Skip to content

Update to Rails 7.2 #7805

Update to Rails 7.2

Update to Rails 7.2 #7805

Workflow file for this run

name: "DPC CI Workflow"
on:
pull_request:
paths-ignore:
- .github/workflows/opt-out-*
- lambda/**
workflow_dispatch: # Allow manual trigger
env:
VAULT_PW: ${{ secrets.VAULT_PW }}
REPORT_COVERAGE: true
DPC_CA_CERT: ${{ secrets.DPC_CA_CERT }}
ENV: "github-ci"
jobs:
build-api:
name: "Build and Test API"
runs-on: ubuntu-20.04
steps:
- name: "Checkout code"
uses: actions/checkout@v4
- name: "Set up JDK 11"
uses: actions/setup-java@v1
with:
java-version: "11"
- name: "Set up Python 3.8.1"
uses: actions/setup-python@v2
with:
python-version: "3.8.1"
- name: "API Build"
run: |
make ci-app
- name: "Move jacoco reports"
run: |
sudo mkdir jacoco-reports
sudo cp ./dpc-aggregation/target/site/jacoco-it/jacoco.xml jacoco-reports/dpc-aggregation-it-jacoco.xml
sudo cp ./dpc-aggregation/target/site/jacoco/jacoco.xml jacoco-reports/dpc-aggregation-jacoco.xml
sudo cp ./dpc-api/target/site/jacoco-it/jacoco.xml jacoco-reports/dpc-api-it-jacoco.xml
sudo cp ./dpc-api/target/site/jacoco/jacoco.xml jacoco-reports/dpc-api-jacoco.xml
sudo cp ./dpc-attribution/target/site/jacoco-it/jacoco.xml jacoco-reports/dpc-attribution-it-jacoco.xml
sudo cp ./dpc-attribution/target/site/jacoco/jacoco.xml jacoco-reports/dpc-attribution-jacoco.xml
sudo cp ./dpc-bluebutton/target/site/jacoco/jacoco.xml jacoco-reports/dpc-bluebutton-jacoco.xml
sudo cp ./dpc-common/target/site/jacoco/jacoco.xml jacoco-reports/dpc-common-jacoco.xml
sudo cp ./dpc-consent/target/site/jacoco-it/jacoco.xml jacoco-reports/dpc-consent-it-jacoco.xml
sudo cp ./dpc-consent/target/site/jacoco/jacoco.xml jacoco-reports/dpc-consent-jacoco.xml
sudo cp ./dpc-macaroons/target/site/jacoco/jacoco.xml jacoco-reports/dpc-macaroons-jacoco.xml
sudo cp ./dpc-queue/target/site/jacoco/jacoco.xml jacoco-reports/dpc-queue-jacoco.xml
- name: Upload jacoco reports
uses: actions/upload-artifact@v3
with:
name: code-coverage-report-dpc-api
path: ./jacoco-reports
- name: "Smoke Test"
run: |
make smoke
build-dpc-web:
name: "Build and Test DPC Web"
runs-on: ubuntu-latest
steps:
- name: "Checkout code"
uses: actions/checkout@v4
- name: "DPC Web Build"
run: |
make ci-web-portal
- name: "Reformat test results" # Sonarqube will run in a docker container and wants the paths to be from /github/workspace
run: |
sudo jq '.RSpec.coverage |= with_entries(if .key | contains("dpc-web") then .key |= sub("/dpc-web"; "/github/workspace/dpc-web") else . end)' dpc-web/coverage/.resultset.json > web-resultset.json
- name: Archive code coverage results
uses: actions/upload-artifact@v3
with:
name: code-coverage-report-dpc-web
path: ./web-resultset.json
build-dpc-admin:
name: "Build and Test DPC Admin Portal"
runs-on: ubuntu-latest
steps:
- name: "Checkout code"
uses: actions/checkout@v4
- name: "DPC Admin Portal Build"
run: |
make ci-admin-portal
- name: "Reformat test results" # Sonarqube will run in a docker container and wants the paths to be from /github/workspace
run: |
sudo jq '.RSpec.coverage |= with_entries(if .key | contains("dpc-admin") then .key |= sub("/dpc-admin"; "/github/workspace/dpc-admin") else . end)' dpc-admin/coverage/.resultset.json > admin-resultset.json
- name: Archive code coverage results
uses: actions/upload-artifact@v3
with:
name: code-coverage-report-dpc-admin
path: ./admin-resultset.json
build-dpc-portal:
name: "Build and Test DPC Portal"
runs-on: ubuntu-latest
steps:
- name: "Checkout code"
uses: actions/checkout@v4
- name: "DPC Portal Build"
run: |
make ci-portal
- name: "Reformat test results" # Sonarqube will run in a docker container and wants the paths to be from /github/workspace
run: |
sudo jq '.RSpec.coverage |= with_entries(if .key | contains("dpc-portal") then .key |= sub("/dpc-portal"; "/github/workspace/dpc-portal") else . end)' dpc-portal/coverage/.resultset.json > portal-resultset.json
- name: Archive code coverage results
uses: actions/upload-artifact@v3
with:
name: code-coverage-report-dpc-portal
path: ./portal-resultset.json
build-dpc-client:
name: "Build and Test DPC Client"
runs-on: ubuntu-latest
steps:
- name: "Checkout code"
uses: actions/checkout@v4
- name: "DPC Client Build"
run: |
make ci-api-client
sonar-quality-gate-dpc-web-and-admin:
name: Sonarqube Quality Gate for dpc-web and dpc-admin
needs: [build-dpc-admin, build-dpc-web]
runs-on: self-hosted
env:
# Workaround until https://jira.cms.gov/browse/PLT-338 is implemented.
ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION: "true"
steps:
- name: "Checkout code"
uses: actions/checkout@v4
- name: Download web code coverage
uses: actions/download-artifact@v3
with:
name: code-coverage-report-dpc-web
- name: Download admin code coverage
uses: actions/download-artifact@v3
with:
name: code-coverage-report-dpc-admin
- name: Set env vars from AWS params
uses: cmsgov/ab2d-bcda-dpc-platform/actions/aws-params-env-action@main
env:
AWS_REGION: ${{ vars.AWS_REGION }}
with:
params: |
SONAR_HOST_URL=/sonarqube/url
SONAR_TOKEN=/sonarqube/token
- name: Run quality gate scan
uses: sonarsource/sonarqube-scan-action@master
with:
args:
-Dsonar.projectKey=bcda-dpc-web
-Dsonar.sources=./dpc-web/app,./dpc-web/lib,./dpc-admin/app,./dpc-admin/lib
-Dsonar.ruby.coverage.reportPaths=./web-resultset.json,./admin-resultset.json
-Dsonar.working.directory=./sonar_workspace
-Dsonar.branch.name=${{ github.event_name == 'pull_request' && github.head_ref || github.ref_name }}
-Dsonar.projectVersion=${{ github.ref_name == 'main' && github.sha || 'branch' }}
-Dsonar.qualitygate.wait=true
sonar-quality-gate-dpc-portal:
name: Sonarqube Quality Gate for dpc-portal
needs: build-dpc-portal
runs-on: self-hosted
env:
# Workaround until https://jira.cms.gov/browse/PLT-338 is implemented.
ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION: "true"
steps:
- name: "Checkout code"
uses: actions/checkout@v4
- name: Download code coverage
uses: actions/download-artifact@v3
with:
name: code-coverage-report-dpc-portal
- name: Set env vars from AWS params
uses: cmsgov/ab2d-bcda-dpc-platform/actions/aws-params-env-action@main
env:
AWS_REGION: ${{ vars.AWS_REGION }}
with:
params: |
SONAR_HOST_URL=/sonarqube/url
SONAR_TOKEN=/sonarqube/token
- name: Run quality gate scan
uses: sonarsource/sonarqube-scan-action@master
with:
args:
-Dsonar.projectKey=bcda-dpc-portal
-Dsonar.sources=./dpc-portal/app,./dpc-portal/lib
-Dsonar.coverage.exclusions=**/*_preview.rb,**/*html.erb,**/application_*
-Dsonar.ruby.coverage.reportPaths=./portal-resultset.json
-Dsonar.working.directory=./sonar_workspace
-Dsonar.branch.name=${{ github.event_name == 'pull_request' && github.head_ref || github.ref_name }}
-Dsonar.projectVersion=${{ github.ref_name == 'main' && github.sha || 'branch' }}
-Dsonar.qualitygate.wait=true
sonar-quality-gate-dpc-api:
name: Sonarqube Quality Gate for dpc-api
needs: build-api
runs-on: self-hosted
env:
# Workaround until https://jira.cms.gov/browse/PLT-338 is implemented.
ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION: true
steps:
- name: Checkout Code
uses: actions/checkout@v4
- name: Setup Java
uses: actions/setup-java@v3
with:
java-version: '11'
distribution: temurin
cache: maven
- name: Set env vars from AWS params
uses: cmsgov/ab2d-bcda-dpc-platform/actions/aws-params-env-action@main
env:
AWS_REGION: ${{ vars.AWS_REGION }}
with:
params: |
SONAR_HOST_URL=/sonarqube/url
SONAR_TOKEN=/sonarqube/token
- name: Install Maven 3.6.3
run: |
export PATH="$PATH:/opt/maven/bin"
echo "PATH=$PATH" >> $GITHUB_ENV
if mvn -v; then echo "Maven already installed" && exit 0; else echo "Installing Maven"; fi
tmpdir="$(mktemp -d)"
curl -LsS https://archive.apache.org/dist/maven/maven-3/3.6.3/binaries/apache-maven-3.6.3-bin.tar.gz | tar xzf - -C "$tmpdir"
sudo rm -rf /opt/maven
sudo mv "$tmpdir/apache-maven-3.6.3" /opt/maven
- name: Clean maven
run: |
mvn -ntp -U clean
- name: Compile Project
run: |
mvn clean compile -Perror-prone -B -V -ntp
- name: Download code coverage
uses: actions/download-artifact@v3
with:
name: code-coverage-report-dpc-api
path: jacoco-reports
- name: Verify download
run: |
find . -name dpc-api-jacoco.xml
- name: Run quality gate scan
run: |
mvn org.sonarsource.scanner.maven:sonar-maven-plugin:3.7.0.1746:sonar -Dsonar.projectKey=bcda-dpc-api -Dsonar.branch.name=${{ github.event_name == 'pull_request' && github.head_ref || github.event_name == 'pull_request' && github.head_ref || github.ref_name }} -Dsonar.working.directory=./.sonar_workspace -Dsonar.projectVersion=${{ github.ref_name == 'main' && github.sha || 'branch' }} -Dsonar.qualitygate.wait=true -Dsonar.coverage.jacoco.xmlReportPaths="../jacoco-reports/*.xml"