Skip to content

Update codeql.yml

Update codeql.yml #958

Workflow file for this run

name: CI
on:
push:
branches: [ main ]
release:
types: [ published ]
pull_request:
env:
REGISTRY: ghcr.io
IMAGE_NAME_BASE: ${{ github.repository_owner }}
jobs:
backend:
name: Backend
runs-on: ubuntu-latest
timeout-minutes: 15
permissions:
contents: read
packages: write
services:
postgres:
image: postgres:15
env:
POSTGRES_USER: portal
POSTGRES_PASSWORD: portal
POSTGRES_DB: portal
ports:
- 5432:5432
options: >-
--health-cmd pg_isready
--health-interval 10s
--health-timeout 5s
--health-retries 5
env:
# For Docker Image
IMAGE_NAME: authority-portal-backend
IMAGE_TITLE: Authority Portal Backend
IMAGE_DESCRIPTION: Backend for the sovity Dataspace Authority Portal
# For JooQ Codegen
SKIP_TESTCONTAINERS: true
TEST_POSTGRES_JDBC_URL: jdbc:postgresql://localhost:5432/portal
TEST_POSTGRES_JDBC_USER: portal
TEST_POSTGRES_JDBC_PASSWORD: portal
# For Quarkus Tests
quarkus.datasource.devservices.enabled: false
quarkus.datasource.jdbc.url: jdbc:postgresql://localhost:5432/portal
quarkus.datasource.username: portal
quarkus.datasource.password: portal
quarkus.flyway.clean-at-start: true
steps:
- uses: actions/checkout@v3
- name: "Set up JDK 17"
uses: actions/setup-java@v3
with:
java-version: '17'
distribution: 'temurin'
- name: "Gradle: Validate Gradle Wrapper"
uses: gradle/wrapper-validation-action@ccb4328a959376b642e027874838f60f8e596de3
- name: "Gradle: Build"
uses: gradle/gradle-build-action@749f47bda3e44aa060e82d7b3ef7e40d953bd629
env:
GPR_USER: ${{ secrets.GHCR_READONLY_USER }}
GPR_KEY: ${{ secrets.GHCR_READONLY_TOKEN }}
with:
build-root-directory: authority-portal-backend
arguments: build
- name: "Docker: Log in to the Container registry"
uses: docker/login-action@v2
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: "Docker: Extract metadata (tags, labels) for Docker"
id: meta
uses: docker/metadata-action@v4
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME_BASE }}/${{ env.IMAGE_NAME }}
labels: |
org.opencontainers.image.title=${{ env.IMAGE_TITLE }}
org.opencontainers.image.description=${{ env.IMAGE_DESCRIPTION }}
tags: |
type=schedule
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=semver,pattern={{major}}
type=ref,event=branch
type=ref,event=pr
type=sha
type=raw,value=latest,enable={{is_default_branch}}
type=raw,value=release,enable=${{ startsWith(github.ref, 'refs/tags/') }}
- name: "Docker: Build and Push Image (authority-portal-backend)"
uses: docker/build-push-action@v4
with:
file: authority-portal-backend/authority-portal-quarkus/src/main/docker/Dockerfile.jvm
context: authority-portal-backend/authority-portal-quarkus
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
network: host
- name: "Docker: Build and Push Image (authority-portal-crawler)"
uses: ./.github/actions/build-connector-image
with:
registry-url: ${{ env.REGISTRY }}
registry-user: ${{ github.actor }}
registry-password: ${{ secrets.GITHUB_TOKEN }}
image-base-name: ${{ env.IMAGE_NAME_BASE }}
image-name: "authority-portal-crawler"
connector-name: "catalog-crawler-ce"
title: "Catalog Crawler (Community Edition, DAPS)"
description: "sovity CE Catalog crawler for the sovity CE Authority Portal. Requires DAPS dataspace credentials to join an existing dataspace."
frontend:
name: Frontend
runs-on: ubuntu-latest
timeout-minutes: 15
permissions:
contents: read
packages: write
env:
# For Docker Image
IMAGE_NAME: authority-portal-frontend
IMAGE_TITLE: Authority Portal Frontend
IMAGE_DESCRIPTION: Frontend for the sovity Dataspace Authority Portal
steps:
- uses: actions/checkout@v3
- name: "Set up JDK 17"
uses: actions/setup-java@v3
with:
java-version: '17'
distribution: 'temurin'
- name: "Gradle: Validate Gradle Wrapper"
uses: gradle/wrapper-validation-action@ccb4328a959376b642e027874838f60f8e596de3
- name: "Gradle: Generate TypeScript Library Code"
uses: gradle/gradle-build-action@749f47bda3e44aa060e82d7b3ef7e40d953bd629
env:
GPR_USER: ${{ secrets.GHCR_READONLY_USER }}
GPR_KEY: ${{ secrets.GHCR_READONLY_TOKEN }}
with:
build-root-directory: authority-portal-backend
arguments: :authority-portal-api:build
- name: "Set up Node 16"
uses: actions/setup-node@v3
with:
node-version: '16'
cache: 'npm'
cache-dependency-path: |
authority-portal-backend/authority-portal-api-client-ts/package-lock.json
authority-portal-frontend/package-lock.json
- name: "Set up Chrome"
uses: browser-actions/setup-chrome@v1
- name: "NPM: Build TypeScript Client Library"
run: cd authority-portal-backend/authority-portal-api-client-ts && npm ci && npm run build
- name: "NPM: Install Dependencies"
run: cd authority-portal-frontend && npm ci
- name: "NPM: Test Frontend"
run: cd authority-portal-frontend && npm run test-ci
- name: "NPM: Build Frontend"
run: cd authority-portal-frontend && npm run build
- name: "Docker: Log in to the Container registry"
uses: docker/login-action@v2
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: "Docker: Extract metadata (tags, labels) for Docker"
id: meta
uses: docker/metadata-action@v4
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME_BASE }}/${{ env.IMAGE_NAME }}
labels: |
org.opencontainers.image.title=${{ env.IMAGE_TITLE }}
org.opencontainers.image.description=${{ env.IMAGE_DESCRIPTION }}
tags: |
type=schedule
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=semver,pattern={{major}}
type=ref,event=branch
type=ref,event=pr
type=sha
type=raw,value=latest,enable={{is_default_branch}}
type=raw,value=release,enable=${{ startsWith(github.ref, 'refs/tags/') }}
- name: "Docker: Build and Push Image"
uses: docker/build-push-action@v4
with:
file: authority-portal-frontend/docker/Dockerfile
context: authority-portal-frontend
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
network: host
markdown-link-checks:
name: Markdown Link Checks
runs-on: ubuntu-latest
steps:
- uses: FranzDiebold/github-env-vars-action@v2
- uses: actions/checkout@master
- name: "Markdown Link Checker: Generate Config"
run: .github/markdown-link-checker-config.jq > .github/markdown-link-checker-config.json
- name: "Markdown Link Checker: Validate Links"
uses: gaurav-nelson/github-action-markdown-link-check@v1
with:
use-quiet-mode: 'yes'
config-file: '.github/markdown-link-checker-config.json'