Add Rust NVD import cutover flow #65
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: ["main", "master"] | |
| pull_request: | |
| jobs: | |
| rust-backend-tests: | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: dtolnay/rust-toolchain@stable | |
| with: | |
| toolchain: stable | |
| components: rustfmt, clippy | |
| - name: Check Rust formatting | |
| run: | | |
| cargo fmt --manifest-path rust/iscy-backend/Cargo.toml -- --check | |
| - name: Run Rust clippy | |
| run: | | |
| cargo clippy --manifest-path rust/iscy-backend/Cargo.toml --all-targets -- -D warnings | |
| - name: Run Rust backend tests | |
| run: | | |
| cargo test --manifest-path rust/iscy-backend/Cargo.toml | |
| rust-bootstrap-smoke: | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: dtolnay/rust-toolchain@stable | |
| with: | |
| toolchain: stable | |
| - name: Run Rust DB/bootstrap HTTP smoke | |
| run: | | |
| make rust-smoke | |
| nix-rust-smoke: | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: cachix/install-nix-action@v30 | |
| with: | |
| extra_nix_config: | | |
| experimental-features = nix-command flakes | |
| - name: Run Nix Rust app smoke | |
| run: | | |
| tmpdir="$(mktemp -d)" | |
| db_path="$tmpdir/iscy-nix-smoke.sqlite3" | |
| cookie_file="$tmpdir/iscy-nix-smoke.cookies" | |
| evidence_file="$tmpdir/evidence.txt" | |
| import_file="$tmpdir/import-preview.csv" | |
| export DATABASE_URL="sqlite:////${db_path#/}" | |
| export ISCY_MEDIA_ROOT="$tmpdir/media" | |
| export RUST_BACKEND_BIND="127.0.0.1:19001" | |
| export RUST_BACKEND_URL="http://127.0.0.1:19001" | |
| printf 'rust smoke evidence\n' > "$evidence_file" | |
| printf 'Name,Beschreibung,BusinessUnit,Status\nRust Smoke Process,Previewed import,Security Operations,PARTIAL\n' > "$import_file" | |
| nix run .#iscy-backend -- init-demo | |
| nix run .#iscy-backend >"$tmpdir/iscy-backend.log" 2>&1 & | |
| pid="$!" | |
| trap 'kill "$pid" >/dev/null 2>&1 || true' EXIT | |
| for _ in $(seq 1 60); do | |
| if curl -fsS "$RUST_BACKEND_URL/health/live" >/dev/null 2>&1; then | |
| break | |
| fi | |
| if ! kill -0 "$pid" >/dev/null 2>&1; then | |
| cat "$tmpdir/iscy-backend.log" | |
| exit 1 | |
| fi | |
| sleep 1 | |
| done | |
| curl -fsS "$RUST_BACKEND_URL/health/live" >/dev/null | |
| curl -fsS -c "$cookie_file" -H "content-type: application/json" -d '{"tenant_id":1,"username":"admin","password":"Admin123!"}' "$RUST_BACKEND_URL/api/v1/auth/sessions" >/dev/null | |
| curl -fsS -b "$cookie_file" "$RUST_BACKEND_URL/api/v1/auth/session" >/dev/null | |
| curl -fsS -b "$cookie_file" "$RUST_BACKEND_URL/dashboard/" >/dev/null | |
| curl -fsS -b "$cookie_file" "$RUST_BACKEND_URL/admin/users/" >/dev/null | |
| curl -fsS -b "$cookie_file" "$RUST_BACKEND_URL/imports/" >/dev/null | |
| curl -fsS -b "$cookie_file" "$RUST_BACKEND_URL/api/v1/accounts/users" >/dev/null | |
| curl -fsS -b "$cookie_file" "$RUST_BACKEND_URL/api/v1/accounts/roles" >/dev/null | |
| curl -fsS -b "$cookie_file" "$RUST_BACKEND_URL/api/v1/accounts/groups" >/dev/null | |
| curl -fsS -b "$cookie_file" "$RUST_BACKEND_URL/api/v1/accounts/permissions" >/dev/null | |
| curl -fsS -b "$cookie_file" -F import_type='processes' -F "file=@$import_file;filename=preview.csv;type=text/csv" "$RUST_BACKEND_URL/api/v1/import-center/preview" >/dev/null | |
| curl -fsS -b "$cookie_file" -H "content-type: application/json" -d '{"import_type":"business_units","replace_existing":false,"csv_data":"name\nRust Smoke Import"}' "$RUST_BACKEND_URL/api/v1/import-center/csv" >/dev/null | |
| curl -fsS -b "$cookie_file" -F title='Rust Smoke Evidence' -F status='SUBMITTED' -F session_id='1' -F requirement_id='1' -F "file=@$evidence_file;filename=evidence.txt;type=text/plain" "$RUST_BACKEND_URL/api/v1/evidence/uploads" >/dev/null | |
| curl -fsS -H "x-iscy-tenant-id: 1" -H "x-iscy-user-id: 1" "$RUST_BACKEND_URL/api/v1/catalog/domains" >/dev/null | |
| curl -fsS -H "x-iscy-tenant-id: 1" -H "x-iscy-user-id: 1" "$RUST_BACKEND_URL/api/v1/requirements" >/dev/null | |
| curl -fsS -H "x-iscy-tenant-id: 1" -H "x-iscy-user-id: 1" "$RUST_BACKEND_URL/api/v1/product-security/overview" >/dev/null | |
| docker-config: | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Validate docker compose files | |
| run: | | |
| cp .env.example .env | |
| docker compose -f docker-compose.yml config | |
| docker compose -f docker-compose.yml -f docker-compose.llm.yml config | |
| docker compose -f docker-compose.yml -f docker-compose.stage.yml config | |
| docker compose -f docker-compose.yml -f docker-compose.prod.yml config | |
| docker compose -f docker-compose.yml -f docker-compose.prod.yml -f docker-compose.llm.yml config |