Skip to content

[CORE-69]: Bump com.nimbusds:nimbus-jose-jwt from 9.45 to 9.46 in the… #2003

[CORE-69]: Bump com.nimbusds:nimbus-jose-jwt from 9.45 to 9.46 in the…

[CORE-69]: Bump com.nimbusds:nimbus-jose-jwt from 9.45 to 9.46 in the… #2003

name: Build and Test
on:
push:
branches: [ main ]
paths-ignore: [ '*.md' ]
pull_request:
branches: [ '**' ]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Set up JDK
uses: actions/setup-java@v2
with:
java-version: '17'
distribution: 'temurin'
- name: Gradle cache
uses: actions/cache@v2
with:
path: |
~/.gradle/caches
~/.gradle/wrapper
key: v1-${{ runner.os }}-gradle-${{ github.ref }}-${{ github.sha }}
restore-keys: v1-${{ runner.os }}-gradle-${{ github.ref }}
- name: Git secrets setup
run: |
git clone https://github.com/awslabs/git-secrets.git ~/git-secrets
cd ~/git-secrets
sudo make install
- name: Secrets check
run: |
sudo ln -s "$(which echo)" /usr/local/bin/say
./minnie-kenny.sh --force
git secrets --scan-history
- name: Gradle build service
run: ./gradlew --build-cache :service:build -x test
jib:
needs: [ build ]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Set up JDK
uses: actions/setup-java@v2
with:
java-version: '17'
distribution: 'temurin'
- name: Gradle cache
uses: actions/cache@v2
with:
path: |
~/.gradle/caches
~/.gradle/wrapper
key: v1-${{ runner.os }}-gradle-${{ github.ref }}-${{ github.sha }}
- name: Build image locally with jib
# build the docker image to make sure it does not error
run: |
./gradlew --build-cache :service:jibDockerBuild \
-Djib.console=plain
unit-tests:
needs: [ build ]
runs-on: ubuntu-latest
services:
postgres:
image: postgres:13
env:
POSTGRES_PASSWORD: postgres
ports: [ "5432:5432" ]
steps:
- uses: actions/checkout@v2
# Needed by sonar to get the git history for the branch the PR will be merged into.
with:
fetch-depth: 0
- name: Set up JDK
uses: actions/setup-java@v2
with:
java-version: '17'
distribution: 'temurin'
- name: Gradle cache
uses: actions/cache@v2
with:
path: |
~/.gradle/caches
~/.gradle/wrapper
key: v1-${{ runner.os }}-gradle-${{ github.ref }}-${{ github.sha }}
- name: Cache SonarCloud packages
uses: actions/cache@v2
with:
path: ~/.sonar/cache
key: ${{ runner.os }}-sonar
restore-keys: ${{ runner.os }}-sonar
- name: Make sure Postgres is ready and init
env:
PGPASSWORD: postgres
run: |
pg_isready -h localhost -t 10
psql -h localhost -U postgres -f ./service/local-dev/local-postgres-init.sql
- name: Test with coverage
run: ./gradlew --build-cache test jacocoTestReport --scan
- name: SonarQube scan
run: ./gradlew --build-cache sonar
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
notify-slack:
needs: [ build, jib, unit-tests ]
runs-on: ubuntu-latest
if: failure() && github.ref == 'refs/heads/main'
steps:
- name: Notify slack on failure
uses: broadinstitute/action-slack@v3.8.0
env:
SLACK_WEBHOOK_URL: ${{ secrets.BPM_SLACK_WEBHOOK }}
with:
channel: '#dsp-core-services-alerts'
status: failure
author_name: Build on dev
fields: workflow,message
text: 'Build failed :sadpanda:'
bump-check:
runs-on: ubuntu-latest
outputs:
is-bump: ${{ steps.skiptest.outputs.is-bump }}
steps:
- uses: actions/checkout@v2
- name: Skip version bump merges
id: skiptest
uses: ./.github/actions/bump-skip
with:
event-name: ${{ github.event_name }}
dispatch-tag:
needs: [ build, jib, unit-tests, bump-check ]
runs-on: ubuntu-latest
if: success() && needs.bump-check.outputs.is-bump == 'no' && github.ref == 'refs/heads/main'
steps:
- name: Fire off publish action
uses: broadinstitute/workflow-dispatch@v1
with:
workflow: 'Tag, publish, deploy'
token: ${{ secrets.BROADBOT_TOKEN }}