[CORE-69]: Bump com.nimbusds:nimbus-jose-jwt from 9.45 to 9.46 in the minor-patch-dependencies group #2002
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build and Test | |
on: | |
push: | |
branches: [ main ] | |
paths-ignore: [ '*.md' ] | |
pull_request: | |
branches: [ '**' ] | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Set up JDK | |
uses: actions/setup-java@v2 | |
with: | |
java-version: '17' | |
distribution: 'temurin' | |
- name: Gradle cache | |
uses: actions/cache@v2 | |
with: | |
path: | | |
~/.gradle/caches | |
~/.gradle/wrapper | |
key: v1-${{ runner.os }}-gradle-${{ github.ref }}-${{ github.sha }} | |
restore-keys: v1-${{ runner.os }}-gradle-${{ github.ref }} | |
- name: Git secrets setup | |
run: | | |
git clone https://github.com/awslabs/git-secrets.git ~/git-secrets | |
cd ~/git-secrets | |
sudo make install | |
- name: Secrets check | |
run: | | |
sudo ln -s "$(which echo)" /usr/local/bin/say | |
./minnie-kenny.sh --force | |
git secrets --scan-history | |
- name: Gradle build service | |
run: ./gradlew --build-cache :service:build -x test | |
jib: | |
needs: [ build ] | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Set up JDK | |
uses: actions/setup-java@v2 | |
with: | |
java-version: '17' | |
distribution: 'temurin' | |
- name: Gradle cache | |
uses: actions/cache@v2 | |
with: | |
path: | | |
~/.gradle/caches | |
~/.gradle/wrapper | |
key: v1-${{ runner.os }}-gradle-${{ github.ref }}-${{ github.sha }} | |
- name: Build image locally with jib | |
# build the docker image to make sure it does not error | |
run: | | |
./gradlew --build-cache :service:jibDockerBuild \ | |
-Djib.console=plain | |
unit-tests: | |
needs: [ build ] | |
runs-on: ubuntu-latest | |
services: | |
postgres: | |
image: postgres:13 | |
env: | |
POSTGRES_PASSWORD: postgres | |
ports: [ "5432:5432" ] | |
steps: | |
- uses: actions/checkout@v2 | |
# Needed by sonar to get the git history for the branch the PR will be merged into. | |
with: | |
fetch-depth: 0 | |
- name: Set up JDK | |
uses: actions/setup-java@v2 | |
with: | |
java-version: '17' | |
distribution: 'temurin' | |
- name: Gradle cache | |
uses: actions/cache@v2 | |
with: | |
path: | | |
~/.gradle/caches | |
~/.gradle/wrapper | |
key: v1-${{ runner.os }}-gradle-${{ github.ref }}-${{ github.sha }} | |
- name: Cache SonarCloud packages | |
uses: actions/cache@v2 | |
with: | |
path: ~/.sonar/cache | |
key: ${{ runner.os }}-sonar | |
restore-keys: ${{ runner.os }}-sonar | |
- name: Make sure Postgres is ready and init | |
env: | |
PGPASSWORD: postgres | |
run: | | |
pg_isready -h localhost -t 10 | |
psql -h localhost -U postgres -f ./service/local-dev/local-postgres-init.sql | |
- name: Test with coverage | |
run: ./gradlew --build-cache test jacocoTestReport --scan | |
- name: SonarQube scan | |
run: ./gradlew --build-cache sonar | |
env: | |
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
notify-slack: | |
needs: [ build, jib, unit-tests ] | |
runs-on: ubuntu-latest | |
if: failure() && github.ref == 'refs/heads/main' | |
steps: | |
- name: Notify slack on failure | |
uses: broadinstitute/[email protected] | |
env: | |
SLACK_WEBHOOK_URL: ${{ secrets.BPM_SLACK_WEBHOOK }} | |
with: | |
channel: '#dsp-core-services-alerts' | |
status: failure | |
author_name: Build on dev | |
fields: workflow,message | |
text: 'Build failed :sadpanda:' | |
bump-check: | |
runs-on: ubuntu-latest | |
outputs: | |
is-bump: ${{ steps.skiptest.outputs.is-bump }} | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Skip version bump merges | |
id: skiptest | |
uses: ./.github/actions/bump-skip | |
with: | |
event-name: ${{ github.event_name }} | |
dispatch-tag: | |
needs: [ build, jib, unit-tests, bump-check ] | |
runs-on: ubuntu-latest | |
if: success() && needs.bump-check.outputs.is-bump == 'no' && github.ref == 'refs/heads/main' | |
steps: | |
- name: Fire off publish action | |
uses: broadinstitute/workflow-dispatch@v1 | |
with: | |
workflow: 'Tag, publish, deploy' | |
token: ${{ secrets.BROADBOT_TOKEN }} |