Refactor TransferProcessRunner #820
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build | |
| on: | |
| push: | |
| tags: [ "v*.*.*" ] | |
| branches: [ "main" ] | |
| pull_request: | |
| branches: [ "main" ] | |
| merge_group: | |
| jobs: | |
| test: | |
| env: | |
| MAVEN_ARGS: -B -T1C -Dmockserver.logLevel=WARN -Dfts.retryTimeout=false | |
| GITHUB_TOKEN: ${{ github.token }} | |
| runs-on: ubuntu-24.04 | |
| strategy: | |
| max-parallel: 6 | |
| matrix: | |
| agent: | |
| - clinical-domain-agent | |
| - trust-center-agent | |
| - research-domain-agent | |
| auth: | |
| - none | |
| - basic | |
| - cert | |
| steps: | |
| - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 | |
| - name: Set up JDK 21 | |
| uses: actions/setup-java@b36c23c0d998641eff861008f374ee103c25ac73 # v4 | |
| with: | |
| distribution: 'temurin' | |
| java-version: 21 | |
| cache: 'maven' | |
| - name: Run Tests | |
| run: mvn ${MAVEN_ARGS} verify --also-make --projects ${{ matrix.agent }} -Dspring.profiles.active=auth:${{ matrix.auth }} | |
| - name: Generate Code Coverage Report | |
| run: mvn ${MAVEN_ARGS} jacoco:report-aggregate@report | |
| - name: Upload coverage to Codecov | |
| uses: codecov/codecov-action@e28ff129e5465c2c0dcc6f003fc735cb6ae0c673 # v4 | |
| with: | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| fail_ci_if_error: true | |
| build-jar: | |
| needs: [ test ] | |
| env: | |
| MAVEN_ARGS: -B -T1C -Dmockserver.logLevel=WARN -Dfts.retryTimeout=false | |
| GITHUB_TOKEN: ${{ github.token }} | |
| runs-on: ubuntu-24.04 | |
| strategy: | |
| matrix: | |
| agent: | |
| - clinical-domain-agent | |
| - trust-center-agent | |
| - research-domain-agent | |
| steps: | |
| - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 | |
| - name: Set up JDK 21 | |
| uses: actions/setup-java@b36c23c0d998641eff861008f374ee103c25ac73 # v4 | |
| with: | |
| distribution: 'temurin' | |
| java-version: 21 | |
| cache: 'maven' | |
| - name: Build Agent | |
| run: mvn ${MAVEN_ARGS} -DskipTests package | |
| - name: Upload Jar | |
| uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4 | |
| with: | |
| name: ${{ matrix.agent }} | |
| path: ${{ matrix.agent }}/target/${{ matrix.agent }}.jar | |
| if-no-files-found: error | |
| build-image: | |
| needs: [ build-jar ] | |
| runs-on: ubuntu-24.04 | |
| strategy: | |
| matrix: | |
| agent: | |
| - clinical-domain-agent | |
| - trust-center-agent | |
| - research-domain-agent | |
| steps: | |
| - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 | |
| - name: Download Agent Jar | |
| if: ${{ matrix.agent }} | |
| uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4 | |
| with: | |
| name: ${{ matrix.agent }} | |
| path: ${{ matrix.agent }}/target | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3 | |
| - name: Build and Save Container Image | |
| uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6 | |
| with: | |
| context: ${{ matrix.agent }} | |
| tags: ${{ matrix.agent }}:latest | |
| outputs: type=docker,dest=/tmp/${{ matrix.agent }}.tar | |
| - name: Upload Container Image | |
| uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4 | |
| with: | |
| name: ${{ matrix.agent }}-image | |
| path: /tmp/${{ matrix.agent }}.tar | |
| if-no-files-found: error | |
| scan-image: | |
| continue-on-error: true | |
| needs: [ build-image ] | |
| runs-on: ubuntu-24.04 | |
| strategy: | |
| matrix: | |
| agent: | |
| - clinical-domain-agent | |
| - trust-center-agent | |
| - research-domain-agent | |
| steps: | |
| - name: Download Container Image | |
| uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4 | |
| with: | |
| name: ${{ matrix.agent }}-image | |
| path: /tmp | |
| - name: Load Container Image | |
| run: docker load --input /tmp/${{ matrix.agent }}.tar | |
| - name: Run Trivy Vulnerability Scanner | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| image-ref: ${{ matrix.agent }}:latest | |
| format: sarif | |
| output: trivy-results.sarif | |
| severity: 'CRITICAL,HIGH' | |
| timeout: '15m0s' | |
| env: | |
| TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db:2 | |
| TRIVY_JAVA_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-java-db:1 | |
| - name: Upload Trivy Scan Results to GitHub Security Tab | |
| uses: github/codeql-action/upload-sarif@461ef6c76dfe95d5c364de2f431ddbd31a417628 # v3 | |
| with: | |
| sarif_file: trivy-results.sarif | |
| e2e-tests: | |
| needs: [ build-image ] | |
| runs-on: ubuntu-24.04 | |
| strategy: | |
| matrix: | |
| cohort-selection: | |
| - transfer | |
| - transfer-with-manual-cohort-selection | |
| steps: | |
| - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 | |
| - name: Download Agent Images | |
| uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4 | |
| with: | |
| pattern: '*-image' | |
| merge-multiple: true | |
| path: /tmp | |
| - name: Login to SMITH Container Registry | |
| uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3 | |
| with: | |
| registry: creg.smith.care | |
| username: ${{ secrets.smith_creg_username }} | |
| password: ${{ secrets.smith_creg_password }} | |
| - name: Load Agent Images | |
| run: | | |
| echo -n "clinical-domain-agent trust-center-agent research-domain-agent" \ | |
| | xargs -d' ' -I{} docker load --input /tmp/{}.tar | |
| - name: Pull Container Images | |
| working-directory: .github/test | |
| run: make pull | |
| - name: Start Test Environment | |
| working-directory: .github/test | |
| run: make start | |
| - name: Configure PATH | |
| run: echo "${GITHUB_WORKSPACE}/.github/scripts" >> ${GITHUB_PATH} | |
| - name: Upload Test Data | |
| working-directory: .github/test | |
| run: make upload | |
| - name: Check Consent | |
| working-directory: .github/test | |
| run: make check-consent | |
| - name: Start Transfer | |
| working-directory: .github/test | |
| run: make ${{ matrix.cohort-selection }} | |
| - name: Wait for Transfer to Finish | |
| working-directory: .github/test | |
| run: make wait | |
| - name: Check Status | |
| working-directory: .github/test | |
| run: make check-status | |
| - name: Check Transferred Resources | |
| working-directory: .github/test | |
| run: make check-resources | |
| - name: Collect Agent Logs | |
| if: failure() || cancelled() | |
| working-directory: .github/test | |
| run: docker compose logs cd-agent tc-agent rd-agent | |
| - name: Collect MOSAIC Logs | |
| if: failure() || cancelled() | |
| working-directory: .github/test | |
| run: docker compose logs gics gpas | |
| - name: Collect HDS Logs | |
| if: failure() || cancelled() | |
| working-directory: .github/test | |
| run: docker compose logs cd-hds rd-hds | |
| - name: Collect DB Logs | |
| if: failure() || cancelled() | |
| working-directory: .github/test | |
| run: docker compose logs gics-db gpas-db keystore | |
| push-image: | |
| if: github.event_name != 'pull_request' || (github.event.pull_request.base.repo.full_name == github.event.pull_request.head.repo.full_name) | |
| needs: | |
| - scan-image | |
| - e2e-tests | |
| runs-on: ubuntu-24.04 | |
| permissions: | |
| packages: write | |
| strategy: | |
| matrix: | |
| agent: | |
| - clinical-domain-agent | |
| - trust-center-agent | |
| - research-domain-agent | |
| steps: | |
| - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 | |
| - name: Download Agent Jar | |
| if: ${{ matrix.agent }} | |
| uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4 | |
| with: | |
| name: ${{ matrix.agent }} | |
| path: ${{ matrix.agent }}/target | |
| - name: Download Container Image | |
| uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4 | |
| with: | |
| name: ${{ matrix.agent }}-image | |
| path: /tmp | |
| - name: Load Container Image | |
| run: docker load --input /tmp/${{ matrix.agent }}.tar | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3 | |
| - name: Login to GHCR | |
| uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.repository_owner }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Generate Container Image Metadata | |
| id: meta | |
| uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5 | |
| with: | |
| images: | | |
| ghcr.io/${{ github.repository_owner }}/fts-${{ matrix.agent }} | |
| tags: | | |
| type=schedule | |
| type=ref,event=branch | |
| type=ref,event=pr | |
| type=semver,pattern={{version}} | |
| type=semver,pattern={{major}}.{{minor}} | |
| - name: Build and Push Container Image | |
| uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6 | |
| with: | |
| context: ${{ matrix.agent }} | |
| platforms: linux/amd64,linux/arm64 | |
| push: true | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} |