GitactionBoard - Ultimate Dashboard for GithubActions.

OTTO (GmbH & Co. KG)

Last update: Dec 2, 2022

Related tags

Spring Boot gitactionboard

Overview

Gitaction Board

Gitaction Board - Ultimate Dashboard for GithubActions.

Usage
- Pull docker image
- Run docker image
Developers Guide

Usage

Pull docker image

docker pull ottoopensource/gitactionboard:<docker tag>

Run docker image

docker run \
  -p <host machine port>:8080 \
  -e REPO_OWNER_NAME=<organization/username> \
  -e REPO_NAMES=<repo names> \
  -it ottoopensource/gitactionboard:<docker tag>

Configurations

Environment variable name	Descriptions	Required	Default value	Example value
REPO_OWNER_NAME	Repository owner name. Generally, its either organization name or username	yes		webpack
REPO_NAMES	List of name of repositories you want to monitor	yes		webpack-dev-server, webpack-cli
GITHUB_ACCESS_TOKEN	Access token to fetch data from github. This is required to fetch data from a private repository	no
DOMAIN_NAME	Hostname of github	no	https://api.github.com
CACHE_EXPIRES_AFTER	Duration (in seconds) to cache the fetched data	no	60

Note: To create a personal access token follow the instructions present here and choose repo as a scope fot this token.

UI Dashboard

Gitaction Board has in-built UI dashboard to visualize the build status. You can access the following endpoint for the same

http://localhost:<host machine port>

UI Dashboard Configurations

You can use the following query params to configure UI dashboard

Query param name	Descriptions	Required	Default value	Example value
hide-healthy	Hide all the healthy builds from the dashboard	no	false	true
max-idle-time	Configure the max idle time (in minutes), after the given time background polling for dashboard will stop	no	5	2
disable-max-idle-time	Disable background polling optimisation configured using max-idle-time	no	false	true

API

Once server is up, you can access the following endpoints to get the CCtray data.

Data in XML format

Access http://localhost:<host machine port>/v1/cctray.xml to get data in XML format

Sample response

<Projects>
    <Project name="hello-world :: hello-world-build-and-deployment :: talisman-checks" activity="Sleeping" lastBuildStatus="Success" lastBuildLabel="206" lastBuildTime="2020-09-18T06:11:41Z" webUrl="https://github.com/johndoe/hello-world/runs/1132386046"/>
    <Project name="hello-world :: hello-world-build-and-deployment :: dependency-checks" activity="Sleeping" lastBuildStatus="Success" lastBuildLabel="206" lastBuildTime="2020-09-18T06:14:54Z" webUrl="https://github.com/johndoe/hello-world/runs/1132386127"/>
    <Project name="hello-world :: hello-world-checks :: format" activity="Sleeping" lastBuildStatus="Success" lastBuildLabel="206" lastBuildTime="2020-09-18T06:11:41Z" webUrl="https://github.com/johndoe/hello-world/runs/1132386046"/>
    <Project name="hello-world :: hello-world-checks :: test" activity="Sleeping" lastBuildStatus="Success" lastBuildLabel="206" lastBuildTime="2020-09-18T06:14:54Z" webUrl="https://github.com/johndoe/hello-world/runs/1132386127"/>
</Projects>

Data in JSON format

Access http://localhost:<host machine port>/v1/cctray to get data in JSON format

Sample response

[
  {
    "name": "hello-world :: hello-world-build-and-deployment :: talisman-checks",
    "activity": "Sleeping",
    "lastBuildStatus": "Success",
    "lastBuildLabel": "206",
    "lastBuildTime": "2020-09-18T06:11:41.000Z",
    "webUrl": "https://github.com/johndoe/hello-world/runs/1132386046"
  },
  {
    "name": "hello-world :: hello-world-build-and-deployment :: dependency-checks",
    "activity": "Sleeping",
    "lastBuildStatus": "Success",
    "lastBuildLabel": "206",
    "lastBuildTime": "2020-09-18T06:14:54.000Z",
    "webUrl": "https://github.com/johndoe/hello-world/runs/1132386127"
  },
  {
    "name": "hello-world :: hello-world-checks :: format",
    "activity": "Sleeping",
    "lastBuildStatus": "Success",
    "lastBuildLabel": "206",
    "lastBuildTime": "2020-09-18T06:11:41.000Z",
    "webUrl": "https://github.com/johndoe/hello-world/runs/1132386046"
  },
  {
    "name": "hello-world :: hello-world-checks :: test",
    "activity": "Sleeping",
    "lastBuildStatus": "Success",
    "lastBuildLabel": "206",
    "lastBuildTime": "2020-09-18T06:14:54.000Z",
    "webUrl": "https://github.com/johndoe/hello-world/runs/1132386127"
  }
]

Developers Guide

Prerequisites

Tests

Tests are separated into unit and integration test sets. To denote an integration test it needs to be annotated as @IntegrationTest.

To run only unit tests:

./gradlew test

To run integration tests:

./gradlew integrationTest

To run all the verifications:

./run.sh test

Test sets are runs in order, with unit tests first, followed by integration tests. Should there be a failure in the unit tests the task execution stops there, e.g. a prerequisite for running integration tests will be working unit tests.

Formatting

This project uses the following tools to follow specific style guide

google-java-format-gradle-plugin for Java files
Prettier for json, js, css, html and md files
Hadolint for Dockerfile
ShellCheck for sh files

To run format:

./run.sh format

Security Checks

This project uses the following tools to find security vulnerabilities

org.owasp.dependencycheck to find vulnerable dependencies
talisman to validate the outgoing changeset for things that look suspicious - such as authorization tokens and private keys.

To run OWASP dependency check:

./run.sh check

Run application locally

This service can be run locally. To run it locally, run the following command:

./run.sh run-locally <github auth token>

Build docker image

To build docker image run:

./run.sh docker-build

Release a new Docker image

To release a new docker image to docker hub using CI/CD, follow the following steps:

Create a new git tag, named as v*.*.*

  git tag v<major>.<minor>.<patch>

Push the tag to github

git push origin v<major>.<minor>.<patch>

Comments

feat: add button to hide single jobs

Hi there,

we're using gitactionboard in our team (in the otto payments space) as well and have the issue that we just have some pipelines that are supposed to stay red for now. To not let those distract you all the time, it would be great to have a way to hide jobs that you are not interested in. This PR is adding this, implemented via the preferences-store in the frontend, so that every user can decide for themselves which jobs to hide and which to show.

Is this a feature you would be happy to add, by merging this? I'm also very open to feedback on this, if you think it would make sense, but should be done differently.

opened by sweiler 16
Secret scanning alerts only come once the secrets UI has been loaded

I've tried pushing a secret to one of our repos. The Teams alert will only come once I've opened the /#/secrets endpoint in my browser. Any chance to make this come without UI interaction? We don't use the UI.

opened by baztian 6
build(deps): Bump io.freefair.lombok from 6.4.3 to 6.5.1 in /backend
Bumps io.freefair.lombok from 6.4.3 to 6.5.1.

Release notes

Sourced from io.freefair.lombok's releases.

6.5.1

What's Changed

Bump pluginVersion from 6.5.0.2 to 6.5.0.3 by @dependabot in freefair/gradle-plugins#567

Bump spring-boot-dependencies from 2.7.1 to 2.7.2 in /examples by @dependabot in freefair/gradle-plugins#568

Bump sass-embedded-host from 1.4.0 to 1.5.0 by @dependabot in freefair/gradle-plugins#575

Bump sass-embedded-host from 1.5.0 to 1.5.1 by @dependabot in freefair/gradle-plugins#576

Bump mockito-core from 4.6.1 to 4.7.0 by @dependabot in freefair/gradle-plugins#577

Bump com.github.spotbugs from 5.0.9 to 5.0.10 in /examples by @dependabot in freefair/gradle-plugins#583

Bump spring-boot-dependencies from 2.7.2 to 2.7.3 in /examples by @dependabot in freefair/gradle-plugins#582

Bump plantuml from 1.2022.6 to 1.2022.7 by @dependabot in freefair/gradle-plugins#585

Bump slf4j-api from 1.+ to 2.0.0 in /examples by @dependabot in freefair/gradle-plugins#584

Bump sass-embedded-host from 1.5.1 to 1.6.0 by @dependabot in freefair/gradle-plugins#586

Full Changelog: https://github.com/freefair/gradle-plugins/compare/6.5.0.3...6.5.1

6.5.0.3

What's Changed

Bump plantuml from 1.2022.5 to 1.2022.6 by @dependabot in freefair/gradle-plugins#553

Bump pluginVersion from 6.5.0-rc1 to 6.5.0.2 by @dependabot in freefair/gradle-plugins#552

Bump spring-boot-dependencies from 2.7.0 to 2.7.1 in /examples by @dependabot in freefair/gradle-plugins#555

Bump gradle-node-plugin from 3.3.0 to 3.4.0 by @dependabot in freefair/gradle-plugins#557

Bump com.github.spotbugs from 5.0.8 to 5.0.9 in /examples by @dependabot in freefair/gradle-plugins#558

Bump sass-embedded-host from 1.3.2 to 1.4.0 by @dependabot in freefair/gradle-plugins#560

Bump classgraph from 4.8.147 to 4.8.148 by @dependabot in freefair/gradle-plugins#562

Bump classgraph from 4.8.148 to 4.8.149 by @dependabot in freefair/gradle-plugins#563

Bump org.jetbrains.kotlin.jvm from 1.7.0 to 1.7.10 by @dependabot in freefair/gradle-plugins#566

Bump kotlin-gradle-plugin-api from 1.7.0 to 1.7.10 by @dependabot in freefair/gradle-plugins#565

Bump kotlin-gradle-plugin from 1.7.0 to 1.7.10 by @dependabot in freefair/gradle-plugins#564

Full Changelog: https://github.com/freefair/gradle-plugins/compare/6.5.0.2...6.5.0.3

6.5.0.2

Added flag to disable output directory deletion in plantuml-plugin

Full Changelog: https://github.com/freefair/gradle-plugins/compare/6.5.0...6.5.0.2

6.5.0

What's Changed

Bump spring-boot-dependencies from 2.6.6 to 2.6.7 in /examples by @dependabot in freefair/gradle-plugins#518

Bump sass-embedded-host from 1.1.1 to 1.2.0 by @dependabot in freefair/gradle-plugins#519

Bump plugin-publish-plugin from 1.0.0-rc-1 to 1.0.0-rc-2 by @dependabot in freefair/gradle-plugins#522

Bump com.github.spotbugs from 5.0.6 to 5.0.7 in /examples by @dependabot in freefair/gradle-plugins#521

Bump gradle-node-plugin from 3.2.1 to 3.3.0 by @dependabot in freefair/gradle-plugins#523

Bump spring-boot-dependencies from 2.6.7 to 2.7.0 in /examples by @dependabot in freefair/gradle-plugins#524

Bump classgraph from 4.8.146 to 4.8.147 by @dependabot in freefair/gradle-plugins#526

Bump assertj-core from 3.22.0 to 3.23.0 in /examples by @dependabot in freefair/gradle-plugins#528

Bump assertj-core from 3.22.0 to 3.23.0 by @dependabot in freefair/gradle-plugins#527

Bump assertj-core from 3.23.0 to 3.23.1 by @dependabot in freefair/gradle-plugins#529

... (truncated)

Commits

85868d2 Merge branch 'master' of github.com:freefair/gradle-plugins

2622749 Update to sass-embedded-host 1.6.1

2a0e81e Update README.md

7544520 Merge pull request #586 from freefair/dependabot/gradle/de.larsgrefer.sass-sa...

44f88a3 Bump sass-embedded-host from 1.5.1 to 1.6.0

8673247 Merge pull request #584 from freefair/dependabot/gradle/examples/org.slf4j-sl...

694466f Bump slf4j-api from 1.+ to 2.0.0 in /examples

e2081f6 Merge pull request #585 from freefair/dependabot/gradle/net.sourceforge.plant...

6a4f87d Bump plantuml from 1.2022.6 to 1.2022.7

776ac29 Merge pull request #582 from freefair/dependabot/gradle/examples/org.springfr...

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
opened by dependabot[bot] 6
Filter out some jobs based on branch name

It would be very nice to filter out some jobs, like the feature branchs. Maybe someone is only interested in the jobs in the develop branch or main. If all repositories have the same branch names (develop, main, issue/, feature/, etc...)

opened by CarlosMorenoBlazquez 6
Marked as phishing

Describe the bug We recently moved our buildmonitor to be available from outside of the otto whitelist and got flagged as phishing website.

Firefox then showed a warning similar to the one below not only for this subdomain but also for the whole domain.

We're not quite sure how this happened and it doesn't seem to be a certificate issue as everything was up to date. Nontheless it might be worth investigating on that topic.

For now we restricted the monitor to internal traffic once again.

Screenshots

opened by EAlf91 5
build(deps): Bump io.spring.dependency-management from 1.0.11.RELEASE to 1.0.13.RELEASE in /backend
Bumps io.spring.dependency-management from 1.0.11.RELEASE to 1.0.13.RELEASE.

Release notes

Sourced from io.spring.dependency-management's releases.

v1.0.13.RELEASE

:lady_beetle: Bug Fixes

Plugin is incompatible with versions of Gradle where the Upload task has been removed #337

v1.0.12.RELEASE

:lady_beetle: Bug Fixes

Plugin uses a lot of memory in large multi module build #322

Unexpected managed versions due to the use of the Gradle project's version property during bom resolution #315

:notebook_with_decorative_cover: Documentation

Update requirements to reflect supported versions of Gradle #328

Modernise the look and feel of the reference documentation #327

Fix typo in "Programmatic access" section of the reference docs #313

Remove duplicate String-based dependency management declaration from Map-based Kotlin example #295

:heart: Contributors

We'd like to thank all the contributors who worked on this release!

@ryo-utsunomiya

@jongmin92

Commits

f584958 Release v1.0.13.RELEASE

ecbea90 Fix formatting error in reference documentation

9117d2e Make plugin compatible with versions of Gradle without Upload task

4ca62e5 Format documentation source using one sentence per line

452f946 Stop using deprecated configurations in integration tests

a69cd90 Prepare 1.0.x maintenance branch

877c3d2 Next development version (v1.0.13.BUILD-SNAPSHOT)

a25bcee Fix pom of plugin's marker artifact

154daaf Correct the image that's used for promotion

59a228a Keep .RELEASE version suffix

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
opened by dependabot[bot] 4
build(deps): Bump com.github.spotbugs from 5.0.8 to 5.0.12 in /backend
Bumps com.github.spotbugs from 5.0.8 to 5.0.12.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
opened by dependabot[bot] 3
build(deps): Bump com.diffplug.spotless from 6.7.2 to 6.10.0 in /backend
Bumps com.diffplug.spotless from 6.7.2 to 6.10.0.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
opened by dependabot[bot] 3
build(deps): Bump vue from 3.2.40 to 3.2.41 in /frontend
Bumps vue from 3.2.40 to 3.2.41.

Release notes

Sourced from vue's releases.

v3.2.41

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vue's changelog.

3.2.41 (2022-10-14)

Bug Fixes

devtools: avoid memory leak caused by devtools event buffer (24f4c47), closes #6591

devtools: use cleanupBuffer instead of modifying _buffer (#6812) (35a113e)

effectScope: calling off() of a detached scope should not break currentScope (a71f9ac)

runtime-core: ensure that errors in slot function execution do not affect block tracking (#5670) (82a73da), closes #5657

runtime-core: fix v-for ref reactivity behavior difference between prod and dev (#6714) (9ae796d), closes #6697

runtime-dom: fix event timestamp check in iframes (5ee4053), closes #2513 #3933 #5474

Commits

9617dd4 release: v3.2.41

9ae796d fix(runtime-core): fix v-for ref reactivity behavior difference between prod ...

82a73da fix(runtime-core): ensure that errors in slot function execution do not affec...

5ee4053 fix(runtime-dom): fix event timestamp check in iframes

a71f9ac fix(effectScope): calling off() of a detached scope should not break currentS...

35dc2bb build: enforce LF line break for built files

82e3f2d chore: symbols as helperNameMap index type (#6622)

c454aa5 chore: more pr tips in contribution guide [ci skip]

45782df chore: add cache for prettier and eslint (#6813)

35a113e fix(devtools): use cleanupBuffer instead of modifying _buffer (#6812)

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependencies javascript dependabot
opened by dependabot[bot] 2
Running the docker Container

Hi it would be nice to have an example deployment in the README, using an organisation and or a USERNAME. Also a multi repo view example too would be appreciated.
documentation

opened by gtogbes 2
build(deps): Bump pitest-junit5-plugin from 1.0.0 to 1.1.0 in /backend
Bumps pitest-junit5-plugin from 1.0.0 to 1.1.0.

Commits

9929c09 update readme for 1.1.0

758ce38 Merge pull request #70 from davidburstrom/master-fix-69

bc6260e Build with JUnit Platform 1.9.1 to support JUnit Jupiter 5.9.1 #69

377f845 Merge pull request #68 from SidB3/patch-1

01fb8b2 Specify pitestVersion in Gradle usage example

8eb3ce9 Update version numbers in example build scripts

4759829 Use major number for pitest breaking changes

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependencies java dependabot
opened by dependabot[bot] 2
Allow basic auth without file

Basic Auth requires you to load a file as of now, but if you run the GitActionBoard in the context of a container, you probably don't want to create a new image just for injecting this file. I added the option to put the content of the file into an env variable. This way it is easy to pass this value as a secret into the container without creating a new image.

opened by svenfinke 0
Replace custom Frontend with Vuetify
The current frontend is custom built and every feature - like the sidebar toggle - has to be created. This can easily lead to errors regarding different screen sizes, browser window ratios, etc... It also slows down the implementation of new features.

I'd like to switch to a frontend framework like vuetify. Using a framework like that comes with quite a few benefits:

many pre-built components that can just be used

consistent design

easy adoption of screen sizes Vuetify would be my choice as it implements the material design and it comes with a lot of easy to use components and helpers that make it really easy to implement different features.
opened by svenfinke 2