Skip to content
Build, test & deploy

feat(action): link the pr to solved jira #2728

Sign in to view logs

feat(action): link the pr to solved jira

feat(action): link the pr to solved jira #2728

Workflow file for this run

.github/workflows/build-test-deploy.yml at f4a2f1f
#
# SPDX-FileCopyrightText: 2023 Lifely
# SPDX-License-Identifier: EUPL-1.2+
#
name: Build, test & deploy
on:
pull_request:
workflow_dispatch:
push:
branches:
- main
# cancel any previous runs of this workflow for this branch that are still in progress
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
env:
JAVA_VERSION: '21'
CONTAINER_REGISTRY_URL: 'ghcr.io/infonl'
APPLICATION_NAME: 'zaakafhandelcomponent'
permissions:
contents: write
packages: write
checks: write
pull-requests: write
# Required for uploading SARIF reports
security-events: write
jobs:
build:
runs-on: ubuntu-22.04
timeout-minutes: 30
outputs:
branch_name: ${{ steps.gen_branch_name.outputs.BRANCH_NAME }}
build_number: ${{ steps.gen_build_number.outputs.BUILD_NUMBER }}
zac_docker_image: ${{ steps.gen_tag.outputs.ZAC_DOCKER_IMAGE }}
steps:
- uses: actions/checkout@v4
- name: Set branch name
id: gen_branch_name
run: echo "BRANCH_NAME=${{ github.ref_name }}" | sed 's/\//_/g; s/(//g; s/)//g' >> $GITHUB_OUTPUT
- name: Set build number
id: gen_build_number
run: echo "BUILD_NUMBER=${{ steps.gen_branch_name.outputs.BRANCH_NAME }}-${{ github.run_number }}" >> $GITHUB_OUTPUT
- name: Set Docker image tag
id: gen_tag
run: echo "ZAC_DOCKER_IMAGE=${{ env.CONTAINER_REGISTRY_URL }}/${{ env.APPLICATION_NAME }}:${{ steps.gen_build_number.outputs.BUILD_NUMBER }}" >> $GITHUB_OUTPUT
- name: Setup JDK
uses: actions/setup-java@v4
with:
java-version: ${{ env.JAVA_VERSION }}
distribution: 'temurin'
# Use the Maven cache here so that Maven artefacts (Maven build is triggered from the Gradle build) are cached.
cache: 'maven'
# To set up the Gradle build itself we use the 'gradle-build-action' which caches Gradle artefacts by default.
- name: Setup Gradle
uses: gradle/gradle-build-action@v3
# The Gradle build also executes a Maven command to build the WildFly bootable JAR.
- name: Gradle build
run: ./gradlew build -x test --info
- name: Upload Detekt scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: ${{ github.workspace }}/build/reports/detekt/detekt.sarif
- name: Cache Gradle build artefacts
uses: actions/cache/save@v4
with:
path: |
build/
key: build-${{ github.repository }}-${{ github.ref_name }}-${{ github.run_number }}
- name: Cache generated Java clients
uses: actions/cache/save@v4
with:
path: |
src/generated/java
key: generated-java-clients-${{ github.repository }}-${{ github.ref_name }}-${{ github.run_number }}
- name: Cache Maven build artefacts
uses: actions/cache/save@v4
with:
path: |
target/
key: maven-build-${{ github.repository }}-${{ github.ref_name }}-${{ github.run_number }}
run-unit-tests:
needs: [build]
runs-on: ubuntu-22.04
timeout-minutes: 30
env:
READ_PACKAGES_USERNAME: $${{ vars.READ_PACKAGES_USERNAME }}
READ_PACKAGES_TOKEN: ${{ secrets.READ_PACKAGES_TOKEN }}
steps:
- uses: actions/checkout@v4
- name: Setup JDK
uses: actions/setup-java@v4
with:
java-version: ${{ env.JAVA_VERSION }}
distribution: 'temurin'
- name: Setup Gradle
uses: gradle/gradle-build-action@v3
- name: Restore generated Java clients
uses: actions/cache/restore@v4
with:
path: |
src/generated/java
key: generated-java-clients-${{ github.repository }}-${{ github.ref_name }}-${{ github.run_number }}
- name: Restore Gradle build artefacts
uses: actions/cache/restore@v4
with:
path: |
build/
key: build-${{ github.repository }}-${{ github.ref_name }}-${{ github.run_number }}
- name: Run unit tests
run: ./gradlew -x compileJava -x processResources -x compileKotlin -x classes test --info
- name: Publish unit test results
uses: EnricoMi/publish-unit-test-result-action@v2
if: always()
with:
check_name: unit-test-results
files: |
build/test-results/**/*.xml
src/main/app/reports/*.xml
- name: Generate unit test code coverage report
run: ./gradlew -x compileJava -x processResources -x compileKotlin -x classes -x test -x itest npmRunTestCoverage jacocoTestReport --info
- name: Upload unit test coverage report to Codecov
uses: codecov/codecov-action@v4
with:
flags: unittests
env:
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
build-docker-image-and-run-itests:
needs: [build]
runs-on: ubuntu-22.04
timeout-minutes: 30
env:
BUILD_NUMBER: ${{ needs.build.outputs.build_number }}
BRANCH_NAME: ${{ needs.build.outputs.branch_name }}
ZAC_DOCKER_IMAGE: ${{ needs.build.outputs.zac_docker_image }}
GIT_COMMIT_HASH: ${{ github.sha }}
BAG_API_CLIENT_MP_REST_URL: $${{ vars.BAG_API_CLIENT_MP_REST_URL }}
BAG_API_KEY: ${{ secrets.BAG_API_KEY }}
steps:
# workaround to avoid 'No space left on device' error
- name: Free Disk Space (Ubuntu)
uses: jlumbroso/[email protected]
with:
tool-cache: true
# do not clean up Docker images since we need them
docker-images: false
# disable cleaning up large packages since this takes a long time
large-packages: false
- uses: actions/checkout@v4
- name: Setup JDK
uses: actions/setup-java@v4
with:
java-version: ${{ env.JAVA_VERSION }}
distribution: 'temurin'
- name: Setup Gradle
uses: gradle/gradle-build-action@v3
- name: Restore Maven build artefacts
uses: actions/cache/restore@v4
with:
path: |
target/
key: maven-build-${{ github.repository }}-${{ github.ref_name }}-${{ github.run_number }}
- name: Build Docker image
run: |
./gradlew \
-PzacDockerImage=${ZAC_DOCKER_IMAGE} \
-PversionNumber=${BUILD_NUMBER} \
-PbranchName=${BRANCH_NAME} \
-PcommitHash=${GIT_COMMIT_HASH} \
buildDockerImage \
-x generateWildflyBootableJar
# Make sure this step is run _after_ we have built our ZAC Docker Image because
# we do not want the ZAC Docker image to be cached.
# See: https://github.com/ScribeMD/docker-cache/issues/532
- name: Cache Docker images
uses: ScribeMD/[email protected]
with:
key: docker-${{ runner.os }}-${{ hashFiles('docker-compose.yaml') }}
- name: Run integration tests
run: ./gradlew -PzacDockerImage=${ZAC_DOCKER_IMAGE} -x compileJava -x processResources -x compileKotlin -x classes itest --info
- name: Publish integration test results
uses: EnricoMi/publish-unit-test-result-action@v2
if: always()
with:
check_name: integration-test-results
files: |
build/test-results/itest/**/*.xml
# JaCoCo requires our Java class files to be able to generate a report
# so restore the Gradle build artefacts from the cache
- name: Restore Gradle build artefacts
uses: actions/cache/restore@v4
with:
path: |
build/
key: build-${{ github.repository }}-${{ github.ref_name }}-${{ github.run_number }}
- name: Generate JaCoCo integration test code coverage report
run: ./gradlew jacocoIntegrationTestReport -x itest --info
- name: Upload integration test coverage report to Codecov
uses: codecov/codecov-action@v4
with:
flags: integrationtests
env:
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: '${{ env.ZAC_DOCKER_IMAGE }}'
format: 'sarif'
output: 'trivy-results.sarif'
# limit the severities even when using Sarif
# or else all vulnerabilities will be reported
limit-severities-for-sarif: true
severity: 'CRITICAL,HIGH'
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: 'trivy-results.sarif'
- name: Save Docker Image
if: github.ref == 'refs/heads/main'
run: docker save --output docker-image.tar ${ZAC_DOCKER_IMAGE}
- name: Cache ZAC Docker Image
if: github.ref == 'refs/heads/main'
uses: actions/cache/save@v4
with:
path: docker-image.tar
key: docker-image-${{ github.repository }}-${{ github.ref_name }}-${{ github.run_number }}
dependabot-auto-merge:
needs: [run-unit-tests, build-docker-image-and-run-itests]
runs-on: ubuntu-22.04
if: github.actor == 'dependabot[bot]'
permissions:
pull-requests: write
contents: write
steps:
- uses: fastify/github-action-merge-dependabot@v3
with:
# Our Dependabot PRs are not merged automatically because an automatically merged PR
# does not trigger our push workflow (and so no release would be made).
# see: https://github.com/fastify/github-action-merge-dependabot/issues/134
approve-only: true
target: minor
next-version:
if: github.ref == 'refs/heads/main'
runs-on: ubuntu-22.04
outputs:
version: ${{ steps.get-version.outputs.replaced }}
tag: ${{ steps.get-tag.outputs.new_tag }}
steps:
# Checkout the repository including tags
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
# Determine the next semantic version based on the commit message tags
- name: Get next tag
id: get-tag
uses: anothrNick/[email protected]
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
PRERELEASE: false
DEFAULT_BUMP: patch
WITH_V: true
RELEASE_BRANCHES: main
- name: Get next version
id: get-version
uses: frabert/[email protected]
with:
pattern: 'v(.*)'
string: ${{ steps.get-tag.outputs.new_tag }}
replace-with: '$1'
- name: Print new tag and version
run: |
echo "Next version: ${{ steps.get-version.outputs.replaced }}"
echo "Next version tag: ${{ steps.get-tag.outputs.new_tag }}"
push-docker-image:
needs: [build, run-unit-tests, build-docker-image-and-run-itests, next-version]
runs-on: ubuntu-22.04
timeout-minutes: 30
if: github.ref == 'refs/heads/main'
env:
ZAC_DOCKER_IMAGE: ${{ needs.build.outputs.zac_docker_image }}
NEXT_VERSION: ${{ needs.next-version.outputs.version }}
steps:
- name: Docker Login
uses: docker/login-action@v3
with:
registry: ${{ env.CONTAINER_REGISTRY_URL }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Restore Docker Image
uses: actions/cache/restore@v4
with:
path: docker-image.tar
key: docker-image-${{ github.repository }}-${{ github.ref_name }}-${{ github.run_number }}
- name: Load Docker Image
run: docker load --input docker-image.tar
- name: Tag Docker Image with 'latest' tag
run: docker tag ${ZAC_DOCKER_IMAGE} ${CONTAINER_REGISTRY_URL}/${APPLICATION_NAME}:latest
- name: Tag Docker Image with next version tag
if: env.NEXT_VERSION != ''
run: docker tag ${ZAC_DOCKER_IMAGE} ${CONTAINER_REGISTRY_URL}/${APPLICATION_NAME}:${NEXT_VERSION}
- name: Push Docker Image with all tags
run: docker push --all-tags ${CONTAINER_REGISTRY_URL}/${APPLICATION_NAME}
create-release:
needs: [next-version, push-docker-image]
if: github.ref == 'refs/heads/main'
runs-on: ubuntu-22.04
env:
NEXT_VERSION: ${{ needs.next-version.outputs.version }}
NEXT_VERSION_TAG: ${{ needs.next-version.outputs.tag }}
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Create or update GitHub release
uses: ncipollo/release-action@v1
with:
token: ${{ secrets.GITHUB_TOKEN }}
tag: ${{ env.NEXT_VERSION_TAG }}
name: ${{ env.APPLICATION_NAME }} ${{ env.NEXT_VERSION }}
body: |
This release contains the docker image ${{ env.APPLICATION_NAME }} ${{ env.NEXT_VERSION }}, which is available
at ${{ env.CONTAINER_REGISTRY_URL }}/${{ env.APPLICATION_NAME }}:${{ env.NEXT_VERSION }}
draft: false
prerelease: false
allowUpdates: true
makeLatest: true
generateReleaseNotes: true
trigger-provision:
needs: [push-docker-image]
runs-on: ubuntu-22.04
timeout-minutes: 30
if: github.ref == 'refs/heads/main'
steps:
- uses: actions/github-script@v7
with:
github-token: ${{ secrets.PROVISION_TOKEN }}
script: |
await github.rest.actions.createWorkflowDispatch({
owner: 'infonl',
repo: 'dimpact-provisioning',
workflow_id: 'azure-provision-zaakafhandelcomponent.yml',
inputs: {
tag: '${{ github.ref_name }}-${{ github.run_number }}',
},
ref: 'main'
})