Update SCS and java-cfenv versions (2022.0.x) #250
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: 'CI - PR' | |
| on: | |
| pull_request: | |
| env: | |
| MAIN_PATH: 'build-dir' | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| MAVEN_THREADS: 'false' | |
| jobs: | |
| build: | |
| if: github.repository == 'spring-cloud/stream-applications' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: 'Configure: checkout stream-applications@${{ github.ref_name }}' | |
| uses: actions/checkout@v3 | |
| - name: 'Configure: checkout stream-applications@main' | |
| id: checkout-main | |
| uses: actions/checkout@v3 | |
| with: | |
| ref: 'main' | |
| path: ${{ env.MAIN_PATH }} | |
| - name: 'Configure: Install gh cli' | |
| uses: ./.github/actions/install-gh | |
| - name: 'Configure: Ensure scripts are executable' | |
| shell: bash | |
| run: find . -type f -name "*.sh" -exec chmod a+x '{}' \; | |
| - name: 'Configure: Install Java' | |
| if: ${{ github.base_ref != 'main' }} | |
| uses: actions/setup-java@v1 | |
| with: | |
| java-version: 17 | |
| - name: 'Configure: Install GraalVM' | |
| if: ${{ github.base_ref == 'main' }} | |
| uses: graalvm/setup-graalvm@v1 | |
| with: | |
| version: 'latest' | |
| java-version: '17' | |
| components: 'js' | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: 'Configure: cache for maven dependencies' | |
| uses: actions/cache@v3 | |
| with: | |
| path: ~/.m2/repository | |
| key: maven-repo-${{ hashFiles('**/pom.xml') }}-pr-${{ github.base_ref }} | |
| restore-keys: | | |
| maven-repo-${{ hashFiles('**/pom.xml') }}-pr-${{ github.base_ref }} | |
| maven-repo-${{ hashFiles('**/pom.xml') }} | |
| maven-repo- | |
| - name: 'Configure: Install xsltproc' | |
| uses: ./.github/actions/install-xsltproc | |
| - name: 'Action: verify changed modules' | |
| shell: bash | |
| env: | |
| VERBOSE: ${{ github.debug && 'true' || '' }} | |
| run: | | |
| PR=$(echo "${{ github.ref_name }}" | grep -o '[[:digit:]]*') | |
| echo "Checking out pull request #$PR" | |
| gh pr checkout $PR | |
| BUILD_DIR=$(realpath $MAIN_PATH) | |
| echo "Changed files:" | |
| gh pr diff --name-only | |
| CHANGED=$(gh pr diff --name-only) | |
| $BUILD_DIR/scripts/determine-modules-changed.sh "$CHANGED" | |
| MODULES=$(jq '.[]' modules.json | sed 's/\"//g') | |
| FOLDERS= | |
| ROOT_MODULES= | |
| if [ "$MAVEN_THREADS" = "true" ]; then | |
| MVN_THR="-T 0.5C" | |
| else | |
| MVN_THR= | |
| fi | |
| MAVEN_OPTS="-s $BUILD_DIR/.settings.xml -B -U $MVN_THR" | |
| echo "VERBOSE=$VERBOSE" | |
| if [ "$VERBOSE" = "true" ]; then | |
| MAVEN_OPTS="-X $MAVEN_OPTS" | |
| fi | |
| for module in $MODULES; do | |
| if [[ "$module" == *"/"* ]]; then | |
| if [ "$FOLDERS" = "" ]; then | |
| FOLDERS="$module" | |
| else | |
| FOLDERS="$FOLDERS,$module" | |
| fi | |
| else | |
| if [ "$ROOT_MODULES" == "" ]; then | |
| ROOT_MODULES=$module | |
| else | |
| ROOT_MODULES="$ROOT_MODULES,$module" | |
| fi | |
| fi | |
| done | |
| set +e | |
| if [ "$ROOT_MODULES" != "" ]; then | |
| # Module with no / are probably a root module that contains other modules and will trigger a lot of dependant builds without real value | |
| echo "::info ::building $ROOT_MODULES" | |
| echo "::debug ::MAVEN:./mvnw $MAVEN_OPTS -pl $ROOT_MODULES install" | |
| ./mvnw $MAVEN_OPTS -pl $ROOT_MODULES install | |
| RC=$? | |
| if ((RC!=0)); then | |
| exit $RC | |
| fi | |
| fi | |
| if [ "$FOLDERS" != "" ]; then | |
| echo "::info ::verify $FOLDERS and dependents" | |
| echo "::debug ::MAVEN:./mvnw $MAVEN_OPTS -amd -pl $FOLDERS install" | |
| ./mvnw $MAVEN_OPTS -amd -pl $FOLDERS install | |
| RC=$? | |
| if ((RC!=0)); then | |
| exit $RC | |
| fi | |
| fi | |
| # Build any applications that was compiled but don't deploy to artifactory. | |
| PROCESSORS=$(find ./applications/processor -name target -exec ./parent-dir '{}' \;) | |
| SINKS=$(find ./applications/sink -name target -exec ./parent-dir '{}' \;) | |
| SOURCES=$(find ./applications/source -name target -exec ./parent-dir '{}' \;) | |
| # true as 3rd argument ensures that jars aren't deployed and containers aren't built. | |
| for appdir in $PROCESSORS; do | |
| ./build-app.sh . "./$appdir" true | |
| done | |
| for appdir in $SOURCES; do | |
| ./build-app.sh . "./$appdir" true | |
| done | |
| for appdir in $SINKS; do | |
| ./build-app.sh . "./$appdir" true | |
| done | |
| - name: 'Upload: Error logs' | |
| if: ${{ failure() }} | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: 'modified-surefire-reports' | |
| path: '**/target/surefire-reports' | |
| retention-days: 7 | |
| if-no-files-found: ignore | |
| - name: 'Built' | |
| shell: bash | |
| run: echo "::info ::Built" | |
| scan: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v2 | |
| - name: Run Trivy vulnerability scanner in repo mode | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| scan-type: 'fs' | |
| ignore-unfixed: true | |
| format: 'table' | |
| severity: 'CRITICAL,HIGH' | |
| - name: 'Scanned' | |
| shell: bash | |
| run: echo "::info ::Scanned" | |
| done: | |
| runs-on: ubuntu-latest | |
| needs: [ scan, build ] | |
| steps: | |
| - name: 'Done' | |
| shell: bash | |
| run: echo "::info ::Done" |