Skip to content

Link to function catalog docs for config props #197

Link to function catalog docs for config props

Link to function catalog docs for config props #197

Workflow file for this run

name: 'CI - PR'
on:
pull_request:
env:
MAIN_PATH: 'build-dir'
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
MAVEN_THREADS: 'true'
jobs:
build:
if: github.repository == 'spring-cloud/stream-applications'
runs-on: ubuntu-latest
steps:
- name: 'Configure: checkout stream-applications@${{ github.ref_name }}'
uses: actions/checkout@v3
- name: 'Configure: checkout stream-applications@main'
id: checkout-main
uses: actions/checkout@v3
with:
ref: 'main'
path: ${{ env.MAIN_PATH }}
- name: 'Configure: Install gh cli'
uses: ./.github/actions/install-gh
- name: 'Configure: Ensure scripts are executable'
shell: bash
run: find . -type f -name "*.sh" -exec chmod a+x '{}' \;
- name: 'Configure: Install Java'
if: ${{ github.base_ref != 'main' }}
uses: actions/setup-java@v1
with:
java-version: ${{ needs.parameters.outputs.jdk_build }}
- name: 'Configure: Install GraalVM'
if: ${{ github.base_ref == 'main' }}
uses: graalvm/setup-graalvm@v1
with:
version: 'latest'
java-version: '17'
components: 'js'
github-token: ${{ secrets.GITHUB_TOKEN }}
- name: 'Configure: cache for maven dependencies'
uses: actions/cache@v3
with:
path: ~/.m2/repository
key: maven-repo-${{ hashFiles('**/pom.xml') }}-pr-${{ github.base_ref }}
restore-keys: |
maven-repo-${{ hashFiles('**/pom.xml') }}-pr-${{ github.base_ref }}
maven-repo-${{ hashFiles('**/pom.xml') }}
maven-repo-
- name: 'Configure: Install xsltproc'
uses: ./.github/actions/install-xsltproc
- name: 'Action: verify changed modules'
shell: bash
env:
VERBOSE: ${{ github.debug && 'true' || '' }}
run: |
PR=$(echo "${{ github.ref_name }}" | grep -o '[[:digit:]]*')
echo "Checking out pull request #$PR"
gh pr checkout $PR
BUILD_DIR=$(realpath $MAIN_PATH)
echo "Changed files:"
gh pr diff --name-only
CHANGED=$(gh pr diff --name-only)
$BUILD_DIR/scripts/determine-modules-changed.sh "$CHANGED"
MODULES=$(jq '.[]' modules.json | sed 's/\"//g')
FOLDERS=
ROOT_MODULES=
if [ "$MAVEN_THREADS" = "true" ]; then
MVN_THR="-T 0.5C"
else
MVN_THR=
fi
MAVEN_OPTS="-s $BUILD_DIR/.settings.xml -B -U $MVN_THR"
echo "VERBOSE=$VERBOSE"
if [ "$VERBOSE" = "true" ]; then
MAVEN_OPTS="-X $MAVEN_OPTS"
fi
for module in $MODULES; do
if [[ "$module" == *"/"* ]]; then
if [ "$FOLDERS" = "" ]; then
FOLDERS="$module"
else
FOLDERS="$FOLDERS,$module"
fi
else
if [ "$ROOT_MODULES" == "" ]; then
ROOT_MODULES=$module
else
ROOT_MODULES="$ROOT_MODULES,$module"
fi
fi
done
set +e
if [ "$ROOT_MODULES" != "" ]; then
# Module with no / are probably a root module that contains other modules and will trigger a lot of dependant builds without real value
echo "::info ::building $ROOT_MODULES"
echo "::debug ::MAVEN:./mvnw $MAVEN_OPTS -pl $ROOT_MODULES install"
./mvnw $MAVEN_OPTS -pl $ROOT_MODULES install
RC=$?
if ((RC!=0)); then
exit $RC
fi
fi
if [ "$FOLDERS" != "" ]; then
echo "::info ::verify $FOLDERS and dependents"
echo "::debug ::MAVEN:./mvnw $MAVEN_OPTS -amd -pl $FOLDERS install"
./mvnw $MAVEN_OPTS -amd -pl $FOLDERS install
RC=$?
if ((RC!=0)); then
exit $RC
fi
fi
# Build any applications that was compiled but don't deploy to artifactory.
PROCESSORS=$(find ./applications/processor -name target -exec ./parent-dir '{}' \;)
SINKS=$(find ./applications/sink -name target -exec ./parent-dir '{}' \;)
SOURCES=$(find ./applications/source -name target -exec ./parent-dir '{}' \;)
# true as 3rd argument ensures that jars aren't deployed and containers aren't built.
for appdir in $PROCESSORS; do
./build-app.sh . "./$appdir" true
done
for appdir in $SOURCES; do
./build-app.sh . "./$appdir" true
done
for appdir in $SINKS; do
./build-app.sh . "./$appdir" true
done
- name: 'Upload: Error logs'
if: ${{ failure() }}
uses: actions/upload-artifact@v3
with:
name: 'modified-surefire-reports'
path: '**/target/surefire-reports'
retention-days: 7
if-no-files-found: ignore
- name: 'Built'
shell: bash
run: echo "::info ::Built"
scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Run Trivy vulnerability scanner in repo mode
uses: aquasecurity/trivy-action@master
with:
scan-type: 'fs'
ignore-unfixed: true
format: 'table'
severity: 'CRITICAL,HIGH'
- name: 'Scanned'
shell: bash
run: echo "::info ::Scanned"
done:
runs-on: ubuntu-latest
needs: [ scan, build ]
steps:
- name: 'Done'
shell: bash
run: echo "::info ::Done"