-
Notifications
You must be signed in to change notification settings - Fork 3
190 lines (184 loc) · 8.06 KB
/
build.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
name: Build
on:
push:
branches:
- main
- crushton/DATAGO-77999_auto_release_to_envs
paths-ignore:
- '.gitignore'
- '.github/**'
- '**/*.md'
pull_request:
types: [opened, synchronize, reopened]
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
jobs:
Test_Build:
name: Run Tests and Deploy
runs-on: ubuntu-latest
environment: ${{ github.ref=='refs/heads/main' && 'build_main' || 'build_main' }} ## TODO: || build_pr
timeout-minutes: 20
permissions:
contents: read
packages: write
pull-requests: write
actions: write
statuses: write
checks: write
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
ref: ${{ github.event.pull_request.head.sha }}
- name: Set up JDK 17
uses: actions/setup-java@v3
with:
java-version: 17
distribution: 'temurin'
cache: 'maven'
- name: Set Build Params
run: |
export SKIP_FLAGS_NON_UNIT_TESTS="-Dcheckstyle.skip -Dpmd.skip -Dcpd.skip -Dfindbugs.skip -Dspotbugs.skip"
echo "SKIP_FLAGS_NON_UNIT_TESTS=$SKIP_FLAGS_NON_UNIT_TESTS" >> $GITHUB_ENV
echo "SKIP_FLAGS_ALL_TESTS=$SKIP_FLAGS_NON_UNIT_TESTS -Dmaven.test.skip=true" >> $GITHUB_ENV
echo "$GITHUB_REF_NAME"
echo "$GITHUB_EVENT_NAME"
if [[ $GITHUB_REF_NAME == "main" ]]; then
export WHITESOURCE_SCAN=true
export GITHUB_PACKAGES_DEPLOY=true
export DOCKER_PUSH=true
else
export WHITESOURCE_SCAN=false
export GITHUB_PACKAGES_DEPLOY=false
export DOCKER_PUSH=false
fi
echo "DOCKER_PUSH=$DOCKER_PUSH" >> $GITHUB_ENV
echo "WHITESOURCE_SCAN=$WHITESOURCE_SCAN" >> $GITHUB_ENV
echo "GITHUB_PACKAGES_DEPLOY=$GITHUB_PACKAGES_DEPLOY" >> $GITHUB_ENV
# - name: Static Code Analysis
# run: mvn -B compile -Pmaas-static-code-analysis --file service/pom.xml
# - name: Unit Tests
# run: mvn -B test $SKIP_FLAGS_NON_UNIT_TESTS --file service/pom.xml
# - name: Generate Artifacts
# run: |
# mvn install $SKIP_FLAGS_ALL_TESTS --file service/pom.xml
# - name: Sonar Scan
# env:
# SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
# SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
# run: |
# mvn -B $SKIP_FLAGS_ALL_TESTS \
# org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.projectKey=SolaceProducts_event-management-agent \
# --file service/pom.xml
# - name: WhiteSource Scan
# if: env.WHITESOURCE_SCAN=='true'
# env:
# unified_agent_url: "https://github.com/whitesource/unified-agent-distribution/releases/latest/download/wss-unified-agent.jar"
# unified_agent_sha_url: "https://github.com/whitesource/unified-agent-distribution/releases/latest/download/wss-unified-agent.jar.sha256"
# WS_APIKEY: ${{ secrets.WHITESOURCE_API_KEY }}
# WS_PROJECTTOKEN: ${{ secrets.WHITESOURCE_PROJECT_TOKEN }}
# TARGET_DIR: "service/application/target/lib"
# WS_EXCLUDES: "local-storage-plugin*.jar,plugin*.jar,kafka-plugin*.jar,confluent-schema-registry-plugin*.jar"
# run: |
# echo "Whitesource- Downloading and verifying latest Agent"
# curl -LJOs ${{ env.unified_agent_url }}
# sha_from_jar=$(sha256sum wss-unified-agent.jar | awk '{print $1}')
# curl -LJOs ${{ env.unified_agent_sha_url }}
# sha_from_file=$(cat wss-unified-agent.jar.sha256 | awk '{print $1}')
# if [[ "$sha_from_file" == "$sha_from_jar" ]]; then
# echo "Integrity of the wss-unified-agent.jar file verified .."
# else
# echo "Integrity check of wss-unified-agent.jar file failed .."
# echo "sha_from_jar: $sha_from_jar"
# echo "sha_from_file: $sha_from_file"
# exit 1
# fi
# echo "Whitesource- Copying Maven Dependencies"
# mvn dependency:copy-dependencies -DincludeScope=runtime -DoutputDirectory=target/lib --file service/pom.xml
# echo "Whitesource- Running scan"
# java -jar wss-unified-agent.jar -d ${{ env.TARGET_DIR }} -logLevel Info
- name: Configure AWS credentials
# if: env.DOCKER_PUSH=='true'
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.EMA_AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.EMA_AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ secrets.EMA_AWS_DEFAULT_REGION }}
- name: Login to Amazon ECR
# if: env.DOCKER_PUSH=='true'
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2
# - name: Docker Build/Push
# # if: env.DOCKER_PUSH=='true'
# working-directory: service/application/docker
# run: |
# ./buildEventManagementAgentDocker.sh -t main
# ECR_DOCKER_IMAGE="${{ steps.login-ecr.outputs.registry }}/${{ github.event.repository.name }}:main"
# echo "ECR_DEV_IMAGE=$ECR_DEV_IMAGE" >> $GITHUB_ENV
# docker tag "${{ github.event.repository.name }}:main" $ECR_DOCKER_IMAGE
# docker push $ECR_DOCKER_IMAGE
# #Tag/Push additional Docker image
# SHORT_GIT_SHA=${GITHUB_SHA:0:10}
# JAR_VERSION=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout --file ../pom.xml)
# ADDITIONAL_ECR_DOCKER_IMAGE_TAG="$ECR_DOCKER_IMAGE-$JAR_VERSION-$SHORT_GIT_SHA"
# docker tag "${{ github.event.repository.name }}:main" $ADDITIONAL_ECR_DOCKER_IMAGE_TAG
# docker push $ADDITIONAL_ECR_DOCKER_IMAGE_TAG
# - name: Deploy Artifacts
# if: env.GITHUB_PACKAGES_DEPLOY=='true'
# env:
# GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# run: |
# mvn deploy $SKIP_FLAGS_ALL_TESTS -Dmaven.install.skip=true --file service/pom.xml
# - name: Publishing Test Results - Checkstyle
# if: always()
# uses: jwgmeligmeyling/checkstyle-github-action@master
# with:
# path: '**/checkstyle-result.xml'
# - name: Publishing Test Results - PMD
# if: always()
# uses: jwgmeligmeyling/pmd-github-action@master
# with:
# path: '**/pmd.xml'
# - name: Publishing Test Results - SpotBugs
# if: always()
# uses: jwgmeligmeyling/spotbugs-github-action@master
# with:
# path: '**/spotbugsXml.xml'
# - name: Publishing Test Results - Unit Tests Pre-Condition
# if: always()
# id: unit_test_report_exists
# uses: andstor/file-existence-action@v2
# with:
# files: "**/surefire-reports/**/*.xml"
# - name: Publishing Test Results - Unit Tests
# uses: dorny/test-reporter@v1
# if: always() && steps.unit_test_report_exists.outputs.files_exists == 'true'
# with:
# name: Unit Tests
# path: "**/surefire-reports/**/*.xml"
# reporter: java-junit
# fail-on-error: true
# only-summary: 'true'
- name: ECR (Dev) - Pull Image
run: |
ECR_DOCKER_IMAGE="${{ steps.login-ecr.outputs.registry }}/${{ github.event.repository.name }}:main"
docker pull $ECR_DEV_IMAGE
echo "ECR_DEV_IMAGE=$ECR_DEV_IMAGE" >> $GITHUB_ENV
- name: GCR (Staging) - Login
uses: docker/login-action@v3
with:
registry: gcr.io
username: _json_key
password: ${{ secrets.DEV_GCP_SERVICE_ACCOUNT }}
- name: GCR (Staging) - Tag/Push
run: |
GCR_IMAGE_TAGS_TO_PUSH=(
"0.0.1" "latest"
)
GCR_STAGING_IMAGE_REPO="${{ secrets.GCLOUD_PROJECT_ID_STAGING }}/${{ github.event.repository.name }}"
for current_tag in ${GCR_IMAGE_TAGS_TO_PUSH[@]}
do
docker tag $ECR_DEV_IMAGE $GCR_STAGING_IMAGE_REPO:$current_tag
docker push $GCR_STAGING_IMAGE_REPO:$current_tag
done