PCBE-52160:git action implementation for scvmm plugin

Author: SatyaShendige

.github/workflows/ci.yml

@@ -15,21 +15,10 @@ concurrency:
   cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}
 
 jobs:
-#  copyright-check:
-#    if: github.ref != 'refs/heads/main'
-#    uses: hpe-actions/copyright/.github/workflows/copyright.yml@v2
-
-#  secrets-scanner:
-#    uses: hpe-actions/secrets-scanner/.github/workflows/secrets-scanner.yml@v2.0.2
-#    with:
-#      config_override: ".gitleaks.toml"
 
   build:
     runs-on: ubuntu-latest
     if: github.ref != 'refs/heads/main'
-#    environment:
-#      name: github-pages
-#      url: ${{ steps.deployment.outputs.page_url }}
     permissions:
       contents: write
       packages: read
@@ -46,46 +35,60 @@ jobs:
           distribution: 'temurin'
       - uses: gradle/actions/setup-gradle@v4
 
-#      - name: Run tests and generate coverage report
-#        run: ./gradlew test
+      - name: Run CodeNarc
+        run: |
+          ./gradlew codenarcMain codenarcTest --continue || true
 
-#      - name: Run quality checks
-#        run: ./gradlew check
+      - name: Upload CodeNarc Reports
+        uses: actions/upload-artifact@v4
+        with:
+          name: codenarc-reports
+          path: |
+            build/reports/codenarc/main.xml
+            build/reports/codenarc/main.html
+
+      # Install Gitleaks (latest version)
+      - name: Install Gitleaks
+        run: |
+          GITLEAKS_VERSION=$(curl -s https://api.github.com/repos/gitleaks/gitleaks/releases/latest | jq -r .tag_name)
+          curl -sL "https://github.com/gitleaks/gitleaks/releases/download/${GITLEAKS_VERSION}/gitleaks_${GITLEAKS_VERSION#v}_linux_x64.tar.gz" -o gitleaks.tar.gz
+          tar -xvf gitleaks.tar.gz
+          sudo mv gitleaks /usr/local/bin/
+
+      # Run Gitleaks scan
+      - name: Run Gitleaks Scan
+        run: |
+          gitleaks detect \
+            --source . \
+            --report-format json \
+            --no-banner \
+            --report-path gitleaks-report.json \
+            --verbose 
+        continue-on-error: true
+
+      # upload report as artifact
+      - name: Upload Gitleaks Report
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: gitleaks-report
+          path: gitleaks-report.json
+      # Fail workflow if leaks were found
+      - name: Fail if leaks detected
+        if: success()  # only run this after previous steps
+        run: |
+          if grep -q '"StartLine":' gitleaks-report.json; then
+            echo "Gitleaks found secrets! Failing the workflow."
+            exit 1
+          fi
 
       - name: Build and assemble the project artifacts
         run: ./gradlew build
 
-#      - name: Run functional tests on simulated environment
-#        run: ./gradlew functionalTest --tests runners.CucumberTestSuite
-
-#      - name: Create test reports index page
-#        run: |
-#          echo '<html><body>
-#            <h1>Reports</h1>
-#            <ul>
-#              <li><a href="tests/test">Test Results</a></li>
-#              <li><a href="tests/cucumberFunctionalTest">Functional Test Results</a></li>
-#              <li><a href="jacoco/test/html">Coverage Report</a></li>
-#              <li><a href="codenarc/main.html">Main CodeNarc Report</a></li>
-#            </ul>
-#          </body></html>' > build/reports/index.html
-
-#      - name: Upload test reports as artifact
-#        uses: actions/upload-pages-artifact@v3
-#        with:
-#          path: build/reports
-
-#      - name: Deploy test reports to GitHub Pages
-#        id: deployment
-#        uses: actions/deploy-pages@v4
-
-#      - name: Verify minimum test coverage
-#        run: ./gradlew jacocoTestCoverageVerification
-
-
   publish-to-artifactory:
-    if: github.ref == 'refs/heads/main'
+          # if: github.ref == 'refs/heads/main'
     runs-on: ubuntu-latest
+    needs: build
     permissions:
       contents: read
     steps:
@@ -96,9 +99,42 @@ jobs:
           java-version: '11'
           distribution: 'temurin'
 
+      - name: Install JFrog CLI v1.54.1
+        run: |
+          JFROG_VERSION=1.54.1
+          curl -fL "https://releases.jfrog.io/artifactory/jfrog-cli/v1/${JFROG_VERSION}/jfrog-cli-linux-amd64/jfrog" -o jfrog
+          chmod +x jfrog
+          sudo mv jfrog /usr/local/bin/
+          jfrog --version
+
       - name: Build with Gradle
-        run: ./gradlew artifactoryPublish
         env:
-          ARTIFACTORY_USER: 'ci-token-morpheus'
-          # Secret defined at https://github.com/gomorpheus/morpheus-scvmm-plugin/settings/secrets/actions
+          ARTIFACTORY_USER: ${{ secrets.CI_USER_MORPHEUS }}
           ARTIFACTORY_PASSWORD: ${{ secrets.CI_TOKEN_MORPHEUS }}
+          ARTIFACTORY_URL: ${{ secrets.ARTIFACTORY_URL }}
+        run: |
+          ./gradlew --version
+          ./gradlew buildEnvironment | grep artifactory
+          ./gradlew tasks | grep artifactory
+          ./gradlew uploadToArtifactory --stacktrace --info --debug
+
+  publish-test-summary:
+    runs-on: ubuntu-latest
+    needs: build
+    permissions:
+      contents: read
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions/setup-java@v4
+        with:
+          java-version: '11'
+          distribution: 'temurin'
+      - name: Summarize Test Results
+        run: |
+          echo "### Test Summary" | tee -a $GITHUB_STEP_SUMMARY
+          echo '```' | tee -a $GITHUB_STEP_SUMMARY
+          ./gradlew testSummary --console=plain -Dorg.gradle.logging.level=quiet | sed 's/\x1b\[[0-9;]*m//g' | tee -a $GITHUB_STEP_SUMMARY
+          echo '```' | tee -a $GITHUB_STEP_SUMMARY
+        env:
+          TERM: dumb