Bump com.sap.cloud.security.xsuaa:token-client from 3.5.7 to 3.6.7 in /sdm #148
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Single Tenant Deploy and Integration Test | |
| on: | |
| pull_request: | |
| types: [closed] | |
| branches: | |
| - develop | |
| workflow_dispatch: | |
| permissions: | |
| pull-requests: read | |
| packages: read # Added permission to read packages | |
| jobs: | |
| deploy: | |
| if: github.event.pull_request.merged == true | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Wait for 5 minutes # Added a 5-minute delay to ensure the snapshot is deployed successfully before initiating the deployment job. | |
| run: sleep 300 | |
| - name: Checkout repository | |
| uses: actions/checkout@v6 | |
| with: | |
| ref: develop | |
| - name: Set up Java 17 | |
| uses: actions/setup-java@v3 | |
| with: | |
| java-version: 17 | |
| distribution: 'temurin' | |
| - name: Verify and Checkout Deploy Branch | |
| run: | | |
| git fetch origin | |
| if git rev-parse --verify origin/develop_deploy; then | |
| git checkout develop_deploy | |
| else | |
| echo "Branch 'develop_deploy' not found. Please verify the branch name." | |
| exit 1 | |
| fi | |
| - name: Deleting the sdm directory for fresh build | |
| run: | | |
| pwd | |
| cd | |
| rm -rf .m2/repository/com/sap/cds | |
| - name: Configure Maven for GitHub Packages | |
| run: | | |
| mkdir -p ~/.m2 | |
| cat > ~/.m2/settings.xml <<EOF | |
| <settings> | |
| <servers> | |
| <server> | |
| <id>github-snapshot</id> | |
| <username>${{ github.actor }}</username> | |
| <password>${{ secrets.GITHUB_TOKEN }}</password> | |
| </server> | |
| </servers> | |
| </settings> | |
| EOF | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| # - name: Consume GitHub Packages (com.sap.cds.sdm-root and com.sap.cds.sdm) | |
| # run: | | |
| # mvn dependency:get -Dartifact=com.sap.cds:sdm-root:LATEST -DrepoUrl=https://maven.pkg.github.com/cap-java/sdm | |
| # mvn dependency:get -Dartifact=com.sap.cds:sdm:LATEST -DrepoUrl=https://maven.pkg.github.com/cap-java/sdm | |
| - name: Prepare and Deploy to Cloud Foundry | |
| run: | | |
| echo "Current Branch......" | |
| git branch | |
| pwd | |
| cd /home/runner/work/sdm/sdm/cap-notebook/demoapp | |
| # Removing node_modules & package-lock.json | |
| cd app | |
| rm -rf node_modules package-lock.json | |
| npm i | |
| cd .. | |
| # Replace placeholder with actual REPOSITORY_ID value | |
| sed -i 's|__REPOSITORY_ID__|'${{ steps.set_repository_id.outputs.repository_id }}'|g' ./mta.yaml | |
| wget -P /tmp https://github.com/SAP/cloud-mta-build-tool/releases/download/v1.2.28/cloud-mta-build-tool_1.2.28_Linux_amd64.tar.gz | |
| tar -xvzf /tmp/cloud-mta-build-tool_1.2.28_Linux_amd64.tar.gz | |
| sudo mv mbt /usr/local/bin/ | |
| mbt build | |
| # Install cf & login | |
| wget -q -O - https://packages.cloudfoundry.org/debian/cli.cloudfoundry.org.key \ | |
| | sudo tee /etc/apt/trusted.gpg.d/cloudfoundry.asc | |
| echo "deb https://packages.cloudfoundry.org/debian stable main" \ | |
| | sudo tee /etc/apt/sources.list.d/cloudfoundry-cli.list | |
| sudo apt update | |
| sudo apt install cf-cli | |
| # Install cf CLI plugin | |
| cf install-plugin multiapps -f | |
| # Login to Cloud Foundry again to ensure session is active | |
| cf login -a ${{ secrets.CF_API }} -u ${{ secrets.CF_USER }} -p ${{ secrets.CF_PASSWORD }} -o ${{ secrets.CF_ORG }} -s ${{ secrets.CF_SPACE }} | |
| # Deploy the application | |
| echo "Running cf deploy" | |
| cf deploy mta_archives/demoappjava_1.0.0.mtar -f | |
| integration-test: | |
| needs: deploy | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| tokenFlow: [namedUser, technicalUser] | |
| testClass: | |
| - IntegrationTest_SingleFacet | |
| - IntegrationTest_MultipleFacet | |
| - IntegrationTest_Chapters_MultipleFacet | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v6 | |
| - name: Set up Java 17 | |
| uses: actions/setup-java@v3 | |
| with: | |
| java-version: 17 | |
| distribution: 'temurin' | |
| cache: 'maven' | |
| - name: Cache CF CLI π¦ | |
| id: cache-cf-cli | |
| uses: actions/cache@v4 | |
| with: | |
| path: /usr/bin/cf8 | |
| key: cf-cli-v8-${{ runner.os }} | |
| - name: Install Cloud Foundry CLI | |
| if: steps.cache-cf-cli.outputs.cache-hit != 'true' | |
| run: | | |
| wget -q -O - https://packages.cloudfoundry.org/debian/cli.cloudfoundry.org.key | sudo apt-key add - | |
| echo "deb https://packages.cloudfoundry.org/debian stable main" | sudo tee /etc/apt/sources.list.d/cloudfoundry-cli.list | |
| sudo apt-get update | |
| sudo apt-get install cf8-cli | |
| - name: Install jq π¦ | |
| run: | | |
| if ! command -v jq &> /dev/null; then | |
| sudo apt-get update && sudo apt-get install -y jq | |
| fi | |
| - name: Login to Cloud Foundry | |
| run: | | |
| cf login -a ${{ secrets.CF_API }} \ | |
| -u ${{ secrets.CF_USER }} \ | |
| -p ${{ secrets.CF_PASSWORD }} \ | |
| -o ${{ secrets.CF_ORG }} \ | |
| -s ${{ secrets.CF_SPACE }} | |
| - name: Fetch and Escape Client Details for single tenant π | |
| id: fetch_credentials | |
| run: | | |
| echo "Fetching client details for single tenant..." | |
| service_instance_guid=$(cf service demoappjava-public-uaa --guid) | |
| if [ -z "$service_instance_guid" ]; then | |
| echo "β Error: Unable to retrieve service instance GUID"; exit 1; | |
| fi | |
| bindings_response=$(cf curl "/v3/service_credential_bindings?service_instance_guids=${service_instance_guid}") | |
| binding_guid=$(echo "$bindings_response" | jq -r '.resources[0].guid') | |
| if [ -z "$binding_guid" ]; then | |
| echo "β Error: Unable to retrieve binding GUID"; exit 1; | |
| fi | |
| binding_details=$(cf curl "/v3/service_credential_bindings/${binding_guid}/details") | |
| clientSecret=$(echo "$binding_details" | jq -r '.credentials.clientsecret') | |
| if [ -z "$clientSecret" ] || [ "$clientSecret" == "null" ]; then | |
| echo "β Error: clientSecret is not set or is null"; exit 1; | |
| fi | |
| escapedClientSecret=$(echo "$clientSecret" | sed 's/\$/\\$/g') | |
| echo "::add-mask::$escapedClientSecret" | |
| clientID=$(echo "$binding_details" | jq -r '.credentials.clientid') | |
| if [ -z "$clientID" ] || [ "$clientID" == "null" ]; then | |
| echo "β Error: clientID is not set or is null"; exit 1; | |
| fi | |
| echo "::add-mask::$clientID" | |
| echo "CLIENT_SECRET=$escapedClientSecret" >> $GITHUB_OUTPUT | |
| echo "CLIENT_ID=$clientID" >> $GITHUB_OUTPUT | |
| echo "β Client details fetched successfully!" | |
| - name: Run integration tests π― (${{ matrix.tokenFlow }} - ${{ matrix.testClass }}) | |
| env: | |
| CLIENT_SECRET: ${{ steps.fetch_credentials.outputs.CLIENT_SECRET }} | |
| CLIENT_ID: ${{ steps.fetch_credentials.outputs.CLIENT_ID }} | |
| run: | | |
| echo "π Starting integration tests for ${{ matrix.tokenFlow }} - ${{ matrix.testClass }}..." | |
| set -e | |
| PROPERTIES_FILE="sdm/src/test/resources/credentials.properties" | |
| appUrl="${{ secrets.CF_ORG }}-${{ secrets.CF_SPACE }}-demoappjava-srv.cfapps.eu12.hana.ondemand.com" | |
| authUrl="${{ secrets.CAPAUTH_URL }}" | |
| clientID="${{ env.CLIENT_ID }}" | |
| clientSecret="${{ env.CLIENT_SECRET }}" | |
| username="${{ secrets.CF_USER }}" | |
| password="${{ secrets.CF_PASSWORD }}" | |
| noSDMRoleUsername="${{ secrets.NOSDMROLEUSERNAME }}" | |
| noSDMRoleUserPassword="${{ secrets.NOSDMROLEUSERPASSWORD }}" | |
| echo "::add-mask::$clientSecret" | |
| echo "::add-mask::$clientID" | |
| echo "::add-mask::$username" | |
| echo "::add-mask::$password" | |
| echo "::add-mask::$noSDMRoleUsername" | |
| echo "::add-mask::$noSDMRoleUserPassword" | |
| if [ -z "$appUrl" ]; then echo "β Error: appUrl is not set"; exit 1; fi | |
| if [ -z "$authUrl" ]; then echo "β Error: authUrl is not set"; exit 1; fi | |
| if [ -z "$clientID" ]; then echo "β Error: clientID is not set"; exit 1; fi | |
| if [ -z "$clientSecret" ]; then echo "β Error: clientSecret is not set"; exit 1; fi | |
| if [ -z "$username" ]; then echo "β Error: username is not set"; exit 1; fi | |
| if [ -z "$password" ]; then echo "β Error: password is not set"; exit 1; fi | |
| if [ -z "$noSDMRoleUsername" ]; then echo "β Error: noSDMRoleUsername is not set"; exit 1; fi | |
| if [ -z "$noSDMRoleUserPassword" ]; then echo "β Error: noSDMRoleUserPassword is not set"; exit 1; fi | |
| cat > "$PROPERTIES_FILE" <<EOL | |
| appUrl=$appUrl | |
| authUrl=$authUrl | |
| clientID=$clientID | |
| clientSecret=$clientSecret | |
| username=$username | |
| password=$password | |
| noSDMRoleUsername=$noSDMRoleUsername | |
| noSDMRoleUserPassword=$noSDMRoleUserPassword | |
| EOL | |
| echo "π― Running Maven integration tests for ${{ matrix.tokenFlow }} - ${{ matrix.testClass }}..." | |
| mvn clean verify -P integration-tests -DtokenFlow=${{ matrix.tokenFlow }} -DtenancyModel=single -DskipUnitTests -Dfailsafe.includes="**/${{ matrix.testClass }}.java" | |