hotfix/D603345-5229-bump-version #263
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "🏗️ CI" | |
| on: | |
| push: | |
| branches: | |
| - main | |
| - development | |
| - '!feature/**' | |
| paths: | |
| - '**' | |
| - '!gradle.properties' | |
| - '!.github/**/*.yaml' | |
| tags: | |
| - '*' | |
| pull_request: | |
| branches: | |
| - main | |
| - development | |
| - 'feature/**' | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| name: "🛠️ build" | |
| steps: | |
| - uses: actions/checkout@v3 | |
| name: Checkout project | |
| with: | |
| fetch-depth: 0 #spotless fix | |
| - name: debug | |
| shell: bash | |
| env: | |
| JSON: ${{ toJSON(github) }} | |
| run: echo $JSON | |
| - name: install_shared_actions | |
| uses: ./.github/actions/install_shared_actions | |
| with: | |
| token: ${{secrets.EFA_CICD_REPO_ACCESS_TOKEN}} | |
| tag: v2.5.1 | |
| - name: ensure branch strategy compliance | |
| id: check_branch_strategy | |
| uses: ./.github/actions/shared/check_branch_name | |
| - name: project setup | |
| uses: ./.github/actions/shared/setup_jdk_17 | |
| - name: build without tests | |
| uses: gradle/gradle-build-action@v2.6.0 | |
| with: | |
| arguments: build -x test | |
| - name: scan dependencies for vulnerabilities | |
| if: ${{ vars.TRIVY_ROOTFS_SCAN_ENABLED == 'true' }} | |
| uses: docker://docker.io/aquasec/trivy | |
| with: | |
| args: rootfs --skip-dirs=.sonar --ignore-unfixed --severity "HIGH,CRITICAL" --scanners "vuln" --exit-code 1 --debug . | |
| test: | |
| needs: [build] | |
| runs-on: ubuntu-latest | |
| name: "📝 run tests" | |
| steps: | |
| - uses: actions/checkout@v3 | |
| name: Checkout project | |
| - name: install_shared_actions | |
| uses: ./.github/actions/install_shared_actions | |
| with: | |
| token: ${{secrets.EFA_CICD_REPO_ACCESS_TOKEN}} | |
| tag: v2.4.0 | |
| - name: project setup | |
| uses: ./.github/actions/shared/setup_jdk_17 | |
| - name: run unit tests | |
| id: run_tests | |
| uses: gradle/gradle-build-action@v2.6.0 | |
| with: | |
| arguments: test --info -Pgpr.key=${{ inputs.xray-ghp-token }} | |
| - name: publish test report | |
| uses: mikepenz/action-junit-report@v3.6.2 | |
| if: always() # always run even if the previous step fails | |
| with: | |
| report_paths: '**/build/test-results/test/TEST-*.xml' | |
| annotate_only: true | |
| - name: check sonarcloud.io | |
| id: sonarcloud_probe | |
| shell: bash +e {0} | |
| run: | | |
| curl -kv https://sonarcloud.io | |
| echo "exit=$?" >> $GITHUB_OUTPUT | |
| exit 0 | |
| - name: run sonar scan | |
| if: ${{ github.actor != 'dependabot[bot]' && vars.SONAR_SCAN_ENABLED == 'true' && steps.sonarcloud_probe.outputs.exit == '0' }} | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any | |
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
| SONAR_HOST_URL: https://sonarcloud.io | |
| uses: gradle/gradle-build-action@v2.6.0 | |
| with: | |
| arguments: sonarqube --info | |
| publish: | |
| if: ${{ github.actor != 'dependabot[bot]' && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/development') }} | |
| needs: [test] | |
| runs-on: ubuntu-latest | |
| name: "🚀 publish" | |
| steps: | |
| - uses: actions/checkout@v3 | |
| name: checkout project | |
| - name: install_shared_actions | |
| uses: ./.github/actions/install_shared_actions | |
| with: | |
| token: ${{secrets.EFA_CICD_REPO_ACCESS_TOKEN}} | |
| tag: v2.5.1 | |
| - name: project setup | |
| uses: ./.github/actions/shared/setup_jdk_17 | |
| - name: publish package | |
| uses: gradle/gradle-build-action@v2.6.0 | |
| with: | |
| arguments: publish | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.JAVA_TOKEN }} | |
| GITHUB_ACTOR: ${{ secrets.JAVA_ACTOR }} |