[IA-5017] Event pubsub google client code #159
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build and Test | |
on: | |
push: | |
branches: [ main ] | |
paths-ignore: [ '*.md' ] | |
pull_request: | |
branches: [ '**' ] | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Set up Python | |
uses: actions/setup-python@v4 | |
with: | |
python-version: '3.10' | |
- name: Install black and link shellcheck into expected location | |
run: | | |
pip install black --force-reinstall black==22.3.0 | |
sudo ln -s $(which shellcheck) /usr/local/bin/shellcheck | |
- name: Set up JDK | |
uses: actions/setup-java@v3 | |
with: | |
java-version: '17' | |
distribution: 'temurin' | |
cache: 'gradle' | |
- name: Build all projects without running tests | |
run: ./scripts/build --skip-tests project | |
jib: | |
needs: [ build ] | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Set up JDK | |
uses: actions/setup-java@v3 | |
with: | |
java-version: '17' | |
distribution: 'temurin' | |
cache: 'gradle' | |
- name: Construct docker image name and tag | |
id: image-name | |
run: | | |
GITHUB_REPO=$(basename ${{ github.repository }}) | |
GIT_SHORT_HASH=$(git rev-parse --short HEAD) | |
echo "name=${GITHUB_REPO}:${GIT_SHORT_HASH}" >> $GITHUB_OUTPUT | |
- name: Build image locally with jib | |
run: | | |
DOCKER_IMAGE_NAME_AND_TAG=${{ steps.image-name.outputs.name }} \ | |
./scripts/build docker | |
dispatch-trivy: | |
needs: [ build ] | |
runs-on: ubuntu-latest | |
if: github.event_name == 'pull_request' | |
steps: | |
- name: Fire off Trivy action | |
uses: broadinstitute/workflow-dispatch@v3 | |
with: | |
workflow: Trivy | |
token: ${{ secrets.BROADBOT_TOKEN }} | |
ref: ${{ github.event.pull_request.head.ref }} | |
source-clear: | |
needs: [ build ] | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Set up JDK | |
uses: actions/setup-java@v3 | |
with: | |
java-version: '17' | |
distribution: 'temurin' | |
cache: 'gradle' | |
- name: SourceClear scan | |
env: | |
SRCCLR_API_TOKEN: ${{ secrets.SRCCLR_API_TOKEN }} | |
run: ./gradlew --build-cache srcclr | |
unit-tests-and-sonar: | |
needs: [ build ] | |
runs-on: ubuntu-latest | |
services: | |
postgres: | |
image: postgres:13 | |
env: | |
POSTGRES_PASSWORD: postgres | |
ports: [ "5432:5432" ] | |
steps: | |
- uses: actions/checkout@v3 | |
# Needed by sonar to get the git history for the branch the PR will be merged into. | |
with: | |
fetch-depth: 0 | |
- name: Set up JDK | |
uses: actions/setup-java@v3 | |
with: | |
java-version: '17' | |
distribution: 'temurin' | |
cache: 'gradle' | |
- name: Make sure Postgres is ready and init | |
env: | |
PGPASSWORD: postgres | |
run: | | |
pg_isready -h localhost -t 10 | |
psql -h localhost -U postgres -f ./scripts/init-db/postgres-init.sql | |
- name: Test with coverage | |
run: | | |
./scripts/run tests | |
# Run the Sonar scan after `gradle test` to include code coverage data in its report. | |
- name: Sonar scan | |
run: ./gradlew --build-cache sonar --info | |
env: | |
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
integration-tests: | |
needs: [ build ] | |
runs-on: ubuntu-latest | |
services: | |
postgres: | |
image: postgres:13 | |
env: | |
POSTGRES_PASSWORD: postgres | |
ports: [ "5432:5432" ] | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Set up JDK | |
uses: actions/setup-java@v3 | |
with: | |
java-version: '17' | |
distribution: 'temurin' | |
cache: 'gradle' | |
- name: Make sure Postgres is ready and init | |
env: | |
PGPASSWORD: postgres | |
run: | | |
pg_isready -h localhost -t 10 | |
psql -h localhost -U postgres -f ./scripts/init-db/postgres-init.sql | |
- name: Render GitHub Secrets | |
run: | | |
echo "${{ secrets.DEV_FIRECLOUD_ACCOUNT_B64 }}" | base64 -d > "integration/src/main/resources/rendered/user-delegated-sa.json" | |
echo "${{ secrets.PERF_TESTRUNNER_ACCOUNT_B64 }}" | base64 -d > "integration/src/main/resources/rendered/testrunner-perf.json" | |
- name: Launch the background process for integration tests | |
run: ./scripts/run local | tee application.log & | |
- name: Wait for boot run to be ready | |
run: | | |
set +e | |
timeout 60 bash -c 'until echo > /dev/tcp/localhost/8080; do sleep 1; done' | |
resultStatus=$? | |
set -e | |
if [[ $resultStatus == 0 ]]; then | |
echo "Server started successfully" | |
else | |
echo "Server did not start successfully" | |
exit 1 | |
fi | |
- name: Run the integration test suite | |
run: | | |
./scripts/run integration | |
- name: Archive logs | |
id: archive_logs | |
if: always() | |
uses: actions/upload-artifact@v3 | |
with: | |
name: application-logs | |
path: | | |
application.log | |
dispatch-tag: | |
needs: [ build, unit-tests-and-sonar, source-clear, integration-tests ] | |
runs-on: ubuntu-latest | |
if: success() && github.ref == 'refs/heads/main' | |
steps: | |
- name: Fire off tag action | |
uses: broadinstitute/workflow-dispatch@v3 | |
with: | |
workflow: Tag | |
token: ${{ secrets.BROADBOT_TOKEN }} | |
# report workflow status in slack | |
# see https://docs.google.com/document/d/1G6-whnNJvON6Qq1b3VvRJFC7M9M-gu2dAVrQHDyp9Us/edit?usp=sharing | |
report-workflow: | |
uses: broadinstitute/sherlock/.github/workflows/client-report-workflow.yaml@main | |
with: | |
# Channels to notify upon workflow success or failure | |
notify-slack-channels-upon-workflow-completion: '#dsp-app-manager-builds' | |
# Channels to notify upon workflow success only | |
# notify-slack-channels-upon-workflow-success: "#channel-here" | |
# Channels to notify upon workflow failure only | |
# notify-slack-channels-upon-workflow-failure: "#channel-here" | |
permissions: | |
id-token: 'write' |