Im using Github Actions to run a Appium pipeline that executes some tests. The problem is when I try to get the screenshots for the reports I get the error Error: WARNING: GL pipe is running in software mode (Renderer ID=0x1020400) and the screenshots are blank. Sometimes it works just fine.
Here is the pipeline
on:
workflow_dispatch:
jobs:
appium:
runs-on: macos-latest
strategy:
matrix:
api-level: [ 27 ]
target: [ default ]
steps:
- uses: actions/checkout#v2
- name: Set up JDK 8
uses: actions/setup-java#v3
with:
java-version: '8'
distribution: 'temurin'
- uses: actions/setup-node#v2
with:
node-version: '12'
- run: |
npm install -g appium#v1.20.2
appium -v
appium &>/dev/null &
- name: Run Appium Tests
uses: reactivecircus/android-emulator-runner#v1
with:
api-level: ${{ matrix.api-level }}
target: ${{ matrix.target }}
arch: x86_64
profile: pixel
script: mvn clean test
- name: Generate artifact for video report
uses: actions/upload-artifact#v2
if: always()
with:
name: video_report
path: ./Android_Pixel4API30/Videos/
- name: Generate artifact for allure report
uses: actions/upload-artifact#v2
if: always()
with:
name: allure_report
path: ./allure-results
And I use this for the screenshots in my hooks
#After
public void quit(Scenario scenario) throws IOException
try {
final byte[] screenByte = ((TakesScreenshot) driver).getScreenshotAs(OutputType.BYTES);
scenario.attach(screenByte, "image/png", scenario.getName());
} catch (WebDriverException somePlatformsDontSupportScreenshots) {
System.err.println(somePlatformsDontSupportScreenshots.getMessage());
}
}
I have run Selenium Java tests via GitHub Actions. For generating Report I have used
dorny/test-reporter#v1.5.0
My .xml file is:
name: DEV Table View suite
on:
workflow_dispatch:
jobs:
build:
runs-on: windows-latest
steps:
- name: Checkout
uses: actions/checkout#v1
- name: Set up JDK 1.11
uses: actions/setup-java#v2
with:
java-version: '11'
distribution: 'adopt'
- name: Test
run: mvn clean test -Denv=DEV -DtestngXML='tableView.xml'
- name: Report
uses: dorny/test-reporter#v1.5.0
if: always()
with:
name: Maven Tests
path: "**/surefire-reports/TEST-*.xml"
reporter: java-junit
fail-on-error: false
But in results I have noticed some issues:
incorrect time
passed tests are not green-colored
How to solve these issues?
Any pointer why my codeql analysis is failing ? I am not getting any indication in log. Once Analysis ends, it also deletes all files from _work/_temp thus I am unable to see what's happening.
Here is my yml to start the code ql analysis
name: "CodeQL CI Workflow"
env:
CATALINA_HOME: "/apps/tomcat/apache-tomcat-9.0.44"
JAVA_HOME: "/apps/jdk1.8.0_231"
on:
push:
branches:
- master
- support/*
pull_request:
branches:
- master
- support/*
jobs:
code_ql_scan:
runs-on: [ rhelcicd ]
environment: dev
strategy:
fail-fast: false
matrix:
language: [ 'java' ]
steps:
- run: env
- uses: actions/checkout#v2
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init#v1
with:
debug: true
languages: ${{ matrix.language }}
config-file: ./.github/codeql/codeql-config.yml
- name: Building application using ant
run: ant -f build.xml -Dfile.encoding=ISO-8859-1 -Ddir.javadevlib=./javadevlib -Ddir.deploy=./built_artifact -Dapp.name=my-webapp
# Perform the CodeQL Analysis on compiled code by Ant
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze#v1
with:
debug: true
- name: Cleanup
if: ${{ always() }}
run: docker ps -q | xargs -n 1 -P 8 -I {} docker stop {}
- run : pwd
- run : ls
Here is my query config file ( ./.github/codeql/codeql-config.yml )
name: "CodeQL config"
queries:
- uses: security-and-quality
- uses: security-extended
paths-ignore:
- .idea
- .m2
- conf
- etc
- public_html
- ssccloud
- xmlfiles
- lib
- javadevlib
Here is the log
...................................... lots of other CWE processing logs ...........................................................
2022-02-04T20:51:05.1870388Z [27/178] Found in cache: /home/actions/actions-runner/_work/_tool/CodeQL/0.0.0-20211005/x64/codeql/qlpacks/codeql-java/Security/CWE/CWE-502/UnsafeDeserialization.ql.
2022-02-04T20:51:05.1871797Z Compiling query plan for /home/actions/actions-runner/_work/_tool/CodeQL/0.0.0-20211005/x64/codeql/qlpacks/codeql-java/Security/CWE/CWE-611/XXE.ql.
2022-02-04T20:51:05.1873100Z Resolving imports for /home/actions/actions-runner/_work/_tool/CodeQL/0.0.0-20211005/x64/codeql/qlpacks/codeql-java/Security/CWE/CWE-611/XXE.ql.
2022-02-04T20:51:05.1874485Z Compiling query plan for /home/actions/actions-runner/_work/_tool/CodeQL/0.0.0-20211005/x64/codeql/qlpacks/codeql-java/Security/CWE/CWE-614/InsecureCookie.ql.
2022-02-04T20:51:05.1876013Z Resolving imports for /home/actions/actions-runner/_work/_tool/CodeQL/0.0.0-20211005/x64/codeql/qlpacks/codeql-java/Security/CWE/CWE-614/InsecureCookie.ql.
2022-02-04T20:51:05.1877647Z Compilation cache hit for /home/actions/actions-runner/_work/_tool/CodeQL/0.0.0-20211005/x64/codeql/qlpacks/codeql-java/Security/CWE/CWE-614/InsecureCookie.ql.
2022-02-04T20:51:05.1879200Z [28/178] Found in cache: /home/actions/actions-runner/_work/_tool/CodeQL/0.0.0-20211005/x64/codeql/qlpacks/codeql-java/Security/CWE/CWE-614/InsecureCookie.ql.
2022-02-04T20:51:05.1880653Z Compiling query plan for /home/actions/actions-runner/_work/_tool/CodeQL/0.0.0-20211005/x64/codeql/qlpacks/codeql-java/Security/CWE/CWE-643/XPathInjection.ql.
2022-02-04T20:51:05.1882101Z Resolving imports for /home/actions/actions-runner/_work/_tool/CodeQL/0.0.0-20211005/x64/codeql/qlpacks/codeql-java/Security/CWE/CWE-643/XPathInjection.ql.
2022-02-04T20:51:05.1883909Z Compilation cache hit for /home/actions/actions-runner/_work/_tool/CodeQL/0.0.0-20211005/x64/codeql/qlpacks/codeql-java/Security/CWE/CWE-611/XXE.ql.
2022-02-04T20:51:05.1885185Z [29/178] Found in cache: /home/actions/actions-runner/_work/_tool/CodeQL/0.0.0-20211005/x64/codeql/qlpacks/codeql-java/Security/CWE/CWE-611/XXE.ql.
2022-02-04T20:51:05.1886658Z Compiling query plan for /home/actions/actions-runner/_work/_tool/CodeQL/0.0.0-20211005/x64/codeql/qlpacks/codeql-java/Security/CWE/CWE-681/NumericCastTainted.ql.
2022-02-04T20:51:05.1887950Z Resolving imports for /home/actions/actions-runner/_work/_tool/CodeQL/0.0.0-20211005/x64/codeql/qlpacks/codeql-j
2022-02-04T20:51:05.1889117Z at runQueries (/home/actions/actions-runner/_work/_actions/github/codeql-action/v1/lib/analyze.js:193:19)
2022-02-04T20:51:05.1890035Z at processTicksAndRejections (internal/process/task_queues.js:93:5) {
2022-02-04T20:51:05.1890832Z name: 'CodeQLAnalysisError',
2022-02-04T20:51:05.1891564Z queriesStatusReport: { analyze_failure_language: 'java' }
2022-02-04T20:51:05.1892054Z }
2022-02-04T20:51:05.3776434Z Post job cleanup.
2022-02-04T20:51:05.8506780Z Cleaning up orphan processes
I have a Github action pipeline that can successfully create an S3 and then upload my war file into there, but when deploying to the beanstalk, always got s3 access denied error. below is my build.yml file:
# This workflow will build a package using Maven and then publish it to GitHub packages when a release is created
# For more information see: https://github.com/actions/setup-java/blob/main/docs/advanced-usage.md#apache-maven-with-a-settings-path
name: Maven Package
on:
pull_request:
branches:
- main
push:
branches:
- develop
jobs:
build:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- uses: actions/checkout#v2
name: Set up JDK 8
- uses: actions/setup-java#v2
with:
java-version: '8'
distribution: 'adopt'
server-id: github # Value of the distributionManagement/repository/id field of the pom.xml
settings-path: ${{ github.workspace }} # location for the settings.xml file
- name: Build with Maven
run: mvn -B package --file pom.xml
- name: make a new dir and upload war in there
run: mkdir staging && cp -r target/* staging
- uses: actions/upload-artifact#v2
with:
name: Package
path: staging
- name: list all files
run: ls && cd target && ls
- name: Publish to GitHub Packages Apache Maven
run: mvn deploy -s $GITHUB_WORKSPACE/settings.xml
env:
GITHUB_TOKEN: ${{ github.token }}
- name: Deploy to EB
uses: einaregilsson/beanstalk-deploy#v18
with:
aws_access_key: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws_secret_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
application_name: springbootwebapi
environment_name: Springbootwebapi-env
version_label: v1.0.10
region: us-east-2
deployment_package: target/login-0.0.2-SNAPSHOT.war
below is the some log snippet from GitHub action:
No existing bucket name given, creating/requesting storage location
Uploading file to bucket elasticbeanstalk-us-east-2-148565102071 New
build successfully uploaded to S3,
bucket=elasticbeanstalk-us-east-2-148565102071,
key=/springbootwebapi/v1-0-10.zip Created new application version
v1.0.10 in Beanstalk. Starting deployment of version v1.0.10 to
environment Springbootwebapi-env Deployment started,
"wait_for_deployment" was true...
18:17:02 INFO: Environment update is starting. 18:17:06 ERROR:
Service:Amazon S3, Message:Access Denied 18:17:06 ERROR: Failed to
deploy application. 18:17:07 ERROR: Service:Amazon S3, Message:Access
Denied: S3Bucket=elasticbeanstalk-us-east-2-148565102071,
S3Key=resources/environments/e-fp5bx3gtdn/_runtime/_versions/springbootwebapi/v1.0.10
18:17:13 ERROR: Deployment failed! Current State: Version: Sample
Application, Health: Red, Health Status: Degraded Error: Deployment
failed: Error: Deployment failed! Current State: Version: Sample
Application, Health: Red, Health Status: Degraded
I don't know why got accessed denied even right after the uploading successfully.
UPDATE 1:
I already have the below permissions added see the below, but not working:
As per docs, you need to attach the below policies for the AWS user to be able to deploy your project when using the GitHub action you have specified:
AWSElasticBeanstalkWebTier
AWSElasticBeanstalkManagedUpdatesCustomerRolePolicy
Adding the above will fix the problem, while also ensuring that you have no future issues when using this GitHub action.
After removing AWSCompromisedKeyQuarantineV2 from the permission list, it works successfully. The reason is this permission actually denies several related operations to the user, see the below JSON for AWSCompromisedKeyQuarantineV2 details:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Deny",
"Action": [
"ec2:RequestSpotInstances",
"ec2:RunInstances",
"ec2:StartInstances",
"iam:AddUserToGroup",
"iam:AttachGroupPolicy",
"iam:AttachRolePolicy",
"iam:AttachUserPolicy",
"iam:ChangePassword",
"iam:CreateAccessKey",
"iam:CreateInstanceProfile",
"iam:CreateLoginProfile",
"iam:CreatePolicyVersion",
"iam:CreateRole",
"iam:CreateUser",
"iam:DetachUserPolicy",
"iam:PassRole",
"iam:PutGroupPolicy",
"iam:PutRolePolicy",
"iam:PutUserPermissionsBoundary",
"iam:PutUserPolicy",
"iam:SetDefaultPolicyVersion",
"iam:UpdateAccessKey",
"iam:UpdateAccountPasswordPolicy",
"iam:UpdateAssumeRolePolicy",
"iam:UpdateLoginProfile",
"iam:UpdateUser",
"lambda:AddLayerVersionPermission",
"lambda:AddPermission",
"lambda:CreateFunction",
"lambda:GetPolicy",
"lambda:ListTags",
"lambda:PutProvisionedConcurrencyConfig",
"lambda:TagResource",
"lambda:UntagResource",
"lambda:UpdateFunctionCode",
"lightsail:Create*",
"lightsail:Delete*",
"lightsail:DownloadDefaultKeyPair",
"lightsail:GetInstanceAccessDetails",
"lightsail:Start*",
"lightsail:Update*",
"organizations:CreateAccount",
"organizations:CreateOrganization",
"organizations:InviteAccountToOrganization",
"s3:DeleteBucket",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutLifecycleConfiguration",
"s3:PutBucketAcl",
"s3:DeleteBucketOwnershipControls",
"s3:DeleteBucketPolicy",
"s3:ObjectOwnerOverrideToBucketOwner",
"s3:PutAccountPublicAccessBlock",
"s3:PutBucketPolicy",
"s3:ListAllMyBuckets"
],
"Resource": [
"*"
]
}
]
}
I'm working on a project where we use Firebase to store data and we're doing some unit tests. I have set a GitHub Action that executes mvn package and mvn test on every push or pull request, and the problem is that I receive the following error when it executes tests:
java.io.IOException: The Application Default Credentials are not available. They are available if running in Google Compute Engine. Otherwise, the environment variable GOOGLE_APPLICATION_CREDENTIALS must be defined pointing to a file defining the credentials. See https://developers.google.com/accounts/docs/application-default-credentials for more information.
I have created the secret with the .json and this is how I wrote the GitHub Action:
name: Maven CI/CD
on:
push:
branches: [ develop ]
pull_request:
branches: [ develop ]
jobs:
build_and_test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v2
- name: Set up JDK 15
uses: actions/setup-java#v1
with:
java-version: 15
- name: Cache the Maven packages to speed up build
uses: actions/cache#v1
with:
path: ~/.m2
key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
restore-keys: ${{ runner.os }}-m2
- name: Build project with Maven
run: mvn -B package --file pom.xml
env:
GOOGLE_APPLICATION_CREDENTIALS: ${{ secrets.GOOGLE_APPLICATION_CREDENTIALS }}
- name: Run (J)Unit tests
run: mvn clean test
env:
GOOGLE_APPLICATION_CREDENTIALS: ${{ secrets.GOOGLE_APPLICATION_CREDENTIALS }}
I have found that it somehow wasn't using the updated version of the action. Anyway, I solved using google-github-actions/setup-gcloud#master set as follow:
- uses: google-github-actions/setup-gcloud#master
with:
project_id: ${{ secrets.GCP_PROJECT_ID }}
service_account_key: ${{ secrets.GCP_SA_KEY }}
export_default_credentials: true
- name: Set GCP credentials
run: gcloud info
GCP_PROJECT_ID contains the project id and GCP_SA_KEY contains the service account .json file obtained from Firebase.