-
Notifications
You must be signed in to change notification settings - Fork 5
123 lines (108 loc) · 4.09 KB
/
java-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
# from https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-java-with-gradle
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
# GitHub recommends pinning actions to a commit SHA.
# To get a newer version, you will need to update the SHA.
# You can also reference a tag or branch, but the action may change without warning.
name: Java CI
on:
push:
branches: [ development ]
paths-ignore: [ '*.md']
pull_request:
branches: [ '**' ]
merge_group:
jobs:
build:
runs-on: ubuntu-latest
services:
postgres:
image: postgres
env:
POSTGRES_PASSWORD: dbpwd
POSTGRES_USER: test_dbuser
POSTGRES_DB: pearl_test
options: >-
--health-cmd pg_isready
--health-interval 10s
--health-timeout 5s
--health-retries 5
ports:
- 5432:5432
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of SonarQube analysis
- name: Set up JDK 21
uses: actions/setup-java@v4
with:
java-version: '21'
distribution: 'adopt'
- name: Validate Gradle wrapper
uses: gradle/wrapper-validation-action@f9c9c575b8b21b6485636a91ffecd10e558c62f6
- name: Build with Gradle
uses: gradle/gradle-build-action@093dfe9d598ec5a42246855d09b49dc76803c005
with:
arguments: build --info # if you need to see test failure full stacktraces, change this to `build --info`
- name: Upload test artifacts
if: failure()
uses: actions/upload-artifact@v4
with:
name: test-results
path: |
api-admin/build/test-results/test/*.xml
api-participant/build/test-results/test/*.xml
core/build/test-results/test/*.xml
populate/build/test-results/test/*.xml
- name: JUnit test report
# Generate a report if the tests fail or succeed, but not if the user cancels
# For Dependabot PRs, we'll skip generating the test report to simplify our permissions setup
if: (success() || failure()) && github.actor != 'dependabot[bot]'
uses: dorny/test-reporter@v1
with:
name: JUnit Tests
path: >
api-admin/build/test-results/test/*.xml,
api-participant/build/test-results/test/*.xml,
core/build/test-results/test/*.xml,
populate/build/test-results/test/*.xml
reporter: java-junit
- name: Notify slack on failure
uses: broadinstitute/[email protected]
if: failure() && github.ref == 'refs/heads/development'
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
with:
channel: '#juniper-dev-notifications'
status: failure
author_name: Java CI build failed on merge to development
fields: job
text: "Java CI build failed :sadpanda:"
username: 'Juniper Build Notifications'
# Need to uncomment these in follow up PR, The new Trivy and Tag workflows need to exist on the development branch
# before the following steps will work
# Run DSP App Sec Trivy Scanner on PRs
dispatch-trivy:
needs: [ build ]
runs-on: ubuntu-latest
if: github.event_name == 'pull_request'
steps:
- name: Trigger Trivy Scan
uses: broadinstitute/workflow-dispatch@v1
with:
workflow: Trivy
token: ${{ secrets.BROADBOT_TOKEN }}
ref: ${{ github.event.pull_request.head.ref }}
dispatch-tag:
needs: [ build ]
runs-on: ubuntu-latest
# Only tag a new release if prior steps were successful and triggering commit is a merge to mainline
if: success() && github.ref == 'refs/heads/development'
steps:
- name: Trigger Tag Workflow
uses: broadinstitute/workflow-dispatch@v1
with:
workflow: Tag
token: ${{ secrets.BROADBOT_TOKEN }}