Merge pull request #407 from medizininformatik-initiative/release/v6.… #1442

Workflow file for this run

	name: Docker

	on:
	push:
	branches:
	- '**'
	tags:
	- v[0-9]+.[0-9]+.[0-9]+**
	pull_request:
	branches:
	- master

	jobs:

	tests:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4

	- name: Docker Meta
	uses: docker/metadata-action@v5
	with:
	images: \|
	${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
	tags: \|
	type=ref,event=branch
	type=ref,event=pr
	type=semver,pattern={{version}}
	type=semver,pattern={{major}}.{{minor}}
	type=semver,pattern={{major}}
	type=sha
	labels: \|
	maintainer=medizininformatik-initiative
	org.opencontainers.image.authors=medizininformatik-initiative
	org.opencontainers.image.source=https://github.com/medizininformatik-initiative/feasibility-backend
	org.opencontainers.image.vendor=medizininformatik-initiative
	org.opencontainers.image.title=dataportal backend
	org.opencontainers.image.description=The backend for the dataportal, including feasibility query execution as well as data selection and extraction.

	- name: Set up JDK 22
	uses: actions/setup-java@v4
	with:
	distribution: 'temurin'
	java-version: 22

	- name: Cache Local Maven Repo
	uses: actions/cache@v4
	with:
	path: ~/.m2/repository
	key: tests-maven-${{ hashFiles('pom.xml') }}

	- uses: s4u/[email protected]
	with:
	servers: \|
	[{"id": "mii", "username": "${{ github.actor }}", "password": "${{ secrets.GITHUB_TOKEN }}"}]

	- name: Initialize CodeQL
	uses: github/codeql-action/init@v3
	with:
	languages: java
	queries: security-and-quality

	- name: Run Tests
	run: mvn -Pdownload-ontology -B verify

	- name: Upload coverage to Codecov
	uses: codecov/codecov-action@v4
	env:
	CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
	with:
	fail_ci_if_error: true

	- name: Perform CodeQL Analysis
	uses: github/codeql-action/analyze@v3

	- name: Upload Dataportal Backend Jar
	uses: actions/upload-artifact@v4
	with:
	name: backend-jar
	path: target/dataportalBackend.jar

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3

	- name: Build and Export to Docker
	uses: docker/build-push-action@v6
	with:
	context: .
	tags: backend:latest
	outputs: type=docker,dest=/tmp/dataportalBackend.tar

	- name: Upload Dataportal Backend Image
	uses: actions/upload-artifact@v4
	with:
	name: backend-image
	path: /tmp/dataportalBackend.tar

	security-scan:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4

	- name: Set up JDK 21
	uses: actions/setup-java@v4
	with:
	distribution: 'zulu'
	java-version: 21

	- name: Cache Local Maven Repo
	uses: actions/cache@v4
	with:
	path: ~/.m2/repository
	key: security-scan-maven-${{ hashFiles('pom.xml') }}

	- uses: s4u/[email protected]
	with:
	servers: \|
	[{"id": "mii", "username": "${{ github.actor }}", "password": "${{ secrets.GITHUB_TOKEN }}"}]

	- name: Maven Package
	run: mvn -Pdownload-ontology -B -DskipTests package

	- name: Build and push Docker image
	uses: docker/build-push-action@v6
	with:
	context: .
	tags: security-scan-build:latest
	push: false

	- name: Run Trivy Vulnerability Scanner
	uses: aquasecurity/trivy-action@master
	with:
	image-ref: security-scan-build:latest
	format: sarif
	output: trivy-results.sarif
	severity: 'CRITICAL,HIGH'
	timeout: '15m0s'
	env:
	TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db:2
	TRIVY_JAVA_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-java-db:1

	- name: Upload Trivy Scan Results to GitHub Security Tab
	uses: github/codeql-action/upload-sarif@v3
	with:
	sarif_file: trivy-results.sarif

	integration-test:
	needs: tests
	runs-on: ubuntu-latest
	env:
	ONTOLOGY_GIT_TAG: v3.0.0-test.11
	ELASTIC_HOST: http://localhost:9200
	ELASTIC_FILEPATH: https://github.com/medizininformatik-initiative/fhir-ontology-generator/raw/TAGPLACEHOLDER/example/fdpg-ontology/
	ELASTIC_FILENAME: elastic.zip
	OVERRIDE_EXISTING: true

	steps:
	- name: Check out Git repository
	uses: actions/checkout@v4

	- name: Download Dataportal Backend Image
	uses: actions/download-artifact@v4
	with:
	name: backend-image
	path: /tmp

	- name: Install jq
	uses: dcarbone/[email protected]

	- name: Load Dataportal Backend Image
	run: docker load --input /tmp/dataportalBackend.tar

	- name: Download ontology files from github
	run: .github/scripts/download-and-unpack-ontology.sh

	- name: Run Dataportal Backend with Database, Elasticsearch, Keycloak and Blaze
	run: docker compose -f .github/integration-test/docker-compose.yml up -d

	- name: Wait for Dataportal Backend
	run: .github/scripts/wait-for-url.sh http://localhost:8091/actuator/health

	- name: Check if Dataportal Backend is correctly running with the user with id 10001
	run: .github/scripts/check-if-running-as-user-10001.sh

	- name: Wait for Blaze
	run: .github/scripts/wait-for-url.sh http://localhost:8082/health

	- name: Load Data
	run: .github/scripts/load-test-data.sh

	- name: Wait for Keycloak
	run: .github/scripts/wait-for-url.sh http://localhost:8083/auth/

	- name: Create Test User in Keycloak
	run: .github/scripts/create-keycloak-user.sh

	- name: Wait for Elastic
	run: .github/scripts/wait-for-url.sh http://localhost:9200/_cluster/health

	- name: Create indices and upload data to elastic
	run: .github/scripts/init-elasticsearch.sh

	- name: Wait for Flare
	run: .github/scripts/wait-for-url.sh http://localhost:8092/cache/stats

	- name: Post Test Query
	run: .github/scripts/post-test-query.sh

	- name: Post Elasticsearch Test Queries
	run: .github/scripts/post-elastic-test-queries.sh

	- name: Dump docker logs on failure
	if: failure()
	uses: jwalton/gh-docker-logs@v2

	release:
	if: ${{ startsWith(github.ref, 'refs/tags/v') }}
	needs:
	- tests
	- integration-test
	- security-scan
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4

	- name: Set up JDK 22
	uses: actions/setup-java@v4
	with:
	distribution: 'temurin'
	java-version: 22

	- name: Cache Local Maven Repo
	uses: actions/cache@v4
	with:
	path: ~/.m2/repository
	key: release-maven-${{ hashFiles('pom.xml') }}

	- uses: s4u/[email protected]
	with:
	servers: \|
	[{"id": "mii", "username": "${{ github.actor }}", "password": "${{ secrets.GITHUB_TOKEN }}"}]

	- name: Prepare Version
	id: prep
	run: \|
	echo ::set-output name=repository::$(echo $GITHUB_REPOSITORY \| tr '[:upper:]' '[:lower:]')
	echo ::set-output name=version::${GITHUB_REF#refs/tags/v}

	- name: Maven Package
	run: mvn -Pdownload-ontology -B -DskipTests package

	- name: Login to GitHub Docker Registry
	uses: docker/login-action@v3
	with:
	registry: ghcr.io
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Set up QEMU
	uses: docker/setup-qemu-action@v3

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3

	- name: Build and push Docker image
	uses: docker/build-push-action@v6
	with:
	context: .
	platforms: linux/amd64,linux/arm64
	tags: \|
	ghcr.io/${{ steps.prep.outputs.repository }}:latest
	ghcr.io/${{ steps.prep.outputs.repository }}:${{ steps.prep.outputs.version }}
	push: true

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Merge pull request #407 from medizininformatik-initiative/release/v6.… #1442

Workflow file

Merge pull request #407 from medizininformatik-initiative/release/v6.… #1442

Jobs

Run details

Workflow file for this run