.github/workflows/ci.yml

name: CI

on:
  workflow_dispatch:
  push:
    branches:
      - 'main'
    paths-ignore:
      - '.github/**'

env:
  MAVEN_THREADS: '-T 1'

jobs:
  build:
    if: github.repository_owner == 'spring-cloud'
    runs-on: ubuntu-latest
    concurrency:
      group: ${{ github.workflow }}-${{ github.ref }}
      cancel-in-progress: true
    steps:
    - uses: actions/checkout@v4
#     cache maven repo
    - uses: actions/cache@v3
      with:
        path: ~/.m2/repository
        key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
        restore-keys: |
          ${{ runner.os }}-m2-
#     jdk8
    - uses: actions/setup-java@v3
      with:
        java-version: '8'
        distribution: 'liberica'
    - uses: jvalkeal/setup-maven@v1
      with:
        maven-version: 3.8.8
        maven-mirror: 'https://dlcdn.apache.org/maven/maven-3/'
#     jfrog cli
    - uses: jfrog/setup-jfrog-cli@v1
      with:
        version: 1.46.4
      env:
        JF_ARTIFACTORY_SPRING: ${{ secrets.JF_ARTIFACTORY_SPRING }}
    - name: Login dockerhub
      uses: docker/login-action@v3
      with:
        username: ${{ secrets.DOCKERHUB_USERNAME }}
        password: ${{ secrets.DOCKERHUB_TOKEN }}
#       setup frog cli
    - name: Configure JFrog Cli
      run: |
        jfrog rt mvnc \
          --server-id-resolve=repo.spring.io \
          --server-id-deploy=repo.spring.io \
          --repo-resolve-releases=libs-milestone \
          --repo-resolve-snapshots=libs-snapshot \
          --repo-deploy-releases=libs-release-local \
          --repo-deploy-snapshots=libs-snapshot-local
        echo JFROG_CLI_BUILD_NAME=spring-cloud-dataflow-main >> $GITHUB_ENV
        echo JFROG_CLI_BUILD_NUMBER=$GITHUB_RUN_NUMBER >> $GITHUB_ENV
        echo spring_cloud_dataflow_version=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout) >> $GITHUB_ENV
    - uses: ./.github/actions/install-xmlutils
#       build and publish
    - name: Build and Publish
      shell: bash
      timeout-minutes: 75
      run: |
        mvn clean
        ./spring-cloud-dataflow-package/set-package-version.sh
        jfrog rt mvn install -Pfull,docs -B
        jfrog rt mvn install -pl spring-cloud-dataflow-package -B
        jfrog rt build-publish
        export JFROG_CLI_BUILD_NAME="${JFROG_CLI_BUILD_NAME/spring-cloud-dataflow/spring-cloud-skipper}"
        PROJECT_VERSION=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)
#        set +e
#        echo "::info ::Project version=$PROJECT_VERSION"
#        SKIPPER_DOCS_PATTERN=$(.github/workflows/skipper-docs-name.sh $PROJECT_VERSION libs-snapshot-local)
#        if [[ "$SKIPPER_DOCS_PATTERN" == *"does not exist"* ]]; then
#          echo "::error ::Skipper Docs URL=$SKIPPER_DOCS_PATTERN"
#        else
#          echo "::info ::Skipper Docs URL=$SKIPPER_DOCS_PATTERN"
#          jfrog rt sp --build "$SKIPPER_DOCS_PATTERN" "buildName=$JFROG_CLI_BUILD_NAME;buildNumber=$JFROG_CLI_BUILD_NUMBER"
#          echo "::info ::Skipper Docs Set Properties buildName=$JFROG_CLI_BUILD_NAME;buildNumber=$JFROG_CLI_BUILD_NUMBER"
#        fi
    - name: Test Report
      uses: dorny/test-reporter@v1
      if: ${{ success() || failure() }}
      with:
        name: Unit Tests
        path: '**/surefire-reports/*.xml'
        reporter: java-junit
        list-tests: failed
    - name: Capture Test Results
      if: ${{ always() }}
      uses: actions/upload-artifact@v3
      with:
        name: test-results
        path: '**/target/surefire-reports/**/*.*'
        retention-days: 7
        if-no-files-found: ignore
#     clean m2 cache
    - name: Clean cache
      run: |
        find ~/.m2/repository -type d -name '*SNAPSHOT' | xargs rm -fr
    outputs:
      version: ${{ env.spring_cloud_dataflow_version }}
  database-tests:
    if: github.repository_owner == 'spring-cloud'
    runs-on: ubuntu-latest
    strategy:
      matrix:
        db: [ 'ORACLE', 'DB2' ]
    steps:
    - uses: actions/checkout@v4
    - uses: actions/cache@v3
      with:
        path: ~/.m2/repository
        key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
        restore-keys: |
          ${{ runner.os }}-m2-${{ matrix.db }}
    - uses: actions/setup-java@v3
      with:
        java-version: '8'
        distribution: 'liberica'
    - uses: jvalkeal/setup-maven@v1
      with:
        maven-version: 3.8.8
        maven-mirror: 'https://dlcdn.apache.org/maven/maven-3/'
    - uses: jfrog/setup-jfrog-cli@v1
      with:
        version: 1.46.4
      env:
        JF_ARTIFACTORY_SPRING: ${{ secrets.JF_ARTIFACTORY_SPRING }}
    - name: Login dockerhub
      uses: docker/login-action@v3
      with:
        username: ${{ secrets.DOCKERHUB_USERNAME }}
        password: ${{ secrets.DOCKERHUB_TOKEN }}
    - name: Configure JFrog Cli
      run: |
        jfrog rt mvnc \
          --server-id-resolve=repo.spring.io \
          --server-id-deploy=repo.spring.io \
          --repo-resolve-releases=libs-milestone \
          --repo-resolve-snapshots=libs-snapshot \
          --repo-deploy-releases=libs-release-local \
          --repo-deploy-snapshots=libs-snapshot-local
    - uses: ./.github/actions/install-xmlutils
    - name: Test
      shell: bash
      timeout-minutes: 75
      run: |                        
        jfrog rt mvn clean install -s .settings.xml -DskipTests -am -pl :spring-cloud-dataflow-server,:spring-cloud-skipper-server
        export ENABLE_${{ matrix.db }}=true
        jfrog rt mvn test -s .settings.xml -pl :spring-cloud-dataflow-server,:spring-cloud-skipper-server -Dgroups=${{ matrix.db }}
    - name: Test Report
      uses: dorny/test-reporter@v1
      if: ${{ success() || failure() }}
      with:
        name: Unit Tests
        path: '**/surefire-reports/*.xml'
        reporter: java-junit
        list-tests: failed
    - name: Capture Test Results
      if: ${{ always() }}
      uses: actions/upload-artifact@v3
      with:
        name: test-results
        path: '**/target/surefire-reports/**/*.*'
        retention-days: 7
        if-no-files-found: ignore
    #     clean m2 cache
    - name: Clean cache
      run: |
        find ~/.m2/repository -type d -name '*SNAPSHOT' | xargs rm -fr

  images:
    name: Build and Publish Images
    needs:
      - build
    uses: ./.github/workflows/build-images.yml
    with:
      version: ${{ needs.build.outputs.version }}
    secrets:
      DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
      DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
      GCR_JSON_KEY: ${{ secrets.GCR_JSON_KEY }}
  scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Run Trivy vulnerability scanner in repo mode
        uses: aquasecurity/trivy-action@master
        with:
          scan-type: 'fs'
          ignore-unfixed: true
          format: 'sarif'
          output: 'trivy-results.sarif'
          severity: 'CRITICAL,HIGH'
      - name: Upload Trivy scan results to GitHub Security tab
        uses: github/codeql-action/upload-sarif@v2
        with:
          sarif_file: 'trivy-results.sarif'
      - name: 'Scanned'
        shell: bash
        run: echo "::info ::Scanned"
  done:
    runs-on: ubuntu-latest
    needs: [ scan, build, images, database-tests ]
    steps:
      - name: 'Done'
        shell: bash
        run: echo "::info ::Done"