Lal/add coal config map volumes prod 14991 #4674
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build, Test and Package | |
| on: | |
| workflow_dispatch: | |
| push: | |
| branches: | |
| - main | |
| tags: | |
| - '*' | |
| - '!*-test' | |
| pull_request: | |
| types: [opened, synchronize, reopened, ready_for_review] | |
| branches: | |
| - 'main' | |
| - 'release/**' | |
| - 'feature/**' | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| if: github.event_name != 'pull_request_target' | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Set up JDK | |
| uses: actions/setup-java@v5 | |
| with: | |
| distribution: 'temurin' | |
| java-version: '23' | |
| - name: Setup Gradle | |
| uses: gradle/actions/setup-gradle@v5 | |
| with: | |
| gradle-version: '8.14' | |
| cache-disabled: true | |
| - name: Build with Gradle | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: > | |
| ./gradlew | |
| clean | |
| build | |
| spotlessApply | |
| detekt | |
| -x test | |
| -x integrationTest | |
| --no-build-cache | |
| --rerun-tasks | |
| --refresh-dependencies | |
| controller_tests: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| permissions: read-all | |
| if: github.event_name != 'pull_request_target' | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| service: | |
| - testPrefix: Organization | |
| packageName: .organization | |
| - testPrefix: Workspace | |
| packageName: .workspace | |
| - testPrefix: Solution | |
| packageName: .solution | |
| - testPrefix: Dataset | |
| packageName: .dataset | |
| - testPrefix: Runner | |
| packageName: .runner | |
| - testPrefix: Run | |
| packageName: .run | |
| - testPrefix: Meta | |
| packageName: ".meta" | |
| - testPrefix: Home | |
| packageName: "" | |
| name: controller_tests - ${{ matrix.service.testPrefix }} | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Set up JDK | |
| uses: actions/setup-java@v5 | |
| with: | |
| distribution: 'temurin' | |
| java-version: '23' | |
| - name: Setup Gradle | |
| uses: gradle/actions/setup-gradle@v5 | |
| with: | |
| gradle-version: '8.14' | |
| cache-disabled: true | |
| - name: Run ${{ matrix.service.testPrefix }} controller tests | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: ./gradlew :cosmotech-api:integrationTest --tests "com.cosmotech.api.home${{ matrix.service.packageName }}.${{ matrix.service.testPrefix }}ControllerTests" -x spotlessCheck -x openApiValidate | |
| unit_tests: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| permissions: read-all | |
| if: github.event_name != 'pull_request_target' | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Set up JDK | |
| uses: actions/setup-java@v5 | |
| with: | |
| distribution: 'temurin' | |
| java-version: '23' | |
| - name: Setup Gradle | |
| uses: gradle/actions/setup-gradle@v5 | |
| with: | |
| gradle-version: '8.14' | |
| cache-disabled: true | |
| - name: Run unit tests | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: ./gradlew test -x spotlessCheck -x openApiValidate | |
| integration_tests: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| permissions: read-all | |
| if: github.event_name != 'pull_request_target' | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| service: | |
| - testPrefix: Organization | |
| packageName: organization | |
| - testPrefix: Workspace | |
| packageName: workspace | |
| - testPrefix: Solution | |
| packageName: solution | |
| - testPrefix: Dataset | |
| packageName: dataset | |
| - testPrefix: Run | |
| packageName: run | |
| - testPrefix: Runner | |
| packageName: runner | |
| name: integration_tests - ${{ matrix.service.testPrefix }} | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Set up JDK | |
| uses: actions/setup-java@v5 | |
| with: | |
| distribution: 'temurin' | |
| java-version: '23' | |
| - name: Setup Gradle | |
| uses: gradle/actions/setup-gradle@v5 | |
| with: | |
| gradle-version: '8.14' | |
| cache-disabled: true | |
| - name: Run RBAC ${{ matrix.service.packageName }} integration tests | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: ./gradlew :cosmotech-${{ matrix.service.packageName }}-api:integrationTest --tests "com.cosmotech.${{ matrix.service.packageName }}.service.${{ matrix.service.testPrefix }}ServiceRBACTest" -x spotlessCheck -x openApiValidate | |
| if: ${{ matrix.service.packageName != 'run' }} | |
| - name: Run ${{ matrix.service.packageName }} integration tests | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: ./gradlew :cosmotech-${{ matrix.service.packageName }}-api:integrationTest --tests "com.cosmotech.${{ matrix.service.packageName }}.service.${{ matrix.service.testPrefix }}ServiceIntegrationTest" -x spotlessCheck -x openApiValidate | |
| scan_and_push_container_images_to_registries: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - unit_tests | |
| - integration_tests | |
| - controller_tests | |
| permissions: | |
| packages: write | |
| contents: read | |
| security-events: write | |
| env: | |
| DOCKER_BUILDKIT: 1 | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| steps: | |
| - uses: actions/checkout@v6 | |
| with: | |
| # Fetch all tags since Gradle project version is built upon SCM | |
| fetch-depth: 0 | |
| - name: Set up JDK | |
| uses: actions/setup-java@v5 | |
| with: | |
| distribution: "temurin" | |
| java-version: "23" | |
| - name: Retrieve branch or tag name | |
| id: refvar | |
| run: echo "gitRefName=${GITHUB_REF#refs/*/}" >> "${GITHUB_OUTPUT}" | |
| - name: Setup Gradle | |
| uses: gradle/actions/setup-gradle@v5 | |
| with: | |
| gradle-version: '8.14' | |
| cache-disabled: true | |
| - name: Build local Container Image for scanning | |
| run: > | |
| ./gradlew | |
| :cosmotech-api:jibDockerBuild | |
| -Djib.to.image=com.cosmotech/cosmotech-api:${{ github.sha }} | |
| - name: Run Trivy vulnerability scanner | |
| uses: aquasecurity/[email protected] | |
| id: scan | |
| # Add TRIVY_DB_REPOSITORY due to ratelimit issue | |
| # https://github.com/aquasecurity/trivy-action/issues/389 | |
| env: | |
| DOCKLE_HOST: "unix:///var/run/docker.sock" | |
| TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db:2 | |
| TRIVY_JAVA_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-java-db:1 | |
| # TODO For now, do not block if the container scan action returns issues | |
| continue-on-error: true | |
| with: | |
| image-ref: com.cosmotech/cosmotech-api:${{ github.sha }} | |
| format: "sarif" | |
| severity: "CRITICAL,HIGH" | |
| output: "trivy-results.sarif" | |
| - name: Upload Trivy scan results to GitHub Security tab | |
| uses: github/codeql-action/upload-sarif@v4 | |
| with: | |
| sarif_file: "trivy-results.sarif" | |
| - name: Archive container image scan report | |
| if: ${{ always() }} | |
| uses: actions/upload-artifact@v5 | |
| with: | |
| name: container-image-scan-report | |
| path: "trivy-results.sarif" | |
| retention-days: 3 | |
| - name: Login to GitHub Container Registry | |
| uses: docker/[email protected] | |
| if: ${{ github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/') }} | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Push API Container Image (sha) to GitHub Container Registry | |
| if: ${{ github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/') }} | |
| run: | | |
| docker image tag com.cosmotech/cosmotech-api:${{github.sha}} \ | |
| ghcr.io/cosmo-tech/cosmotech-api:${{github.sha}} | |
| docker image push ghcr.io/cosmo-tech/cosmotech-api:${{github.sha}} | |
| - name: Push API Container Image (tag) to GitHub Container Registry | |
| if: startsWith(github.ref, 'refs/tags/') | |
| run: | | |
| docker image tag com.cosmotech/cosmotech-api:${{github.sha}} \ | |
| ghcr.io/cosmo-tech/cosmotech-api:${{ steps.refvar.outputs.gitRefName }} | |
| docker image push ghcr.io/cosmo-tech/cosmotech-api:${{ steps.refvar.outputs.gitRefName }} | |
| - name: Push API Container Image (latest) to GitHub Container Registry | |
| if: github.ref == 'refs/heads/main' | |
| run: | | |
| docker image tag com.cosmotech/cosmotech-api:${{github.sha}} \ | |
| ghcr.io/cosmo-tech/cosmotech-api:latest | |
| docker image push ghcr.io/cosmo-tech/cosmotech-api:latest | |
| curl --request POST \ | |
| --url "https://api.github.com/repos/cosmo-tech/helm-charts/actions/workflows/api_restart.yml/dispatches" \ | |
| --header "Accept: application/vnd.github.v3+json" \ | |
| --header "Authorization: Bearer ${{ secrets.TRIGGER_HELM_CHARTS_WORKFLOW_PAT }}" \ | |
| --data '{ "ref": "main" }' |