Parallel integration tests(AST-23124) #437
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Continuous Integration Tests | |
| on: | |
| pull_request: | |
| jobs: | |
| unit-tests: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout the repository | |
| uses: actions/checkout@1e31de5234b9f8995739874a8ce0492dc87873e2 #v4.0.0 | |
| - name: Set up Go version | |
| uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 #v4 | |
| with: | |
| go-version-file: go.mod | |
| - run: go version | |
| - name: go test with coverage | |
| run: | | |
| sudo chmod +x ./internal/commands/.scripts/up.sh | |
| ./internal/commands/.scripts/up.sh | |
| - name: Check if total coverage is greater then 77.7 | |
| shell: bash | |
| run: | | |
| CODE_COV=$(go tool cover -func cover.out | grep total | awk '{print substr($3, 1, length($3)-1)}') | |
| EXPECTED_CODE_COV=77.7 | |
| var=$(awk 'BEGIN{ print "'$CODE_COV'"<"'$EXPECTED_CODE_COV'" }') | |
| if [ "$var" -eq 1 ];then | |
| echo "Your code coverage is too low. Coverage precentage is: $CODE_COV" | |
| exit 1 | |
| else | |
| echo "Your code coverage test passed! Coverage precentage is: $CODE_COV" | |
| exit 0 | |
| fi | |
| integration-tests: | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - group: scan | |
| filter: "^TestScan" | |
| timeout: 90 | |
| - group: containers | |
| filter: "^Test.*(Container|IacRealtime|SecretsRealtime).*" | |
| timeout: 60 | |
| - group: scm | |
| filter: "^Test.*(UserCount|Azure|Bitbucket|Github|Gitlab|PR).*" | |
| timeout: 45 | |
| - group: git-hooks | |
| filter: "^Test.*(PreCommit|PreReceive).*" | |
| timeout: 45 | |
| - group: core | |
| filter: "^Test(Auth|Config|Project|Result|Root|Tenant|Feature|Chat|Log|Import|Predicate|Telemetry|Learn|Rate|Bfl|Asca|Oss).*" | |
| timeout: 60 | |
| steps: | |
| - name: Checkout the repository | |
| uses: actions/checkout@1e31de5234b9f8995739874a8ce0492dc87873e2 #v4.0.0 | |
| - name: Set up Go version | |
| uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 #v4 | |
| with: | |
| go-version-file: go.mod | |
| - run: go version | |
| - name: Go Build | |
| run: go build -o ./bin/cx ./cmd | |
| - name: Install gocovmerge | |
| run: go install github.com/wadey/gocovmerge@latest | |
| - name: Install pre-commit | |
| run: | | |
| pip install pre-commit | |
| pre-commit install | |
| - name: Go Integration test - ${{ matrix.group }} | |
| shell: bash | |
| timeout-minutes: ${{ matrix.timeout }} | |
| env: | |
| CX_BASE_URI: ${{ secrets.CX_BASE_URI }} | |
| CX_CLIENT_ID: ${{ secrets.CX_CLIENT_ID }} | |
| CX_CLIENT_SECRET: ${{ secrets.CX_CLIENT_SECRET }} | |
| CX_BASE_AUTH_URI: ${{ secrets.CX_BASE_AUTH_URI }} | |
| CX_AST_USERNAME: ${{ secrets.CX_AST_USERNAME }} | |
| CX_AST_PASSWORD: ${{ secrets.CX_AST_PASSWORD }} | |
| CX_APIKEY: ${{ secrets.CX_APIKEY }} | |
| CX_TENANT: ${{ secrets.CX_TENANT }} | |
| CX_SCAN_SSH_KEY: ${{ secrets.CX_SCAN_SSH_KEY }} | |
| CX_ORIGIN: "cli-tests" | |
| PERSONAL_ACCESS_TOKEN: ${{ secrets.PERSONAL_ACCESS_TOKEN }} | |
| PROXY_HOST: localhost | |
| PROXY_PORT: 3128 | |
| PROXY_USERNAME: ${{ secrets.PROXY_USER }} | |
| PROXY_PASSWORD: ${{ secrets.PROXY_PASSWORD }} | |
| PR_GITHUB_TOKEN: ${{ secrets.PERSONAL_ACCESS_TOKEN }} | |
| PR_GITHUB_NAMESPACE: "checkmarx" | |
| PR_GITHUB_REPO_NAME: "ast-cli" | |
| PR_GITHUB_NUMBER: 983 | |
| PR_GITLAB_TOKEN: ${{ secrets.PR_GITLAB_TOKEN }} | |
| PR_GITLAB_NAMESPACE: ${{ secrets.PR_GITLAB_NAMESPACE }} | |
| PR_GITLAB_REPO_NAME: ${{ secrets.PR_GITLAB_REPO_NAME }} | |
| PR_GITLAB_PROJECT_ID: ${{ secrets.PR_GITLAB_PROJECT_ID }} | |
| PR_GITLAB_IID: ${{ secrets.PR_GITLAB_IID }} | |
| AZURE_ORG: ${{ secrets.AZURE_ORG }} | |
| AZURE_PROJECT: ${{ secrets.AZURE_PROJECT }} | |
| AZURE_REPOS: ${{ secrets.AZURE_REPOS }} | |
| AZURE_TOKEN: ${{ secrets.AZURE_TOKEN }} | |
| AZURE_NEW_ORG: ${{ secrets.AZURE_NEW_ORG }} | |
| AZURE_PROJECT_NAME: ${{ secrets.AZURE_PROJECT_NAME }} | |
| AZURE_PR_NUMBER: 1 | |
| AZURE_NEW_TOKEN: ${{ secrets.AZURE_NEW_TOKEN }} | |
| BITBUCKET_WORKSPACE: ${{ secrets.BITBUCKET_WORKSPACE }} | |
| BITBUCKET_REPOS: ${{ secrets.BITBUCKET_REPOS }} | |
| BITBUCKET_USERNAME: ${{ secrets.BITBUCKET_USERNAME }} | |
| BITBUCKET_PASSWORD: ${{ secrets.BITBUCKET_PASSWORD }} | |
| GITLAB_TOKEN: ${{ secrets.GITLAB_TOKEN }} | |
| GITHUB_ACTOR: ${{ github.actor }} | |
| PR_BITBUCKET_TOKEN: ${{ secrets.PR_BITBUCKET_TOKEN }} | |
| PR_BITBUCKET_NAMESPACE: "AstSystemTest" | |
| PR_BITBUCKET_REPO_NAME: "cliIntegrationTest" | |
| PR_BITBUCKET_ID: 1 | |
| run: | | |
| sudo chmod +x ./internal/commands/.scripts/integration_up.sh ./internal/commands/.scripts/integration_down.sh | |
| ./internal/commands/.scripts/integration_up.sh "${{ matrix.filter }}" | |
| ./internal/commands/.scripts/integration_down.sh | |
| - name: Upload coverage artifact | |
| uses: actions/upload-artifact@c7d193f32edcb7bfad88892161225aeda64e9392 #v4 | |
| if: always() | |
| with: | |
| name: coverage-${{ matrix.group }} | |
| path: | | |
| cover.out | |
| coverage.html | |
| - name: Upload test output | |
| uses: actions/upload-artifact@c7d193f32edcb7bfad88892161225aeda64e9392 #v4 | |
| if: always() | |
| with: | |
| name: test-output-${{ matrix.group }} | |
| path: test_output.log | |
| # Merge coverage from all parallel test groups | |
| integration-coverage: | |
| runs-on: ubuntu-latest | |
| needs: integration-tests | |
| if: always() | |
| steps: | |
| - name: Checkout the repository | |
| uses: actions/checkout@1e31de5234b9f8995739874a8ce0492dc87873e2 #v4.0.0 | |
| - name: Set up Go version | |
| uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 #v4 | |
| with: | |
| go-version-file: go.mod | |
| - name: Install gocovmerge | |
| run: go install github.com/wadey/gocovmerge@latest | |
| - name: Download all coverage artifacts | |
| uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 #v4 | |
| with: | |
| pattern: coverage-* | |
| merge-multiple: false | |
| - name: Download all test outputs | |
| uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 #v4 | |
| with: | |
| pattern: test-output-* | |
| merge-multiple: false | |
| - name: Generate test summary | |
| shell: bash | |
| run: | | |
| echo "## 🧪 Integration Test Summary" >> $GITHUB_STEP_SUMMARY | |
| echo "" >> $GITHUB_STEP_SUMMARY | |
| echo "| Group | Total | ✅ Passed | ❌ Failed | ⏭️ Skipped | Pass Rate |" >> $GITHUB_STEP_SUMMARY | |
| echo "|-------|-------|-----------|-----------|------------|-----------|" >> $GITHUB_STEP_SUMMARY | |
| GRAND_TOTAL=0 | |
| GRAND_PASSED=0 | |
| GRAND_FAILED=0 | |
| GRAND_SKIPPED=0 | |
| for group in scan containers scm git-hooks core; do | |
| LOG_FILE="test-output-${group}/test_output.log" | |
| if [ -f "$LOG_FILE" ]; then | |
| PASSED=$(grep -c "^--- PASS:" "$LOG_FILE" 2>/dev/null || echo "0") | |
| FAILED=$(grep -c "^--- FAIL:" "$LOG_FILE" 2>/dev/null || echo "0") | |
| SKIPPED=$(grep -c "^--- SKIP:" "$LOG_FILE" 2>/dev/null || echo "0") | |
| TOTAL=$((PASSED + FAILED + SKIPPED)) | |
| if [ "$TOTAL" -gt 0 ]; then | |
| RATE=$(awk "BEGIN {printf \"%.1f\", ($PASSED/$TOTAL)*100}") | |
| else | |
| RATE="0.0" | |
| fi | |
| GRAND_TOTAL=$((GRAND_TOTAL + TOTAL)) | |
| GRAND_PASSED=$((GRAND_PASSED + PASSED)) | |
| GRAND_FAILED=$((GRAND_FAILED + FAILED)) | |
| GRAND_SKIPPED=$((GRAND_SKIPPED + SKIPPED)) | |
| echo "| **${group}** | ${TOTAL} | ${PASSED} | ${FAILED} | ${SKIPPED} | ${RATE}% |" >> $GITHUB_STEP_SUMMARY | |
| else | |
| echo "| **${group}** | - | - | - | - | N/A |" >> $GITHUB_STEP_SUMMARY | |
| fi | |
| done | |
| # Calculate grand total pass rate | |
| if [ "$GRAND_TOTAL" -gt 0 ]; then | |
| GRAND_RATE=$(awk "BEGIN {printf \"%.1f\", ($GRAND_PASSED/$GRAND_TOTAL)*100}") | |
| else | |
| GRAND_RATE="0.0" | |
| fi | |
| echo "|-------|-------|-----------|-----------|------------|-----------|" >> $GITHUB_STEP_SUMMARY | |
| echo "| **TOTAL** | **${GRAND_TOTAL}** | **${GRAND_PASSED}** | **${GRAND_FAILED}** | **${GRAND_SKIPPED}** | **${GRAND_RATE}%** |" >> $GITHUB_STEP_SUMMARY | |
| echo "" >> $GITHUB_STEP_SUMMARY | |
| # List failed tests if any | |
| if [ "$GRAND_FAILED" -gt 0 ]; then | |
| echo "### ❌ Failed Tests" >> $GITHUB_STEP_SUMMARY | |
| echo "" >> $GITHUB_STEP_SUMMARY | |
| for group in scan containers scm git-hooks core; do | |
| LOG_FILE="test-output-${group}/test_output.log" | |
| if [ -f "$LOG_FILE" ]; then | |
| FAILED_TESTS=$(grep "^--- FAIL:" "$LOG_FILE" | awk '{print $3}' | head -10) | |
| if [ -n "$FAILED_TESTS" ]; then | |
| echo "**${group}:**" >> $GITHUB_STEP_SUMMARY | |
| echo "$FAILED_TESTS" | while read test; do | |
| echo "- \`${test}\`" >> $GITHUB_STEP_SUMMARY | |
| done | |
| echo "" >> $GITHUB_STEP_SUMMARY | |
| fi | |
| fi | |
| done | |
| fi | |
| - name: Merge coverage reports | |
| shell: bash | |
| run: | | |
| # Debug: Show downloaded artifact structure | |
| echo "=== Downloaded artifacts structure ===" | |
| ls -la | |
| find . -name "cover.out" -type f -exec ls -la {} \; | |
| # Find all cover.out files and merge them | |
| find . -name "cover.out" -type f > coverage_files.txt | |
| echo "=== Coverage files found ===" | |
| cat coverage_files.txt | |
| echo "=== File count: $(wc -l < coverage_files.txt) ===" | |
| if [ -s coverage_files.txt ]; then | |
| # Show individual coverage before merge | |
| echo "=== Individual coverage percentages ===" | |
| while read -r file; do | |
| COV=$(go tool cover -func "$file" | grep total | awk '{print $3}') | |
| echo "$file: $COV" | |
| done < coverage_files.txt | |
| # Merge all coverage files | |
| gocovmerge $(cat coverage_files.txt | tr '\n' ' ') > merged-cover.out | |
| go tool cover -html=merged-cover.out -o merged-coverage.html | |
| echo "=== Merged coverage ===" | |
| go tool cover -func merged-cover.out | grep total | |
| else | |
| echo "ERROR: No coverage files found!" | |
| fi | |
| - name: Upload merged coverage report | |
| uses: actions/upload-artifact@c7d193f32edcb7bfad88892161225aeda64e9392 #v4 | |
| with: | |
| name: ${{ runner.os }}-coverage-merged | |
| path: | | |
| merged-cover.out | |
| merged-coverage.html | |
| - name: Check if total coverage is greater then 75 | |
| shell: bash | |
| run: | | |
| if [ -f merged-cover.out ]; then | |
| CODE_COV=$(go tool cover -func merged-cover.out | grep total | awk '{print substr($3, 1, length($3)-1)}') | |
| EXPECTED_CODE_COV=75 | |
| var=$(awk 'BEGIN{ print "'$CODE_COV'"<"'$EXPECTED_CODE_COV'" }') | |
| if [ "$var" -eq 1 ];then | |
| echo "Your code coverage is too low. Coverage precentage is: $CODE_COV" | |
| exit 1 | |
| else | |
| echo "Your code coverage test passed! Coverage precentage is: $CODE_COV" | |
| exit 0 | |
| fi | |
| else | |
| echo "No coverage file found - tests may have failed" | |
| exit 1 | |
| fi | |
| lint: | |
| name: lint | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@1e31de5234b9f8995739874a8ce0492dc87873e2 #v4.0.0 | |
| - name: Set up Go version | |
| uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 #v4 | |
| with: | |
| go-version-file: go.mod | |
| - run: go version | |
| - run: go mod tidy | |
| - name: golangci-lint | |
| uses: golangci/golangci-lint-action@3a919529898de77ec3da873e3063ca4b10e7f5cc #v3 | |
| with: | |
| skip-pkg-cache: true | |
| version: v1.64.2 | |
| args: -c .golangci.yml | |
| --timeout 5m | |
| only-new-issues: true | |
| govulncheck: | |
| runs-on: ubuntu-latest | |
| name: govulncheck | |
| steps: | |
| - id: govulncheck | |
| uses: golang/govulncheck-action@7da72f730e37eeaad891fcff0a532d27ed737cd4 #v1 | |
| continue-on-error: true | |
| with: | |
| go-version-file: go.mod | |
| go-package: ./... | |
| checkDockerImage: | |
| runs-on: ubuntu-latest | |
| name: scan Docker Image with Trivy | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@722adc63f1aa60a57ec37892e133b1d319cae598 #2.0.0 | |
| - name: Set up Docker | |
| uses: docker/setup-buildx-action@cf09c5c41b299b55c366aff30022701412eb6ab0 #v1.0.0 | |
| - name: Log in to Docker Hub | |
| uses: docker/login-action@49ed152c8eca782a232dede0303416e8f356c37b #v2 | |
| with: | |
| username: ${{ secrets.DOCKER_USERNAME }} | |
| password: ${{ secrets.DOCKER_PASSWORD }} | |
| - name: Build the project | |
| run: go build -o ./cx ./cmd | |
| - name: Build Docker image | |
| run: docker build -t ast-cli:${{ github.sha }} . | |
| - name: Run Trivy scanner without downloading DBs | |
| uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 #v0.28.0 | |
| with: | |
| scan-type: 'image' | |
| image-ref: ast-cli:${{ github.sha }} | |
| format: 'table' | |
| exit-code: '1' | |
| ignore-unfixed: true | |
| vuln-type: 'os,library' | |
| output: './trivy-image-results.txt' | |
| env: | |
| TRIVY_SKIP_JAVA_DB_UPDATE: true | |
| - name: Inspect action report | |
| if: always() | |
| shell: bash | |
| run: cat ./trivy-image-results.txt |