Skip to content
Validate config

bump 0.0.160 #679

Sign in to view logs

bump 0.0.160

bump 0.0.160 #679

Workflow file for this run

.github/workflows/validate-config.yaml at 8c8890f
name: Validate config
on:
push:
branches: [ main ]
paths-ignore:
- 'README.md'
- 'docs/**'
pull_request:
branches: [ '**' ]
# Always run this GHA on PRs, so that we have at least one successful check to satisfy branch protections.
workflow_dispatch:
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Set up AdoptOpenJDK 11
uses: actions/setup-java@v3
with:
java-version: 11
distribution: 'temurin'
- name: Cache Gradle packages
uses: actions/cache@v2
with:
path: |
~/.gradle/caches
~/.gradle/wrapper
key: v1-${{ runner.os }}-gradle-${{ hashfiles('**/gradle-wrapper.properties') }}-${{ hashFiles('**/*.gradle') }}
restore-keys: v1-${{ runner.os }}-gradle-${{ hashfiles('**/gradle-wrapper.properties') }}
- name: Pull credentials
id: pull_credentials
run: |
# For security reasons, Broad prefers we read GHA secrets instead of reading from vault.
# This step does the equivalent of the pull-credentials.sh script.
# On local machines, the script fetches a SA from Vault.
# In GH actions, the SA key is stored in a GH repo secret.
# Regardless of how it was fetched, tests and scripts expect these
# keys to be stored in rendered/.
mkdir -p rendered/broad/
echo "$TEST_PROJECT_SA_KEY" > rendered/broad/tanagra_sa.json
env:
TEST_PROJECT_SA_KEY: ${{ secrets.TEST_PROJECT_SA_KEY }}
- name: Verify configs are in sync, for example vumc/sdd and verily/sdd
run: .github/tools/verify_config_in_sync.sh
- name: Verify underlay configs have been expanded
if: always()
run: .github/tools/verify_config_has_been_expanded.sh
env:
GOOGLE_APPLICATION_CREDENTIALS: ../rendered/broad/tanagra_sa.json