3636 ENV : " github-ci"
3737
3838jobs :
39+ build-api :
40+ name : " Build and Test API"
41+ runs-on : codebuild-dpc-app-${{github.run_id}}-${{github.run_attempt}}
42+ env :
43+ REPORT_COVERAGE : true
44+ steps :
45+ - name : Assert Ownership
46+ run : sudo chmod -R 777 .
47+ - name : " Checkout code"
48+ uses : actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
49+ - name : Cleanup Runner
50+ run : ./scripts/cleanup-docker.sh
51+ - name : " Set up JDK 17"
52+ uses : actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
53+ with :
54+ java-version : " 17"
55+ distribution : " corretto"
56+ cache : maven
57+ - name : Clean maven
58+ run : mvn -ntp -U clean
59+ - name : " Set up Python and install Ansible"
60+ run : |
61+ sudo dnf -y install python3 python3-pip
62+ pip install ansible
63+ name : Install docker compose manually
64+ run : |
65+ mkdir -p /usr/local/lib/docker/cli-plugins
66+ curl -SL https://github.com/docker/compose/releases/download/v2.32.4/docker-compose-linux-x86_64 -o /usr/local/lib/docker/cli-plugins/docker-compose
67+ chown root:root /usr/local/lib/docker/cli-plugins/docker-compose
68+ chmod +x /usr/local/lib/docker/cli-plugins/docker-compose
69+ name : " API Build"
70+ id : ci-app
71+ run : |
72+ export PATH=$PATH:~/.local/bin
73+ make ci-app
74+ name : " Debug db"
75+ if : ${{ failure() && steps.ci-app.outcome == 'failure' }}
76+ run : docker logs start-v1-app-db-1
77+ - name : " Debug attribution"
78+ if : ${{ failure() && steps.ci-app.outcome == 'failure' }}
79+ run : docker logs start-v1-app-attribution-1
80+ - name : " Debug aggregation"
81+ if : ${{ failure() && steps.ci-app.outcome == 'failure' }}
82+ run : docker logs start-v1-app-aggregation-1
83+ - name : " Debug api"
84+ if : ${{ failure() && steps.ci-app.outcome == 'failure' }}
85+ run : docker logs start-v1-app-api-1
86+ - name : " Move jacoco reports"
87+ run : |
88+ sudo mkdir jacoco-reports
89+ sudo cp ./dpc-aggregation/target/site/jacoco-it/jacoco.xml jacoco-reports/dpc-aggregation-it-jacoco.xml
90+ sudo cp ./dpc-aggregation/target/site/jacoco/jacoco.xml jacoco-reports/dpc-aggregation-jacoco.xml
91+ sudo cp ./dpc-api/target/site/jacoco-it/jacoco.xml jacoco-reports/dpc-api-it-jacoco.xml
92+ sudo cp ./dpc-api/target/site/jacoco/jacoco.xml jacoco-reports/dpc-api-jacoco.xml
93+ sudo cp ./dpc-attribution/target/site/jacoco-it/jacoco.xml jacoco-reports/dpc-attribution-it-jacoco.xml
94+ sudo cp ./dpc-attribution/target/site/jacoco/jacoco.xml jacoco-reports/dpc-attribution-jacoco.xml
95+ sudo cp ./dpc-bluebutton/target/site/jacoco/jacoco.xml jacoco-reports/dpc-bluebutton-jacoco.xml
96+ sudo cp ./dpc-common/target/site/jacoco/jacoco.xml jacoco-reports/dpc-common-jacoco.xml
97+ sudo cp ./dpc-macaroons/target/site/jacoco/jacoco.xml jacoco-reports/dpc-macaroons-jacoco.xml
98+ sudo cp ./dpc-queue/target/site/jacoco/jacoco.xml jacoco-reports/dpc-queue-jacoco.xml
99+ name : Upload jacoco reports
100+ uses : actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
101+ with :
102+ name : code-coverage-report-dpc-api
103+ path : ./jacoco-reports
104+ - name : Cleanup
105+ if : ${{ always() }}
106+ run : ./scripts/cleanup-docker.sh
107+
108+ build-dpc-web :
109+ name : " Build and Test DPC Web"
110+ runs-on : codebuild-dpc-app-${{github.run_id}}-${{github.run_attempt}}
111+ steps :
112+ - name : Assert Ownership
113+ run : sudo chmod -R 777 .
114+ - name : " Checkout code"
115+ uses : actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
116+ - name : Cleanup Runner
117+ run : ./scripts/cleanup-docker.sh
118+ - name : Install docker compose manually
119+ run : |
120+ mkdir -p /usr/local/lib/docker/cli-plugins
121+ curl -SL https://github.com/docker/compose/releases/download/v2.32.4/docker-compose-linux-x86_64 -o /usr/local/lib/docker/cli-plugins/docker-compose
122+ chown root:root /usr/local/lib/docker/cli-plugins/docker-compose
123+ chmod +x /usr/local/lib/docker/cli-plugins/docker-compose
124+ name : " DPC Web Build"
125+ run : |
126+ make ci-web-portal
127+ name : " Copy test results"
128+ run : sudo cp dpc-web/coverage/.resultset.json web-resultset-raw.json
129+ - name : Archive code coverage results
130+ uses : actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
131+ with :
132+ name : code-coverage-report-dpc-web
133+ path : ./web-resultset-raw.json
134+ - name : Cleanup
135+ if : ${{ always() }}
136+ run : ./scripts/cleanup-docker.sh
137+
138+ build-dpc-admin :
139+ name : " Build and Test DPC Admin Portal"
140+ runs-on : codebuild-dpc-app-${{github.run_id}}-${{github.run_attempt}}
141+ steps :
142+ - name : Assert Ownership
143+ run : sudo chmod -R 777 .
144+ - name : " Checkout code"
145+ uses : actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
146+ - name : Cleanup Runner
147+ run : ./scripts/cleanup-docker.sh
148+ - name : Install docker compose manually
149+ run : |
150+ mkdir -p /usr/local/lib/docker/cli-plugins
151+ curl -SL https://github.com/docker/compose/releases/download/v2.32.4/docker-compose-linux-x86_64 -o /usr/local/lib/docker/cli-plugins/docker-compose
152+ chown root:root /usr/local/lib/docker/cli-plugins/docker-compose
153+ chmod +x /usr/local/lib/docker/cli-plugins/docker-compose
154+ name : " DPC Admin Portal Build"
155+ run : |
156+ make ci-admin-portal
157+ name : " Copy test results"
158+ run : sudo cp dpc-admin/coverage/.resultset.json admin-resultset-raw.json
159+ - name : Archive code coverage results
160+ uses : actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
161+ with :
162+ name : code-coverage-report-dpc-admin
163+ path : ./admin-resultset-raw.json
164+ - name : Cleanup
165+ if : ${{ always() }}
166+ run : ./scripts/cleanup-docker.sh
167+
168+ build-dpc-portal :
169+ name : " Build and Test DPC Portal"
170+ runs-on : codebuild-dpc-app-${{github.run_id}}-${{github.run_attempt}}
171+ steps :
172+ - name : Assert Ownership
173+ run : sudo chmod -R 777 .
174+ - name : " Checkout code"
175+ uses : actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
176+ - name : Cleanup Runner
177+ run : ./scripts/cleanup-docker.sh
178+ - name : Install docker compose manually
179+ run : |
180+ mkdir -p /usr/local/lib/docker/cli-plugins
181+ curl -SL https://github.com/docker/compose/releases/download/v2.32.4/docker-compose-linux-x86_64 -o /usr/local/lib/docker/cli-plugins/docker-compose
182+ chown root:root /usr/local/lib/docker/cli-plugins/docker-compose
183+ chmod +x /usr/local/lib/docker/cli-plugins/docker-compose
184+ name : " DPC Portal Build"
185+ run : |
186+ make ci-portal
187+ name : " Copy test results"
188+ run : sudo cp dpc-portal/coverage/.resultset.json portal-resultset-raw.json
189+ - name : Archive code coverage results
190+ uses : actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
191+ with :
192+ name : code-coverage-report-dpc-portal
193+ path : ./portal-resultset-raw.json
194+ - name : Cleanup
195+ if : ${{ always() }}
196+ run : ./scripts/cleanup-docker.sh
197+
39198 build-dpc-api-client :
40- name : " Build and Test DPC Client"
199+ name : " Build and Test DPC API Client"
41200 runs-on : codebuild-dpc-app-${{github.run_id}}-${{github.run_attempt}}
42201 steps :
43202 - name : Assert Ownership
52211 curl -SL https://github.com/docker/compose/releases/download/v2.32.4/docker-compose-linux-x86_64 -o /usr/local/lib/docker/cli-plugins/docker-compose
53212 chown root:root /usr/local/lib/docker/cli-plugins/docker-compose
54213 chmod +x /usr/local/lib/docker/cli-plugins/docker-compose
55- name : " Client Unit Tests"
214+ name : " API Client Unit Tests"
56215 run : |
57216 make ci-api-client
58217name : " Set up Python and install Ansible"
@@ -67,18 +226,181 @@ jobs:
67226 cache : maven
68227 - name : Clean maven
69228 run : mvn -ntp -U clean
70- - name : " API Integration test"
229+ - name : " API Client Integration test"
230+ id : integration-test
71231 run : |
72232 make ci-api-client-integration
73233name : " Debug db"
74- if : ${{ failure() }}
234+ if : ${{ failure() && steps.integration-test.outcome == 'failure' }}
75235 run : docker logs api-client-integration-app-db-1
76236 - name : " Debug attribution"
77- if : ${{ failure() }}
237+ if : ${{ failure() && steps.integration-test.outcome == 'failure' }}
78238 run : docker logs api-client-integration-app-attribution-1
79239 - name : " Debug api"
80- if : ${{ failure() }}
240+ if : ${{ failure() && steps.integration-test.outcome == 'failure' }}
81241 run : docker logs api-client-integration-app-api-1
82242 - name : Cleanup
83243 if : ${{ always() }}
84244 run : ./scripts/cleanup-docker.sh
245+
246+ sonar-quality-gate-dpc-web-and-admin :
247+ name : Sonarqube Quality Gate for dpc-web and dpc-admin
248+ needs : [build-dpc-admin, build-dpc-web]
249+ runs-on : codebuild-dpc-app-${{github.run_id}}-${{github.run_attempt}}
250+ env :
251+ # Workaround until https://jira.cms.gov/browse/PLT-338 is implemented.
252+ ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION : " true"
253+ steps :
254+ - name : Assert Ownership
255+ run : sudo chmod -R 777 .
256+ - name : " Checkout code"
257+ uses : actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
258+ with :
259+ fetch-depth : 0
260+ - name : Cleanup Runner
261+ run : ./scripts/cleanup-docker.sh
262+ - name : Download web code coverage
263+ uses : actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
264+ with :
265+ name : code-coverage-report-dpc-web
266+ - name : Download admin code coverage
267+ uses : actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
268+ with :
269+ name : code-coverage-report-dpc-admin
270+ - name : " Reformat test results" # Sonarqube will run in a docker container and wants the paths to be from /github/workspace
271+ run : |
272+ sudo jq '.RSpec.coverage |= with_entries(if .key | contains("dpc-web") then .key |= sub("/dpc-web"; "${{ github.workspace }}/dpc-web") else . end)' web-resultset-raw.json > web-resultset.json
273+ sudo jq '.RSpec.coverage |= with_entries(if .key | contains("dpc-admin") then .key |= sub("/dpc-admin"; "${{ github.workspace }}/dpc-admin") else . end)' admin-resultset-raw.json > admin-resultset.json
274+ name : Set env vars from AWS params
275+ uses : cmsgov/cdap/actions/aws-params-env-action@main
276+ env :
277+ AWS_REGION : ${{ vars.AWS_REGION }}
278+ with :
279+ params : |
280+ SONAR_HOST_URL=/sonarqube/url
281+ SONAR_TOKEN=/sonarqube/token
282+ name : Run quality gate scan
283+ uses : sonarsource/sonarqube-scan-action@fd88b7d7ccbaefd23d8f36f73b59db7a3d246602 # v6.0.0
284+ with :
285+ args :
286+ -Dsonar.projectKey=bcda-dpc-web
287+ -Dsonar.sources=./dpc-web/app,./dpc-web/lib,./dpc-admin/app,./dpc-admin/lib
288+ -Dsonar.ruby.coverage.reportPaths=./web-resultset.json,./admin-resultset.json
289+ -Dsonar.working.directory=./sonar_workspace
290+ -Dsonar.branch.name=${{ github.event_name == 'pull_request' && github.head_ref || github.ref_name }}
291+ -Dsonar.projectVersion=${{ github.ref_name == 'main' && github.sha || 'branch' }}
292+ -Dsonar.qualitygate.wait=true
293+ -Dsonar.ci.autoconfig.disabled=true
294+ -Dsonar.branch.target=${{ github.base_ref }}
295+ - name : Cleanup
296+ if : ${{ always() }}
297+ run : ./scripts/cleanup-docker.sh
298+
299+ sonar-quality-gate-dpc-portal :
300+ name : Sonarqube Quality Gate for dpc-portal
301+ needs : build-dpc-portal
302+ runs-on : codebuild-dpc-app-${{github.run_id}}-${{github.run_attempt}}
303+ env :
304+ # Workaround until https://jira.cms.gov/browse/PLT-338 is implemented.
305+ ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION : " true"
306+ steps :
307+ - name : Assert Ownership
308+ run : sudo chmod -R 777 .
309+ - name : " Checkout code"
310+ uses : actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
311+ with :
312+ fetch-depth : 0
313+ - name : Cleanup Runner
314+ run : ./scripts/cleanup-docker.sh
315+ - name : Download code coverage
316+ uses : actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
317+ with :
318+ name : code-coverage-report-dpc-portal
319+ - name : " Reformat test results" # Sonarqube will run in a docker container and wants the paths to be from /github/workspace
320+ run : |
321+ sudo jq '.RSpec.coverage |= with_entries(if .key | contains("dpc-portal") then .key |= sub("/dpc-portal"; "${{ github.workspace }}/dpc-portal") else . end)' portal-resultset-raw.json > portal-resultset.json
322+ name : Set env vars from AWS params
323+ uses : cmsgov/cdap/actions/aws-params-env-action@main
324+ env :
325+ AWS_REGION : ${{ vars.AWS_REGION }}
326+ with :
327+ params : |
328+ SONAR_HOST_URL=/sonarqube/url
329+ SONAR_TOKEN=/sonarqube/token
330+ name : Run quality gate scan
331+ uses : sonarsource/sonarqube-scan-action@fd88b7d7ccbaefd23d8f36f73b59db7a3d246602 # v6.0.0
332+ with :
333+ args :
334+ -Dsonar.projectKey=bcda-dpc-portal
335+ -Dsonar.sources=./dpc-portal/app,./dpc-portal/lib
336+ -Dsonar.coverage.exclusions=**/*_preview.rb,**/*html.erb,**/application_*
337+ -Dsonar.ruby.coverage.reportPaths=./portal-resultset.json
338+ -Dsonar.working.directory=./sonar_workspace
339+ -Dsonar.branch.name=${{ github.event_name == 'pull_request' && github.head_ref || github.ref_name }}
340+ -Dsonar.projectVersion=${{ github.ref_name == 'main' && github.sha || 'branch' }}
341+ -Dsonar.qualitygate.wait=true
342+ -Dsonar.ci.autoconfig.disabled=true
343+ -Dsonar.branch.target=${{ github.base_ref }}
344+ - name : Cleanup
345+ if : ${{ always() }}
346+ run : ./scripts/cleanup-docker.sh
347+
348+ sonar-quality-gate-dpc-api :
349+ name : Sonarqube Quality Gate for dpc-api
350+ needs : build-api
351+ runs-on : codebuild-dpc-app-${{github.run_id}}-${{github.run_attempt}}
352+ env :
353+ # Workaround until https://jira.cms.gov/browse/PLT-338 is implemented.
354+ ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION : true
355+ steps :
356+ - name : Assert Ownership
357+ run : sudo chmod -R 777 .
358+ - name : Checkout Code
359+ uses : actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
360+ with :
361+ fetch-depth : 0
362+ - name : Cleanup Runner
363+ run : ./scripts/cleanup-docker.sh
364+ - name : Setup Java
365+ uses : actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
366+ with :
367+ java-version : ' 17'
368+ distribution : temurin
369+ cache : maven
370+ - name : Set env vars from AWS params
371+ uses : cmsgov/cdap/actions/aws-params-env-action@main
372+ env :
373+ AWS_REGION : ${{ vars.AWS_REGION }}
374+ with :
375+ params : |
376+ SONAR_HOST_URL=/sonarqube/url
377+ SONAR_TOKEN=/sonarqube/token
378+ name : Install Maven 3.6.3
379+ run : |
380+ export PATH="$PATH:/opt/maven/bin"
381+ echo "PATH=$PATH" >> $GITHUB_ENV
382+ if mvn -v; then echo "Maven already installed" && exit 0; else echo "Installing Maven"; fi
383+ tmpdir="$(mktemp -d)"
384+ curl -LsS https://archive.apache.org/dist/maven/maven-3/3.6.3/binaries/apache-maven-3.6.3-bin.tar.gz | tar xzf - -C "$tmpdir"
385+ sudo rm -rf /opt/maven
386+ sudo mv "$tmpdir/apache-maven-3.6.3" /opt/maven
387+ name : Clean maven
388+ run : |
389+ mvn -ntp -U clean
390+ name : Compile Project
391+ run : |
392+ mvn clean compile -Perror-prone -B -V -ntp
393+ name : Download code coverage
394+ uses : actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
395+ with :
396+ name : code-coverage-report-dpc-api
397+ path : jacoco-reports
398+ - name : Verify download
399+ run : |
400+ find . -name dpc-api-jacoco.xml
401+ name : Run quality gate scan
402+ run : |
403+ mvn org.sonarsource.scanner.maven:sonar-maven-plugin:4.0.0.4121:sonar -Dsonar.projectKey=bcda-dpc-api -Dsonar.branch.name=${{ github.event_name == 'pull_request' && github.head_ref || github.event_name == 'pull_request' && github.head_ref || github.ref_name }} -Dsonar.working.directory=./.sonar_workspace -Dsonar.projectVersion=${{ github.ref_name == 'main' && github.sha || 'branch' }} -Dsonar.qualitygate.wait=true -Dsonar.coverage.jacoco.xmlReportPaths="../jacoco-reports/*.xml" -Dsonar.ci.autoconfig.disabled=true -Dsonar.branch.target=${{ github.base_ref }}
404+ name : Cleanup
405+ if : ${{ always() }}
406+ run : ./scripts/cleanup-docker.sh
0 commit comments