
38
          npm install --ignore-scripts
39
          cd frontend
40
          npm install --ignore-scripts --legacy-peer-deps
41
      - name: "Lint source code"
42
        run: npm run lint
43
      - name: "Lint customization configs"
44
        run: >
45
          npm run lint:config -- -f ./config/7ms.yml &&
46
          npm run lint:config -- -f ./config/addo.yml &&
47
          npm run lint:config -- -f ./config/bodgeit.yml &&
48
          npm run lint:config -- -f ./config/ctf.yml &&
49
          npm run lint:config -- -f ./config/default.yml &&
50
          npm run lint:config -- -f ./config/fbctf.yml &&
51
          npm run lint:config -- -f ./config/juicebox.yml &&
52
          npm run lint:config -- -f ./config/mozilla.yml &&
53
          npm run lint:config -- -f ./config/oss.yml &&
54
          npm run lint:config -- -f ./config/quiet.yml &&
55
          npm run lint:config -- -f ./config/tutorial.yml &&
56
          npm run lint:config -- -f ./config/unsafe.yml
57
  coding-challenge-rsn:
58
    runs-on: windows-latest
59
    steps:
60
      - name: "Check out Git repository"
61
        uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac #v4.0.0
62
      - name: "Use Node.js 18"
63
        uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d #v3.8.1
64
        with:
65
          node-version: ${{ env.NODE_DEFAULT_VERSION }}
66
      - name: "Install CLI tools"
67
        run: npm install -g @angular/cli@$ANGULAR_CLI_VERSION
68
      - name: "Install application"
69
        run: npm install
70
      - name: "Check coding challenges for accidental code discrepancies"
71
        run: npm run rsn
72
  test:
73
    runs-on: ${{ matrix.os }}
74
    strategy:
75
      matrix:
76
        os: [ubuntu-latest, macos-latest] # FIXME: Removed "windows-latest" due to 'Error: ENOENT: no such file or directory, open' error breaking at least on Node 20.0 constantly
77
        node-version: [18, 20, 21, 22]
78
    steps:
79
      - name: "Check out Git repository"
80
        if: github.repository == 'juice-shop/juice-shop' || (github.repository != 'juice-shop/juice-shop' && matrix.os == 'ubuntu-latest' && matrix.node-version == '20')
81
        uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac #v4.0.0
82
      - name: "Use Node.js ${{ matrix.node-version }}"
83
        if: github.repository == 'juice-shop/juice-shop' || (github.repository != 'juice-shop/juice-shop' && matrix.os == 'ubuntu-latest' && matrix.node-version == '20')
84
        uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d #v3.8.1
85
        with:
86
          node-version: ${{ matrix.node-version }}
87
      - name: "Install CLI tools"
88
        if: github.repository == 'juice-shop/juice-shop' || (github.repository != 'juice-shop/juice-shop' && matrix.os == 'ubuntu-latest' && matrix.node-version == '20')
89
        run: npm install -g @angular/cli@$ANGULAR_CLI_VERSION
90
      - name: "Install application"
91
        if: github.repository == 'juice-shop/juice-shop' || (github.repository != 'juice-shop/juice-shop' && matrix.os == 'ubuntu-latest' && matrix.node-version == '20')
92
        run: npm install
93
      - name: "Execute unit tests"
94
        if: github.repository == 'juice-shop/juice-shop' || (github.repository != 'juice-shop/juice-shop' && matrix.os == 'ubuntu-latest' && matrix.node-version == '20')
95
        uses: nick-invision/retry@943e742917ac94714d2f408a0e8320f2d1fcafcd #v2.8.3
96
        with:
97
          timeout_minutes: 15
98
          max_attempts: 3
99
          command: npm test
100
      - name: "Copy unit test coverage data"
101
        run: |
102
          cp build/reports/coverage/frontend-tests/lcov.info frontend-lcov.info
103
          cp build/reports/coverage/server-tests/lcov.info server-lcov.info
104
      - name: "Upload unit test coverage data"
105
        if: github.repository == 'juice-shop/juice-shop' && github.event_name == 'push' && matrix.os == 'ubuntu-latest' && matrix.node-version == '20'
106
        uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 #v3.1.3
107
        with:
108
          name: unit-test-lcov
109
          path: |
110
            frontend-lcov.info
111
            server-lcov.info
112
  api-test:
113
    runs-on: ${{ matrix.os }}
114
    strategy:
115
      matrix:
116
        os: [ubuntu-latest, windows-latest, macos-latest]
117
        node-version: [18, 20, 21, 22]
118
    steps:
119
      - name: "Check out Git repository"
120
        if: github.repository == 'juice-shop/juice-shop' || (github.repository != 'juice-shop/juice-shop' && matrix.os == 'ubuntu-latest' && matrix.node-version == '20')
121
        uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac #v4.0.0
122
      - name: "Use Node.js ${{ matrix.node-version }}"
123
        if: github.repository == 'juice-shop/juice-shop' || (github.repository != 'juice-shop/juice-shop' && matrix.os == 'ubuntu-latest' && matrix.node-version == '20')
124
        uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d #v3.8.1
125
        with:
126
          node-version: ${{ matrix.node-version }}
127
      - name: "Install CLI tools"
128
        if: github.repository == 'juice-shop/juice-shop' || (github.repository != 'juice-shop/juice-shop' && matrix.os == 'ubuntu-latest' && matrix.node-version == '20')
129
        run: npm install -g @angular/cli@$ANGULAR_CLI_VERSION
130
      - name: "Install application"
131
        if: github.repository == 'juice-shop/juice-shop' || (github.repository != 'juice-shop/juice-shop' && matrix.os == 'ubuntu-latest' && matrix.node-version == '20')
132
        run: npm install
133
      - name: "Execute integration tests"
134
        if: github.repository == 'juice-shop/juice-shop' || (github.repository != 'juice-shop/juice-shop' && matrix.os == 'ubuntu-latest' && matrix.node-version == '20')
135
        uses: nick-invision/retry@943e742917ac94714d2f408a0e8320f2d1fcafcd #v2.8.3
136
        env:
137
          NODE_ENV: test
138
        with:
139
          timeout_minutes: 5
140
          max_attempts: 3
141
          command: npm run frisby
142
      - name: "Copy API test coverage data"
143
        run: cp build/reports/coverage/api-tests/lcov.info api-lcov.info
144
      - name: "Upload API test coverage data"
145
        if: github.repository == 'juice-shop/juice-shop' && github.event_name == 'push' && matrix.os == 'ubuntu-latest' && matrix.node-version == '20'
146
        uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 #v3.1.3
147
        with:
148
          name: api-test-lcov
149
          path: |
150
            api-lcov.info
151
  coverage-report:
152
    needs: [test, api-test]
153
    runs-on: ubuntu-latest
154
    if: github.repository == 'juice-shop/juice-shop' && github.event_name == 'push'
155
    steps:
156
      - name: "Check out Git repository"
157
        uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac #v4.0.0
158
      - name: "Download unit test coverage data"
159
        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a #v3.0.2
160
        with:
161
          name: unit-test-lcov
162
      - name: "Download API test coverage data"
163
        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a #v3.0.2
164
        with:
165
          name: api-test-lcov
166
      - name: "Publish coverage to Codeclimate"
167
        env:
168
          CC_TEST_REPORTER_ID: ${{ secrets.CC_TEST_REPORTER_ID }}
169
        run: |
170
          curl -L https://codeclimate.com/downloads/test-reporter/test-reporter-latest-linux-amd64 > ./cc-test-reporter
171
          chmod +x ./cc-test-reporter
172
          sed -i s/SF:/SF:frontend\\//g frontend-lcov.info
173
          ./cc-test-reporter format-coverage -t lcov -o codeclimate.frontend.json frontend-lcov.info
174
          ./cc-test-reporter format-coverage -t lcov -o codeclimate.server.json server-lcov.info
175
          ./cc-test-reporter format-coverage -t lcov -o codeclimate.api.json api-lcov.info
176
          ./cc-test-reporter sum-coverage codeclimate.*.json -p 3
177
          ./cc-test-reporter upload-coverage
178
        shell: bash
179
  custom-config-test:
180
    runs-on: ubuntu-latest
181
    steps:
182
      - name: "Check out Git repository"
183
        uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac #v4.0.0
184
      - name: "Use Node.js 18"
185
        uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d #v3.8.1
186
        with:
187
          node-version: ${{ env.NODE_DEFAULT_VERSION }}
188
      - name: "Install CLI tools"
189
        run: npm install -g @angular/cli@$ANGULAR_CLI_VERSION
190
      - name: "Install application"
191
        if: github.repository == 'juice-shop/juice-shop' || (github.repository != 'juice-shop/juice-shop' && matrix.os == 'ubuntu-latest' && matrix.node-version == '20')
192
        run: npm install
193
      - name: "Execute server tests for each custom configuration"
194
        uses: nick-invision/retry@943e742917ac94714d2f408a0e8320f2d1fcafcd #v2.8.3
195
        with:
196
          timeout_minutes: 10
197
          max_attempts: 3
198
          command: >
199
            NODE_ENV=7ms npm run test:server &&
200
            NODE_ENV=addo npm run test:server &&
201
            NODE_ENV=bodgeit npm run test:server &&
202
            NODE_ENV=ctf npm run test:server &&
203
            NODE_ENV=fbctf npm run test:server &&
204
            NODE_ENV=juicebox npm run test:server &&
205
            NODE_ENV=mozilla npm run test:server &&
206
            NODE_ENV=oss npm run test:server &&
207
            NODE_ENV=quiet npm run test:server &&
208
            NODE_ENV=tutorial npm run test:server &&
209
            NODE_ENV=unsafe npm run test:server
210
  e2e:
211
    runs-on: ${{ matrix.os }}
212
    strategy:
213
      matrix:
214
        os: [ubuntu-latest, macos-latest]
215
        browser: [chrome] # FIXME Switch back to [chrome, firefox] after debugging extreme flakiness of Firefox on CI/CD
216
      fail-fast: false
217
    steps:
218
      - name: "Check out Git repository"
219
        uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac #v4.0.0
220
      - name: "Use Node.js 18"
221
        uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d #v3.8.1
222
        with:
223
          node-version: ${{ env.NODE_DEFAULT_VERSION }}
224
      - name: "Install CLI tools"
225
        run: npm install -g @angular/cli
226
      - name: "Install application"
227
        run: npm install
228
      - name: "Execute end-to-end tests on Ubuntu"
229
        if: ${{ matrix.os == 'ubuntu-latest' }}
230
        uses: cypress-io/github-action@59810ebfa5a5ac6fcfdcfdf036d1cd4d083a88f2 #v6.5.0
231
        with:
232
          install: false
233
          browser: ${{ matrix.browser }}
234
          start: npm start
235
          wait-on: http://localhost:3000
236
          record: true
237
          group: ${{ matrix.browser }} @ ${{ matrix.os }}
238
        env:
239
          SOLUTIONS_WEBHOOK: ${{ secrets.E2E_SOLUTIONS_WEBHOOK }}
240
          CYPRESS_RECORD_KEY: ${{ secrets.CYPRESS_RECORD_KEY }}
241
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
242
      - name: "Execute end-to-end tests on Mac"
243
        if: ${{ matrix.os == 'macos-latest' }}
244
        uses: cypress-io/github-action@59810ebfa5a5ac6fcfdcfdf036d1cd4d083a88f2 #v6.5.0
245
        with:
246
          install: false
247
          browser: ${{ matrix.browser }}
248
          start: npm start
249
          wait-on: http://localhost:3000
250
          record: true
251
          group: ${{ matrix.browser }} @ ${{ matrix.os }}
252
        env:
253
          CYPRESS_CACHE_FOLDER: /Users/runner/Library/Caches/Cypress
254
          CYPRESS_RECORD_KEY: ${{ secrets.CYPRESS_RECORD_KEY }}
255
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
256
  smoke-test:
257
    runs-on: ubuntu-latest
258
    steps:
259
      - name: "Check out Git repository"
260
        uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac #v4.0.0
261
      - name: "Use Node.js 18"
262
        uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d #v3.8.1
263
        with:
264
          node-version: ${{ env.NODE_DEFAULT_VERSION }}
265
      - name: "Install CLI tools"
266
        run: |
267
          npm install -g @angular/cli@$ANGULAR_CLI_VERSION
268
          npm install -g @cyclonedx/cyclonedx-npm@$CYCLONEDX_NPM_VERSION
269
          npm install -g grunt-cli
270
      - name: "Set packaging options for Grunt"
271
        run: |
272
          echo "PCKG_OS_NAME=linux" >> $GITHUB_ENV
273
          echo "PCKG_NODE_VERSION=18" >> $GITHUB_ENV
274
          echo "PCKG_CPU_ARCH=x64" >> $GITHUB_ENV
275
      - name: "Package application"
276
        run: |
277
          npm install --production
278
          npm run package:ci
279
      - name: "Unpack application archive"
280
        run: |
281
          cd dist
282
          tar -zxf juice-shop-*.tgz
283
      - name: "Execute smoke test"
284
        run: |
285
          cd dist/juice-shop_*
286
          npm start &
287
          cd ../..
288
          chmod +x test/smoke/smoke-test.sh
289
          test/smoke/smoke-test.sh http://localhost:3000
290
  docker-test:
291
    runs-on: ubuntu-latest
292
    steps:
293
      - name: "Check out Git repository"
294
        uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac #v4.0.0
295
      - name: "Execute smoke test on Docker"
296
        run: docker compose -f docker-compose.test.yml up --exit-code-from sut
297
  docker:
298
    if: github.repository == 'juice-shop/juice-shop' && github.event_name == 'push' && (github.ref == 'refs/heads/develop' || github.ref == 'refs/heads/master')
299
    needs: [test, api-test, e2e, custom-config-test, docker-test]
300
    runs-on: ubuntu-latest
301
    steps:
302
      - name: "Check out Git repository"
303
        uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac #v4.0.0
304
      - name: "Set up QEMU"
305
        uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 #v3.0.0
306
      - name: "Set up Docker Buildx"
307
        uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 #v3.0.0
308
      - name: "Login to DockerHub"
309
        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d #v3.0.0
310
        with:
311
          username: ${{ secrets.DOCKERHUB_USERNAME }}
312
          password: ${{ secrets.DOCKERHUB_TOKEN }}
313
      - name: "Set tag & labels for ${{ github.ref }}"
314
        run: |
315
          if [ "$GITHUB_REF" == "refs/heads/master" ]; then
316
          echo "DOCKER_TAG=latest" >> $GITHUB_ENV
317
          else
318
          echo "DOCKER_TAG=snapshot" >> $GITHUB_ENV
319
          fi
320
          echo "VCS_REF=`git rev-parse --short HEAD`" >> $GITHUB_ENV
321
          echo "BUILD_DATE=`date -u +”%Y-%m-%dT%H:%M:%SZ”`" >> $GITHUB_ENV
322
      - name: "Build and push for AMD64 and ARM64 processors"
323
        uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 #v5.1.0
324
        with:
325
          context: .
326
          file: ./Dockerfile
327
          platforms: linux/amd64,linux/arm64
328
          push: true
329
          tags: |
330
            bkimminich/juice-shop:${{ env.DOCKER_TAG }}
331
          build-args: |
332
            VCS_REF=${{ env.VCS_REF }}
333
            BUILD_DATE=${{ env.BUILD_DATE }}
334
            CYCLONEDX_NPM_VERSION=${{ env.CYCLONEDX_NPM_VERSION }}
335
  heroku:
336
    if: github.repository == 'juice-shop/juice-shop' && github.event_name == 'push' && (github.ref == 'refs/heads/develop' || github.ref == 'refs/heads/master')
337
    needs: [test, api-test, e2e, custom-config-test]
338
    runs-on: ubuntu-latest
339
    steps:
340
      - name: "Check out Git repository"
341
        uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac #v4.0.0
342
      - name: "Set Heroku app & branch for ${{ github.ref }}"
343
        run: |
344
          if [ "$GITHUB_REF" == "refs/heads/master" ]; then
345
          echo "HEROKU_APP=juice-shop" >> $GITHUB_ENV
346
          echo "HEROKU_BRANCH=master" >> $GITHUB_ENV
347
          else
348
          echo "HEROKU_APP=juice-shop-staging" >> $GITHUB_ENV
349
          echo "HEROKU_BRANCH=develop" >> $GITHUB_ENV
350
          fi
351
      - name: "Deploy ${{ github.ref }} to Heroku"
352
        uses: akhileshns/heroku-deploy@9fd0f9faae4aa93a38d6f5e25b9128589f1371b0 #v3.12.14
353
        with:
354
          heroku_api_key: ${{ secrets.HEROKU_API_KEY }}
355
          heroku_app_name: ${{ env.HEROKU_APP }}
356
          heroku_email: bjoern.kimminich@owasp.org
357
          branch: ${{ env.HEROKU_BRANCH }}
358
  notify-slack:
359
    if: github.repository == 'juice-shop/juice-shop' && github.event_name == 'push' && (success() || failure())
360
    needs:
361
      - docker
362
      - heroku
363
      - lint
364
      - coding-challenge-rsn
365
      - smoke-test
366
      - coverage-report
367
    runs-on: ubuntu-latest
368
    steps:
369
      - name: "Slack workflow notification"
370
        uses: Gamesight/slack-workflow-status@26a36836c887f260477432e4314ec3490a84f309 #v1.2.0
371
        with:
372
          repo_token: ${{ secrets.GITHUB_TOKEN }}
373
          slack_webhook_url: ${{ secrets.SLACK_WEBHOOK_URL }}
374

Использование cookies

Мы используем файлы cookie в соответствии с Политикой конфиденциальности и Политикой использования cookies.

Нажимая кнопку «Принимаю», Вы даете АО «СберТех» согласие на обработку Ваших персональных данных в целях совершенствования нашего веб-сайта и Сервиса GitVerse, а также повышения удобства их использования.

Запретить использование cookies Вы можете самостоятельно в настройках Вашего браузера.