Skip to content

TSPS-123 Refactor to follow DSP's Async API best practices #312

TSPS-123 Refactor to follow DSP's Async API best practices

TSPS-123 Refactor to follow DSP's Async API best practices #312

Workflow file for this run

name: Build and Test
on:
push:
branches:
- main
paths-ignore:
- '*.md'
- '.github/**'
pull_request:
branches: [ '**' ]
# There is an issue with GitHub required checks and paths-ignore. We don't really need to
# run the tests if there are only irrelevant changes (see paths-ignore above). However,
# we require tests to pass by making a "required check" rule on the branch. If the action
# is not triggered, the required check never passes and you are stuck. Therefore, we have
# to run tests even when we only change a markdown file. So don't do what I did and put a
# paths-ignore right here!
workflow_dispatch: {}
jobs:
bump-check:
runs-on: ubuntu-latest
outputs:
is-bump: ${{ steps.skiptest.outputs.is-bump }}
steps:
- uses: actions/checkout@v2
- name: Skip version bump merges
id: skiptest
uses: ./.github/actions/bump-skip
with:
event-name: ${{ github.event_name }}
build:
needs: [ bump-check ]
runs-on: ubuntu-latest
if: needs.bump-check.outputs.is-bump == 'no'
steps:
- uses: actions/checkout@v2
- name: Set up JDK
uses: actions/setup-java@v2
with:
java-version: '17'
distribution: 'temurin'
cache: 'gradle'
- name: Build the test harness and, by dependency, the service library
run: ./gradlew --build-cache build -x test
- name: Upload spotbugs results
uses: github/codeql-action/upload-sarif@main
with:
sarif_file: service/build/reports/spotbugs/main.sarif
jib:
needs: [ build ]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Set up JDK
uses: actions/setup-java@v2
with:
java-version: '17'
distribution: 'temurin'
cache: 'gradle'
- name: Construct docker image name and tag
id: image-name
run: |
GITHUB_REPO=$(basename ${{ github.repository }})
GIT_SHORT_HASH=$(git rev-parse --short HEAD)
echo ::set-output name=name::${GITHUB_REPO}:${GIT_SHORT_HASH}
- name: Build image locally with jib
run: |
./gradlew --build-cache :service:jibDockerBuild \
--image=${{ steps.image-name.outputs.name }} \
-Djib.console=plain
- name: Run Trivy vulnerability scanner
uses: broadinstitute/dsp-appsec-trivy-action@v1
with:
image: ${{ steps.image-name.outputs.name }}
tests-and-sonarqube:
needs: [ bump-check, build ]
runs-on: ubuntu-latest
if: needs.bump-check.outputs.is-bump == 'no'
services:
postgres:
image: postgres:13.1
env:
POSTGRES_PASSWORD: postgres
options: >-
--health-cmd pg_isready
--health-interval 10s
--health-timeout 5s
--health-retries 5
ports:
- 5432:5432
steps:
- uses: actions/checkout@v2
# Needed by sonar to get the git history for the branch the PR will be merged into.
with:
fetch-depth: 0
- name: Set up JDK
uses: actions/setup-java@v2
with:
java-version: '17'
distribution: 'temurin'
cache: 'gradle'
- name: initialize the database
env:
PGPASSWORD: postgres
run: |
psql -h localhost -U postgres -f ./scripts/postgres-init.sql
- name: Test with coverage
run: ./gradlew --build-cache service:test jacocoTestReport --scan
# The SonarQube scan is done here, so it can upload the coverage report generated by the tests.
- name: SonarQube scan
run: ./gradlew --build-cache sonarqube
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
notify-slack:
needs: [ bump-check, build, tests-and-sonarqube ]
runs-on: ubuntu-latest
if: failure() && github.event_name == 'push' && needs.bump-check.outputs.is-bump == 'no'
steps:
- name: Notify WSM Slack on Failure
uses: broadinstitute/[email protected]
# see https://github.com/broadinstitute/action-slack
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
with:
status: failure
channel: "#terra-tsps-alerts"
username: "TSPS push to main branch"
author_name: "build-and-test"
icon_emoji: ":triangular_ruler:"
fields: job, commit