Skip to content
Build and Test

[CORE-69]: Bump the minor-patch-dependencies group across 1 directory with 19 updates #574

Sign in to view logs

[CORE-69]: Bump the minor-patch-dependencies group across 1 directory with 19 updates

[CORE-69]: Bump the minor-patch-dependencies group across 1 directory with 19 updates #574

Workflow file for this run

.github/workflows/build-and-test.yml at 7b29b16
name: Build and Test
on:
workflow_dispatch: {}
push:
branches: [ main ]
paths-ignore: [ '**.md' ]
pull_request:
# Branch settings require status checks before merging, so don't add paths-ignore.
branches: [ main ]
jobs:
bump-check:
runs-on: ubuntu-latest
outputs:
is-bump: ${{ steps.skiptest.outputs.is-bump }}
steps:
- uses: actions/checkout@v3
- name: Skip version bump merges
id: skiptest
uses: ./.github/actions/bump-skip
with:
event-name: ${{ github.event_name }}
build:
needs: [ bump-check ]
runs-on: ubuntu-latest
if: needs.bump-check.outputs.is-bump == 'no'
steps:
- uses: actions/checkout@v3
- name: Set up JDK
uses: actions/setup-java@v3
with:
java-version: '17'
distribution: 'temurin'
cache: 'gradle'
- name: Build the test harness and, by dependency, the service library
run: ./gradlew --build-cache build -x test
- name: Upload spotbugs results
uses: github/codeql-action/upload-sarif@main
with:
sarif_file: service/build/reports/spotbugs/main.sarif
jib:
needs: [ build ]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Set up JDK
uses: actions/setup-java@v3
with:
java-version: '17'
distribution: 'temurin'
cache: 'gradle'
- name: Construct docker image name and tag
id: image-name
run: |
GITHUB_REPO=$(basename ${{ github.repository }})
GIT_SHORT_HASH=$(git rev-parse --short HEAD)
echo "name=${GITHUB_REPO}:${GIT_SHORT_HASH}" >> $GITHUB_OUTPUT
- name: Build image locally with jib
run: |
./gradlew --build-cache :service:jibDockerBuild \
--image=${{ steps.image-name.outputs.name }} \
-Djib.console=plain
- name: Run Trivy vulnerability scanner
uses: broadinstitute/dsp-appsec-trivy-action@v1
with:
image: ${{ steps.image-name.outputs.name }}
tests-and-sonarqube:
needs: [ bump-check, build ]
runs-on: ubuntu-latest
if: needs.bump-check.outputs.is-bump == 'no'
services:
postgres:
image: postgres:17.7
env:
POSTGRES_PASSWORD: postgres
options: >-
--health-cmd pg_isready
--health-interval 10s
--health-timeout 5s
--health-retries 5
ports:
- 5432:5432
steps:
- uses: actions/checkout@v3
# Needed by sonar to get the git history for the branch the PR will be merged into.
with:
fetch-depth: 0
- name: Set up JDK
uses: actions/setup-java@v3
with:
java-version: '17'
distribution: 'temurin'
cache: 'gradle'
- name: initialize the database
env:
PGPASSWORD: postgres
run: |
psql -h localhost -U postgres -f ./scripts/postgres-init.sql
- name: Test with coverage
run: ./gradlew --build-cache service:test jacocoTestReport --scan
# The SonarQube scan is done here, so it can upload the coverage report generated by the tests.
- name: SonarQube scan
run: ./gradlew --build-cache sonar
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
notify-slack:
needs: [ bump-check, build, tests-and-sonarqube ]
runs-on: ubuntu-latest
if: failure() && github.event_name == 'push' && needs.bump-check.outputs.is-bump == 'no'
steps:
- name: Notify WSM Slack on Failure
uses: broadinstitute/action-slack@v3.8.0
# see https://github.com/broadinstitute/action-slack
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
with:
status: failure
channel: "#terra-wsm-alerts"
username: "TPS push to main branch"
author_name: "build-and-test"
icon_emoji: ":triangular_ruler:"
fields: job, commit