swagger-api · micryc · Mar 26, 2024 · Mar 13, 2024 · Mar 13, 2024 · Mar 14, 2024
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -0,0 +1,54 @@
+name: "Code scanning - action"
+
+on:
+  push:
+    branches: ["v2"]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: ["v2"]
+  schedule:
+    - cron: '0 19 * * 1'
+
+jobs:
+  CodeQL-Build:
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v2
+      with:
+        # We must fetch at least the immediate parents so that if this is
+        # a pull request then we can checkout the head.
+        fetch-depth: 2
+
+    # If this run was triggered by a pull request event, then checkout
+    # the head of the pull request instead of the merge commit.
+    - run: git checkout HEAD^2
+      if: ${{ github.event_name == 'pull_request' }}
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v3
+      # Override language selection by uncommenting this and choosing your languages
+      with:
+        languages: java
+
+    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
+    # If this step fails, then you should remove it and run the build manually (see below)
+    - name: Autobuild
+      uses: github/codeql-action/autobuild@v3
+
+    # ℹ️ Command-line programs to run using the OS shell.
+    # 📚 https://git.io/JvXDl
+
+    # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
+    #    and modify them (or add more) to build your code if your project
+    #    uses a compiled language
+
+    #- run: |
+    #   make bootstrap
+    #   make release
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v3
diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
@@ -0,0 +1,16 @@
+name: 'Dependency Review'
+on: [pull_request]
+
+permissions:
+  contents: read
+
+jobs:
+  dependency-review:
+    runs-on: ubuntu-latest
+    steps:
+    - name: 'Checkout Repository'
+      uses: actions/checkout@v4
+    - name: Dependency Review
+      uses: actions/dependency-review-action@v3
+      with:
+        fail-on-severity: high
diff --git a/.github/workflows/deploy-docker.yml b/.github/workflows/deploy-docker.yml
@@ -0,0 +1,134 @@
+name: Deploy Docker
+
+on:
+  workflow_dispatch:
+    branches: ["v2"]
+    inputs:
+      tag:
+        description: tag/version to deploy
+        required: true
+jobs:
+  deploy:
+
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: deploy docker
+        run: |
+          SC_RELEASE_TAG="${{ env.TAG }}"
+          echo "$SC_RELEASE_TAG"
+
+          TOKEN="${{ secrets.RANCHER2_BEARER_TOKEN }}"
+          RANCHER_HOST="rancher.tools.swagger.io"
+          CLUSTER_ID="c-n8zp2"
+          NAMESPACE_NAME="swagger-oss"
+          K8S_OBJECT_TYPE="daemonsets"
+          K8S_OBJECT_NAME="swagger-petstore"
+          DEPLOY_IMAGE="swaggerapi/petstore:$SC_RELEASE_TAG"
+
+          workloadStatus=""
+          getStatus() {
+              echo "Getting update status..."
+              if ! workloadStatus="$(curl -s -X GET \
+                -H "Authorization: Bearer ${TOKEN}" \
+                -H 'Content-Type: application/json' \
+                "https://${RANCHER_HOST}/k8s/clusters/${CLUSTER_ID}/apis/apps/v1/namespaces/${NAMESPACE_NAME}/${K8S_OBJECT_TYPE}/${K8S_OBJECT_NAME}/status")"
+              then
+                  echo 'ERROR - get status k8s API call failed!'
+                  echo "Exiting build"...
+                  exit 1
+              fi
+          }
+
+          # $1 = image to deploy
+          updateObject() {
+              local image="${1}"
+              echo "Updating image value..."
+
+              if ! curl -s -X PATCH \
+                -H "Authorization: Bearer ${TOKEN}" \
+                -H 'Content-Type: application/json-patch+json' \
+                "https://${RANCHER_HOST}/k8s/clusters/${CLUSTER_ID}/apis/apps/v1/namespaces/${NAMESPACE_NAME}/${K8S_OBJECT_TYPE}/${K8S_OBJECT_NAME}" \
+                -d "[{\"op\": \"replace\", \"path\": \"/spec/template/spec/containers/0/image\", \"value\": \"${image}\"}]"
+              then
+                  echo 'ERROR - image update k8s API call failed!'
+                  echo "Exiting build..."
+                  exit 1
+              fi
+          }
+
+
+          # Check that the TAG is valid
+          if [[ $SC_RELEASE_TAG =~ ^[vV]?[0-9]*\.[0-9]*\.[0-9]*$ ]]; then
+              echo ""
+              echo "This is a Valid TAG..."
+
+              # Get current image/tag in case we need to rollback
+              getStatus
+              ROLLBACK_IMAGE="$(echo "${workloadStatus}" | jq -r '.spec.template.spec.containers[0].image')"
+              echo ""
+              echo "Current image: ${ROLLBACK_IMAGE}"
+
+              # Update image and validate response
+              echo ""
+              updateObject "${DEPLOY_IMAGE}"
+              echo ""
+
+              echo ""
+              echo "Waiting for pods to start..."
+              echo ""
+              sleep 60s
+
+              # Get state of the k8s object. If numberReady == desiredNumberScheduled, consider the upgrade successful. Else raise error
+              getStatus
+                  status="$(echo "${workloadStatus}" | jq '.status')"
+              echo ""
+              echo "${status}"
+              echo ""
+
+              numberDesired="$(echo "${status}" | jq -r '.desiredNumberScheduled')"
+              numberReady="$(echo "${status}" | jq -r '.numberReady')"
+
+              if (( numberReady == numberDesired )); then
+                  echo "${K8S_OBJECT_NAME} has been upgraded to ${DEPLOY_IMAGE}"
+
+              # If pods are not starting, rollback the upgrade and exit the build with error
+              else
+                  echo "state = error...rolling back upgrade"
+                  updateObject "${ROLLBACK_IMAGE}"
+                  echo ""
+
+                  echo ""
+                  echo "Waiting for rollback pods to start..."
+                  echo ""
+                  sleep 60s
+
+                  getStatus
+                  status="$(echo "${workloadStatus}" | jq '.status')"
+                  echo ""
+                  echo "${status}"
+                  echo ""
+
+                  numberDesired="$(echo "${status}" | jq -r '.desiredNumberScheduled')"
+                  numberReady="$(echo "${status}" | jq -r '.numberReady')"
+
+                  if (( numberReady == numberDesired )); then
+                      echo "Rollback to ${ROLLBACK_IMAGE} completed."
+                  else
+                      echo "FATAL - rollback failed"
+                  fi
+                  echo "Exiting Build..."
+                  exit 1
+              fi
+
+          else
+              echo "This TAG is not in a valid format..."
+              echo "Exiting Build..."
+              exit 0
+          fi
+          echo "Exiting Build..."
+          exit 0
+    env:
+      ACTIONS_ALLOW_UNSECURE_COMMANDS:  true
+      GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      TAG: ${{ github.event.inputs.tag }}
diff --git a/.github/workflows/dockerhub-release.yaml b/.github/workflows/dockerhub-release.yaml
@@ -0,0 +1,61 @@
+name: Docker Release
+
+on:
+  workflow_dispatch:
+    branches: ["v2"]
+    inputs:
+      tag:
+        description: tag/version to release
+        required: true
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v2
+      - name: Set up Python 3.10
+        uses: actions/setup-python@v4
+        with:
+          python-version: '3.10'
+      - name: Set up Java 8
+        uses: actions/setup-java@v1
+        with:
+          java-version: 8
+      - name: Run pre release script
+        id: preRelease
+        run: |
+          # export GPG_TTY=$(tty)
+          export MY_POM_VERSION=`mvn -q -Dexec.executable="echo" -Dexec.args='${projects.version}' --non-recursive org.codehaus.mojo:exec-maven-plugin:1.3.1:exec`
+          if [[ $MY_POM_VERSION =~ ^.*SNAPSHOT$ ]];
+          then
+            echo "not releasing snapshot version: " ${MY_POM_VERSION}
+            echo "RELEASE_OK=no" >> $GITHUB_ENV
+          else
+            . ./CI/pre-release.sh
+            echo "RELEASE_OK=yes" >> $GITHUB_ENV
+          fi
+          echo "SC_VERSION=$SC_VERSION" >> $GITHUB_ENV
+          echo "SC_NEXT_VERSION=$SC_NEXT_VERSION" >> $GITHUB_ENV
+          echo "SC_LAST_RELEASE=$SC_LAST_RELEASE" >> $GITHUB_ENV
+      - name: docker login
+        run: |
+          docker login --username=${{ secrets.DOCKERHUB_SB_USERNAME }} --password=${{ secrets.DOCKERHUB_SB_PASSWORD }}
+          set -e
+      - name: Build generator image and push
+        if: env.RELEASE_OK == 'yes'
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          push: true
+          platforms: linux/amd64
+          provenance: false
+          tags: swaggerapi/petstore:${{ env.TAG }}
+    env:
+      ACTIONS_ALLOW_UNSECURE_COMMANDS: true
+      GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      SC_VERSION:
+      SC_NEXT_VERSION:
+      TAG: ${{ github.event.inputs.tag }}
+
diff --git a/.github/workflows/maven-pulls.yml b/.github/workflows/maven-pulls.yml
@@ -0,0 +1,30 @@
+name: Build Test PR
+
+on:
+  pull_request:
+    branches: ["v2"]
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        java: [ 8 ]
+
+    steps:
+      - uses: actions/checkout@v2
+      - name: Set up Java
+        uses: actions/setup-java@v1
+        with:
+          java-version: ${{ matrix.java }}
+      - name: Cache local Maven repository
+        uses: actions/cache@v2
+        with:
+          path: ~/.m2/repository
+          key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
+          restore-keys: |
+            ${{ runner.os }}-maven-
+      - name: Build with Maven
+        run: |
+          mvn --no-transfer-progress -B install --file pom.xml
diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml
@@ -0,0 +1,36 @@
+name: Build Test master
+
+on:
+  push:
+    branches: ["v2"]
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        java: [ 8 ]
+
+    steps:
+      - uses: actions/checkout@v2
+      - name: Set up Java
+        uses: actions/setup-java@v1
+        with:
+          java-version: ${{ matrix.java }}
+          server-id: ossrh
+          server-username: MAVEN_USERNAME
+          server-password: MAVEN_PASSWORD
+      - name: Cache local Maven repository
+        uses: actions/cache@v2
+        with:
+          path: ~/.m2/repository
+          key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
+          restore-keys: |
+            ${{ runner.os }}-maven-
+      - name: Build with Maven
+        run: |
+          mvn --no-transfer-progress -B install --file pom.xml
+        env:
+          MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }}
+          MAVEN_PASSWORD: ${{ secrets.OSSRH_TOKEN }}
diff --git a/.github/workflows/prepare-release.yml b/.github/workflows/prepare-release.yml
@@ -0,0 +1,54 @@
+name: Prepare Release
+
+on:
+  workflow_dispatch:
+    branches: ["v2"]
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v2
+    - uses: tibdex/github-app-token@v1
+      id: generate-token
+      with:
+        app_id: ${{ secrets.APP_ID }}
+        private_key: ${{ secrets.APP_PRIVATE_KEY }}
+    - name: Set up Python 3.10
+      uses: actions/setup-python@v4
+      with:
+        python-version: '3.10'
+    - name: Set up Java 8
+      uses: actions/setup-java@v1
+      with:
+        java-version: 8
+    - name: Run prepare release script
+      id: prepare-release
+      run: |
+        export MY_POM_VERSION=`mvn -q -Dexec.executable="echo" -Dexec.args='${projects.version}' --non-recursive org.codehaus.mojo:exec-maven-plugin:1.3.1:exec`
+        if [[ $MY_POM_VERSION =~ ^.*SNAPSHOT$ ]];
+        then
+          . ./CI/prepare-release.sh
+          echo "PREPARE_RELEASE_OK=yes" >> $GITHUB_ENV
+        else
+          echo "not preparing release for release version: " ${MY_POM_VERSION}
+          echo "PREPARE_RELEASE_OK=no" >> $GITHUB_ENV
+        fi
+        echo "SC_VERSION=$SC_VERSION" >> $GITHUB_ENV
+        echo "SC_NEXT_VERSION=$SC_NEXT_VERSION" >> $GITHUB_ENV
+    - name: Create Prepare Release Pull Request
+      uses: peter-evans/create-pull-request@v4
+      if: env.PREPARE_RELEASE_OK == 'yes'
+      with:
+        token: ${{ steps.generate-token.outputs.token }}
+        commit-message: prepare release ${{ env.SC_VERSION }}
+        title: 'prepare release ${{ env.SC_VERSION }}'
+        branch: prepare-release-${{ env.SC_VERSION }}
+    env:
+      ACTIONS_ALLOW_UNSECURE_COMMANDS:  true
+      GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      SC_VERSION:
+      SC_NEXT_VERSION:
+