fix: race condition caused by non-thread-safe FhirClient #633
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: ci | |
on: | |
push: | |
branches: [master] | |
release: | |
types: [created] | |
pull_request: | |
branches: [master] | |
permissions: read-all | |
jobs: | |
build: | |
uses: miracum/.github/.github/workflows/standard-build.yaml@1dd4350bc909156d8af0f1997efcb0f3225dad85 # v1.1.0 | |
permissions: | |
contents: read | |
id-token: write | |
packages: write | |
pull-requests: write | |
actions: read | |
security-events: write | |
with: | |
enable-build-test-layer: true | |
enable-upload-test-image: true | |
secrets: | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
test: | |
runs-on: ubuntu-22.04 | |
needs: | |
- build | |
permissions: | |
# for add Coverage PR Comment | |
pull-requests: write | |
steps: | |
- name: "Checkout code" | |
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 | |
with: | |
persist-credentials: false | |
- name: Download image | |
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 | |
if: ${{ github.event_name == 'pull_request' }} | |
with: | |
name: container-image | |
path: /tmp | |
- name: Load image | |
if: ${{ github.event_name == 'pull_request' }} | |
run: | | |
ls -lsa /tmp | |
docker load --input /tmp/image.tar | |
docker image ls | |
- name: Download test image | |
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 | |
with: | |
name: test-image | |
path: /tmp | |
- name: Load test image | |
run: | | |
ls -lsa /tmp | |
docker load --input /tmp/image-test.tar | |
docker image ls | |
- name: Copy unit test coverage reports from test container | |
env: | |
UNIT_TEST_IMAGE: ${{ fromJson(needs.build.outputs.test-image-meta-json).tags[0] }} | |
run: | | |
docker create --name=unit-test-container "${UNIT_TEST_IMAGE}" | |
docker cp unit-test-container:/build/src/FhirPseudonymizer.Tests/coverage ./coverage | |
- name: Code Coverage Report | |
uses: irongut/CodeCoverageSummary@51cc3a756ddcd398d447c044c02cb6aa83fdae95 # tag=v1.3.0 | |
with: | |
filename: coverage/**/coverage.cobertura.xml | |
badge: true | |
fail_below_min: true | |
format: markdown | |
hide_branch_rate: false | |
hide_complexity: true | |
indicators: true | |
output: both | |
thresholds: "50 50" | |
- name: Add Coverage PR Comment | |
uses: marocchino/sticky-pull-request-comment@efaaab3fd41a9c3de579aba759d2552635e590fd # v2.8.0 | |
if: ${{ github.event_name == 'pull_request' }} | |
with: | |
recreate: true | |
path: code-coverage-results.md | |
iter8-test: | |
name: run iter8 tests | |
runs-on: ubuntu-22.04 | |
if: ${{ github.event_name == 'pull_request' }} | |
needs: | |
- build | |
permissions: | |
contents: read | |
pull-requests: write | |
steps: | |
- name: Checkout | |
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 | |
- name: install iter8 cli | |
env: | |
ITER8_CLI_URL: "https://github.com/iter8-tools/iter8/releases/download/v0.13.18/iter8-linux-amd64.tar.gz" | |
run: | | |
curl -LSs "${ITER8_CLI_URL}" | tar xz | |
mv linux-amd64/iter8 /usr/local/bin/iter8 | |
chmod +x /usr/local/bin/iter8 | |
iter8 version | |
- name: Create KinD cluster | |
uses: helm/kind-action@dda0770415bac9fc20092cacbc54aa298604d140 # v1.8.0 | |
with: | |
cluster_name: kind | |
- name: Download image | |
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 | |
with: | |
name: container-image | |
path: /tmp | |
- name: Load image into KinD | |
run: | | |
kind load image-archive /tmp/image.tar | |
- name: List images in cluster | |
run: docker exec kind-control-plane crictl images | |
- name: Install the latest version of vfps as a pseudonymization service | |
run: | | |
helm repo add chgl https://chgl.github.io/charts | |
helm install \ | |
--wait \ | |
--timeout=10m \ | |
vfps chgl/vfps | |
- name: Install "fhir-pseudonymizer" | |
env: | |
IMAGE_TAG: ${{ needs.build.outputs.image-version }} | |
run: | | |
helm repo add miracum https://miracum.github.io/charts | |
helm install \ | |
--set="image.tag=${IMAGE_TAG}" \ | |
-f tests/iter8/values.yaml \ | |
--wait \ | |
--timeout=10m \ | |
fhir-pseudonymizer miracum/fhir-pseudonymizer | |
- name: Launch iter8 experiment | |
run: kubectl apply -f tests/iter8/experiment.yaml | |
- name: Wait for experiment completion | |
run: iter8 k assert -c completed --timeout 10m | |
- name: Assert no failures and SLOs are satisfied | |
run: iter8 k assert -c nofailure,slos | |
- name: Create iter8 reports | |
if: always() | |
run: | | |
iter8 k report | tee iter8-report.txt | |
iter8 k report -o html > iter8-report.html | |
- name: Enhance iter8 report output for use as a PR comment | |
run: | | |
ITER8_REPORT_TXT=$(cat iter8-report.txt) | |
{ | |
echo -e '---'; | |
echo -e '## iter8 report'; | |
echo -e '```console'; | |
echo -e "${ITER8_REPORT_TXT}"; | |
echo -e '```' | |
} >> iter8-output.md | |
- name: Append sticky comment with iter8 report | |
uses: marocchino/sticky-pull-request-comment@efaaab3fd41a9c3de579aba759d2552635e590fd # v2.8.0 | |
if: ${{ github.event_name == 'pull_request' }} | |
with: | |
append: true | |
path: iter8-output.md | |
- name: Upload report | |
if: always() | |
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 | |
with: | |
name: iter8-report.html | |
path: | | |
iter8-report.html | |
- name: Print cluster and iter8 logs | |
if: always() | |
run: | | |
kubectl cluster-info dump -o yaml | tee kind-cluster-dump.txt | |
iter8 k log -l trace | |
- name: Upload cluster dump | |
if: always() | |
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 | |
with: | |
name: kind-cluster-dump.txt | |
path: | | |
kind-cluster-dump.txt | |
lint: | |
uses: miracum/.github/.github/workflows/standard-lint.yaml@1dd4350bc909156d8af0f1997efcb0f3225dad85 # v1.1.0 | |
permissions: | |
contents: read | |
pull-requests: write | |
issues: write | |
security-events: write | |
actions: read | |
with: | |
enable-validate-gradle-wrapper: false | |
codeql-languages: '["csharp"]' | |
enable-codeql: true | |
secrets: | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
release: | |
uses: miracum/.github/.github/workflows/standard-release.yaml@1dd4350bc909156d8af0f1997efcb0f3225dad85 # v1.1.0 | |
needs: | |
- build | |
- test | |
permissions: | |
contents: write | |
pull-requests: write | |
issues: write | |
secrets: | |
semantic-release-token: ${{ secrets.MIRACUM_BOT_SEMANTIC_RELEASE_TOKEN }} |