chore(deps): update all non-major dependencies #972
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: ci | |
on: | |
push: | |
branches: [master] | |
release: | |
types: [created] | |
pull_request: | |
branches: [master] | |
permissions: read-all | |
jobs: | |
build: | |
uses: miracum/.github/.github/workflows/standard-build.yaml@1748b6a3730192d63e21629d6d84dafd495fe567 # v1.12.5 | |
permissions: | |
contents: write | |
id-token: write | |
packages: write | |
pull-requests: write | |
actions: read | |
security-events: write | |
with: | |
enable-build-test-layer: true | |
enable-upload-test-image: true | |
platforms: | | |
linux/amd64 | |
linux/arm64 | |
secrets: | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
test: | |
runs-on: ubuntu-24.04 | |
needs: | |
- build | |
permissions: | |
# for add Coverage PR Comment | |
pull-requests: write | |
steps: | |
# <https://docs.docker.com/storage/containerd/> | |
# via <https://github.com/docker/setup-buildx-action/issues/257> | |
- name: Set up containerd image store | |
shell: bash | |
run: | | |
[ -f /etc/docker/daemon.json ] || echo "{}" | sudo tee /etc/docker/daemon.json | |
jq '. | .+{"features": {"containerd-snapshotter": true}}' /etc/docker/daemon.json > /tmp/docker-daemon-with-containerd.json | |
sudo mv /tmp/docker-daemon-with-containerd.json /etc/docker/daemon.json | |
cat /etc/docker/daemon.json | |
sudo systemctl restart docker | |
docker info -f '{{ .DriverStatus }}' | |
- name: "Checkout code" | |
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 | |
with: | |
persist-credentials: false | |
- name: Download image | |
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
if: ${{ github.event_name == 'pull_request' }} | |
with: | |
name: ${{ needs.build.outputs.image-slug }} | |
path: /tmp | |
- name: Load image | |
if: ${{ github.event_name == 'pull_request' }} | |
run: | | |
ls -lsa /tmp | |
docker load --input /tmp/image.tar | |
docker image ls | |
- name: Download test image | |
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
with: | |
name: ${{ needs.build.outputs.image-slug }}-test | |
path: /tmp | |
- name: Load test image | |
run: | | |
ls -lsa /tmp | |
docker load --input /tmp/image-test.tar | |
docker image ls | |
- name: Copy unit test coverage reports from test container | |
env: | |
UNIT_TEST_IMAGE: ${{ fromJson(needs.build.outputs.test-image-meta-json).tags[0] }} | |
run: | | |
docker create --name=unit-test-container "${UNIT_TEST_IMAGE}" | |
docker cp unit-test-container:/build/src/FhirPseudonymizer.Tests/coverage ./coverage | |
- name: Code Coverage Report | |
uses: irongut/CodeCoverageSummary@51cc3a756ddcd398d447c044c02cb6aa83fdae95 # tag=v1.3.0 | |
with: | |
filename: coverage/**/coverage.cobertura.xml | |
badge: true | |
fail_below_min: true | |
format: markdown | |
hide_branch_rate: false | |
hide_complexity: true | |
indicators: true | |
output: both | |
thresholds: "50 50" | |
- name: Add Coverage PR Comment | |
uses: marocchino/sticky-pull-request-comment@331f8f5b4215f0445d3c07b4967662a32a2d3e31 # v2.9.0 | |
if: ${{ github.event_name == 'pull_request' }} | |
with: | |
recreate: true | |
path: code-coverage-results.md | |
iter8-test: | |
name: run iter8 tests | |
runs-on: ubuntu-24.04 | |
if: ${{ github.event_name == 'pull_request' }} | |
needs: | |
- build | |
permissions: | |
contents: read | |
pull-requests: write | |
steps: | |
# <https://docs.docker.com/storage/containerd/> | |
# via <https://github.com/docker/setup-buildx-action/issues/257> | |
- name: Set up containerd image store | |
shell: bash | |
run: | | |
[ -f /etc/docker/daemon.json ] || echo "{}" | sudo tee /etc/docker/daemon.json | |
jq '. | .+{"features": {"containerd-snapshotter": true}}' /etc/docker/daemon.json > /tmp/docker-daemon-with-containerd.json | |
sudo mv /tmp/docker-daemon-with-containerd.json /etc/docker/daemon.json | |
cat /etc/docker/daemon.json | |
sudo systemctl restart docker | |
docker info -f '{{ .DriverStatus }}' | |
- name: Checkout | |
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 | |
- name: install iter8 cli | |
env: | |
ITER8_CLI_URL: "https://github.com/iter8-tools/iter8/releases/download/v0.13.18/iter8-linux-amd64.tar.gz" | |
run: | | |
curl -LSs "${ITER8_CLI_URL}" | tar xz | |
mv linux-amd64/iter8 /usr/local/bin/iter8 | |
chmod +x /usr/local/bin/iter8 | |
iter8 version | |
- name: Create KinD cluster | |
uses: helm/kind-action@0025e74a8c7512023d06dc019c617aa3cf561fde # v1.10.0 | |
with: | |
cluster_name: kind | |
- name: Download image | |
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
with: | |
name: ${{ needs.build.outputs.image-slug }} | |
path: /tmp | |
- name: Load image into KinD | |
run: | | |
kind load image-archive /tmp/image.tar | |
- name: List images in cluster | |
run: docker exec kind-control-plane crictl images | |
- name: Install "fhir-pseudonymizer" | |
env: | |
IMAGE_TAG: ${{ needs.build.outputs.image-version }} | |
run: | | |
helm install \ | |
--set="image.tag=${IMAGE_TAG}" \ | |
-f tests/iter8/values.yaml \ | |
--wait \ | |
--timeout=10m \ | |
fhir-pseudonymizer \ | |
oci://ghcr.io/miracum/charts/fhir-pseudonymizer | |
- name: Launch iter8 experiment | |
run: kubectl apply -f tests/iter8/experiment.yaml | |
- name: Wait for experiment completion | |
run: iter8 k assert -c completed --timeout 10m | |
- name: Assert no failures and SLOs are satisfied | |
run: iter8 k assert -c nofailure,slos | |
- name: Create iter8 reports | |
if: always() | |
run: | | |
iter8 k report | tee iter8-report.txt | |
iter8 k report -o html > iter8-report.html | |
- name: Enhance iter8 report output for use as a PR comment | |
run: | | |
ITER8_REPORT_TXT=$(cat iter8-report.txt) | |
{ | |
echo -e '---'; | |
echo -e '## iter8 report'; | |
echo -e '```console'; | |
echo -e "${ITER8_REPORT_TXT}"; | |
echo -e '```' | |
} >> iter8-output.md | |
- name: Append sticky comment with iter8 report | |
uses: marocchino/sticky-pull-request-comment@331f8f5b4215f0445d3c07b4967662a32a2d3e31 # v2.9.0 | |
if: ${{ github.event_name == 'pull_request' }} | |
with: | |
append: true | |
path: iter8-output.md | |
- name: Upload report | |
if: always() | |
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 | |
with: | |
name: iter8-report.html | |
path: | | |
iter8-report.html | |
- name: Print cluster and iter8 logs | |
if: always() | |
run: | | |
kubectl cluster-info dump -o yaml | tee kind-cluster-dump.txt | |
iter8 k log -l trace | |
- name: Upload cluster dump | |
if: always() | |
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 | |
with: | |
name: kind-cluster-dump.txt | |
path: | | |
kind-cluster-dump.txt | |
lint: | |
uses: miracum/.github/.github/workflows/standard-lint.yaml@1748b6a3730192d63e21629d6d84dafd495fe567 # v1.12.5 | |
permissions: | |
contents: read | |
pull-requests: write | |
issues: write | |
security-events: write | |
actions: read | |
with: | |
enable-validate-gradle-wrapper: false | |
codeql-languages: '["csharp"]' | |
enable-codeql: true | |
enable-verify-base-image-signature: false | |
secrets: | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
release: | |
uses: miracum/.github/.github/workflows/standard-release.yaml@1748b6a3730192d63e21629d6d84dafd495fe567 # v1.12.5 | |
needs: | |
- build | |
- test | |
permissions: | |
contents: write | |
pull-requests: write | |
issues: write | |
secrets: | |
semantic-release-token: ${{ secrets.MIRACUM_BOT_SEMANTIC_RELEASE_TOKEN }} |