First version of pull-request #TASK-8067

Author: juanfeSanahuja

.github/actions/prepare-opencga-enterprise/action.yml

@@ -0,0 +1,91 @@
+name: "Prepare OpenCGA Enterprise"
+description: "Checkout enterprise, resolve OpenCGA ref, optionally clone java-common-libs/biodata and compute dependencies_sha"
+
+inputs:
+  enterprise_ref:
+    description: "Branch, tag or SHA of opencga-enterprise to checkout"
+    required: true
+  clone_dependencies:
+    description: "Clone java-common-libs and biodata on the same branch for SNAPSHOT builds"
+    required: false
+    default: "true"
+
+outputs:
+  enterprise_version:
+    description: "project.version from opencga-enterprise"
+    value: ${{ steps.project_version.outputs.enterprise_version }}
+  is_release:
+    description: "true if project.version is a release (no SNAPSHOT)"
+    value: ${{ steps.project_version.outputs.is_release }}
+  opencga_branch:
+    description: "Resolved OpenCGA branch, tag or ref"
+    value: ${{ steps.opencga_branch.outputs.opencga_branch }}
+  dependencies_sha:
+    description: "SHA representing the combination of OpenCGA/java-common-libs/biodata commits"
+    value: ${{ steps.dependencies_sha.outputs.dependencies_sha }}
+
+runs:
+  using: "composite"
+  steps:
+    - name: Checkout opencga-enterprise
+      uses: actions/checkout@v4
+      with:
+        ref: ${{ inputs.enterprise_ref }}
+        repository: zetta-genomics/opencga-enterprise
+        token: ${{ secrets.ZETTA_REPO_ACCESS_TOKEN }}
+        path: opencga-enterprise
+        fetch-depth: 10
+    - id: project_version
+      name: Read project.version and determine release flag
+      shell: bash
+      run: |
+        version=$(mvn -q -Dexpression=project.version -DforceStdout help:evaluate)
+        echo "enterprise_version=$version" >> "$GITHUB_OUTPUT"
+        echo "enterprise_version=$version" >> "$GITHUB_OUTPUT"
+        if [[ "$version" == *SNAPSHOT ]]; then
+          echo "is_release=false" >> "$GITHUB_OUTPUT"         
+        else
+          echo "is_release=true" >> "$GITHUB_OUTPUT"
+        fi
+    - id: opencga_branch
+      name: Resolve OpenCGA branch or tag from opencga.version and branch
+      shell: bash
+      run: |
+        if [ ! -f "./.github/workflows/scripts/opencga_branch.sh" ]; then
+          echo "ERROR: .github/workflows/scripts/opencga_branch.sh not found" >&2
+          exit 1
+        fi
+        chmod +x ./.github/workflows/scripts/opencga_branch.sh
+        branch=$(
+          ./.github/workflows/scripts/opencga_branch.sh \
+            "${{ steps.project_version.outputs.is_release }}"
+        )
+        echo "opencga_branch=$branch" >> "$GITHUB_OUTPUT"
+    - name: Checkout OpenCGA
+      uses: actions/checkout@v4
+      with:
+        repository: opencb/opencga
+        ref: ${{ steps.opencga_branch.outputs.opencga_branch }}
+        path: opencga-home
+        fetch-depth: 10
+    - id: dependencies_sha
+      name: Compute dependencies SHA for OpenCGA/java-common-libs/biodata
+      shell: bash
+      run: |
+        base_sha="${GITHUB_SHA}"
+        if [[ "${{ inputs.clone_dependencies }}" == "true" && "${{ steps.project_version.outputs.is_release }}" == "false" ]]; then
+          if [ -f "./.github/workflows/scripts/get_same_branch.sh" ]; then
+            echo "::group::Clone java-common-libs and biodata and compute dependencies SHA"
+            chmod +x ./.github/workflows/scripts/get_same_branch.sh
+
+            export DEPENDENCIES_SHA="$base_sha"
+            export WORKSPACE="${WORKSPACE:-/home/runner/work}"
+
+            ./.github/workflows/scripts/get_same_branch.sh "${{ inputs.enterprise_ref }}"
+            echo "::endgroup::"
+            exit 0
+          else
+            echo "get_same_branch.sh not found, skipping dependency cloning."
+          fi
+        fi
+        echo "dependencies_sha=$base_sha" >> "$GITHUB_OUTPUT"

.github/actions/setup-java-maven/action.yml

@@ -5,7 +5,7 @@ inputs:
   java_version:
     description: "Java version to use"
     required: false
-    default: "11"
+    default: "8"
   storage_hadoop:
     description: "Hadoop flavour, used as part of the Maven cache key"
     required: false

.github/workflows/build.yml

@@ -79,7 +79,6 @@ jobs:
       - name: Maven Build (skip tests)
         if: ${{ !inputs.deploy_maven }}
         run: mvn -T 2 clean install -DskipTests ${{ inputs.maven_opts }} --no-transfer-progress
-
       - name: Maven Deploy (skip tests, deploy to Maven Central y GitHub Packages)
         if: ${{ inputs.deploy_maven }}
         run: mvn -T 2 clean deploy -DskipTests -Pdeploy-maven,deploy-github ${{ inputs.maven_opts }} --no-transfer-progress
@@ -98,7 +97,6 @@ jobs:
 
       - name: Get project version
         id: get_project_version
-
         # This step extracts the Maven project version and exposes it as an output.
         run: |
           echo "version=$(mvn help:evaluate -q -Dexpression=project.version -DforceStdout)" >> "$GITHUB_OUTPUT"

.github/workflows/pull-request-approve.yml

@@ -0,0 +1,68 @@
+# .github/workflows/pull-request-approve.yml
+# Workflow to be triggered on PR approval, receives target_branch as input, checks out the repo,
+# computes the correct opencga-enterprise branch, and calls test-xetabase with the calculated branch and PR head as task.
+
+name: Xetabase PR Approve Entrypoint
+
+on:
+  workflow_call:
+    inputs:
+      target_branch:
+        description: 'Target branch of the PR (github.event.pull_request.base.ref)'
+        required: true
+        type: string
+      head_ref:
+        description: 'Source branch of the PR (github.event.pull_request.head.ref)'
+        required: true
+        type: string
+    secrets:
+      ZETTA_REPO_ACCESS_TOKEN:
+        required: true
+      THIRDPARTY_READ_TOKEN:
+        required: false
+      KEEPER_SM_GH_OPENCB:
+        required: false
+
+jobs:
+  resolve-and-test:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout triggering repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 10
+          path: triggering-repo
+      - name: Parse pom.xml to get project artifactId
+        id: pom
+        shell: bash
+        working-directory: triggering-repo
+        run: |
+          artifactId=$(xmllint --xpath '/*[local-name()="project"]/*[local-name()="artifactId"]/text()' pom.xml)
+          echo "artifactId=$artifactId" >> "$GITHUB_OUTPUT"
+      - name: Compute opencga-enterprise branch
+        id: compute_branch
+        env:
+          ZETTA_REPO_ACCESS_TOKEN: ${{ secrets.ZETTA_REPO_ACCESS_TOKEN }}
+        shell: bash
+        working-directory: triggering-repo
+        run: |
+          chmod +x ../.github/workflows/scripts/get_opencga_enterprise_branch.sh
+          branch=$( ../.github/workflows/scripts/get_opencga_enterprise_branch.sh "${{ steps.pom.outputs.artifactId }}" "${{ inputs.target_branch }}" "${{ inputs.head_ref }}" )
+          echo "branch=$branch" | tee -a $GITHUB_STEP_SUMMARY
+          echo "branch=$branch" >> $GITHUB_OUTPUT
+      - name: Checkout opencga-enterprise
+        uses: actions/checkout@v4
+        with:
+          repository: zetta-genomics/opencga-enterprise
+          ref: ${{ steps.compute_branch.outputs.branch }}
+          path: opencga-enterprise
+          token: ${{ secrets.ZETTA_REPO_ACCESS_TOKEN }}
+      - name: Call test-xetabase workflow with calculated branch
+        uses: ./.github/workflows/test-xetabase.yml
+        with:
+          branch: ${{ steps.compute_branch.outputs.branch }}
+          task: ${{ inputs.head_ref }}
+        secrets:
+          ZETTA_REPO_ACCESS_TOKEN: ${{ secrets.ZETTA_REPO_ACCESS_TOKEN }}
+          THIRDPARTY_READ_TOKEN: ${{ secrets.THIRDPARTY_READ_TOKEN }}
+          KEEPER_SM_GH_OPENCB: ${{ secrets.KEEPER_SM_GH_OPENCB }}

.github/workflows/scripts/get_opencga_enterprise_branch.sh

@@ -0,0 +1,85 @@
+#!/usr/bin/env bash
+# get_opencga_enterprise_branch.sh
+#
+# This script computes the correct opencga-enterprise branch to use for testing a PR in any Xetabase component repo.
+# It unifies the logic previously duplicated in java-common-libs, biodata, and opencga.
+#
+# Inputs:
+#   1. project (artifactId from pom.xml)
+#   2. base_ref (target branch of the PR)
+#   3. head_ref (source branch of the PR)
+#
+# Output:
+#   Prints the resolved opencga-enterprise branch to stdout.
+#   Exits with non-zero and error message if it cannot resolve a branch.
+
+set -euo pipefail
+
+project="$1"
+base_ref="$2"
+head_ref="$3"
+
+# Helper: check if a branch exists in the remote opencga-enterprise repo
+branch_exists() {
+  local branch="$1"
+  REPO_URI="https://$ZETTA_REPO_ACCESS_TOKEN@github.com/zetta-genomics/opencga-enterprise.git"
+  git ls-remote --heads "$REPO_URI" "$branch" | grep -q refs/heads
+}
+
+# 1. TASK-* branch logic: if head_ref starts with TASK- and exists in opencga-enterprise, use it
+if [[ "$head_ref" =~ ^TASK- ]]; then
+  if branch_exists "$head_ref"; then
+    echo "$head_ref"
+    exit 0
+  fi
+fi
+
+# 2. develop branch logic: always map to develop
+if [[ "$base_ref" == "develop" ]]; then
+  echo "develop"
+  exit 0
+fi
+
+# 3. release-* branch logic
+if [[ "$base_ref" =~ ^release-([0-9]+)\. ]]; then
+  major="${BASH_REMATCH[1]}"
+  # Project-specific offset for release branch mapping
+  case "$project" in
+    java-common-libs)
+      offset=3
+      ;;
+    biodata|opencga)
+      offset=1
+      ;;
+    opencga-enterprise)
+      # If the project is opencga-enterprise, use the branch as-is
+      echo "$base_ref"
+      exit 0
+      ;;
+    *)
+      echo "ERROR: Unknown project '$project' for release branch mapping" >&2
+      exit 1
+      ;;
+  esac
+  new_major=$((major - offset))
+  if (( new_major < 1 )); then
+    echo "ERROR: Computed release branch version < 1 for $project (base_ref: $base_ref, offset: $offset)" >&2
+    exit 1
+  fi
+  # Try to match release-x.x.x, fallback to release-x.x
+  branch_pattern="release-${new_major}."
+  # Find the latest matching branch in opencga-enterprise
+  branch=$(git ls-remote --heads https://github.com/zetta-genomics/opencga-enterprise.git | grep "refs/heads/${branch_pattern}" | awk -F'refs/heads/' '{print $2}' | sort -Vr | head -n1)
+  if [[ -n "$branch" ]]; then
+    echo "$branch"
+    exit 0
+  else
+    echo "ERROR: No matching release branch found in opencga-enterprise for $project (pattern: $branch_pattern)" >&2
+    exit 1
+  fi
+fi
+
+# 4. Fallback: fail with clear error
+echo "ERROR: Could not resolve opencga-enterprise branch for project '$project' (base_ref: $base_ref, head_ref: $head_ref)" >&2
+exit 1
+

.github/workflows/test-xetabase.yml

@@ -0,0 +1,100 @@
+name: TEST Xetabase and publish report workflow
+
+on:
+  workflow_call:
+    inputs:
+      task:
+        type: string
+        required: true
+      branch:
+        type: string
+        required: true
+  workflow_dispatch:
+    inputs:
+      task:
+        type: string
+        description: 'Task ID to be tested.'
+        required: true
+      branch:
+        type: string
+        description: 'Branch of opencga-enterprise to be tested and built.'
+        required: true
+
+jobs:
+  test:
+    name: Execute JUnit and Jacoco tests
+    runs-on: ${{ vars.UBUNTU_VERSION }}
+    steps:
+      - name: Retrieve secrets from Keeper
+        id: ksecrets
+        uses: Keeper-Security/ksm-action@master
+        with:
+          keeper-secret-config: ${{ secrets.KEEPER_SM_GH_OPENCB }}
+          secrets: |
+            AZURE_KUBE_CONFIG/field/Secret Value > env:AZURE_KUBE_CONFIG
+            DOCKER_HUB_USER/field/Secret Value > env:DOCKER_HUB_USER
+            DOCKER_HUB_PASSWORD/field/Secret Value > env:DOCKER_HUB_PASSWORD
+            SSH_TESTING_SERVER_HOST/field/Secret Value > env:SSH_HOST
+            SSH_TESTING_SERVER_PORT/field/Secret Value > env:SSH_PORT
+            SSH_TESTING_SERVER_USER/field/Secret Value > env:SSH_USER
+            SSH_TESTING_SERVER_PASSWORD/field/Secret Value > env:SSH_PASS
+      - name: Prepare enterprise, OpenCGA and dependencies
+        id: prepare
+        uses: ./.github/actions/prepare-opencga-enterprise
+        with:
+          enterprise_ref: ${{ inputs.branch != '' && inputs.branch || github.ref_name }}
+          clone_dependencies: "true"
+      - name: Set up Java and Maven cache
+        # Uses dependencies_sha to make the cache key sensitive to dependency commits
+        uses: ./.github/actions/setup-java-maven-cache
+        with:
+          storage_hadoop: ${{ inputs.storage_hadoop }}
+          dependencies_sha: ${{ steps.prepare.outputs.dependencies_sha }}
+
+      - name: Install Samtools
+        run: sudo apt-get install samtools python3-deeptools
+      - name: Start MongoDB v6.0
+        uses: supercharge/mongodb-github-action@1.8.0
+        with:
+          mongodb-version: 6.0
+          mongodb-replica-set: rs-test
+      - name: Install sshpass
+        run: sudo apt-get install sshpass
+      - name: Add SSH Host to known_hosts
+        run: |
+          mkdir -p ~/.ssh
+          ssh-keyscan -p ${{ env.SSH_PORT }} ${{ env.SSH_HOST }} >> ~/.ssh/known_hosts
+        env:
+          SSH_HOST: ${{ env.SSH_HOST }}
+          SSH_PORT: ${{ env.SSH_PORT }}
+      - name: Run all OpenCB Junit tests, ie. java-common-libs, biodata, opencga and opencga-enterprise
+        run: |
+          cd opencga-enterprise
+          ln -s ../opencga opencga-home
+          ./build.sh --test --test-level runShortTests --prepare-branches --test-save-reports --task ${{ inputs.task }} --storage-hadoop ${{ vars.HADOOP_FLAVOUR }} --prepare-hadoop --github
+        env:
+          THIRDPARTY_READ_TOKEN: ${{ secrets.THIRDPARTY_READ_TOKEN }}
+      - name: Upload reports results to Github
+        uses: actions/upload-artifact@v4
+        with:
+          name: report-test
+          path: ./opencga-enterprise/reports/
+          if-no-files-found: error
+      - name: Upload log
+        uses: actions/upload-artifact@v4
+        ## Skip cancelled()
+        ## https://docs.github.com/en/actions/learn-github-actions/expressions#cancelled
+        if: success() || failure()
+        with:
+          name: build-log
+          path: |
+            ./opencga-enterprise/build.log
+            ./opencga-enterprise/reports/*.log.gz
+          if-no-files-found: error
+      - name: Log summary
+        run: |
+          cat ./opencga-enterprise/build.log | tee -a $GITHUB_STEP_SUMMARY
+          
+          
+
+