trivy scan conditioning

Author: petermetz

.cspell.json

@@ -4,21 +4,21 @@
     "minWordLength": 4,
     "allowCompoundWords": true,
     "words": [
-        "outsh",
         "adminpw",
         "Albertirsa",
         "ALLFORTX",
-        "Anoncreds",
         "anoncreds",
+        "Anoncreds",
         "ANYFORTX",
-        "APIV",
         "Apim",
+        "APIV",
         "approveformyorg",
-        "Askar",
         "askar",
+        "Askar",
         "Authz",
         "authzn",
         "AWSSM",
+        "benchmarkjs",
         "Besu",
         "Bools",
         "brioux",
@@ -47,8 +47,8 @@
         "data",
         "dclm",
         "DHTAPI",
-        "Dids",
         "dids",
+        "Dids",
         "DockerOde",
         "ealen",
         "ecparams",
@@ -80,8 +80,8 @@
         "ipaddress",
         "ipfs",
         "IPFSHTTP",
-        "IPLD",
         "ipld",
+        "IPLD",
         "Iroha",
         "Irohad",
         "isready",
@@ -127,6 +127,7 @@
         "organisation",
         "Orgs",
         "ossp",
+        "outsh",
         "parameterizable",
         "Postgres",
         "proto",

.github/workflows/ci.yaml

@@ -15,7 +15,16 @@ jobs:
           lint-git-repo-request: '{"cloneUrl": "${{ github.server_url }}/${{ github.repository }}.git", "fetchArgs": ["--update-head-ok", "--no-tags", "--prune", "--progress", "--no-recurse-submodules", "--depth=1", "origin" ,"+${{ github.sha }}:${{ github.ref }}"], "checkoutArgs": [ "${{ github.ref }}"], "targetPhrasePatterns": [], "configDefaultsUrl": "https://inclusivenaming.org/json/dci-lint-config-recommended-v1.json" }'
       - name: Get the output response
         run: echo "${{ steps.lint-git-repo.outputs.lint-git-repo-response }}"
-
+  
+  check_trivy_condition:
+    name: Check Trivy Condition
+    runs-on: ubuntu-20.04
+    outputs:
+      run_trivy_scan: ${{ steps.set_condition_trivy_scan.outputs.run_trivy_scan }}
+    steps:
+      - name: Set Trivy Condition
+        id: set_condition_trivy_scan
+        run: echo "::set-output name=run_trivy_scan::false"  # Set your condition for cactus-example-carbon-accounting here
   compute_changed_packages:
     outputs:
       cmd-api-server-changed: ${{ steps.changes.outputs.cmd-api-server-changed }}
@@ -386,6 +395,38 @@ jobs:
             ${{ runner.os }}-yarn-${{ hashFiles('./yarn.lock') }}
 
       - run: ./tools/ci.sh
+
+      - name: Ensure .tmp Directory Exists
+        run: mkdir -p .tmp/benchmark-results/cmd-api-server/
+
+     # Download previous benchmark result from cache (if exists)
+      - name: Download previous benchmark data
+        uses: actions/cache@v3.3.1
+        with:
+          path: .tmp/benchmark-results/cmd-api-server/
+          key: ${{ runner.os }}-benchmark
+
+      - name: Run Benchmarks
+        working-directory: ./packages/cactus-cmd-api-server/
+        run: yarn run benchmark
+
+      - name: Store benchmark result
+        uses: benchmark-action/github-action-benchmark@v1.19.2
+        with:
+          tool: 'benchmarkjs'
+          output-file-path: .tmp/benchmark-results/cmd-api-server/run-cmd-api-server-benchmark.ts.log
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          
+          # Only push the benchmark results to gh-pages website if we are running on the main branch
+          # We do not want to clutter the benchmark results with intermediate results from PRs that could be drafts
+          auto-push: ${{ github.ref == 'refs/heads/main' }}
+          
+          # Show alert with commit comment on detecting possible performance regression
+          alert-threshold: '5%'
+          comment-on-alert: true
+          fail-on-alert: true
+          alert-comment-cc-users: '@petermetz'
+
   cactus-cmd-socketio-server:
     continue-on-error: false
     env:
@@ -2021,6 +2062,10 @@ jobs:
       - run: ./tools/ci.sh
   ghcr-besu-all-in-one:
     runs-on: ubuntu-20.04
+    needs:
+      - compute_changed_packages
+      - check_trivy_condition
+    if: needs.compute_changed_packages.outputs.cmd-api-server-changed == 'true' || needs.check_trivy_condition.outputs.run_trivy_scan == 'true'
     steps:
       - uses: actions/checkout@v3.5.2
       - name: ghcr.io/hyperledger/cactus-besu-all-in-one

package.json

@@ -112,6 +112,7 @@
     "@lerna-lite/version": "3.1.0",
     "@openapitools/openapi-generator-cli": "2.7.0",
     "@types/adm-zip": "0.5.0",
+    "@types/benchmark": "2.1.5",
     "@types/fs-extra": "9.0.13",
     "@types/jest": "29.5.3",
     "@types/node": "16.18.41",
@@ -123,6 +124,7 @@
     "@typescript-eslint/eslint-plugin": "6.4.0",
     "@typescript-eslint/parser": "6.4.0",
     "adm-zip": "0.5.10",
+    "benchmark": "2.1.4",
     "buffer": "6.0.3",
     "cpy-cli": "4.2.0",
     "cross-env": "7.0.3",

packages/cactus-cmd-api-server/package.json

@@ -43,6 +43,7 @@
     "dist/*"
   ],
   "scripts": {
+    "benchmark": "tsx ./src/test/typescript/benchmark/run-cmd-api-server-benchmark.ts .tmp/benchmark-results/cmd-api-server/run-cmd-api-server-benchmark.ts.log",
     "codegen": "run-p 'codegen:*'",
     "codegen:openapi": "npm run generate-sdk",
     "codegen:proto": "run-s proto:openapi proto:protoc-gen-ts",
@@ -97,6 +98,7 @@
     "@hyperledger/cactus-plugin-keychain-vault": "2.0.0-alpha.2",
     "@hyperledger/cactus-test-tooling": "2.0.0-alpha.2",
     "@openapitools/openapi-generator-cli": "2.7.0",
+    "@types/benchmark": "2.1.5",
     "@types/compression": "1.7.4",
     "@types/convict": "6.1.1",
     "@types/cors": "2.8.12",
@@ -114,11 +116,13 @@
     "@types/semver": "7.3.8",
     "@types/uuid": "8.3.4",
     "@types/xml2js": "0.4.9",
+    "benchmark": "2.1.4",
     "google-protobuf": "3.18.0-rc.2",
     "grpc-tools": "1.12.4",
     "grpc_tools_node_protoc_ts": "5.3.3",
     "http-status-codes": "2.1.4",
-    "protobufjs": "7.2.5"
+    "protobufjs": "7.2.5",
+    "tsx": "4.7.0"
   },
   "engines": {
     "node": ">=18",