DPC CI Workflow #8423

Workflow file for this run

.github/workflows/ci-workflow.yml at e41354a

	name: "DPC CI Workflow"

	on:
	pull_request:
	paths-ignore:
	- .github/workflows/opt-out-*
	- lambda/**
	workflow_dispatch: # Allow manual trigger
	schedule:
	- cron: '2 /6 * *'

	env:
	VAULT_PW: ${{ secrets.VAULT_PW }}
	REPORT_COVERAGE: true
	DPC_CA_CERT: ${{ secrets.DPC_CA_CERT }}
	ENV: "github-ci"

	jobs:
	build-api:
	name: "Build and Test API"
	runs-on: self-hosted
	steps:
	- name: Assert Ownership
	run: sudo chmod -R 777 .
	- name: "Checkout code"
	uses: actions/checkout@v4
	- name: Cleanup Runner
	run: ./scripts/cleanup-docker.sh
	- name: "Set up JDK 11"
	uses: actions/setup-java@v3
	with:
	distribution: "corretto"
	java-version: "11"
	- name: "Set up Python and install Ansible"
	run: \|
	sudo dnf -y install python3 python3-pip
	pip install ansible
	- name: Install Maven 3.6.3
	run: \|
	export PATH="$PATH:/opt/maven/bin"
	echo "PATH=$PATH" >> $GITHUB_ENV
	if mvn -v; then echo "Maven already installed" && exit 0; else echo "Installing Maven"; fi
	tmpdir="$(mktemp -d)"
	curl -LsS https://archive.apache.org/dist/maven/maven-3/3.6.3/binaries/apache-maven-3.6.3-bin.tar.gz \| tar xzf - -C "$tmpdir"
	sudo rm -rf /opt/maven
	sudo mv "$tmpdir/apache-maven-3.6.3" /opt/maven
	- name: Clean maven
	run: \|
	mvn -ntp -U clean
	- name: Install npm
	run: \|
	sudo dnf -y install nodejs
	npm --version
	node --version
	- name: Install docker compose manually
	run: \|
	mkdir -p /usr/local/lib/docker/cli-plugins
	curl -SL https://github.com/docker/compose/releases/download/v2.32.4/docker-compose-linux-x86_64 -o /usr/local/lib/docker/cli-plugins/docker-compose
	chown root:root /usr/local/lib/docker/cli-plugins/docker-compose
	chmod +x /usr/local/lib/docker/cli-plugins/docker-compose
	- name: "API Build"
	id: ci-app
	run: \|
	export PATH=$PATH:~/.local/bin
	make ci-app
	- name: "Debug db"
	if: ${{ failure() && steps.ci-app.outcome == 'failure' }}
	run: docker logs start-v1-app-db-1
	- name: "Debug consent"
	if: ${{ failure() && steps.ci-app.outcome == 'failure' }}
	run: docker logs start-v1-app-consent-1
	- name: "Debug attribution"
	if: ${{ failure() && steps.ci-app.outcome == 'failure' }}
	run: docker logs start-v1-app-attribution-1
	- name: "Debug aggregation"
	if: ${{ failure() && steps.ci-app.outcome == 'failure' }}
	run: docker logs start-v1-app-aggregation-1
	- name: "Debug api"
	if: ${{ failure() && steps.ci-app.outcome == 'failure' }}
	run: docker logs start-v1-app-api-1
	- name: "Move jacoco reports"
	run: \|
	sudo mkdir jacoco-reports
	sudo cp ./dpc-aggregation/target/site/jacoco-it/jacoco.xml jacoco-reports/dpc-aggregation-it-jacoco.xml
	sudo cp ./dpc-aggregation/target/site/jacoco/jacoco.xml jacoco-reports/dpc-aggregation-jacoco.xml
	sudo cp ./dpc-api/target/site/jacoco-it/jacoco.xml jacoco-reports/dpc-api-it-jacoco.xml
	sudo cp ./dpc-api/target/site/jacoco/jacoco.xml jacoco-reports/dpc-api-jacoco.xml
	sudo cp ./dpc-attribution/target/site/jacoco-it/jacoco.xml jacoco-reports/dpc-attribution-it-jacoco.xml
	sudo cp ./dpc-attribution/target/site/jacoco/jacoco.xml jacoco-reports/dpc-attribution-jacoco.xml
	sudo cp ./dpc-bluebutton/target/site/jacoco/jacoco.xml jacoco-reports/dpc-bluebutton-jacoco.xml
	sudo cp ./dpc-common/target/site/jacoco/jacoco.xml jacoco-reports/dpc-common-jacoco.xml
	sudo cp ./dpc-consent/target/site/jacoco-it/jacoco.xml jacoco-reports/dpc-consent-it-jacoco.xml
	sudo cp ./dpc-consent/target/site/jacoco/jacoco.xml jacoco-reports/dpc-consent-jacoco.xml
	sudo cp ./dpc-macaroons/target/site/jacoco/jacoco.xml jacoco-reports/dpc-macaroons-jacoco.xml
	sudo cp ./dpc-queue/target/site/jacoco/jacoco.xml jacoco-reports/dpc-queue-jacoco.xml
	- name: Upload jacoco reports
	uses: actions/upload-artifact@v4
	with:
	name: code-coverage-report-dpc-api
	path: ./jacoco-reports
	- name: Cleanup
	if: ${{ always() }}
	run: ./scripts/cleanup-docker.sh

	build-dpc-web:
	name: "Build and Test DPC Web"
	runs-on: self-hosted
	steps:
	- name: Assert Ownership
	run: sudo chmod -R 777 .
	- name: "Checkout code"
	uses: actions/checkout@v4
	- name: Cleanup Runner
	run: ./scripts/cleanup-docker.sh
	- name: Install docker compose manually
	run: \|
	mkdir -p /usr/local/lib/docker/cli-plugins
	curl -SL https://github.com/docker/compose/releases/download/v2.32.4/docker-compose-linux-x86_64 -o /usr/local/lib/docker/cli-plugins/docker-compose
	chown root:root /usr/local/lib/docker/cli-plugins/docker-compose
	chmod +x /usr/local/lib/docker/cli-plugins/docker-compose
	- name: "DPC Web Build"
	run: \|
	make ci-web-portal
	- name: "Copy test results"
	run: sudo cp dpc-web/coverage/.resultset.json web-resultset-raw.json
	- name: Archive code coverage results
	uses: actions/upload-artifact@v4
	with:
	name: code-coverage-report-dpc-web
	path: ./web-resultset-raw.json
	- name: Cleanup
	if: ${{ always() }}
	run: ./scripts/cleanup-docker.sh

	build-dpc-admin:
	name: "Build and Test DPC Admin Portal"
	runs-on: self-hosted
	steps:
	- name: Assert Ownership
	run: sudo chmod -R 777 .
	- name: "Checkout code"
	uses: actions/checkout@v4
	- name: Cleanup Runner
	run: ./scripts/cleanup-docker.sh
	- name: Install docker compose manually
	run: \|
	mkdir -p /usr/local/lib/docker/cli-plugins
	curl -SL https://github.com/docker/compose/releases/download/v2.32.4/docker-compose-linux-x86_64 -o /usr/local/lib/docker/cli-plugins/docker-compose
	chown root:root /usr/local/lib/docker/cli-plugins/docker-compose
	chmod +x /usr/local/lib/docker/cli-plugins/docker-compose
	- name: "DPC Admin Portal Build"
	run: \|
	make ci-admin-portal
	- name: "Copy test results"
	run: sudo cp dpc-admin/coverage/.resultset.json admin-resultset-raw.json
	- name: Archive code coverage results
	uses: actions/upload-artifact@v4
	with:
	name: code-coverage-report-dpc-admin
	path: ./admin-resultset-raw.json
	- name: Cleanup
	if: ${{ always() }}
	run: ./scripts/cleanup-docker.sh

	build-dpc-portal:
	name: "Build and Test DPC Portal"
	runs-on: self-hosted
	steps:
	- name: Assert Ownership
	run: sudo chmod -R 777 .
	- name: "Checkout code"
	uses: actions/checkout@v4
	- name: Cleanup Runner
	run: ./scripts/cleanup-docker.sh
	- name: Install docker compose manually
	run: \|
	mkdir -p /usr/local/lib/docker/cli-plugins
	curl -SL https://github.com/docker/compose/releases/download/v2.32.4/docker-compose-linux-x86_64 -o /usr/local/lib/docker/cli-plugins/docker-compose
	chown root:root /usr/local/lib/docker/cli-plugins/docker-compose
	chmod +x /usr/local/lib/docker/cli-plugins/docker-compose
	- name: "DPC Portal Build"
	run: \|
	make ci-portal
	- name: "Copy test results"
	run: sudo cp dpc-portal/coverage/.resultset.json portal-resultset-raw.json
	- name: Archive code coverage results
	uses: actions/upload-artifact@v4
	with:
	name: code-coverage-report-dpc-portal
	path: ./portal-resultset-raw.json
	- name: Cleanup
	if: ${{ always() }}
	run: ./scripts/cleanup-docker.sh

	build-dpc-client:
	name: "Build and Test DPC Client"
	runs-on: self-hosted
	steps:
	- name: Assert Ownership
	run: sudo chmod -R 777 .
	- name: "Checkout code"
	uses: actions/checkout@v4
	- name: Cleanup Runner
	run: ./scripts/cleanup-docker.sh
	- name: "DPC Client Build"
	run: \|
	make ci-api-client
	- name: Cleanup
	if: ${{ always() }}
	run: ./scripts/cleanup-docker.sh

	sonar-quality-gate-dpc-web-and-admin:
	name: Sonarqube Quality Gate for dpc-web and dpc-admin
	needs: [build-dpc-admin, build-dpc-web]
	runs-on: self-hosted
	env:
	# Workaround until https://jira.cms.gov/browse/PLT-338 is implemented.
	ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION: "true"
	steps:
	- name: Assert Ownership
	run: sudo chmod -R 777 .
	- name: "Checkout code"
	uses: actions/checkout@v4
	- name: Cleanup Runner
	run: ./scripts/cleanup-docker.sh
	- name: Download web code coverage
	uses: actions/download-artifact@v4
	with:
	name: code-coverage-report-dpc-web
	- name: Download admin code coverage
	uses: actions/download-artifact@v4
	with:
	name: code-coverage-report-dpc-admin
	- name: "Reformat test results" # Sonarqube will run in a docker container and wants the paths to be from /github/workspace
	run: \|
	sudo jq '.RSpec.coverage \|= with_entries(if .key \| contains("dpc-web") then .key \|= sub("/dpc-web"; "${{ github.workspace }}/dpc-web") else . end)' web-resultset-raw.json > web-resultset.json
	sudo jq '.RSpec.coverage \|= with_entries(if .key \| contains("dpc-admin") then .key \|= sub("/dpc-admin"; "${{ github.workspace }}/dpc-admin") else . end)' admin-resultset-raw.json > admin-resultset.json
	- name: Set env vars from AWS params
	uses: cmsgov/ab2d-bcda-dpc-platform/actions/aws-params-env-action@main
	env:
	AWS_REGION: ${{ vars.AWS_REGION }}
	with:
	params: \|
	SONAR_HOST_URL=/sonarqube/url
	SONAR_TOKEN=/sonarqube/token
	- name: Run quality gate scan
	uses: sonarsource/sonarqube-scan-action@master
	with:
	args:
	-Dsonar.projectKey=bcda-dpc-web
	-Dsonar.sources=./dpc-web/app,./dpc-web/lib,./dpc-admin/app,./dpc-admin/lib
	-Dsonar.ruby.coverage.reportPaths=./web-resultset.json,./admin-resultset.json
	-Dsonar.working.directory=./sonar_workspace
	-Dsonar.branch.name=${{ github.event_name == 'pull_request' && github.head_ref \|\| github.ref_name }}
	-Dsonar.projectVersion=${{ github.ref_name == 'main' && github.sha \|\| 'branch' }}
	-Dsonar.qualitygate.wait=true
	- name: Cleanup
	if: ${{ always() }}
	run: ./scripts/cleanup-docker.sh

	sonar-quality-gate-dpc-portal:
	name: Sonarqube Quality Gate for dpc-portal
	needs: build-dpc-portal
	runs-on: self-hosted
	env:
	# Workaround until https://jira.cms.gov/browse/PLT-338 is implemented.
	ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION: "true"
	steps:
	- name: Assert Ownership
	run: sudo chmod -R 777 .
	- name: "Checkout code"
	uses: actions/checkout@v4
	- name: Cleanup Runner
	run: ./scripts/cleanup-docker.sh
	- name: Download code coverage
	uses: actions/download-artifact@v4
	with:
	name: code-coverage-report-dpc-portal
	- name: "Reformat test results" # Sonarqube will run in a docker container and wants the paths to be from /github/workspace
	run: \|
	sudo jq '.RSpec.coverage \|= with_entries(if .key \| contains("dpc-portal") then .key \|= sub("/dpc-portal"; "${{ github.workspace }}/dpc-portal") else . end)' portal-resultset-raw.json > portal-resultset.json
	- name: Set env vars from AWS params
	uses: cmsgov/ab2d-bcda-dpc-platform/actions/aws-params-env-action@main
	env:
	AWS_REGION: ${{ vars.AWS_REGION }}
	with:
	params: \|
	SONAR_HOST_URL=/sonarqube/url
	SONAR_TOKEN=/sonarqube/token
	- name: Run quality gate scan
	uses: sonarsource/sonarqube-scan-action@master
	with:
	args:
	-Dsonar.projectKey=bcda-dpc-portal
	-Dsonar.sources=./dpc-portal/app,./dpc-portal/lib
	-Dsonar.coverage.exclusions=*/_preview.rb,*/html.erb,*/application_
	-Dsonar.ruby.coverage.reportPaths=./portal-resultset.json
	-Dsonar.working.directory=./sonar_workspace
	-Dsonar.branch.name=${{ github.event_name == 'pull_request' && github.head_ref \|\| github.ref_name }}
	-Dsonar.projectVersion=${{ github.ref_name == 'main' && github.sha \|\| 'branch' }}
	-Dsonar.qualitygate.wait=true
	- name: Cleanup
	if: ${{ always() }}
	run: ./scripts/cleanup-docker.sh

	sonar-quality-gate-dpc-api:
	name: Sonarqube Quality Gate for dpc-api
	needs: build-api
	runs-on: self-hosted
	env:
	# Workaround until https://jira.cms.gov/browse/PLT-338 is implemented.
	ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION: true
	steps:
	- name: Assert Ownership
	run: sudo chmod -R 777 .
	- name: Checkout Code
	uses: actions/checkout@v4
	- name: Cleanup Runner
	run: ./scripts/cleanup-docker.sh
	- name: Setup Java
	uses: actions/setup-java@v3
	with:
	java-version: '11'
	distribution: temurin
	cache: maven
	- name: Set env vars from AWS params
	uses: cmsgov/ab2d-bcda-dpc-platform/actions/aws-params-env-action@main
	env:
	AWS_REGION: ${{ vars.AWS_REGION }}
	with:
	params: \|
	SONAR_HOST_URL=/sonarqube/url
	SONAR_TOKEN=/sonarqube/token
	- name: Install Maven 3.6.3
	run: \|
	export PATH="$PATH:/opt/maven/bin"
	echo "PATH=$PATH" >> $GITHUB_ENV
	if mvn -v; then echo "Maven already installed" && exit 0; else echo "Installing Maven"; fi
	tmpdir="$(mktemp -d)"
	curl -LsS https://archive.apache.org/dist/maven/maven-3/3.6.3/binaries/apache-maven-3.6.3-bin.tar.gz \| tar xzf - -C "$tmpdir"
	sudo rm -rf /opt/maven
	sudo mv "$tmpdir/apache-maven-3.6.3" /opt/maven
	- name: Clean maven
	run: \|
	mvn -ntp -U clean
	- name: Compile Project
	run: \|
	mvn clean compile -Perror-prone -B -V -ntp
	- name: Download code coverage
	uses: actions/download-artifact@v4
	with:
	name: code-coverage-report-dpc-api
	path: jacoco-reports
	- name: Verify download
	run: \|
	find . -name dpc-api-jacoco.xml
	- name: Run quality gate scan
	run: \|
	mvn org.sonarsource.scanner.maven:sonar-maven-plugin:3.7.0.1746:sonar -Dsonar.projectKey=bcda-dpc-api -Dsonar.branch.name=${{ github.event_name == 'pull_request' && github.head_ref \|\| github.event_name == 'pull_request' && github.head_ref \|\| github.ref_name }} -Dsonar.working.directory=./.sonar_workspace -Dsonar.projectVersion=${{ github.ref_name == 'main' && github.sha \|\| 'branch' }} -Dsonar.qualitygate.wait=true -Dsonar.coverage.jacoco.xmlReportPaths="../jacoco-reports/*.xml"
	- name: Cleanup
	if: ${{ always() }}
	run: ./scripts/cleanup-docker.sh

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

DPC CI Workflow #8423

Workflow file

DPC CI Workflow #8423

Jobs

Run details

Workflow file for this run