add const for volume mount var #4680

Workflow file for this run

.github/workflows/build_test_package.yml at 01eed37

	name: Build, Test and Package

	on:
	workflow_dispatch:

	push:
	branches:
	- main
	tags:
	- '*'
	- '!*-test'
	pull_request:
	types: [opened, synchronize, reopened, ready_for_review]
	branches:
	- 'main'
	- 'release/**'
	- 'feature/**'

	jobs:
	build:
	runs-on: ubuntu-latest
	if: github.event_name != 'pull_request_target'

	steps:
	- uses: actions/checkout@v6

	- name: Set up JDK
	uses: actions/setup-java@v5
	with:
	distribution: 'temurin'
	java-version: '23'

	- name: Setup Gradle
	uses: gradle/actions/setup-gradle@v5
	with:
	gradle-version: '8.14'
	cache-disabled: true

	- name: Build with Gradle
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	run: >
	./gradlew
	clean
	build
	spotlessApply
	detekt
	-x test
	-x integrationTest
	--no-build-cache
	--rerun-tasks
	--refresh-dependencies

	controller_tests:
	runs-on: ubuntu-latest
	needs:
	- build
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

	permissions: read-all

	if: github.event_name != 'pull_request_target'
	strategy:
	fail-fast: false
	matrix:
	service:
	- testPrefix: Organization
	packageName: .organization
	- testPrefix: Workspace
	packageName: .workspace
	- testPrefix: Solution
	packageName: .solution
	- testPrefix: Dataset
	packageName: .dataset
	- testPrefix: Runner
	packageName: .runner
	- testPrefix: Run
	packageName: .run
	- testPrefix: Meta
	packageName: ".meta"
	- testPrefix: Home
	packageName: ""

	name: controller_tests - ${{ matrix.service.testPrefix }}

	steps:
	- uses: actions/checkout@v6

	- name: Set up JDK
	uses: actions/setup-java@v5
	with:
	distribution: 'temurin'
	java-version: '23'

	- name: Setup Gradle
	uses: gradle/actions/setup-gradle@v5
	with:
	gradle-version: '8.14'
	cache-disabled: true

	- name: Run ${{ matrix.service.testPrefix }} controller tests
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	run: ./gradlew :cosmotech-api:integrationTest --tests "com.cosmotech.api.home${{ matrix.service.packageName }}.${{ matrix.service.testPrefix }}ControllerTests" -x spotlessCheck -x openApiValidate

	unit_tests:
	runs-on: ubuntu-latest
	needs:
	- build
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

	permissions: read-all

	if: github.event_name != 'pull_request_target'

	steps:
	- uses: actions/checkout@v6

	- name: Set up JDK
	uses: actions/setup-java@v5
	with:
	distribution: 'temurin'
	java-version: '23'

	- name: Setup Gradle
	uses: gradle/actions/setup-gradle@v5
	with:
	gradle-version: '8.14'
	cache-disabled: true

	- name: Run unit tests
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	run: ./gradlew test -x spotlessCheck -x openApiValidate

	integration_tests:
	runs-on: ubuntu-latest
	needs:
	- build
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

	permissions: read-all

	if: github.event_name != 'pull_request_target'
	strategy:
	fail-fast: false
	matrix:
	service:
	- testPrefix: Organization
	packageName: organization
	- testPrefix: Workspace
	packageName: workspace
	- testPrefix: Solution
	packageName: solution
	- testPrefix: Dataset
	packageName: dataset
	- testPrefix: Run
	packageName: run
	- testPrefix: Runner
	packageName: runner

	name: integration_tests - ${{ matrix.service.testPrefix }}

	steps:
	- uses: actions/checkout@v6

	- name: Set up JDK
	uses: actions/setup-java@v5
	with:
	distribution: 'temurin'
	java-version: '23'

	- name: Setup Gradle
	uses: gradle/actions/setup-gradle@v5
	with:
	gradle-version: '8.14'
	cache-disabled: true

	- name: Run RBAC ${{ matrix.service.packageName }} integration tests
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	run: ./gradlew :cosmotech-${{ matrix.service.packageName }}-api:integrationTest --tests "com.cosmotech.${{ matrix.service.packageName }}.service.${{ matrix.service.testPrefix }}ServiceRBACTest" -x spotlessCheck -x openApiValidate
	if: ${{ matrix.service.packageName != 'run' }}

	- name: Run ${{ matrix.service.packageName }} integration tests
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	run: ./gradlew :cosmotech-${{ matrix.service.packageName }}-api:integrationTest --tests "com.cosmotech.${{ matrix.service.packageName }}.service.${{ matrix.service.testPrefix }}ServiceIntegrationTest" -x spotlessCheck -x openApiValidate

	scan_and_push_container_images_to_registries:
	runs-on: ubuntu-latest
	needs:
	- unit_tests
	- integration_tests
	- controller_tests
	permissions:
	packages: write
	contents: read
	security-events: write
	env:
	DOCKER_BUILDKIT: 1
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

	steps:
	- uses: actions/checkout@v6
	with:
	# Fetch all tags since Gradle project version is built upon SCM
	fetch-depth: 0

	- name: Set up JDK
	uses: actions/setup-java@v5
	with:
	distribution: "temurin"
	java-version: "23"

	- name: Retrieve branch or tag name
	id: refvar
	run: echo "gitRefName=${GITHUB_REF#refs/*/}" >> "${GITHUB_OUTPUT}"

	- name: Setup Gradle
	uses: gradle/actions/setup-gradle@v5
	with:
	gradle-version: '8.14'
	cache-disabled: true

	- name: Build local Container Image for scanning
	run: >
	./gradlew
	:cosmotech-api:jibDockerBuild
	-Djib.to.image=com.cosmotech/cosmotech-api:${{ github.sha }}

	- name: Run Trivy vulnerability scanner
	uses: aquasecurity/[email protected]
	id: scan
	# Add TRIVY_DB_REPOSITORY due to ratelimit issue
	# https://github.com/aquasecurity/trivy-action/issues/389
	env:
	DOCKLE_HOST: "unix:///var/run/docker.sock"
	TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db:2
	TRIVY_JAVA_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-java-db:1

	# TODO For now, do not block if the container scan action returns issues
	continue-on-error: true

	with:
	image-ref: com.cosmotech/cosmotech-api:${{ github.sha }}
	format: "sarif"
	severity: "CRITICAL,HIGH"
	output: "trivy-results.sarif"

	- name: Upload Trivy scan results to GitHub Security tab
	uses: github/codeql-action/upload-sarif@v4
	with:
	sarif_file: "trivy-results.sarif"

	- name: Archive container image scan report
	if: ${{ always() }}
	uses: actions/upload-artifact@v5
	with:
	name: container-image-scan-report
	path: "trivy-results.sarif"
	retention-days: 3

	- name: Login to GitHub Container Registry
	uses: docker/[email protected]
	if: ${{ github.ref == 'refs/heads/main' \|\| startsWith(github.ref, 'refs/tags/') }}
	with:
	registry: ghcr.io
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Push API Container Image (sha) to GitHub Container Registry
	if: ${{ github.ref == 'refs/heads/main' \|\| startsWith(github.ref, 'refs/tags/') }}
	run: \|
	docker image tag com.cosmotech/cosmotech-api:${{github.sha}} \
	ghcr.io/cosmo-tech/cosmotech-api:${{github.sha}}
	docker image push ghcr.io/cosmo-tech/cosmotech-api:${{github.sha}}

	- name: Push API Container Image (tag) to GitHub Container Registry
	if: startsWith(github.ref, 'refs/tags/')
	run: \|
	docker image tag com.cosmotech/cosmotech-api:${{github.sha}} \
	ghcr.io/cosmo-tech/cosmotech-api:${{ steps.refvar.outputs.gitRefName }}
	docker image push ghcr.io/cosmo-tech/cosmotech-api:${{ steps.refvar.outputs.gitRefName }}

	- name: Push API Container Image (latest) to GitHub Container Registry
	if: github.ref == 'refs/heads/main'
	run: \|
	docker image tag com.cosmotech/cosmotech-api:${{github.sha}} \
	ghcr.io/cosmo-tech/cosmotech-api:latest
	docker image push ghcr.io/cosmo-tech/cosmotech-api:latest
	curl --request POST \
	--url "https://api.github.com/repos/cosmo-tech/helm-charts/actions/workflows/api_restart.yml/dispatches" \
	--header "Accept: application/vnd.github.v3+json" \
	--header "Authorization: Bearer ${{ secrets.TRIGGER_HELM_CHARTS_WORKFLOW_PAT }}" \
	--data '{ "ref": "main" }'

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

add const for volume mount var #4680

Workflow file

add const for volume mount var #4680

Uh oh!

Workflow file for this run