Skip to content

Merge pull request #239 from medizininformatik-initiative/rlease/v4.2.0 #878

Merge pull request #239 from medizininformatik-initiative/rlease/v4.2.0

Merge pull request #239 from medizininformatik-initiative/rlease/v4.2.0 #878

Workflow file for this run

name: Docker
on:
push:
branches:
- '**'
tags:
- v[0-9]+.[0-9]+.[0-9]+**
pull_request:
branches:
- master
jobs:
tests:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Set up JDK 17
uses: actions/setup-java@v3
with:
distribution: 'temurin'
java-version: 17
- name: Cache Local Maven Repo
uses: actions/cache@v3
with:
path: ~/.m2/repository
key: tests-maven-${{ hashFiles('pom.xml') }}
- uses: s4u/[email protected]
with:
servers: |
[{"id": "mii", "username": "${{ github.actor }}", "password": "${{ secrets.GITHUB_TOKEN }}"}]
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
with:
languages: java
queries: security-and-quality
- name: Run Tests
run: mvn -Pdownload-ontology -B verify
- name: Upload coverage to Codecov
uses: codecov/codecov-action@v3
with:
fail_ci_if_error: true
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2
- name: Upload Feasibility Backend Jar
uses: actions/upload-artifact@v3
with:
name: backend-jar
path: target/feasibilityBackend.jar
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Build and Export to Docker
uses: docker/build-push-action@v4
with:
context: .
tags: backend:latest
outputs: type=docker,dest=/tmp/feasibilityBackend.tar
- name: Upload Feasibility Backend Image
uses: actions/upload-artifact@v3
with:
name: backend-image
path: /tmp/feasibilityBackend.tar
security-scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Set up JDK 17
uses: actions/setup-java@v3
with:
distribution: 'zulu'
java-version: 17
- name: Cache Local Maven Repo
uses: actions/cache@v3
with:
path: ~/.m2/repository
key: security-scan-maven-${{ hashFiles('pom.xml') }}
- uses: s4u/[email protected]
with:
servers: |
[{"id": "mii", "username": "${{ github.actor }}", "password": "${{ secrets.GITHUB_TOKEN }}"}]
- name: Maven Package
run: mvn -Pdownload-ontology -B -DskipTests package
- name: Build and push Docker image
uses: docker/build-push-action@v4
with:
context: .
tags: security-scan-build:latest
push: false
- name: Run Trivy Vulnerability Scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: security-scan-build:latest
format: sarif
output: trivy-results.sarif
severity: 'CRITICAL,HIGH'
timeout: '15m0s'
- name: Upload Trivy Scan Results to GitHub Security Tab
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: trivy-results.sarif
integration-test:
needs: tests
runs-on: ubuntu-22.04
steps:
- name: Check out Git repository
uses: actions/checkout@v3
- name: Download Feasibility Backend Image
uses: actions/download-artifact@v3
with:
name: backend-image
path: /tmp
- name: Install jq
uses: dcarbone/[email protected]
- name: Load Feasibility Backend Image
run: docker load --input /tmp/feasibilityBackend.tar
- name: Download ontology files from github
run: .github/scripts/download-and-unpack-ontology.sh
- name: Run Feasibility Backend with Database, Keycloak and Blaze
run: docker-compose -f .github/integration-test/docker-compose.yml up -d
- name: Wait for Feasibility Backend
run: .github/scripts/wait-for-url.sh http://localhost:8091/actuator/health
- name: Check if Feasibility Backend is correctly running with the feasibility user
run: .github/scripts/check-if-running-as-feasibility-user.sh
- name: Wait for Blaze
run: .github/scripts/wait-for-url.sh http://localhost:8082/health
- name: Load Data
run: .github/scripts/load-test-data.sh
- name: Wait for Keycloak
run: .github/scripts/wait-for-url.sh http://localhost:8083/auth/
- name: Create Test User in Keycloak
run: .github/scripts/create-keycloak-user.sh
- name: Wait for Flare
run: .github/scripts/wait-for-url.sh http://localhost:8092/cache/stats
- name: Post Test Query
run: .github/scripts/post-test-query.sh
- name: Dump docker logs on failure
if: failure()
uses: jwalton/gh-docker-logs@v2
release:
if: ${{ startsWith(github.ref, 'refs/tags/v') }}
needs:
- tests
- integration-test
- security-scan
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Set up JDK 17
uses: actions/setup-java@v3
with:
distribution: 'temurin'
java-version: 17
- name: Cache Local Maven Repo
uses: actions/cache@v3
with:
path: ~/.m2/repository
key: release-maven-${{ hashFiles('pom.xml') }}
- uses: s4u/[email protected]
with:
servers: |
[{"id": "mii", "username": "${{ github.actor }}", "password": "${{ secrets.GITHUB_TOKEN }}"}]
- name: Prepare Version
id: prep
run: |
echo ::set-output name=repository::$(echo $GITHUB_REPOSITORY | tr '[:upper:]' '[:lower:]')
echo ::set-output name=version::${GITHUB_REF#refs/tags/v}
- name: Maven Package
run: mvn -Pdownload-ontology -B -DskipTests package
- name: Login to GitHub Docker Registry
uses: docker/login-action@v1
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Set up QEMU
uses: docker/setup-qemu-action@v1
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
- name: Build and push Docker image
uses: docker/build-push-action@v4
with:
context: .
platforms: linux/amd64,linux/arm64
tags: |
ghcr.io/${{ steps.prep.outputs.repository }}:latest
ghcr.io/${{ steps.prep.outputs.repository }}:${{ steps.prep.outputs.version }}
push: true