AJ-2022: add Content-Security-Policy meta header for swagger-ui (#941) #10077
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and Test | |
| on: | |
| pull_request: | |
| branches: [ '**' ] | |
| push: | |
| paths-ignore: [ '*.md' ] | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.head_ref || github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout sources | |
| uses: actions/checkout@v4 | |
| - name: Set up JDK | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: '17' | |
| distribution: 'temurin' | |
| - name: Setup Gradle | |
| uses: gradle/actions/setup-gradle@v4 | |
| - name: Build all projects without running tests | |
| run: ./gradlew --build-cache build -x test | |
| unit-tests: | |
| needs: [ build ] | |
| runs-on: ubuntu-latest | |
| services: | |
| postgres: | |
| image: postgres:14 | |
| env: | |
| POSTGRES_PASSWORD: postgres | |
| options: >- | |
| --health-cmd pg_isready | |
| --health-interval 10s | |
| --health-timeout 5s | |
| --health-retries 5 | |
| ports: [ "5432:5432" ] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| # Needed by sonar to get the git history for the branch the PR will be merged into. | |
| with: | |
| fetch-depth: 0 | |
| - name: Initialize Postgres DB | |
| env: | |
| PGPASSWORD: postgres | |
| run: psql -h 127.0.0.1 -U postgres -f ./local-dev/local-postgres-init.sql | |
| - name: Set up JDK | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: '17' | |
| distribution: 'temurin' | |
| - name: Setup Gradle | |
| uses: gradle/actions/setup-gradle@v4 | |
| - name: Cache SonarCloud packages | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.sonar/cache | |
| key: ${{ runner.os }}-sonar | |
| restore-keys: ${{ runner.os }}-sonar | |
| - name: Build, assemble, and test | |
| id: build-test | |
| run: ./gradlew --build-cache --scan test jacocoTestReport | |
| # The SonarQube scan is done here, so it can upload the coverage report generated by the tests. | |
| - name: SonarQube scan | |
| env: | |
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: ./gradlew --build-cache sonar | |
| - name: Upload Test Reports | |
| if: steps.build-test.outcome == 'failure' | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: Test Reports | |
| path: service/build/reports | |
| retention-days: 14 | |
| bump-check: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| is-bump: ${{ steps.bumpcheck.outputs.is-bump }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Skip version bump merges | |
| id: bumpcheck | |
| uses: ./.github/actions/bump-skip | |
| with: | |
| event-name: ${{ github.event_name }} | |
| tag: | |
| if: always() && needs.bump-check.outputs.is-bump == 'no' && github.event_name == 'push' | |
| uses: ./.github/workflows/tag.yml | |
| needs: [ build, unit-tests, bump-check ] | |
| secrets: inherit | |
| # Publish Docker image to Google and Azure Container Registries, also reports to sherlock | |
| docker-image-job: | |
| if: always() && needs.bump-check.outputs.is-bump == 'no' && github.event_name == 'push' | |
| needs: [build, bump-check, tag] | |
| uses: ./.github/workflows/publish-docker.yml | |
| with: | |
| new-tag: ${{ needs.tag.outputs.new-tag }} | |
| secrets: | |
| ACR_SP_PASSWORD: ${{ secrets.ACR_SP_PASSWORD }} | |
| ACR_SP_USER: ${{ secrets.ACR_SP_USER }} |