-
Notifications
You must be signed in to change notification settings - Fork 1
150 lines (124 loc) · 3.85 KB
/
build-and-test.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
name: Build and Test
on:
push:
branches: [ main ]
paths-ignore: [ '*.md' ]
pull_request:
branches: [ '**' ]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up JDK
uses: actions/setup-java@v4
with:
java-version: '17'
distribution: 'temurin'
- name: Setup Gradle
uses: gradle/actions/setup-gradle@v4
- name: Git secrets setup
run: |
git clone https://github.com/awslabs/git-secrets.git ~/git-secrets
cd ~/git-secrets
sudo make install
- name: Secrets check
run: |
sudo ln -s "$(which echo)" /usr/local/bin/say
./minnie-kenny.sh --force
git secrets --scan-history
- name: Gradle build service
run: ./gradlew --build-cache :service:build -x test
jib:
needs: [ build ]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up JDK
uses: actions/setup-java@v4
with:
java-version: '17'
distribution: 'temurin'
- name: Setup Gradle
uses: gradle/actions/setup-gradle@v4
- name: Build image locally with jib
# build the docker image to make sure it does not error
run: |
./gradlew --build-cache :service:jibDockerBuild \
-Djib.console=plain
unit-tests:
needs: [ build ]
runs-on: ubuntu-latest
services:
postgres:
image: postgres:13
env:
POSTGRES_PASSWORD: postgres
ports: [ "5432:5432" ]
steps:
- uses: actions/checkout@v4
# Needed by sonar to get the git history for the branch the PR will be merged into.
with:
fetch-depth: 0
- name: Set up JDK
uses: actions/setup-java@v4
with:
java-version: '17'
distribution: 'temurin'
- name: Setup Gradle
uses: gradle/actions/setup-gradle@v4
- name: Cache SonarCloud packages
uses: actions/cache@v4
with:
path: ~/.sonar/cache
key: ${{ runner.os }}-sonar
restore-keys: ${{ runner.os }}-sonar
- name: Make sure Postgres is ready and init
env:
PGPASSWORD: postgres
run: |
pg_isready -h localhost -t 10
psql -h localhost -U postgres -f ./service/local-dev/local-postgres-init.sql
- name: Test with coverage
run: ./gradlew --build-cache test jacocoTestReport --scan
- name: SonarQube scan
run: ./gradlew --build-cache sonar
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
notify-slack:
needs: [ build, jib, unit-tests ]
runs-on: ubuntu-latest
if: failure() && github.ref == 'refs/heads/main'
steps:
- name: Notify slack on failure
uses: broadinstitute/[email protected]
env:
SLACK_WEBHOOK_URL: ${{ secrets.BPM_SLACK_WEBHOOK }}
with:
channel: '#dsp-core-services-alerts'
status: failure
author_name: Build on dev
fields: workflow,message
text: 'Build failed :sadpanda:'
bump-check:
runs-on: ubuntu-latest
outputs:
is-bump: ${{ steps.skiptest.outputs.is-bump }}
steps:
- uses: actions/checkout@v4
- name: Skip version bump merges
id: skiptest
uses: ./.github/actions/bump-skip
with:
event-name: ${{ github.event_name }}
dispatch-tag:
needs: [ build, jib, unit-tests, bump-check ]
runs-on: ubuntu-latest
if: success() && needs.bump-check.outputs.is-bump == 'no' && github.ref == 'refs/heads/main'
steps:
- name: Fire off publish action
uses: broadinstitute/workflow-dispatch@v1
with:
workflow: 'Tag, publish, deploy'
token: ${{ secrets.BROADBOT_TOKEN }}