Run backend e2e tests with given gateway docker tag when provided in PR body, add dev docs #1359

Workflow file for this run

.github/workflows/publish.yml at 33365ac

	name: Publish

	on:
	push:
	branches:
	- develop
	- dev-[0-9]+.[0-9]+.[0-9]+
	tags:
	- v*
	pull_request:
	types:
	# publish images for PRs labeled "publish" whenever changed/labeled
	[opened, reopened, synchronize, labeled]
	workflow_dispatch:

	env:
	REGISTRY: ghcr.io
	OWNER: nasa-ammos
	IS_RELEASE: ${{ startsWith(github.ref, 'refs/tags/v') }}
	SHOULD_PUBLISH_IMAGES: ${{ (github.event_name != 'pull_request') \|\| contains(github.event.pull_request.labels.*.name, 'publish') }}
	SHOULD_PUBLISH_DEPLOYMENT: ${{ (github.event_name != 'pull_request') }}

	jobs:
	init:
	runs-on: ubuntu-latest
	permissions:
	contents: read
	outputs:
	# set these as outputs to make available later, since `env` context isn't available in `jobs.if`
	SHOULD_PUBLISH_IMAGES: ${{ env.SHOULD_PUBLISH_IMAGES }}
	SHOULD_PUBLISH_DEPLOYMENT: ${{ env.SHOULD_PUBLISH_DEPLOYMENT }}
	steps:
	- uses: actions/checkout@v4

	- uses: gradle/wrapper-validation-action@v2

	- uses: gradle/actions/setup-gradle@v3
	with:
	generate-job-summary: false

	- name: Gradle Version
	run: ./gradlew --version

	containers:
	runs-on: ubuntu-latest
	needs: init
	if: needs.init.outputs.SHOULD_PUBLISH_IMAGES == 'true'
	permissions:
	contents: read
	packages: write
	strategy:
	matrix:
	components:
	- image: aerie-merlin
	context: merlin-server
	file: merlin-server/Dockerfile
	- image: aerie-merlin-worker
	context: merlin-worker
	file: merlin-worker/Dockerfile
	- image: aerie-scheduler
	context: scheduler-server
	file: scheduler-server/Dockerfile
	- image: aerie-scheduler-worker
	context: scheduler-worker
	file: scheduler-worker/Dockerfile
	- image: aerie-sequencing
	context: sequencing-server
	file: sequencing-server/Dockerfile
	- image: aerie-hasura
	context: .
	file: docker/Dockerfile.hasura
	- image: aerie-postgres
	context: .
	file: docker/Dockerfile.postgres
	name: ${{ matrix.components.image }}
	steps:
	- name: Log SHOULD_PUBLISH_IMAGES
	run: echo ${{ needs.init.outputs.SHOULD_PUBLISH_IMAGES }}

	- uses: actions/checkout@v4

	- uses: actions/setup-java@v4
	with:
	distribution: "temurin"
	java-version: "21"

	- name: Init Gradle cache
	uses: gradle/actions/setup-gradle@v3
	with:
	generate-job-summary: false

	- name: Set up QEMU
	uses: docker/setup-qemu-action@v3
	with:
	platforms: linux/amd64,linux/arm64

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3

	- name: Login to ${{ env.REGISTRY }}
	uses: docker/login-action@v3
	with:
	registry: ${{ env.REGISTRY }}
	username: ${{ github.actor }}
	password: ${{ github.token }}

	- name: Extract metadata (tags, labels) for ${{ matrix.components.image }}
	id: metadata-step
	uses: docker/metadata-action@v5
	with:
	images: ${{ env.REGISTRY }}/${{ env.OWNER }}/${{ matrix.components.image }}

	- name: Assemble ${{ matrix.components.context }}
	env:
	component: ${{ matrix.components.context }}
	run: \|
	set -x
	# aerie-hasura and aerie-postgres don't need compiled java
	if [[ "$component" != "." ]]; then
	./gradlew ":$component:assemble" --no-daemon --parallel
	fi

	- name: Build and push ${{ matrix.components.image }}
	uses: docker/build-push-action@v5
	with:
	context: ${{ matrix.components.context }}
	file: ${{ matrix.components.file }}
	platforms: linux/amd64,linux/arm64
	push: true
	tags: ${{ steps.metadata-step.outputs.tags }}
	labels: ${{ steps.metadata-step.outputs.labels }}

	scan:
	runs-on: ubuntu-latest
	needs: containers
	if: needs.init.outputs.SHOULD_PUBLISH_IMAGES == 'true'
	strategy:
	matrix:
	image:
	- aerie-merlin
	- aerie-merlin-worker
	- aerie-scheduler
	- aerie-scheduler-worker
	- aerie-sequencing
	- aerie-hasura
	- aerie-postgres
	fail-fast: false
	name: scan ${{ matrix.image }}
	steps:
	- uses: actions/checkout@v4

	- name: Scan ${{ matrix.image }} for vulnerabilities
	uses: aquasecurity/[email protected]
	env:
	TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db
	TRIVY_JAVA_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-java-db
	with:
	image-ref: ${{ env.REGISTRY }}/${{ env.OWNER }}/${{ matrix.image }}:develop
	ignore-unfixed: true
	exit-code: "1"
	severity: "CRITICAL"
	format: "template"
	template: "@/contrib/html.tpl"
	scanners: "vuln"
	output: "${{ matrix.image }}-results.html"
	trivyignores: .github/config/.trivyignore

	- name: Upload ${{ matrix.image }} scan results
	if: always()
	uses: actions/upload-artifact@v4
	with:
	name: Vuln Scan Results - ${{ matrix.image }}
	path: "${{ matrix.image }}-results.html"

	publish:
	name: gradle publish
	runs-on: ubuntu-latest
	needs: init
	if: needs.init.outputs.SHOULD_PUBLISH_DEPLOYMENT == 'true'
	permissions:
	contents: read
	packages: write
	steps:
	- uses: actions/checkout@v4

	- name: Gradle Cache
	uses: gradle/actions/setup-gradle@v3
	with:
	generate-job-summary: false

	- name: Publish Package
	run: ./gradlew publish -Pversion.isRelease=$IS_RELEASE --parallel
	env:
	GITHUB_TOKEN: ${{ github.token }}

	- name: Create deployment archive
	run: ./gradlew archiveDeployment

	- name: Publish deployment
	uses: actions/upload-artifact@v4
	with:
	name: Deployment
	path: deployment.tar

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Run backend e2e tests with given gateway docker tag when provided in PR body, add dev docs #1359

Workflow file

Run backend e2e tests with given gateway docker tag when provided in PR body, add dev docs #1359

Jobs

Run details

Workflow file for this run