CORE-246 Upgrading to cache v4 #624
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build and Test | |
on: | |
push: | |
branches: [ dev ] | |
paths-ignore: [ '*.md' ] | |
pull_request: | |
branches: [ '**' ] | |
workflow_dispatch: {} | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
persist-credentials: false | |
- name: Set up JDK 17 | |
uses: actions/setup-java@v2 | |
with: | |
java-version: '17' | |
distribution: 'temurin' | |
- name: Gradle cache | |
uses: actions/cache@v4 | |
with: | |
path: | | |
~/.gradle/caches | |
~/.gradle/wrapper | |
key: v1-${{ runner.os }}-gradle-${{ github.ref }}-${{ github.sha }} | |
restore-keys: v1-${{ runner.os }}-gradle-${{ github.ref }} | |
- name: Cache SonarCloud packages | |
uses: actions/cache@v4 | |
with: | |
path: ~/.sonar/cache | |
key: ${{ runner.os }}-sonar | |
restore-keys: ${{ runner.os }}-sonar | |
- name: Gradle build service | |
run: ./gradlew --build-cache :service:build -x test | |
- name: SonarQube scan service | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any | |
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
run: ./gradlew --build-cache :service:sonarqube | |
- name: Upload spotbugs results | |
uses: github/codeql-action/upload-sarif@main | |
with: | |
sarif_file: service/build/reports/spotbugs/main.sarif | |
jib: | |
needs: [ build ] | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
persist-credentials: false | |
- name: Set up JDK 17 | |
uses: actions/setup-java@v2 | |
with: | |
java-version: '17' | |
distribution: 'temurin' | |
- name: Gradle cache | |
uses: actions/cache@v4 | |
with: | |
path: | | |
~/.gradle/caches | |
~/.gradle/wrapper | |
key: v1-${{ runner.os }}-gradle-${{ github.ref }}-${{ github.sha }} | |
- name: Add Google Cloud Profiler to Docker Image | |
run: docker build ./service -t drshub:local | |
- name: Build image locally with jib | |
# build the docker image to make sure it does not error | |
run: | | |
./gradlew --build-cache :service:jibDockerBuild \ | |
-Djib.from.image=docker://drshub:local \ | |
-Djib.console=plain | |
unit-tests: | |
needs: [ build ] | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
persist-credentials: false | |
- name: Set up JDK 17 | |
uses: actions/setup-java@v2 | |
with: | |
java-version: '17' | |
distribution: 'temurin' | |
- name: Git secrets setup | |
run: | | |
git clone https://github.com/awslabs/git-secrets.git ~/git-secrets | |
cd ~/git-secrets | |
git checkout b9e96b3212fa06aea65964ff0d5cda84ce935f38 | |
sudo make install | |
- name: Secrets check | |
run: | | |
sudo ln -s "$(which echo)" /usr/local/bin/say | |
./minnie-kenny.sh --force | |
git secrets --scan-history | |
- name: Gradle cache | |
uses: actions/cache@v4 | |
with: | |
path: | | |
~/.gradle/caches | |
~/.gradle/wrapper | |
key: v1-${{ runner.os }}-gradle-${{ github.ref }}-${{ github.sha }} | |
- name: Test with coverage | |
run: ./gradlew --build-cache jacocoTestReport --scan | |
- name: Codecov | |
uses: codecov/codecov-action@v3 | |
with: | |
files: ./service/build/reports/jacoco/test/jacocoTestReport.xml | |
integration-tests: | |
needs: [ build ] | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
persist-credentials: false | |
- name: Set up JDK 17 | |
uses: actions/setup-java@v2 | |
with: | |
java-version: '17' | |
distribution: 'temurin' | |
- name: Gradle cache | |
uses: actions/cache@v4 | |
with: | |
path: | | |
~/.gradle/caches | |
~/.gradle/wrapper | |
key: v1-${{ runner.os }}-gradle-${{ github.ref }}-${{ github.sha }} | |
- name: Render GitHub Secrets | |
env: | |
DEV_FIRECLOUD_ACCOUNT_B64: ${{ secrets.DEV_FIRECLOUD_ACCOUNT_B64 }} | |
run: echo "$DEV_FIRECLOUD_ACCOUNT_B64" | base64 -d >"./integration/src/main/resources/rendered/user-delegated-sa.json" | |
- name: Launch the background process for integration tests | |
run: ./gradlew --build-cache :service:bootRunDev | tee application.log & | |
- name: Prep the integration project | |
run: ./gradlew --build-cache :integration:classes | |
- name: Wait for boot run to be ready | |
run: | | |
timeout 60 bash -c 'until echo > /dev/tcp/localhost/8080; do sleep 1; done' | |
resultStatus=$(echo > /dev/tcp/localhost/8080; echo $?) | |
if [[ $resultStatus == 0 ]]; then | |
echo "Server started successfully" | |
else | |
echo "Server did not start successfully." | |
exit 1 | |
fi | |
- name: Run the integration test suite | |
run: ./gradlew --build-cache :integration:runTest --args="suites/FullIntegration.json /tmp/foo" | |
- name: Archive logs | |
id: archive_logs | |
if: always() | |
uses: actions/upload-artifact@v4 | |
with: | |
name: application-logs | |
path: | | |
application.log | |
notify-slack-on-failure: | |
needs: [ build, jib, unit-tests, integration-tests ] | |
uses: ./.github/workflows/slack-notify-on-failure.yml | |
secrets: inherit | |
if: ${{ failure() }} | |
with: | |
workflow_name: Build and Test | |
dispatch-tag: | |
needs: [ build, jib, unit-tests, integration-tests ] | |
runs-on: ubuntu-latest | |
if: success() && github.ref == 'refs/heads/dev' | |
steps: | |
- name: Fire off tag action | |
uses: benc-uk/workflow-dispatch@v1 | |
with: | |
workflow: Tag | |
token: ${{ secrets.BROADBOT_TOKEN }} | |
source-clear: | |
needs: [ build ] | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
persist-credentials: false | |
- name: Set up JDK | |
uses: actions/setup-java@v2 | |
with: | |
java-version: '17' | |
distribution: 'temurin' | |
cache: 'gradle' | |
- name: SourceClear scan | |
env: | |
SRCCLR_API_TOKEN: ${{ secrets.SRCCLR_API_TOKEN }} | |
run: ./gradlew --build-cache srcclr |