Merge pull request #1023 from godaddy/snyk-upgrade-5b32a83cca2372ac49… #4313

Workflow file for this run

	name: Continuous Integration

	on:
	push:
	branches:
	# Push events on main branch
	- main
	# Push events to branches matching refs/heads/release-
	- 'release-*'
	pull_request:
	branches: [ main ]

	#### Global environment variables
	env:
	DYNAMODB_HOSTNAME: dynamodb
	MYSQL_HOSTNAME: mysql
	MYSQL_DATABASE: testdb
	MYSQL_USERNAME: root
	MYSQL_PASSWORD: Password123
	DISABLE_TESTCONTAINERS: true
	AWS_ACCESS_KEY_ID: dummykey
	AWS_SECRET_ACCESS_KEY: dummy_secret
	AWS_DEFAULT_REGION: us-west-2
	AWS_REGION: us-west-2
	GO111MODULE: "on"


	jobs:
	#### Java
	java-secure-memory:
	name: Build Java Secure Memory
	runs-on: ubuntu-latest
	steps:
	- name: Checkout the repository
	uses: actions/checkout@f095bcc56b7c2baf48f3ac70d6d6782f4f553222
	- name: Set up Java
	uses: actions/setup-java@ddb82ce8a6ecf5ac3e80c3184839e6661546e4aa
	with:
	java-version: '17'
	distribution: 'temurin'
	cache: 'maven'
	- name: Build
	run: \|
	cd java/secure-memory
	./scripts/clean.sh
	./scripts/build.sh
	- name: Test
	run: \|
	cd java/secure-memory
	sudo prlimit --pid $$ --core=-1
	sudo prlimit --pid $$ --memlock=-1:-1
	./scripts/test.sh

	release-java-secure-memory:
	if: startsWith( github.ref, 'refs/heads/release-' ) && github.repository == 'godaddy/asherah'
	name: Release Java Secure Memory
	needs: java-secure-memory
	runs-on: ubuntu-latest
	steps:
	- name: Checkout code
	uses: actions/checkout@f095bcc56b7c2baf48f3ac70d6d6782f4f553222
	with:
	token: ${{ secrets.MERGE_TOKEN }}
	- name: Fetch all tags
	run: git fetch --prune --unshallow --tags
	- name: Set up Maven Central Repository
	uses: actions/setup-java@ddb82ce8a6ecf5ac3e80c3184839e6661546e4aa
	with:
	java-version: '17'
	distribution: 'temurin'
	cache: 'maven'
	server-id: ossrh
	server-username: MAVEN_USERNAME
	server-password: MAVEN_PASSWORD
	gpg-private-key: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }} # Value of the GPG private key to import
	gpg-passphrase: MAVEN_GPG_PASSPHRASE # env variable for GPG private key passphrase
	- name: Publish Java SecureMemory
	run: \|
	cd java/secure-memory
	BASE_VERSION=$(mvn -q -DforceStdout help:evaluate -Dexpression=project.version)
	VERSION_SUFFIX=`echo ${BASE_VERSION} \| cut -f2 -d'-'`
	BRANCH=`echo ${GITHUB_REF#refs/heads/}`
	if [[ "${BRANCH}" =~ release-.* && "${VERSION_SUFFIX}" != "alpha" ]]; then
	./scripts/release_prod.sh
	fi
	env:
	MAVEN_USERNAME: ${{ secrets.MAVEN_USERNAME }}
	MAVEN_PASSWORD: ${{ secrets.MAVEN_PASSWORD }}
	MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }}

	java-app-encryption:
	name: Build Java Application Encryption
	needs: java-secure-memory
	runs-on: ubuntu-latest
	steps:
	- name: Checkout the repository
	uses: actions/checkout@f095bcc56b7c2baf48f3ac70d6d6782f4f553222
	- name: Set up Java
	uses: actions/setup-java@ddb82ce8a6ecf5ac3e80c3184839e6661546e4aa
	with:
	java-version: '17'
	distribution: 'temurin'
	cache: 'maven'
	- name: Build
	run: \|
	cd java/app-encryption
	./scripts/clean.sh
	./scripts/build.sh
	- name: Unit tests
	run: \|
	cd java/app-encryption
	sudo prlimit --pid $$ --core=-1
	sudo prlimit --pid $$ --memlock=-1:-1
	./scripts/test.sh
	- name: Integration tests
	run: \|
	cd java/app-encryption
	sudo prlimit --pid $$ --core=-1
	sudo prlimit --pid $$ --memlock=-1:-1
	./scripts/integration_test.sh

	release-java-app-Encryption:
	if: startsWith( github.ref, 'refs/heads/release-' ) && github.repository == 'godaddy/asherah'
	name: Release Java App Encryption
	needs: java-app-encryption
	runs-on: ubuntu-latest
	steps:
	- name: Checkout code
	uses: actions/checkout@f095bcc56b7c2baf48f3ac70d6d6782f4f553222
	with:
	token: ${{ secrets.MERGE_TOKEN }}
	- name: Fetch all tags
	run: git fetch --prune --unshallow --tags
	- name: Set up Maven Central Repository
	uses: actions/setup-java@ddb82ce8a6ecf5ac3e80c3184839e6661546e4aa
	with:
	java-version: '17'
	distribution: 'temurin'
	cache: 'maven'
	server-id: ossrh
	server-username: MAVEN_USERNAME
	server-password: MAVEN_PASSWORD
	gpg-private-key: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }} # Value of the GPG private key to import
	gpg-passphrase: MAVEN_GPG_PASSPHRASE # env variable for GPG private key passphrase
	- name: Publish Java AppEncryption
	run: \|
	cd java/app-encryption
	BASE_VERSION=$(mvn -q -DforceStdout help:evaluate -Dexpression=project.version)
	VERSION_SUFFIX=`echo ${BASE_VERSION} \| cut -f2 -d'-'`
	BRANCH=`echo ${GITHUB_REF#refs/heads/}`
	if [[ "${BRANCH}" =~ release-.* && "${VERSION_SUFFIX}" != "alpha" ]]; then
	./scripts/release_prod.sh
	fi
	env:
	MAVEN_USERNAME: ${{ secrets.MAVEN_USERNAME }}
	MAVEN_PASSWORD: ${{ secrets.MAVEN_PASSWORD }}
	MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }}

	java-reference-app:
	name: Java Reference Application
	needs: java-app-encryption
	runs-on: ubuntu-latest
	steps:
	- name: Checkout the repository
	uses: actions/checkout@f095bcc56b7c2baf48f3ac70d6d6782f4f553222
	- name: Set up Java
	uses: actions/setup-java@ddb82ce8a6ecf5ac3e80c3184839e6661546e4aa
	with:
	java-version: '17'
	distribution: 'temurin'
	cache: 'maven'
	- name: Build
	run: \|
	cd samples/java/reference-app
	./scripts/clean.sh
	./scripts/build.sh

	java-server:
	name: Java Server Implementation
	needs: java-app-encryption
	runs-on: ubuntu-latest
	steps:
	- name: Checkout the repository
	uses: actions/checkout@f095bcc56b7c2baf48f3ac70d6d6782f4f553222
	- name: Set up JDK 17
	uses: actions/setup-java@ddb82ce8a6ecf5ac3e80c3184839e6661546e4aa
	with:
	distribution: 'temurin'
	java-version: '17'
	cache: 'maven'
	- name: Build
	run: \|
	cd server/java
	./scripts/clean.sh
	./scripts/build.sh
	- name: Unit tests
	run: \|
	cd server/java
	sudo prlimit --pid $$ --core=-1
	sudo prlimit --pid $$ --memlock=-1:-1
	./scripts/test.sh

	#### C#
	csharp-logging:
	name: Build C# Logging
	runs-on: ubuntu-latest
	container:
	image: mcr.microsoft.com/dotnet/sdk:6.0
	options: --ulimit core=-1 --ulimit memlock=-1:-1
	steps:
	- name: Checkout the repository
	uses: actions/checkout@f095bcc56b7c2baf48f3ac70d6d6782f4f553222
	- name: Git config - set workspace as safe
	run: git config --global --add safe.directory "$GITHUB_WORKSPACE"
	- name: Cache dotnet packages
	uses: actions/cache@04f198bf0b2a39f7230a4304bf07747a0bddf146
	with:
	path: ~/.nuget/packages
	key: ${{ runner.os }}-nuget-${{ hashFiles('*/.csproj') }}-v1
	- name: Build
	run: \|
	cd csharp/Logging
	./scripts/clean.sh
	./scripts/build.sh
	- name: Test
	run: \|
	cd csharp/Logging
	./scripts/test.sh
	- name: Upload artifact
	uses: actions/upload-artifact@65d862660abb392b8c4a3d1195a2108db131dd05
	with:
	name: csharp-logging
	path: \|
	csharp/Logging/Logging/bin/**
	csharp/Logging/Logging/obj/**

	release-csharp-logging:
	if: startsWith( github.ref, 'refs/heads/release-' ) && github.repository == 'godaddy/asherah'
	name: Release C# Logging
	needs: csharp-logging
	runs-on: ubuntu-latest
	steps:
	- name: Checkout code
	uses: actions/checkout@f095bcc56b7c2baf48f3ac70d6d6782f4f553222
	with:
	token: ${{ secrets.MERGE_TOKEN }}
	- name: Fetch all tags
	run: git fetch --prune --unshallow --tags
	- name: Cache dotnet packages
	uses: actions/cache@04f198bf0b2a39f7230a4304bf07747a0bddf146
	with:
	path: ~/.nuget/packages
	key: ${{ runner.os }}-nuget-${{ hashFiles('*/.csproj') }}-v1
	- name: Download artifact
	uses: actions/download-artifact@e9ef242655d12993efdcda9058dee2db83a2cb9b
	with:
	name: csharp-logging
	path: ${{ github.workspace }}/csharp/Logging/Logging
	- name: Publish C# Logging
	run: \|
	sudo apt-get install -y libxml2-utils
	cd csharp/Logging
	BASE_VERSION=$(xmllint --xpath "//Project/PropertyGroup/Version/text()" Directory.Build.props)
	VERSION_SUFFIX=`echo ${BASE_VERSION} \| cut -f2 -d'-'`
	BRANCH=`echo ${GITHUB_REF#refs/heads/}`
	if [[ "${BRANCH}" =~ release-.* && "${VERSION_SUFFIX}" != "alpha" ]]; then
	./scripts/release_prod.sh
	fi
	env:
	NUGET_KEY: ${{ secrets.NUGET_KEY }}
	NUGET_SOURCE: ${{ secrets.NUGET_SOURCE }}

	csharp-secure-memory:
	name: Build C# Secure Memory
	needs: csharp-logging
	runs-on: ubuntu-latest
	container:
	image: mcr.microsoft.com/dotnet/sdk:6.0
	options: --ulimit core=-1 --ulimit memlock=-1:-1
	steps:
	- name: Checkout the repository
	uses: actions/checkout@f095bcc56b7c2baf48f3ac70d6d6782f4f553222
	- name: Git config - set workspace as safe
	run: git config --global --add safe.directory "$GITHUB_WORKSPACE"
	- name: Cache dotnet packages
	uses: actions/cache@04f198bf0b2a39f7230a4304bf07747a0bddf146
	with:
	path: ~/.nuget/packages
	key: ${{ runner.os }}-nuget-${{ hashFiles('*/.csproj') }}-v1
	- name: Build
	run: \|
	cd csharp/SecureMemory
	./scripts/clean.sh
	./scripts/build.sh
	- name: Test
	run: \|
	cd csharp/SecureMemory
	./scripts/test.sh
	- name: Upload artifact
	uses: actions/upload-artifact@65d862660abb392b8c4a3d1195a2108db131dd05
	with:
	name: csharp-secure-memory
	path: \|
	csharp/SecureMemory/SecureMemory/bin/**
	csharp/SecureMemory/SecureMemory/obj/**
	csharp/SecureMemory/PlatformNative/bin/**
	csharp/SecureMemory/PlatformNative/obj/**

	release-csharp-secure-memory:
	if: startsWith( github.ref, 'refs/heads/release-' ) && github.repository == 'godaddy/asherah'
	name: Release C# Secure Memory
	needs: csharp-secure-memory
	runs-on: ubuntu-latest
	steps:
	- name: Checkout code
	uses: actions/checkout@f095bcc56b7c2baf48f3ac70d6d6782f4f553222
	with:
	token: ${{ secrets.MERGE_TOKEN }}
	- name: Fetch all tags
	run: git fetch --prune --unshallow --tags
	- name: Cache dotnet packages
	uses: actions/cache@04f198bf0b2a39f7230a4304bf07747a0bddf146
	with:
	path: ~/.nuget/packages
	key: ${{ runner.os }}-nuget-${{ hashFiles('*/.csproj') }}-v1
	- name: Download artifact
	uses: actions/download-artifact@e9ef242655d12993efdcda9058dee2db83a2cb9b
	with:
	name: csharp-secure-memory
	path: \|
	${{ github.workspace }}/csharp/SecureMemory/SecureMemory
	${{ github.workspace }}/csharp/SecureMemory/PlatformNative
	- name: Publish C# Secure Memory
	run: \|
	sudo apt-get install -y libxml2-utils
	cd csharp/SecureMemory
	BASE_VERSION=$(xmllint --xpath "//Project/PropertyGroup/Version/text()" Directory.Build.props)
	VERSION_SUFFIX=`echo ${BASE_VERSION} \| cut -f2 -d'-'`
	BRANCH=`echo ${GITHUB_REF#refs/heads/}`
	if [[ "${BRANCH}" =~ release-.* && "${VERSION_SUFFIX}" != "alpha" ]]; then
	./scripts/release_prod.sh
	fi
	env:
	NUGET_KEY: ${{ secrets.NUGET_KEY }}
	NUGET_SOURCE: ${{ secrets.NUGET_SOURCE }}

	csharp-app-encryption:
	name: Build C# Application Encryption
	needs: csharp-secure-memory
	runs-on: ubuntu-latest
	container:
	image: mcr.microsoft.com/dotnet/sdk:6.0
	options: --ulimit core=-1 --ulimit memlock=-1:-1
	services:
	dynamodb:
	image: amazon/dynamodb-local
	mysql:
	image: mysql:5.7
	env:
	MYSQL_ROOT_PASSWORD: ${{ env.MYSQL_PASSWORD }}
	steps:
	- name: Checkout the repository
	uses: actions/checkout@f095bcc56b7c2baf48f3ac70d6d6782f4f553222
	- name: Git config - set workspace as safe
	run: git config --global --add safe.directory "$GITHUB_WORKSPACE"
	- name: Cache dotnet packages
	uses: actions/cache@04f198bf0b2a39f7230a4304bf07747a0bddf146
	with:
	path: ~/.nuget/packages
	key: ${{ runner.os }}-nuget-${{ hashFiles('*/.csproj') }}-v1
	- name: Build
	run: \|
	cd csharp/AppEncryption
	./scripts/clean.sh
	./scripts/build.sh
	- name: Unit tests
	run: \|
	cd csharp/AppEncryption
	./scripts/test.sh
	- name: Integration tests
	run: \|
	cd csharp/AppEncryption
	./scripts/integration_test.sh
	- name: Upload artifact
	uses: actions/upload-artifact@65d862660abb392b8c4a3d1195a2108db131dd05
	with:
	name: csharp-app-encryption
	path: \|
	csharp/AppEncryption/AppEncryption/bin/**
	csharp/AppEncryption/AppEncryption/obj/**
	csharp/AppEncryption/Crypto/bin/**
	csharp/AppEncryption/Crypto/obj/**

	release-csharp-app-encryption:
	if: startsWith( github.ref, 'refs/heads/release-' ) && github.repository == 'godaddy/asherah'
	name: Release C# App Encryption
	needs: csharp-app-encryption
	runs-on: ubuntu-latest
	steps:
	- name: Checkout code
	uses: actions/checkout@f095bcc56b7c2baf48f3ac70d6d6782f4f553222
	with:
	token: ${{ secrets.MERGE_TOKEN }}
	- name: Fetch all tags
	run: git fetch --prune --unshallow --tags
	- name: Cache dotnet packages
	uses: actions/cache@04f198bf0b2a39f7230a4304bf07747a0bddf146
	with:
	path: ~/.nuget/packages
	key: ${{ runner.os }}-nuget-${{ hashFiles('*/.csproj') }}-v1
	- name: Download artifact
	uses: actions/download-artifact@e9ef242655d12993efdcda9058dee2db83a2cb9b
	with:
	name: csharp-app-encryption
	path: ${{ github.workspace }}/csharp/AppEncryption/AppEncryption
	- name: Publish App Encryption
	run: \|
	sudo apt-get install -y libxml2-utils
	cd csharp/AppEncryption
	BASE_VERSION=$(xmllint --xpath "//Project/PropertyGroup/Version/text()" Directory.Build.props)
	VERSION_SUFFIX=`echo ${BASE_VERSION} \| cut -f2 -d'-'`
	BRANCH=`echo ${GITHUB_REF#refs/heads/}`
	if [[ "${BRANCH}" =~ release-.* && "${VERSION_SUFFIX}" != "alpha" ]]; then
	./scripts/release_prod.sh
	fi
	env:
	NUGET_KEY: ${{ secrets.NUGET_KEY }}
	NUGET_SOURCE: ${{ secrets.NUGET_SOURCE }}

	csharp-reference-app:
	name: C# Reference Application
	needs: csharp-app-encryption
	runs-on: ubuntu-latest
	container:
	image: mcr.microsoft.com/dotnet/sdk:6.0
	options: --ulimit core=-1 --ulimit memlock=-1:-1
	steps:
	- name: Checkout the repository
	uses: actions/checkout@f095bcc56b7c2baf48f3ac70d6d6782f4f553222
	- name: Git config - set workspace as safe
	run: git config --global --add safe.directory "$GITHUB_WORKSPACE"
	- name: Cache dotnet packages
	uses: actions/cache@04f198bf0b2a39f7230a4304bf07747a0bddf146
	with:
	path: ~/.nuget/packages
	key: ${{ runner.os }}-nuget-${{ hashFiles('*/.csproj') }}-v1
	- name: Build
	run: \|
	cd samples/csharp/ReferenceApp
	./scripts/clean.sh
	./scripts/build.sh

	#### Go
	go-secure-memory:
	name: Build Go Secure Memory
	runs-on: ubuntu-latest
	steps:
	- name: Checkout the repository
	uses: actions/checkout@f095bcc56b7c2baf48f3ac70d6d6782f4f553222
	- name: Set up Go 1.19
	uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753
	with:
	go-version: '1.19'
	cache-dependency-path: 'go/*/go.sum'
	- name: Install gotestsum
	run: go install gotest.tools/gotestsum@latest
	- name: Build
	run: \|
	cd go/securememory
	./scripts/build.sh
	- name: Unit tests
	run: \|
	cd go/securememory
	sudo prlimit --pid $$ --core=-1
	sudo prlimit --pid $$ --memlock=-1:-1
	./scripts/test.sh
	- name: Benchmark tests
	run: \|
	cd go/securememory
	sudo prlimit --pid $$ --core=-1
	sudo prlimit --pid $$ --memlock=-1:-1
	./scripts/benchmark_test.sh
	- name: Static analysis
	run: \|
	cd go/securememory
	./scripts/lint.sh

	release-go-secure-memory:
	if: startsWith( github.ref, 'refs/heads/release-' ) && github.repository == 'godaddy/asherah'
	name: Release Go Secure Memory
	needs: go-secure-memory
	runs-on: ubuntu-latest
	steps:
	- name: Checkout code
	uses: actions/checkout@f095bcc56b7c2baf48f3ac70d6d6782f4f553222
	with:
	token: ${{ secrets.MERGE_TOKEN }}
	- name: Fetch all tags
	run: git fetch --prune --unshallow --tags
	- name: Set up Go 1.19
	uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753
	with:
	go-version: '1.19'
	cache-dependency-path: 'go/*/go.sum'
	- name: Publish Go Secure Memory
	run: \|
	cd go/securememory
	BASE_VERSION=$(cat .versionfile)
	VERSION_SUFFIX=`echo ${BASE_VERSION} \| cut -f2 -d'-'`
	BRANCH=`echo ${GITHUB_REF#refs/heads/}`
	if [[ "${BRANCH}" =~ release-.* && "${VERSION_SUFFIX}" != "alpha" ]]; then
	./scripts/release_prod.sh
	fi

	go-app-encryption:
	name: Build Go Application Encryption
	needs: go-secure-memory
	runs-on: ubuntu-latest
	container:
	image: golang:1.19
	options: --ulimit core=-1 --ulimit memlock=-1:-1
	services:
	dynamodb:
	image: amazon/dynamodb-local
	mysql:
	image: mysql:5.7
	env:
	MYSQL_ROOT_PASSWORD: Password123
	steps:
	- name: Checkout the repository
	uses: actions/checkout@f095bcc56b7c2baf48f3ac70d6d6782f4f553222
	- name: Set up Go 1.19
	uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753
	with:
	go-version: '1.19'
	cache-dependency-path: 'go/*/go.sum'
	- name: Install gotestsum
	run: go install gotest.tools/gotestsum@latest
	- name: Build
	run: \|
	cd go/appencryption
	./scripts/build.sh
	- name: Unit tests
	run: \|
	cd go/appencryption
	./scripts/test.sh
	- name: Integration tests
	run: \|
	cd go/appencryption
	./scripts/integration_test.sh
	- name: Benchmark tests
	run: \|
	cd go/appencryption
	./scripts/benchmark_test.sh
	- name: Static analysis
	run: \|
	cd go/appencryption
	./scripts/lint.sh

	release-go-app-encryption:
	if: startsWith( github.ref, 'refs/heads/release-' ) && github.repository == 'godaddy/asherah'
	name: Release Go App Encryption
	needs: go-app-encryption
	runs-on: ubuntu-latest
	steps:
	- name: Checkout code
	uses: actions/checkout@f095bcc56b7c2baf48f3ac70d6d6782f4f553222
	with:
	token: ${{ secrets.MERGE_TOKEN }}
	- name: Fetch all tags
	run: git fetch --prune --unshallow --tags
	- name: Set up Go 1.19
	uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753
	with:
	go-version: '1.19'
	cache-dependency-path: 'go/*/go.sum'
	- name: Publish Go App Encryption
	run: \|
	cd go/appencryption
	BASE_VERSION=$(cat .versionfile)
	VERSION_SUFFIX=`echo ${BASE_VERSION} \| cut -f2 -d'-'`
	BRANCH=`echo ${GITHUB_REF#refs/heads/}`
	if [[ "${BRANCH}" =~ release-.* && "${VERSION_SUFFIX}" != "alpha" ]]; then
	./scripts/release_prod.sh
	fi

	go-reference-app:
	name: Go Reference Application
	needs: go-app-encryption
	runs-on: ubuntu-latest
	container:
	image: golang:1.19
	options: --ulimit core=-1 --ulimit memlock=-1:-1
	steps:
	- name: Checkout the repository
	uses: actions/checkout@f095bcc56b7c2baf48f3ac70d6d6782f4f553222
	- name: Git config - set workspace as safe
	run: git config --global --add safe.directory "$GITHUB_WORKSPACE"
	- name: Set up Go 1.19
	uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753
	with:
	go-version: '1.19'
	cache-dependency-path: 'go/*/go.sum'
	- name: Install gotestsum
	run: go install gotest.tools/gotestsum@latest
	- name: Build
	run: \|
	cd samples/go/referenceapp
	./scripts/build.sh
	- name: Static analysis
	run: \|
	cd samples/go/referenceapp
	./scripts/lint.sh

	go-server:
	name: Go Server Implementation
	needs: go-app-encryption
	runs-on: ubuntu-latest
	steps:
	- name: Checkout the repository
	uses: actions/checkout@f095bcc56b7c2baf48f3ac70d6d6782f4f553222
	- name: Git config - set workspace as safe
	run: git config --global --add safe.directory "$GITHUB_WORKSPACE"
	- name: Set up Go 1.19
	uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753
	with:
	go-version: '1.19'
	cache-dependency-path: 'go/*/go.sum'
	- name: Install gotestsum
	run: go install gotest.tools/gotestsum@latest
	- name: Build
	run: \|
	cd server/go
	./scripts/build.sh
	- name: Unit tests
	run: \|
	cd server/go
	sudo prlimit --pid $$ --core=-1
	sudo prlimit --pid $$ --memlock=-1:-1
	./scripts/test.sh
	- name: Static analysis
	run: \|
	cd server/go
	./scripts/lint.sh

	#### Cross-Language
	server-samples:
	name: Server Samples
	needs: [ java-server, go-server ]
	runs-on: ubuntu-latest
	steps:
	- name: Checkout the repository
	uses: actions/checkout@f095bcc56b7c2baf48f3ac70d6d6782f4f553222
	- name: Install build tools
	run: \|
	sudo apt-get update
	sudo apt-get -y upgrade --fix-missing
	sudo apt-get install -y build-essential
	- name: Set up JDK 17
	uses: actions/setup-java@ddb82ce8a6ecf5ac3e80c3184839e6661546e4aa
	with:
	distribution: 'temurin'
	java-version: '17'
	cache: 'maven'
	- name: Set up Go 1.19
	uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753
	with:
	go-version: '1.19'
	cache-dependency-path: 'go/*/go.sum'
	- name: Set up Python 3.7
	uses: actions/setup-python@db9987b4c1f10f0404fa60ee629f675fafbd6763
	with:
	python-version: 3.7
	- name: Set up NodeJS 13
	uses: actions/setup-node@a9893b0cfb0821c9c7b5fec28a6a2e6cdd5e20a4
	with:
	node-version: 13.x
	- name: Extract branch name
	shell: bash
	run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})"
	id: extract_branch
	- name: Build the Java project
	run: \|
	mvn -v
	# Delete previous builds and rebuild from the current branch
	rm -rf ~/.m2/repository/com/godaddy/asherah/grpc-server ~/.m2/repository/com/godaddy/asherah/appencryption
	mvn --no-transfer-progress clean install -f java/app-encryption/pom.xml -DskipTests
	mvn --no-transfer-progress clean install -f server/java/pom.xml -DskipTests
	- name: Test clients
	run: \|
	cd server/samples/clients
	./test_clients.sh

	tests-cross-language:
	name: Cross-Language Tests
	needs: [ java-app-encryption, csharp-app-encryption, go-app-encryption, java-server, go-server ]
	runs-on: ubuntu-latest
	services:
	mysql:
	image: mysql:5.7
	env:
	MYSQL_DATABASE: ${{ env.MYSQL_DATABASE }}
	MYSQL_ROOT_PASSWORD: ${{ env.MYSQL_PASSWORD }}
	ports:
	- 3306
	options: --health-cmd "mysqladmin ping" --health-interval 10s --health-timeout 5s --health-retries 10
	steps:
	- name: Checkout the repository
	uses: actions/checkout@f095bcc56b7c2baf48f3ac70d6d6782f4f553222
	- name: Initialize RDBMS based metastore
	run: \|
	mysql -h 127.0.0.1 -P${{ job.services.mysql.ports[3306] }} -u ${{ env.MYSQL_USERNAME }} -p${{ env.MYSQL_PASSWORD }} -e "CREATE TABLE ${{ env.MYSQL_DATABASE }}.encryption_key (
	id VARCHAR(255) NOT NULL,
	created TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
	key_record TEXT NOT NULL,
	PRIMARY KEY (id, created),
	INDEX (created)
	);"
	- name: Set up JDK 17
	uses: actions/setup-java@ddb82ce8a6ecf5ac3e80c3184839e6661546e4aa
	with:
	distribution: 'temurin'
	java-version: '17'
	cache: 'maven'
	- name: Set up C#
	uses: actions/setup-dotnet@0f534f5829b2e991ed7d67169d882659f921a60d
	with:
	dotnet-version: '3.1.x'
	- name: Set up Go 1.19
	uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753
	with:
	go-version: '1.19'
	cache-dependency-path: 'go/*/go.sum'
	- name: Set up Python 3.8
	uses: actions/setup-python@db9987b4c1f10f0404fa60ee629f675fafbd6763
	with:
	python-version: 3.8
	- name: Extract branch name
	shell: bash
	run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})"
	id: extract_branch
	- name: Cache dotnet packages
	uses: actions/cache@04f198bf0b2a39f7230a4304bf07747a0bddf146
	with:
	path: ~/.nuget/packages
	key: ${{ runner.os }}-nuget-${{ hashFiles('*/.csproj') }}-v1
	- name: Build the Java project
	run: \|
	# Delete previous builds and rebuild from the current branch
	rm -rf ~/.m2/repository/com/godaddy/asherah/grpc-server ~/.m2/repository/com/godaddy/asherah/appencryption
	mvn --no-transfer-progress clean install -f java/app-encryption/pom.xml -DskipTests
	mvn --no-transfer-progress clean install -f server/java/pom.xml -DskipTests
	cd tests/cross-language/java
	./scripts/build.sh
	- name: Build the C# project
	run: \|
	cd tests/cross-language/csharp
	./scripts/clean.sh
	# Workaround for https://github.com/SpecFlowOSS/SpecFlow/issues/1912#issue-583000545
	export MSBUILDSINGLELOADCONTEXT=1
	./scripts/build.sh
	- name: Lint & Build the Go project
	run: \|
	cd tests/cross-language/go
	./scripts/lint.sh
	go mod edit -replace github.com/godaddy/asherah/go/appencryption=../../../go/appencryption
	go install github.com/cucumber/godog/cmd/godog@latest
	echo "GOPATH: ${GOPATH}"
	echo "PATH: ${PATH}"
	echo "GOBIN: ${GOBIN}"
	./scripts/build.sh
	- name: Test
	env:
	TEST_DB_NAME: ${{ env.MYSQL_DATABASE }}
	TEST_DB_PASSWORD: ${{ env.MYSQL_PASSWORD }}
	TEST_DB_USER: ${{ env.MYSQL_USERNAME }}
	TEST_DB_HOSTNAME: localhost
	TEST_DB_PORT: ${{ job.services.mysql.ports[3306] }}
	ASHERAH_SERVICE_NAME: service
	ASHERAH_PRODUCT_NAME: product
	ASHERAH_KMS_MODE: static
	run: \|
	export JAVA_AE_VERSION=$(mvn -f java/app-encryption/pom.xml -q -DforceStdout help:evaluate -Dexpression=project.version)
	cd tests/cross-language/
	./scripts/encrypt_all.sh
	./scripts/decrypt_all.sh

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Merge pull request #1023 from godaddy/snyk-upgrade-5b32a83cca2372ac49… #4313

Workflow file

Merge pull request #1023 from godaddy/snyk-upgrade-5b32a83cca2372ac49… #4313

Jobs

Run details

Workflow file for this run