-
Notifications
You must be signed in to change notification settings - Fork 5
88 lines (73 loc) · 2.62 KB
/
java-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
# from https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-java-with-gradle
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
# GitHub recommends pinning actions to a commit SHA.
# To get a newer version, you will need to update the SHA.
# You can also reference a tag or branch, but the action may change without warning.
name: Java CI
on:
push:
branches: [ development ]
paths-ignore: [ '*.md']
pull_request:
branches: [ '**' ]
merge_group:
jobs:
build:
runs-on: ubuntu-latest
services:
postgres:
image: postgres
env:
POSTGRES_PASSWORD: dbpwd
POSTGRES_USER: test_dbuser
POSTGRES_DB: pearl_test
options: >-
--health-cmd pg_isready
--health-interval 10s
--health-timeout 5s
--health-retries 5
ports:
- 5432:5432
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of SonarQube analysis
- name: Set up JDK 17
uses: actions/setup-java@v3
with:
java-version: '17'
distribution: 'adopt'
- name: Validate Gradle wrapper
uses: gradle/wrapper-validation-action@e6e38bacfdf1a337459f332974bb2327a31aaf4b
- name: Build with Gradle
uses: gradle/gradle-build-action@67421db6bd0bf253fb4bd25b31ebb98943c375e1
with:
arguments: build --info # if you need to see test failure full stacktraces, change this to `build --info`
# Need to uncomment these in follow up PR, The new Trivy and Tag workflows need to exist on the development branch
# before the following steps will work
# Run DSP App Sec Trivy Scanner on PRs
dispatch-trivy:
needs: [ build ]
runs-on: ubuntu-latest
if: github.event_name == 'pull_request'
steps:
- name: Trigger Trivy Scan
uses: broadinstitute/workflow-dispatch@v1
with:
workflow: Trivy
token: ${{ secrets.BROADBOT_TOKEN }}
ref: ${{ github.event.pull_request.head.ref }}
dispatch-tag:
needs: [ build ]
runs-on: ubuntu-latest
# Only tag a new release if prior steps were successful and triggering commit is a merge to mainline
if: success() && github.ref == 'refs/heads/development'
steps:
- name: Trigger Tag Workflow
uses: broadinstitute/workflow-dispatch@v1
with:
workflow: Tag
token: ${{ secrets.BROADBOT_TOKEN }}