SDCSRM-385 Dependabot PRs for Security Only (#59) #61
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: Checks and Tests | |
on: | |
push: | |
branches: [ main ] | |
pull_request: | |
branches: [ main ] | |
jobs: | |
java-checks-and-tests: | |
name: Java Checks and Tests | |
runs-on: ubuntu-latest | |
# Add "id-token" with the required permissions. | |
permissions: | |
contents: 'read' | |
id-token: 'write' | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
# Google auth allows maven to pull artifacts from our registry | |
# And acquire a token for authenticating with the docker registry | |
- id: auth | |
name: Authenticate to Google Cloud | |
uses: google-github-actions/auth@v1 | |
with: | |
token_format: 'access_token' | |
workload_identity_provider: ${{ secrets.WIF_PROVIDER }} | |
service_account: ${{ secrets.SERVICE_ACCOUNT }} | |
# Authenticating with Dockerhub ensures image pulls are authenticated, so not as severely rate limited | |
- name: Log in to Dockerhub | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
# Also log docker in to GCP, to allow image pulls from our private registries | |
- name: Log in to Google Docker Artifact Registry | |
uses: docker/login-action@v3 | |
with: | |
registry: europe-west2-docker.pkg.dev | |
username: oauth2accesstoken | |
password: ${{ steps.auth.outputs.access_token }} | |
- name: Set Up JDK 17 | |
uses: actions/setup-java@v3 | |
with: | |
java-version: 17 | |
distribution: temurin | |
cache: maven | |
- name: Set Up Docker Network | |
run: docker network create ssdcrmdockerdev_default | |
- name: Maven Checks | |
run: make check | |
- name: Run Tests | |
run: make test | |
- name: Run Codecov | |
uses: codecov/codecov-action@v3 | |
with: | |
token: ${{ secrets.CODECOV_TOKEN }} | |
# NB: fail_ci_if_error is enabled to make any teething issues with Codecov visible. | |
# If Codecov has outage issues in the future, this can be toggled to false to allow the action to pass. | |
fail_ci_if_error: true |