bump 1.59.0 #1271
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and Test | |
| on: | |
| push: | |
| branches: [ dev ] | |
| paths-ignore: [ '*.md' ] | |
| pull_request: | |
| branches: [ '**' ] | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Set up JDK 17 | |
| uses: actions/setup-java@v3 | |
| with: | |
| java-version: '17' | |
| distribution: 'temurin' | |
| - name: Gradle cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/.gradle/caches | |
| ~/.gradle/wrapper | |
| key: v1-${{ runner.os }}-gradle-${{ github.ref }}-${{ github.sha }} | |
| restore-keys: v1-${{ runner.os }}-gradle-${{ github.ref }} | |
| - name: Cache SonarCloud packages | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.sonar/cache | |
| key: ${{ runner.os }}-sonar | |
| restore-keys: ${{ runner.os }}-sonar | |
| - name: Gradle build service | |
| run: ./gradlew --build-cache :service:build -x test | |
| - name: SonarQube scan service | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any | |
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
| run: ./gradlew --build-cache :service:sonar | |
| - name: Upload spotbugs results | |
| uses: github/codeql-action/upload-sarif@main | |
| with: | |
| sarif_file: service/build/reports/spotbugs/main.sarif | |
| jib: | |
| needs: [ build ] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Set up JDK 17 | |
| uses: actions/setup-java@v3 | |
| with: | |
| java-version: '17' | |
| distribution: 'temurin' | |
| - name: Gradle cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/.gradle/caches | |
| ~/.gradle/wrapper | |
| key: v1-${{ runner.os }}-gradle-${{ github.ref }}-${{ github.sha }} | |
| - name: Add Google Cloud Profiler to Docker Image | |
| run: docker build ./service -t externalcreds:local | |
| - name: Build image locally with jib | |
| # build the docker image to make sure it does not error | |
| run: | | |
| ./gradlew --build-cache :service:jibDockerBuild \ | |
| -Djib.from.image=docker://externalcreds:local \ | |
| -Djib.console=plain | |
| unit-tests: | |
| needs: [ build ] | |
| runs-on: ubuntu-latest | |
| services: | |
| postgres: | |
| image: postgres:13 | |
| env: | |
| POSTGRES_PASSWORD: postgres | |
| ports: [ "5432:5432" ] | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Set up JDK 17 | |
| uses: actions/setup-java@v3 | |
| with: | |
| java-version: '17' | |
| distribution: 'temurin' | |
| - name: Gradle cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/.gradle/caches | |
| ~/.gradle/wrapper | |
| key: v1-${{ runner.os }}-gradle-${{ github.ref }}-${{ github.sha }} | |
| - name: Make sure Postgres is ready and init | |
| env: | |
| PGPASSWORD: postgres | |
| run: | | |
| pg_isready -h localhost -t 10 | |
| psql -h localhost -U postgres -f ./common/postgres-init.sql | |
| # Github workflows shouldn't have access to vault, so we read from GitHub secrets instead. | |
| - name: Render GitHub Secrets | |
| env: | |
| DEV_APP_SERVICE_ACCOUNT_B64: ${{ secrets.DEV_APP_SERVICE_ACCOUNT_B64 }} | |
| run: echo "$DEV_APP_SERVICE_ACCOUNT_B64" | base64 -d >"./service/src/main/resources/rendered/ecm-sa.json" | |
| - name: Test with coverage | |
| run: ./gradlew --build-cache jacocoTestReport --scan | |
| - name: Codecov | |
| uses: codecov/[email protected] | |
| with: | |
| files: ./service/build/reports/jacoco/test/jacocoTestReport.xml | |
| integration-tests: | |
| needs: [ build ] | |
| runs-on: ubuntu-latest | |
| services: | |
| postgres: | |
| image: postgres:13 | |
| env: | |
| POSTGRES_PASSWORD: postgres | |
| ports: [ "5432:5432" ] | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Set up JDK 17 | |
| uses: actions/setup-java@v3 | |
| with: | |
| java-version: '17' | |
| distribution: 'temurin' | |
| - name: Gradle cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/.gradle/caches | |
| ~/.gradle/wrapper | |
| key: v1-${{ runner.os }}-gradle-${{ github.ref }}-${{ github.sha }} | |
| - name: Make sure Postgres is ready and init | |
| env: | |
| PGPASSWORD: postgres | |
| run: | | |
| pg_isready -h localhost -t 10 | |
| psql -h localhost -U postgres -f ./common/postgres-init.sql | |
| - name: Render GitHub Secrets | |
| env: | |
| DEV_FIRECLOUD_ACCOUNT_B64: ${{ secrets.DEV_FIRECLOUD_ACCOUNT_B64 }} | |
| DEV_APP_SERVICE_ACCOUNT_B64: ${{ secrets.DEV_APP_SERVICE_ACCOUNT_B64 }} | |
| run: | | |
| echo "$DEV_FIRECLOUD_ACCOUNT_B64" | base64 -d >"./integration/src/main/resources/rendered/user-delegated-sa.json" | |
| echo "$DEV_APP_SERVICE_ACCOUNT_B64" | base64 -d >"./service/src/main/resources/rendered/ecm-sa.json" | |
| - name: Launch the background process for integration tests | |
| run: ./gradlew --build-cache :service:bootRunDev | tee application.log & | |
| - name: Prep the integration project | |
| run: ./gradlew --build-cache :integration:classes | |
| - name: Wait for boot run to be ready | |
| run: | | |
| timeout 60 bash -c 'until echo > /dev/tcp/localhost/8080; do sleep 1; done' | |
| resultStatus=$(echo > /dev/tcp/localhost/8080; echo $?) | |
| if [[ $resultStatus == 0 ]]; then | |
| echo "Server started successfully" | |
| else | |
| echo "Server did not start successfully." | |
| exit 1 | |
| fi | |
| - name: Run the integration test suite | |
| run: ./gradlew --build-cache :integration:runTest --args="suites/FullIntegration.json /tmp/foo" --scan | |
| - name: Archive logs | |
| id: archive_logs | |
| if: always() | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: application-logs | |
| path: | | |
| application.log | |
| notify-slack: | |
| needs: [ build, jib, unit-tests, integration-tests ] | |
| runs-on: ubuntu-latest | |
| if: failure() && github.ref == 'refs/heads/dev' | |
| steps: | |
| - name: Notify slack on failure | |
| uses: 8398a7/action-slack@v3 | |
| env: | |
| SLACK_WEBHOOK_URL: ${{ secrets.POLICY_INT_WEBHOOK_URL }} | |
| with: | |
| status: failure | |
| author_name: Build on dev | |
| fields: workflow,message | |
| text: 'Build failed :sadpanda:' | |
| dispatch-tag: | |
| needs: [ build, jib, unit-tests, integration-tests ] | |
| runs-on: ubuntu-latest | |
| if: success() && github.ref == 'refs/heads/dev' | |
| steps: | |
| - name: Fire off tag action | |
| uses: benc-uk/workflow-dispatch@v1 | |
| with: | |
| workflow: Tag | |
| token: ${{ secrets.BROADBOT_TOKEN }} |