Changed: using advanced HTML sanitization for featured item content #8910
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Maven Tests | |
on: | |
push: | |
paths: | |
- "**.java" | |
- "**.sql" | |
- "pom.xml" | |
- "modules/**/pom.xml" | |
- "!modules/container-base/**" | |
- "!modules/dataverse-spi/**" | |
pull_request: | |
paths: | |
- "**.java" | |
- "**.sql" | |
- "pom.xml" | |
- "modules/**/pom.xml" | |
- "!modules/container-base/**" | |
- "!modules/dataverse-spi/**" | |
jobs: | |
unittest: | |
name: (${{ matrix.status}} / JDK ${{ matrix.jdk }}) Unit Tests | |
strategy: | |
fail-fast: false | |
matrix: | |
jdk: [ '17' ] | |
experimental: [false] | |
status: ["Stable"] | |
continue-on-error: ${{ matrix.experimental }} | |
runs-on: ubuntu-latest | |
steps: | |
# TODO: As part of #10618 change to setup-maven custom action | |
# Basic setup chores | |
- uses: actions/checkout@v4 | |
- name: Set up JDK ${{ matrix.jdk }} | |
uses: actions/setup-java@v4 | |
with: | |
java-version: ${{ matrix.jdk }} | |
distribution: temurin | |
cache: maven | |
# The reason why we use "install" here is that we want the submodules to be available in the next step. | |
# Also, we can cache them this way for jobs triggered by this one. We need to skip ITs here, as we run | |
# them in the next job - but install usually runs through verify phase. | |
- name: Build with Maven and run unit tests | |
run: > | |
mvn -B -f modules/dataverse-parent | |
-Dtarget.java.version=${{ matrix.jdk }} | |
-DcompilerArgument=-Xlint:unchecked -P all-unit-tests | |
-DskipIntegrationTests | |
-pl edu.harvard.iq:dataverse -am | |
install | |
# We don't want to cache the WAR file, so delete it | |
- run: rm -rf ~/.m2/repository/edu/harvard/iq/dataverse | |
# Upload the built war file. For download, it will be wrapped in a ZIP by GitHub. | |
# See also https://github.com/actions/upload-artifact#zipped-artifact-downloads | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: dataverse-java${{ matrix.jdk }}.war | |
path: target/dataverse*.war | |
retention-days: 7 | |
# Store the build for the next step (integration test) to avoid recompilation and to transfer coverage reports | |
- run: | | |
tar -cvf java-builddir.tar target | |
tar -cvf java-m2-selection.tar ~/.m2/repository/io/gdcc/dataverse-* | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: java-artifacts | |
path: | | |
java-builddir.tar | |
java-m2-selection.tar | |
retention-days: 3 | |
integration-test: | |
runs-on: ubuntu-latest | |
needs: unittest | |
name: (${{ matrix.status}} / JDK ${{ matrix.jdk }}) Integration Tests | |
strategy: | |
fail-fast: false | |
matrix: | |
jdk: [ '17' ] | |
experimental: [ false ] | |
status: [ "Stable" ] | |
# | |
# JDK 17 builds disabled due to non-essential fails marking CI jobs as completely failed within | |
# Github Projects, PR lists etc. This was consensus on Slack #dv-tech. See issue #8094 | |
# (This is a limitation of how Github is currently handling these things.) | |
# | |
#include: | |
# - jdk: '17' | |
# experimental: true | |
# status: "Experimental" | |
continue-on-error: ${{ matrix.experimental }} | |
steps: | |
# TODO: As part of #10618 change to setup-maven custom action | |
# Basic setup chores | |
- uses: actions/checkout@v4 | |
- name: Set up JDK ${{ matrix.jdk }} | |
uses: actions/setup-java@v4 | |
with: | |
java-version: ${{ matrix.jdk }} | |
distribution: temurin | |
cache: maven | |
# Get the build output from the unit test job | |
- uses: actions/download-artifact@v4 | |
with: | |
name: java-artifacts | |
- run: | | |
tar -xvf java-builddir.tar | |
tar -xvf java-m2-selection.tar -C / | |
# Run integration tests (but not unit tests again) | |
- run: mvn -DskipUnitTests -Dtarget.java.version=${{ matrix.jdk }} verify | |
# Wrap up and send to coverage job | |
- run: tar -cvf java-reportdir.tar target/site | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: java-reportdir | |
path: java-reportdir.tar | |
retention-days: 3 | |
coverage-report: | |
runs-on: ubuntu-latest | |
needs: integration-test | |
name: Coverage Report Submission | |
steps: | |
# TODO: As part of #10618 change to setup-maven custom action | |
# Basic setup chores | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-java@v4 | |
with: | |
java-version: '17' | |
distribution: temurin | |
cache: maven | |
# Get the build output from the integration test job | |
- uses: actions/download-artifact@v4 | |
with: | |
name: java-reportdir | |
- run: tar -xvf java-reportdir.tar | |
# Deposit Code Coverage | |
- name: Deposit Code Coverage | |
env: | |
CI_NAME: github | |
COVERALLS_SECRET: ${{ secrets.GITHUB_TOKEN }} | |
# The coverage commit is sometimes flaky. Don't bail out just because this optional step failed. | |
continue-on-error: true | |
run: > | |
mvn -B | |
-DrepoToken=${COVERALLS_SECRET} -DpullRequest=${{ github.event.number }} | |
jacoco:report coveralls:report | |
# NOTE: this may be extended with adding a report to the build output, leave a comment, send to Sonarcloud, ... | |
# TODO: Add a filter step here, that avoids calling the app image release workflow if there are changes to the base image. | |
# Use https://github.com/dorny/paths-filter to solve this. Will require and additional job or adding to integration-test job. | |
# This way we ensure that we're not running the app image flow with a non-matching base image. | |
# To become a part of #10618. | |
push-app-img: | |
name: Publish App Image | |
permissions: | |
contents: read | |
packages: write | |
pull-requests: write | |
needs: integration-test | |
uses: ./.github/workflows/container_app_push.yml | |
secrets: inherit |