Set up GitHub Actions CI pipeline for automated testing and Docker builds#30
Set up GitHub Actions CI pipeline for automated testing and Docker builds#30
Conversation
Co-authored-by: dmccoystephenson <21204351+dmccoystephenson@users.noreply.github.com>
…ilds Co-authored-by: dmccoystephenson <21204351+dmccoystephenson@users.noreply.github.com>
There was a problem hiding this comment.
Pull Request Overview
Sets up a GitHub Actions CI pipeline to run Gradle tests/builds and build/push Docker images to GHCR, and slightly simplifies the Dockerfile.
- Adds CI workflow with separate test and Docker build jobs
- Implements Gradle and Docker layer caching
- Removes permissive .gradle directory creation from Dockerfile
Reviewed Changes
Copilot reviewed 2 out of 3 changed files in this pull request and generated 4 comments.
| File | Description |
|---|---|
| .github/workflows/ci.yml | Adds CI pipeline with test and Docker build/push jobs, caching, and metadata-driven tagging |
| Dockerfile | Removes unnecessary .gradle directory creation and chmod |
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
| run: ./gradlew build | ||
|
|
||
| docker: | ||
| runs-on: ubuntu-latest |
There was a problem hiding this comment.
The workflow uses GITHUB_TOKEN to push to GHCR but does not explicitly grant packages: write permission. Without explicit permissions, pushes can fail or run with overly permissive defaults; add least-privilege permissions to the docker job: permissions: contents: read, packages: write.
| runs-on: ubuntu-latest | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: write |
| - name: Run tests | ||
| run: ./gradlew test | ||
|
|
There was a problem hiding this comment.
Gradle's build task executes tests by default, so running test and then build runs tests twice. Either run only ./gradlew build, or keep the test step and change the build step to ./gradlew build -x test (or use check + assemble) to avoid redundant work.
| - name: Run tests | |
| run: ./gradlew test | |
| run: ./gradlew test | ||
|
|
||
| - name: Build application | ||
| run: ./gradlew build |
There was a problem hiding this comment.
Gradle's build task executes tests by default, so running test and then build runs tests twice. Either run only ./gradlew build, or keep the test step and change the build step to ./gradlew build -x test (or use check + assemble) to avoid redundant work.
| run: ./gradlew build | |
| run: ./gradlew build -x test |
| runs-on: ubuntu-latest | ||
|
|
||
| steps: | ||
| - uses: actions/checkout@v4 |
There was a problem hiding this comment.
[nitpick] Actions are referenced by mutable tags (e.g., @v4/@v3/@v5); pin them to specific commit SHAs to prevent supply-chain attacks and ensure reproducibility. Apply this to all uses steps in this file (lines 14, 17, 23, 47, 50, 53, 61, 70) by replacing the tag with the corresponding commit SHA from each action's repository.
This PR implements a comprehensive GitHub Actions CI pipeline to automate testing and Docker builds as requested in issue #27.
What's Added
CI Workflow (
.github/workflows/ci.yml)The new workflow provides two main jobs:
Test Job - Runs on every push to
mainand all pull requests:gradlewpermissions./gradlew test./gradlew buildDocker Job - Runs only on pushes to
mainbranch after tests pass:ghcr.io) using built-inGITHUB_TOKENlatestfor main branchmain-<sha>)Key Benefits
Technical Details
The workflow leverages modern GitHub Actions features including:
actions/cache@v4docker/setup-buildx-action@v3The implementation follows CI/CD best practices and provides immediate feedback on code quality while automating the deployment pipeline for the Spring Boot application.
✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.