-
Notifications
You must be signed in to change notification settings - Fork 5
193 lines (193 loc) · 8.9 KB
/
build-and-test.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
name: Build and test
run-name: Building and testing branch ${{ github.ref }}
on:
pull_request: # run on every pull request
push:
branches: # run only on protected branches (develop & master_*)
- develop
- master_*
jobs:
build-frontend:
name: Build Frontend
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: "14.15.1"
cache: "npm"
cache-dependency-path: |
ui/ui-frontend-common/package-lock.json
ui/ui-frontend/package-lock.json
- name: Install ui-frontend-common dependencies
working-directory: ui/ui-frontend-common
run: npm install
# Linting is disabled. In this branch, we were using deprecated TSLint. We backport features from more recent branches that conform to new ESLint linter which rules are not identical to TSLint ones. So, we have to disable linting.
# - name: Lint ui-frontend-common with TSLint # We run TSLint in that GitHub Action because it requires to install project's dependencies (Prettier is run in "lint" GitHub Action)
# working-directory: ui/ui-frontend-common
# run: npm run lint
- name: Build ui-frontend-common
working-directory: ui/ui-frontend-common
run: npm run build:prod
- name: Package ui-frontend-common
working-directory: ui/ui-frontend-common
run: npm run packagr:tar
- name: Run tests on ui-frontend-common
working-directory: ui/ui-frontend-common
run: npm run test:conf-ci
- name: Install ui-frontend dependencies
working-directory: ui/ui-frontend
run: npm install ui-frontend-common --legacy-peer-deps --loglevel warn
# Linting is disabled. In this branch, we were using deprecated TSLint. We backport features from more recent branches that conform to new ESLint linter which rules are not identical to TSLint ones. So, we have to disable linting.
# - name: Lint ui-frontend with TSLint # We run TSLint in that GitHub Action because it requires to install project's dependencies (Prettier is run in "lint" GitHub Action)
# working-directory: ui/ui-frontend
# run: npm run lint
- name: Build vitamui-library
working-directory: ui/ui-frontend
run: npm run build:vitamui-library
- name: Copy vitamui-library SCSS
working-directory: ui/ui-frontend
run: npm run copy-scss:vitamui-library
- name: Build ui-frontend apps
working-directory: ui/ui-frontend
run: npm run build:allModules
- name: Run tests on ui-frontend apps
working-directory: ui/ui-frontend
run: npm run ci:test
- name: Package ui-frontend apps
working-directory: ui/ui-frontend
run: npm run package:all
- name: Save JUnit report as artifact
uses: mikepenz/[email protected]
if: success() || failure() # always run even if the previous step fails
with:
report_paths: |
**/target/junit/*.xml
check_name: Frontend Test Report
- name: Save test & coverage reports as artifact
if: success() || failure() # always run even if the previous step fails
uses: actions/upload-artifact@v4
with:
name: frontend-test-reports
path: |
**/target/junit/*.xml
**/target/coverage/*
build-backend:
name: Build Backend
runs-on: ubuntu-22.04 # We stay on Ubuntu 22.04, otherwise, timezone configuration would not be taken into account in Java on Ubuntu 24.04 (for unexplained reasons) and would break unit tests
steps:
- uses: szenius/[email protected]
with:
timezoneLinux: "Europe/Paris" # we set the timezone for Unit Tests to pass (we shouldn't need to, but it's currently required)
- uses: actions/checkout@v4
- uses: actions/setup-java@v4
with:
distribution: "temurin"
java-version: "11"
- name: Restore maven cache # We're not using cache feature from actions/setup-java as it's not allowing to fine-tune it (in particular, we can't use restore-keys to load a previous cache if cache name mismatches)
uses: actions/cache@v4
with:
# See https://github.com/actions/toolkit/issues/713 for why we use */*/* to be able to exclude dependency-check-data from the cache
path: |
~/.m2/repository/*/*/*
!~/.m2/repository/org/owasp/dependency-check-data
key: maven-${{ runner.os }}-${{ hashFiles('**/pom.xml') }}
restore-keys: maven-${{ runner.os }}-${{ github.ref_protected && hashFiles('**/pom.xml') || '' }} # If the key doesn't exist, tries to find a previous cache to speedup build, except for protected branches (to make sure we have a clean cache)
- name: Get today's date
id: get-date
run: |
echo "today=$(/bin/date -u "+%Y-%m-%d")" >> $GITHUB_OUTPUT
shell: bash
- name: Restore latest owasp-dependency-check cache
uses: actions/cache@v4
with:
path: ~/.m2/repository/org/owasp/dependency-check-data
key: owasp-dependency-check-${{ steps.get-date.outputs.today }} # The key changes every day
restore-keys: owasp-dependency-check- # If the key doesn't exist, tries to find a previous cache
- name: Build and test
run: >
mvn --settings .ci/github-actions-settings.xml
-Pvitam,no-cve-proxy
-Dspotless.check.skip=true
--batch-mode --errors -U
--projects '!cots/vitamui-mongo-express'
--projects '!ui'
--projects '!ui/ui-archive-search'
--projects '!ui/ui-collect'
--projects '!ui/ui-commons'
--projects '!ui/ui-frontend'
--projects '!ui/ui-frontend-common'
--projects '!ui/ui-identity'
--projects '!ui/ui-ingest'
--projects '!ui/ui-pastis'
--projects '!ui/ui-portal'
--projects '!ui/ui-referential'
verify
env:
SERVICE_NEXUS_URL: ${{ secrets.SERVICE_NEXUS_URL }}
CI_USR: ${{ secrets.CI_USR }}
CI_PSW: ${{ secrets.CI_PSW }}
- name: Save JUnit report as artifact
uses: mikepenz/[email protected]
if: success() || failure() # always run even if the previous step fails
with:
report_paths: |
**/target/surefire-reports/*.xml
check_name: Backend Test Report
- name: Save test & coverage reports as artifact
if: success() || failure() # always run even if the previous step fails
uses: actions/upload-artifact@v4
with:
name: backend-test-reports
path: |
**/target/surefire-reports/*.xml
**/target/site/jacoco/jacoco.xml
- name: Save generated classes as (temporary) artifact for SonarCloud analysis
if: ${{ github.event_name == 'push' && github.ref_protected }} # only save generated classes when executing SonarCloud analysis
uses: actions/upload-artifact@v4
with:
name: backend-generated-classes
path: |
**/target/classes/**/*
**/target/test-classes/**/*
sonarcloud:
name: Run SonarCloud analysis
needs: [build-frontend, build-backend]
if: ${{ github.event_name == 'push' && github.ref_protected }} # only run SonarCloud analysis on protected branches
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Restore maven cache # We need maven cache for Sonar to have access to java libraries code
uses: actions/cache/restore@v4
with:
fail-on-cache-miss: true
path: |
~/.m2/repository/*/*/*
!~/.m2/repository/org/owasp/dependency-check-data
key: maven-${{ runner.os }}-${{ hashFiles('**/pom.xml') }}
- name: Copy m2 repository in workspace "lib" directory to make it available from SonarCloud docker container # If not copied in the source code folder, it's not visible by the docker container
run: cp -r ~/.m2/repository ${{ github.workspace }}/lib
- name: Download frontend test reports
uses: actions/download-artifact@v4
with:
name: frontend-test-reports
- name: Download backend test reports
uses: actions/download-artifact@v4
with:
name: backend-test-reports
- name: Download backend target directories
uses: actions/download-artifact@v4
with:
name: backend-generated-classes
- name: SonarCloud Scan
uses: sonarsource/[email protected]
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
- name: Delete temporary artifact
uses: geekyeggo/[email protected]
if: success() || failure() # always run even if the previous step fails
with:
name: backend-generated-classes