new dev #1329
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Docker | |
on: | |
push: | |
branches: | |
- '**' | |
tags: | |
- v[0-9]+.[0-9]+.[0-9]+** | |
pull_request: | |
branches: | |
- master | |
jobs: | |
tests: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Set up JDK 17 | |
uses: actions/setup-java@v4 | |
with: | |
distribution: 'temurin' | |
java-version: 17 | |
- name: Cache Local Maven Repo | |
uses: actions/cache@v4 | |
with: | |
path: ~/.m2/repository | |
key: tests-maven-${{ hashFiles('pom.xml') }} | |
- uses: s4u/[email protected] | |
with: | |
servers: | | |
[{"id": "mii", "username": "${{ github.actor }}", "password": "${{ secrets.GITHUB_TOKEN }}"}] | |
- name: Initialize CodeQL | |
uses: github/codeql-action/init@v3 | |
with: | |
languages: java | |
queries: security-and-quality | |
- name: Run Tests | |
run: mvn -Pdownload-ontology -B verify | |
- name: Upload coverage to Codecov | |
uses: codecov/codecov-action@v4 | |
env: | |
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} | |
with: | |
fail_ci_if_error: true | |
- name: Perform CodeQL Analysis | |
uses: github/codeql-action/analyze@v3 | |
- name: Upload Dataportal Backend Jar | |
uses: actions/upload-artifact@v4 | |
with: | |
name: backend-jar | |
path: target/dataportalBackend.jar | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Build and Export to Docker | |
uses: docker/build-push-action@v5 | |
with: | |
context: . | |
tags: backend:latest | |
outputs: type=docker,dest=/tmp/dataportalBackend.tar | |
- name: Upload Dataportal Backend Image | |
uses: actions/upload-artifact@v4 | |
with: | |
name: backend-image | |
path: /tmp/dataportalBackend.tar | |
security-scan: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Set up JDK 17 | |
uses: actions/setup-java@v4 | |
with: | |
distribution: 'zulu' | |
java-version: 17 | |
- name: Cache Local Maven Repo | |
uses: actions/cache@v4 | |
with: | |
path: ~/.m2/repository | |
key: security-scan-maven-${{ hashFiles('pom.xml') }} | |
- uses: s4u/[email protected] | |
with: | |
servers: | | |
[{"id": "mii", "username": "${{ github.actor }}", "password": "${{ secrets.GITHUB_TOKEN }}"}] | |
- name: Maven Package | |
run: mvn -Pdownload-ontology -B -DskipTests package | |
- name: Build and push Docker image | |
uses: docker/build-push-action@v5 | |
with: | |
context: . | |
tags: security-scan-build:latest | |
push: false | |
- name: Run Trivy Vulnerability Scanner | |
uses: aquasecurity/trivy-action@master | |
with: | |
image-ref: security-scan-build:latest | |
format: sarif | |
output: trivy-results.sarif | |
severity: 'CRITICAL,HIGH' | |
timeout: '15m0s' | |
- name: Upload Trivy Scan Results to GitHub Security Tab | |
uses: github/codeql-action/upload-sarif@v3 | |
with: | |
sarif_file: trivy-results.sarif | |
integration-test: | |
needs: tests | |
runs-on: ubuntu-22.04 | |
steps: | |
- name: Check out Git repository | |
uses: actions/checkout@v4 | |
- name: Download Dataportal Backend Image | |
uses: actions/download-artifact@v4 | |
with: | |
name: backend-image | |
path: /tmp | |
- name: Install jq | |
uses: dcarbone/[email protected] | |
- name: Load Dataportal Backend Image | |
run: docker load --input /tmp/dataportalBackend.tar | |
- name: Download ontology files from github | |
run: .github/scripts/download-and-unpack-ontology.sh | |
- name: Run Dataportal Backend with Database, Keycloak and Blaze | |
run: docker compose -f .github/integration-test/docker-compose.yml up -d | |
- name: Wait for Dataportal Backend | |
run: .github/scripts/wait-for-url.sh http://localhost:8091/actuator/health | |
- name: Check if Dataportal Backend is correctly running with the dataportal user | |
run: .github/scripts/check-if-running-as-dataportal-user.sh | |
- name: Wait for Blaze | |
run: .github/scripts/wait-for-url.sh http://localhost:8082/health | |
- name: Load Data | |
run: .github/scripts/load-test-data.sh | |
- name: Wait for Keycloak | |
run: .github/scripts/wait-for-url.sh http://localhost:8083/auth/ | |
- name: Create Test User in Keycloak | |
run: .github/scripts/create-keycloak-user.sh | |
- name: Wait for Flare | |
run: .github/scripts/wait-for-url.sh http://localhost:8092/cache/stats | |
- name: Post Test Query | |
run: .github/scripts/post-test-query.sh | |
- name: Dump docker logs on failure | |
if: failure() | |
uses: jwalton/gh-docker-logs@v2 | |
release: | |
if: ${{ startsWith(github.ref, 'refs/tags/v') }} | |
needs: | |
- tests | |
- integration-test | |
- security-scan | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Set up JDK 17 | |
uses: actions/setup-java@v4 | |
with: | |
distribution: 'temurin' | |
java-version: 17 | |
- name: Cache Local Maven Repo | |
uses: actions/cache@v4 | |
with: | |
path: ~/.m2/repository | |
key: release-maven-${{ hashFiles('pom.xml') }} | |
- uses: s4u/[email protected] | |
with: | |
servers: | | |
[{"id": "mii", "username": "${{ github.actor }}", "password": "${{ secrets.GITHUB_TOKEN }}"}] | |
- name: Prepare Version | |
id: prep | |
run: | | |
echo ::set-output name=repository::$(echo $GITHUB_REPOSITORY | tr '[:upper:]' '[:lower:]') | |
echo ::set-output name=version::${GITHUB_REF#refs/tags/v} | |
- name: Maven Package | |
run: mvn -Pdownload-ontology -B -DskipTests package | |
- name: Login to GitHub Docker Registry | |
uses: docker/login-action@v1 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v1 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Build and push Docker image | |
uses: docker/build-push-action@v5 | |
with: | |
context: . | |
platforms: linux/amd64,linux/arm64 | |
tags: | | |
ghcr.io/${{ steps.prep.outputs.repository }}:latest | |
ghcr.io/${{ steps.prep.outputs.repository }}:${{ steps.prep.outputs.version }} | |
push: true |