Skip to content

build_application #1668

build_application

build_application #1668

Workflow file for this run

# Copyright © 2017-2024 Dominic Heutelbeck (dominic@heutelbeck.com)
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
name: Testing and Publishing
on:
workflow_dispatch:
repository_dispatch:
create:
branches:
- '**'
push:
branches:
- '**'
paths-ignore:
- '.github/workflows/**'
- '!.github/workflows/build.yml'
- '**.md'
pull_request:
paths-ignore:
- '.github/workflows/**'
- '!.github/workflows/build.yml'
- '**.md'
permissions:
contents: read
jobs:
build:
strategy:
matrix:
java: [ '17', '21' ]
os: [ubuntu-latest, windows-latest, macos-latest]
fail-fast: false
name: Build (JDK ${{ matrix.java }} on ${{ matrix.os }})
runs-on: ${{ matrix.os }}
permissions:
checks: write # for scacap/action-surefire-report to publish result as PR check
timeout-minutes: 45
env:
# Run Sonar, Integration Tests, and JaCoCo only for Ubuntu JDK 17. All other platforms, just do quick unit tests.
RUN_ANALYSIS: ${{ (matrix.os == 'ubuntu-latest') && (matrix.java == '17') }}
# PRs from Dependabot are treated the same as those from forks since secrets are not accessible
# (see: https://github.com/dependabot/dependabot-core/issues/3253#issuecomment-852541544).
IS_FORK: ${{ github.event.pull_request.head.repo.fork || (github.actor == 'dependabot[bot]') }}
steps:
- name: Harden Runner
# Currently not supported for windows and macos
# (see: https://github.com/step-security/harden-runner/discussions/121).
if: ${{ matrix.os == 'ubuntu-latest' }}
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
with:
egress-policy: audit
- name: Check out
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
lfs: true
fetch-depth: 0
# This Action will scan dependency manifest files that change as part of a Pull Request,
# surfacing known-vulnerable versions of the packages declared or updated in the PR.
# Once installed, if the workflow run is marked as required,
# PRs introducing known-vulnerable packages will be blocked from merging.
- name: Dependency Review
if: ${{ (env.RUN_ANALYSIS == 'true') && (github.event_name == 'pull_request') }}
uses: actions/dependency-review-action@4901385134134e04cec5fbe5ddfe3b2c5bd5d976 # v4.0.0
- name: Set up JDK ${{ matrix.java }}
uses: actions/setup-java@387ac29b308b003ca37ba93a6cab5eb57c8f5f93 # v4.0.0
with:
distribution: 'temurin'
java-version: ${{ matrix.java }}
cache: 'maven'
- name: Setup Maven
uses: stCarolas/setup-maven@d6af6abeda15e98926a57b5aa970a96bb37f97d1 # v5
with:
maven-version: 3.9.6
- name: Set up Node.js
uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
with:
node-version: '20'
- name: Add auth-host to /etc/hosts for OAuth Integration Tests
if: env.RUN_ANALYSIS == 'true'
run: sudo sh -c 'echo "127.0.0.1 auth-host" >> /etc/hosts'
- name: Build Modules
if: env.RUN_ANALYSIS == 'true'
run: mvn -U -B install -DskipTests -pl !:sapl-demo-testing
- name: Build Integration Test Images
if: env.RUN_ANALYSIS == 'true'
run: mvn -B spring-boot:build-image -pl :sapl-demo-oauth2-jwt-authorization-server,:sapl-demo-oauth2-jwt-resource-server -DskipTests
- name: Run Unit Tests Only
if: env.RUN_ANALYSIS == 'false'
# Make sure to activate Vaadin production to catch potential errors during vite JS processing.
run: mvn -B package -fae -Pproduction
- name: Run Unit Tests, Integration Tests, JaCoCo, SpotBugs
if: env.RUN_ANALYSIS == 'true'
# Make sure to activate Vaadin production to catch potential errors during vite JS processing.
run: mvn -B org.jacoco:jacoco-maven-plugin:0.8.11:prepare-agent verify org.jacoco:jacoco-maven-plugin:0.8.11:report spotbugs:spotbugs -fae -pl !:sapl-demo-oauth2-jwt-client-application -Pproduction,it
- name: Cache Sonar Packages
if: ${{ (env.RUN_ANALYSIS == 'true') && (env.IS_FORK == 'false') }}
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0
with:
path: ~/.sonar/cache
key: ${{ runner.os }}-sonar
restore-keys: ${{ runner.os }}-sonar
- name: Run SonarCloud Analysis
if: ${{ (env.RUN_ANALYSIS == 'true') && (env.IS_FORK == 'false') }}
env:
SONAR_TOKEN: ${{ secrets.SONARCLOUD_TOKEN }}
run: >
mvn -B org.sonarsource.scanner.maven:sonar-maven-plugin:3.9.1.2184:sonar
-pl !:sapl-demo-oauth2-jwt-client-application
-Dsonar.organization=heutelbeck
-Dsonar.host.url=https://sonarcloud.io
-Dsonar.projectKey=heutelbeck_sapl-demos
-Dsonar.sources=pom.xml,src/
-Dsonar.inclusions=**/pom.xml,**/src/main/java/**,**/src/main/resources/**
-Dsonar.exclusions=**/xtext-gen/**/*,**/xtend-gen/**/*,**/emf-gen/**/*
-Dsonar.java.spotbugs.reportPaths=target/spotbugsXml.xml
-Dsonar.qualitygate.wait=true
- name: Save PR Number # needed for subsequent SonarCloud workflow for PRs from fork
if: ${{ (env.RUN_ANALYSIS == 'true') && (env.IS_FORK == 'true') }}
run: echo "${{ github.event.number }}" > pr_data.txt
- name: Upload Artifact # needed for subsequent SonarCloud workflow for PRs from fork
if: ${{ (env.RUN_ANALYSIS == 'true') && (env.IS_FORK == 'true') }}
uses: actions/upload-artifact@26f96dfa697d77e81fd5907df203aa23a56210a8 # v4.3.0
with:
name: pr_build
path: |
**/src
**/target/spotbugsXml.xml
**/target/classes
**/target/test-classes
**/target/site/jacoco/jacoco.xml
**/pom.xml
pom.xml
pr_data.txt
.git
retention-days: 1
- name: Publish Test Report
if: ${{ (success() || failure()) && (env.RUN_ANALYSIS == 'true') && (env.IS_FORK == 'false') }}
uses: scacap/action-surefire-report@a2911bd1a4412ec18dde2d93b1758b3e56d2a880 # v1.8.0
- name: Clean up Local Repository before Caching
shell: bash # needed to run script on windows
run: rm -rf ~/.m2/repository/io/sapl
deploy:
if: ${{ github.ref == 'refs/heads/master' }}
needs: [ build ]
name: Publish Project Assets
runs-on: ubuntu-latest
permissions:
actions: write # for Mattraks/delete-workflow-runs
timeout-minutes: 35
steps:
- name: Harden Runner
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
with:
egress-policy: audit
- name: Check out
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
lfs: true
fetch-depth: 0
- name: Set up JDK 17
uses: actions/setup-java@387ac29b308b003ca37ba93a6cab5eb57c8f5f93 # v4.0.0
with:
distribution: 'temurin'
java-version: '17'
cache: 'maven'
- name: Setup Maven
uses: stCarolas/setup-maven@d6af6abeda15e98926a57b5aa970a96bb37f97d1 # v5
with:
maven-version: 3.9.6
- name: Set up Node.js
uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
with:
node-version: '20'
- name: Log in to the Container Registry
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GHUB_ACCESS_TOKEN }}
- name: Build Module SAPL Demo Playground
run: mvn -B install -pl sapl-demo-playground -P production -DskipTests
- name: Build SAPL Demo Playground Image
run: mvn -B spring-boot:build-image -pl sapl-demo-playground -Pproduction -DskipTests
- name: Get Version
id: get-version
run: |
VERSION=$( mvn help:evaluate -Dexpression=project.version -q -DforceStdout )
echo "version=$VERSION" >> $GITHUB_OUTPUT
- name: Push SAPL Demo Playground Image
run: docker push ghcr.io/heutelbeck/sapl-demo-playground:${{ steps.get-version.outputs.VERSION }}
- name: Delete Workflow Runs
uses: Mattraks/delete-workflow-runs@39f0bbed25d76b34de5594dceab824811479e5de # v2.0.6
with:
token: ${{ github.token }}
repository: ${{ github.repository }}
retain_days: 1
keep_minimum_runs: 6
- name: Clean up Local Repository before Caching
run: rm -rf ~/.m2/repository/io/sapl