Skip to content

VirtoCommerce/vc-github-actions

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1,507 Commits
.github
.github
 
 
add-version-suffix
add-version-suffix
 
 
backendPack
backendPack
 
 
build-docker-image
build-docker-image
 
 
build-theme
build-theme
 
 
build-vue-theme
build-vue-theme
 
 
cache-get-key
cache-get-key
 
 
changelog-generator
changelog-generator
 
 
check-acr-repos-size-limit
check-acr-repos-size-limit
 
 
check-pr-regression-label
check-pr-regression-label
 
 
cloud-create-deploy-matrix
cloud-create-deploy-matrix
 
 
cloud-create-deployment
cloud-create-deployment
 
 
cloud-get-deploy-param
cloud-get-deploy-param
 
 
create-deploy-pr
create-deploy-pr
 
 
deploy-workflow
deploy-workflow
 
 
docker-check-modules
docker-check-modules
 
 
docker-env-full
docker-env-full
 
 
docker-env
docker-env
 
 
docker-install-modules
docker-install-modules
 
 
docker-install-sampledata
docker-install-sampledata
 
 
docker-install-theme
docker-install-theme
 
 
docker-load-image
docker-load-image
 
 
docker-restore-dump
docker-restore-dump
 
 
docker-start-environment
docker-start-environment
 
 
docker-validate-swagger
docker-validate-swagger
 
 
docs
docs
 
 
generate-dashboard-durations
generate-dashboard-durations
 
 
generate-dashboard
generate-dashboard
 
 
get-artifact-link
get-artifact-link
 
 
get-deploy-param
get-deploy-param
 
 
get-image-version
get-image-version
 
 
get-jira-keys
get-jira-keys
 
 
get-pr-number
get-pr-number
 
 
gh-deployments
gh-deployments
 
 
katalon-studio-github-action
katalon-studio-github-action
 
 
msteams-send-message
msteams-send-message
 
 
pr-body-get-link
pr-body-get-link
 
 
publish-artifact-link
publish-artifact-link
 
 
publish-blob-release
publish-blob-release
 
 
publish-docker-image
publish-docker-image
 
 
publish-github-release
publish-github-release
 
 
publish-jira-link
publish-jira-link
 
 
publish-katalon-report
publish-katalon-report
 
 
publish-manifest
publish-manifest
 
 
publish-nuget
publish-nuget
 
 
publish-teams-webhook-notification
publish-teams-webhook-notification
 
 
publish-theme
publish-theme
 
 
run-e2e-tests
run-e2e-tests
 
 
run-graphql-tests
run-graphql-tests
 
 
run-pytest-tests
run-pytest-tests
 
 
set-version-up
set-version-up
 
 
setup-git-credentials-github
setup-git-credentials-github
 
 
setup-vcbuild
setup-vcbuild
 
 
sonar-quality-gate
sonar-quality-gate
 
 
sonar-scanner-begin
sonar-scanner-begin
 
 
sonar-scanner-end
sonar-scanner-end
 
 
sonar-theme
sonar-theme
 
 
update-deploy-config
update-deploy-config
 
 
update-jira-tasks-with-release-number
update-jira-tasks-with-release-number
 
 
update-virtocommerce-docs-2
update-virtocommerce-docs-2
 
 
update-virtocommerce-docs-versioned
update-virtocommerce-docs-versioned
 
 
update-virtocommerce-docs
update-virtocommerce-docs
 
 
update-virtocommercecom
update-virtocommercecom
 
 
update-webhook-configuration
update-webhook-configuration
 
 
validate-swagger
validate-swagger
 
 
vc-actions-lib
vc-actions-lib
 
 
vc-argocd-cli
vc-argocd-cli
 
 
.gitignore
.gitignore
 
 
.pinact.yaml
.pinact.yaml
 
 
README.md
README.md
 
 
license.md
license.md
 
 
package-lock.json
package-lock.json
 
 
package.json
package.json
 
 

Repository files navigation

VirtoCommerce Continuous Integration

Overview

VirtoCommerce continuous integration based on GitHub Actions feature. It contain:

VC CI Comonents

Workflows

Two type of workflows have been implemented main workflows and tests automation workflows.

Main workflow

Main workflow implement base VirtoCommerce CI:

  • Module CI;
  • Platform CI;
  • Storefront CI;
  • Theme CI.

Workflow triggers automatically on Pull Request or on Push to Master or Dev branches.

On Pull Request event workflows force only code checks Checks

On Push to Dev branch event workflows force code checks, creates artifacts for alpha version (pre-release) and publish artifacts to GtHub packages (images for Platform and Storefront) or to Azure Blob Storage (zipped binaries for Modules or Themes).

PreRelease Flow

On Push to Master branch event workflows force code checks, creates artifacts for release version and publish artifacts to GtHub releases (zipped binaries for Platform, Storefront, Modules and Themes) to GtHub packages and Docker hub (images for Platform and Storefront). Also Nuget packages publish to VirtoCommerce Nuget Gallery.

Release flow

Release alpha version

To crete artifacts for alpha version (pre-release) run manually main workflow from specified branch. It create alpha version artifacts and publish it to GtHub packages (images for Platform and Storefront) or to Azure Blob Storage (zipped binaries for Modules or Themes).

Tests automation workflows

Test workflows

OWASP ZAP

OWASP ZAP workflow implements dynamic application security testing. Workflow triggers automatically on Push to Dev branch or manually. The testing result report placed in workflow artifacts.

Workflow artifacts

Read more about OWASP ZAP

E2E API tests

Platform E2E workflow runs API tests for platform and modules (in commerce bundle) endpoints. Workflow triggers automatically on Pull Request to Master or Dev branch or manually. When workflow runs manually testSuite parameter should be specified. A test suite is a collection of multiple different or duplicate test cases in Katalone test project. Default value is Test Suites/Platform_start.

Module E2E workflow runs API tests for current module (repository where workflow runs) and all dependend modules endpoints.

Actual API tests you can find in vc-quality-gate-katalon repository.

Secrets

Create GitHub organization level secrets:

  • REPO_TOKEN - Github user token, with access to organization repositories;
  • BLOB_TOKEN - connection string to Azure Blob Storage;
  • DOCKER_USERNAME - DockerHub user name, with publish images privileges;
  • DOCKER_TOKEN - DockerHub user token, with publish images privileges;
  • NUGET_KEY - Nuget repository key;
  • SONAR_TOKEN - SonarCloud access token, with Execute Analysis and Create Project privileges.

How to enable workflow in a repository

  1. Navigate to the main page of the repository.
  2. Click Actions. Actions
  3. If your repository already has existing workflows click New workflow. New workflow
  4. Choose template you'd like to use in the "Workflows created by Virto Commerce" section. Click Set up this workflow. Set up workflow
  5. For private repository create Secrets on repository level.

vc-github-actions repository

VirtoCommerce specific GitHub actions and actions common components lib.

Actions

Supply-chain security: pinned third-party actions

Every third-party uses: reference in this repo (anything not under VirtoCommerce/*) is pinned to a full 40-character commit SHA with a trailing # tag comment, per the GitHub Actions hardening guide. Tags are mutable; SHAs are not.

# Correct
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6

# Rejected by CI
uses: actions/checkout@v6

How updates happen

  • Dependabot (.github/dependabot.yml) scans .github/workflows/ and every **/action.yml weekly. When upstream cuts a new tag, it opens a grouped PR bumping the SHA + trailing comment.
  • Pin-check CI (.github/workflows/pin-check.yml) runs pinact run -check on every PR that touches workflows or action.yml files. PRs with unpinned third-party uses: lines fail.
  • Scope is configured in .pinact.yamlVirtoCommerce/* is intentionally ignored (internal, not third-party).

For contributors

  • When adding a new third-party action, write the SHA, not the tag. Quick lookup:

    gh api repos/OWNER/REPO/commits/TAG --jq '.sha'

  • VirtoCommerce/vc-github-actions/<dir>@master and other VirtoCommerce/* refs remain version-/branch-pinned as before.

About

No description, website, or topics provided.

Resources

Readme

License

View license
Activity
Custom properties

Stars

2 stars

Watchers

17 watching

Forks

3 forks
Report repository

Releases

5 tags

Packages

 
 
 

Contributors

Languages