TrueLayer · dili91 · Dec 21, 2023 · Dec 21, 2023 · Dec 21, 2023 · Dec 21, 2023
@@ -1,11 +1,12 @@
-name: Acceptance tests
+# Reusable workflow to run the acceptance tests, referenced by workflow-*.yml pipelines.
+name: Acceptance tests in Sandbox environment
 
 on:
   workflow_call:
     inputs:
       checkout_ref:
         description: 'The reference to checkout before running the acceptance tests. Used to run the tests on a fork.'
-        required: false
+        required: true
         type: string
     secrets:
       tl_client_id:
@@ -25,7 +26,7 @@ jobs:
         with:
           ref: ${{ inputs.checkout_ref }}
       - name: Setup JDK
-        uses: actions/setup-java@v3
+        uses: actions/setup-java@v4
         with:
           java-version: '21'
           distribution: 'temurin'

@@ -1,33 +1,39 @@
-name: Build
+# Reusable workflow to build, run unit and integration test and coverage analysis, referenced by workflow-*.yml pipelines.
+name: Build, tests and coverage analysis
 
 on:
   workflow_call:
+    secrets:
+      coveralls_repo_token:
+        required: true
     inputs:
       checkout_ref:
         description: 'The reference to checkout before running the acceptance tests. Used to run the tests on a fork.'
-        required: false
+        required: true
         type: string
     outputs:
       project_version:
         description: "The project version"
-        value: ${{ jobs.build.outputs.project_version }}
+        value: ${{ jobs.build-test.outputs.project_version }}
 
 jobs:
-  build:
+  build-test:
     name: Build and tests
     strategy:
       fail-fast: false
       matrix:
         os: [ ubuntu-latest ]
         java-distribution: [ temurin ]
-        java-version: [ 11, 16, 17, 18, 19, 20, 21 ]
+        java-version: [ 11, 17, 20, 21 ]
     runs-on: ${{ matrix.os }}
     outputs:
       project_version: ${{ steps.get_project_version.outputs.project_version }}
     steps:
       - uses: actions/checkout@v4
+        with:
+          ref: ${{ inputs.checkout_ref }}
       - name: Setup JDK ${{ matrix.java }}
-        uses: actions/setup-java@v3
+        uses: actions/setup-java@v4
         with:
           java-version: ${{ matrix.java-version }}
           distribution: ${{ matrix.java-distribution }}
@@ -38,7 +44,7 @@ jobs:
         id: get_project_version
         run: |
           PROJECT_VERSION=$(./gradlew properties -q | grep "version:" | awk '{print $2}')
-          echo "::set-output name=project_version::$PROJECT_VERSION"
+          echo "project_version=$PROJECT_VERSION" >> $GITHUB_OUTPUT
       - name: Semantic versioning check
         run: |
           if [[ "${{steps.get_project_version.outputs.project_version}}" =~ ^([0-9]+)\.([0-9]+)\.([0-9]+)$ ]]; then
@@ -53,4 +59,24 @@ jobs:
       - name: Unit tests
         run: ./gradlew unit-tests
       - name: Integration tests
-        run: ./gradlew integration-tests
+        run: ./gradlew integration-tests
+  coverage:
+    name: Test coverage analysis
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          ref: ${{ inputs.checkout_ref }}
+      - name: Setup JDK
+        uses: actions/setup-java@v4
+        with:
+          java-version: '21'
+          distribution: 'temurin'
+          cache: 'gradle'
+      - name: Validate Gradle wrapper
+        uses: gradle/wrapper-validation-action@v1
+      - name: Test coverage
+        run: ./gradlew unit-tests jacocoTestReport coveralls
+        env:
+          COVERALLS_REPO_TOKEN: ${{ secrets.coveralls_repo_token }}
+          CI_BRANCH: ${{ inputs.checkout_ref }}
@@ -1,68 +1,33 @@
-name: Release snapshot version
+# Reusable workflow to release to Nexus snapshot repository, referenced by workflow-*.yml pipelines.
+name: Release to Nexus snapshots repository
 
 on:
-  # This applies to all branches that are part of our repo, that is all *internal* contributions
-  push:
-    branches-ignore:
-      - 'main'
-    tags-ignore:
-      - '**'
-  # This applies to both *internal* and *external* contributions
-  pull_request_target:
-    types: [ opened, synchronize ]
+  workflow_call:
+    inputs:
+      checkout_ref:
+        description: 'The reference to checkout before running the acceptance tests. Used to run the tests on a fork.'
+        required: true
+        type: string
+      project_version:
+        description: "The project version"
+        required: true
+        type: string
+    secrets:
+      sonatype_username:
+        required: true
+      sonatype_password:
+        required: true
 
 jobs:
-  coverage:
-    name: Test coverage analysis
-    uses: ./.github/workflows/coverage.yml
-    with:
-      checkout_ref: ${{ github.event.pull_request.head.sha }}
-    secrets:
-      coveralls_repo_token: ${{ secrets.COVERALLS_REPO_TOKEN }}
-  build:
-    name: Build and tests
-    with:
-      checkout_ref: ${{ github.event.pull_request.head.sha }}
-    uses: ./.github/workflows/build.yml
-  access-check:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Get User Permission
-        id: checkAccess
-        uses: actions-cool/check-user-permission@v2
-        with:
-          require: write
-          username: ${{ github.triggering_actor }}
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      - name: Check User Permission
-        if: steps.checkAccess.outputs.require-result == 'false'
-        run: |
-          echo "${{ github.triggering_actor }} does not have permissions on this repo."
-          echo "Current permission level is ${{ steps.checkAccess.outputs.user-permission }}"
-          echo "Job originally triggered by ${{ github.actor }}"
-          exit 1
-  acceptance-tests:
-    name: Acceptance tests in Sandbox environment
-    needs: [build, access-check]
-    with:
-      checkout_ref: ${{ github.event.pull_request.head.sha }}
-    uses: ./.github/workflows/acceptance-tests.yml
-    secrets:
-      tl_client_id: ${{ secrets.ACCEPTANCE_TEST_CLIENT_ID }}
-      tl_client_secret: ${{ secrets.ACCEPTANCE_TEST_CLIENT_SECRET }}
-      tl_signing_key_id: ${{ secrets.ACCEPTANCE_TEST_SIGNING_KEY_ID }}
-      tl_signing_private_key: ${{ secrets.ACCEPTANCE_TEST_SIGNING_PRIVATE_KEY }}
   release-snapshot:
     name: Release to Nexus snapshots repository
     runs-on: ubuntu-latest
-    needs: [build, acceptance-tests]
     steps:
       - uses: actions/checkout@v4
         with:
-          checkout_ref: ${{ github.event.pull_request.head.sha }}
+          ref: ${{ inputs.checkout_ref }}
       - name: Setup JDK
-        uses: actions/setup-java@v3
+        uses: actions/setup-java@v4
         with:
           java-version: '21'
           distribution: 'temurin'
@@ -71,11 +36,14 @@ jobs:
         uses: gradle/wrapper-validation-action@v1
       - name: Create Snapshot version
         run: |
-          echo "project_version_snapshot=${{needs.build.outputs.project_version}}-${GITHUB_REF##*/}-SNAPSHOT" >> $GITHUB_ENV
+          CHECKOUT_REF=${{inputs.checkout_ref}}
+          STRIPPED_CHECKOUT_REF=${CHECKOUT_REF##*/}
+          echo "stripped_checkout_ref=$STRIPPED_CHECKOUT_REF" >> $GITHUB_ENV
+          echo "project_version_snapshot=${{inputs.project_version}}-$STRIPPED_CHECKOUT_REF-SNAPSHOT" >> $GITHUB_ENV
           echo "Snapshot project version created: ${{env.project_version_snapshot}}"
       - name: Snapshot version check
         run: |
-          SNAPSHOT_VERSION_REGEX="^([0-9]+)\.([0-9]+)\.([0-9]+)-${GITHUB_REF##*/}-SNAPSHOT$";
+          SNAPSHOT_VERSION_REGEX="^([0-9]+)\.([0-9]+)\.([0-9]+)-${{env.stripped_checkout_ref}}-SNAPSHOT$";
           if [[ "${{env.project_version_snapshot}}" =~ $SNAPSHOT_VERSION_REGEX ]]; then
               echo "Project version ${{env.project_version_snapshot}} is valid"
           else
@@ -84,5 +52,5 @@ jobs:
       - name: Publish to Sonatype snapshot repository
         run: ./gradlew -Pversion=${{env.project_version_snapshot}} publishToSonatype
         env:
-          SONATYPE_USERNAME: ${{ secrets.SONATYPE_USERNAME }}
-          SONATYPE_PASSWORD: ${{ secrets.SONATYPE_PASSWORD }}
+          SONATYPE_USERNAME: ${{ secrets.sonatype_username }}
+          SONATYPE_PASSWORD: ${{ secrets.sonatype_password }}
@@ -0,0 +1,39 @@
+# Workflow that runs only on internal branches that are not then main one.
+# Triggered by pushes on internal branches (excluding main and tags).
+# Build, test, run coverage analysis and release to Maven Central a final release.
+name: Workflow on internal branch, excluding main
+
+on:
+  push:
+    branches-ignore:
+      - 'main'
+      - 'TrueLayer:**' #TODO: remove
+    tags-ignore:
+      - '**'
+
+jobs:
+  build-test-coverage:
+    uses: ./.github/workflows/build-test-coverage.yml
+    with:
+      checkout_ref: ${{ github.ref }}
+    secrets:
+      coveralls_repo_token: ${{ secrets.COVERALLS_REPO_TOKEN }}
+  acceptance-tests:
+    needs: build-test-coverage
+    uses: ./.github/workflows/acceptance-tests.yml
+    with:
+      checkout_ref: ${{ github.ref }}
+    secrets:
+      tl_client_id: ${{ secrets.ACCEPTANCE_TEST_CLIENT_ID }}
+      tl_client_secret: ${{ secrets.ACCEPTANCE_TEST_CLIENT_SECRET }}
+      tl_signing_key_id: ${{ secrets.ACCEPTANCE_TEST_SIGNING_KEY_ID }}
+      tl_signing_private_key: ${{ secrets.ACCEPTANCE_TEST_SIGNING_PRIVATE_KEY }}
+  release-snapshot:
+    needs: [build-test-coverage, acceptance-tests]
+    uses: ./.github/workflows/release-snapshot.yml
+    with:
+      checkout_ref: ${{ github.ref }}
+      project_version: ${{ needs.build-test-coverage.outputs.project_version }}
+    secrets:
+      sonatype_username: ${{ secrets.SONATYPE_USERNAME }}
+      sonatype_password: ${{ secrets.SONATYPE_PASSWORD }}
@@ -1,4 +1,7 @@
-name: Release final version
+# Main workflow that runs on the main branch.
+# Triggered by pushes on the main branch (excluding tags).
+# Build, test, run coverage analysis and release to Maven Central a final release.
+name: Workflow on main branch
 
 on:
   push:
@@ -8,20 +11,17 @@ on:
       - '**'
 
 jobs:
-  coverage:
-    name: Test coverage analysis
-    uses: ./.github/workflows/coverage.yml
+  build-test-coverage:
+    uses: ./.github/workflows/build-test-coverage.yml
     with:
-      branch: ${{ github.head_ref }}
+      checkout_ref: ${{ github.ref }}
     secrets:
-      coveralls_repo_token: ${{ secrets.COVERALLS_REPO_TOKEN }}
-  build:
-    name: Build and tests
-    uses: ./.github/workflows/build.yml
+        coveralls_repo_token: ${{ secrets.COVERALLS_REPO_TOKEN }}
   acceptance-tests:
-    name: Acceptance tests in Sandbox environment
-    needs: build
+    needs: build-test-coverage
     uses: ./.github/workflows/acceptance-tests.yml
+    with:
+      checkout_ref: ${{ github.ref }}
     secrets:
       tl_client_id: ${{ secrets.ACCEPTANCE_TEST_CLIENT_ID }}
       tl_client_secret: ${{ secrets.ACCEPTANCE_TEST_CLIENT_SECRET }}
@@ -30,11 +30,13 @@ jobs:
   release:
     name: Release to Maven Central
     runs-on: ubuntu-latest
-    needs: [build, acceptance-tests]
+    needs: acceptance-tests
     steps:
       - uses: actions/checkout@v4
+        with:
+          checkout_ref: ${{ github.ref }}
       - name: Setup JDK
-        uses: actions/setup-java@v3
+        uses: actions/setup-java@v4
         with:
           java-version: '21'
           distribution: 'temurin'
@@ -46,7 +48,7 @@ jobs:
         uses: mathieudutour/github-tag-action@v6.0
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}
-          custom_tag: ${{ needs.build.outputs.project_version }}
+          custom_tag: ${{ needs.build-test-coverage.outputs.project_version }}
           tag_prefix: ''
       - name: Create release
         uses: softprops/action-gh-release@v1