fix(IA-4478): remove (S|s)erver headers (#55) #301
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build, Test and Publish | |
| on: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| types: [opened, synchronize, reopened] | |
| workflow_dispatch: | |
| env: | |
| SERVICE_NAME: ${{ github.event.repository.name }} | |
| ACR_REGISTRY: terradevacrpublic.azurecr.io | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Set up JDK 17 | |
| uses: actions/setup-java@v3 | |
| with: | |
| java-version: '17' | |
| distribution: 'temurin' | |
| cache: 'gradle' | |
| - name: Cache Gradle packages | |
| uses: actions/cache@v2 | |
| with: | |
| path: | | |
| ~/.gradle/caches | |
| ~/.gradle/wrapper | |
| key: v1-${{ runner.os }}-gradle-refs/heads/dev-${{ github.sha }} | |
| - name: Gradle build service | |
| run: ./gradlew --build-cache :service:build -x test | |
| unit-tests: | |
| needs: [ build ] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| # Needed by sonar to get the git history for the branch the PR will be merged into. | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up JDK | |
| uses: actions/setup-java@v3 | |
| with: | |
| java-version: '17' | |
| distribution: 'temurin' | |
| cache: 'gradle' | |
| - name: Test, coverage, and sonar | |
| run: ./gradlew --build-cache --scan test jacocoTestReport sonar --info | |
| env: | |
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| publish-job: | |
| needs: [ build ] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Set commit short hash | |
| id: setHash | |
| run: | | |
| git_short_sha=$(git rev-parse --short HEAD) | |
| echo $git_short_sha | |
| echo "::set-output name=git_short_sha::${git_short_sha}" | |
| - name: Construct docker image name and tag | |
| id: image-name | |
| # TODO: update the tag | |
| run: echo ::set-output name=name::${ACR_REGISTRY}/${SERVICE_NAME}:${{ steps.setHash.outputs.git_short_sha }} | |
| - name: Set up JDK | |
| uses: actions/setup-java@v3 | |
| with: | |
| java-version: '17' | |
| distribution: 'temurin' | |
| cache: 'gradle' | |
| - name: Build image locally with jib | |
| run: | | |
| ./gradlew --build-cache :service:jibDockerBuild \ | |
| --image=${{ steps.image-name.outputs.name }} \ | |
| -Djib.console=plain | |
| - name: Run Trivy vulnerability scanner | |
| # Link to the github location of the action https://github.com/broadinstitute/dsp-appsec-trivy-action | |
| uses: broadinstitute/dsp-appsec-trivy-action@v1 | |
| with: | |
| image: ${{ steps.image-name.outputs.name }} | |
| - name: Push Container image | |
| run: | | |
| echo ${{ secrets.ACR_SP_PASSWORD }} | docker login ${ACR_REGISTRY} \ | |
| --username ${{ secrets.ACR_SP_USER }} \ | |
| --password-stdin | |
| docker push ${{ steps.image-name.outputs.name }} | |
| - name: Notify slack on failure | |
| uses: 8398a7/action-slack@v3 | |
| if: failure() | |
| env: | |
| SLACK_WEBHOOK_URL: ${{ secrets.LEO_WEB_HOOK_URL }} | |
| with: | |
| status: ${{ job.status }} | |
| author_name: Publish to dev | |
| fields: job | |
| text: 'Publish failed :sadpanda:' |