-
Notifications
You must be signed in to change notification settings - Fork 5
162 lines (162 loc) · 7.15 KB
/
build-and-test.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
name: Build and test
run-name: Building and testing branch ${{ github.ref }}
on:
pull_request: # run on every pull request
push:
branches: # run only on protected branches (develop & master_*)
- develop
- master_*
jobs:
build-frontend:
name: Build Frontend
runs-on: ubuntu-latest
steps:
- uses: szenius/set-timezone@v2.0
with:
timezoneLinux: "Europe/Paris" # we set the timezone for Unit Tests to pass (we shouldn't need to, but it's currently required)
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: "18.20.3"
cache: "npm"
cache-dependency-path: |
ui/ui-frontend/package-lock.json
- name: Install ui-frontend dependencies
working-directory: ui/ui-frontend
run: npm ci
- name: Lint ui-frontend with ESLint # We run ESLint in that GitHub Action because it requires to install project's dependencies (Prettier is run in "lint" GitHub Action)
working-directory: ui/ui-frontend
run: npm run lint
- name: Build vitamui-library
working-directory: ui/ui-frontend
run: npm run build:vitamui-library
- name: Build ui-frontend apps
working-directory: ui/ui-frontend
run: npm run build:allModules
- name: Run tests on ui-frontend apps
working-directory: ui/ui-frontend
run: npm run ci:test
- name: Save JUnit report as artifact
uses: mikepenz/action-junit-report@v4.3.1
if: success() || failure() # always run even if the previous step fails
with:
report_paths: |
**/target/junit/*.xml
check_name: Frontend Test Report
- name: Save test & coverage reports as artifact
if: success() || failure() # always run even if the previous step fails
uses: actions/upload-artifact@v4
with:
name: frontend-test-reports
path: |
**/target/junit/*.xml
**/target/coverage/*
build-backend:
name: Build Backend
runs-on: ubuntu-22.04 # We stay on Ubuntu 22.04, otherwise, timezone configuration would not be taken into account in Java on Ubuntu 24.04 (for unexplained reasons) and would break unit tests
steps:
- uses: szenius/set-timezone@v2.0
with:
timezoneLinux: "Europe/Paris" # we set the timezone for Unit Tests to pass (we shouldn't need to, but it's currently required)
- uses: actions/checkout@v4
- uses: actions/setup-java@v4
with:
distribution: "temurin"
java-version: "17"
- name: Restore maven cache # We're not using cache feature from actions/setup-java as it's not allowing to fine-tune it (in particular, we can't use restore-keys to load a previous cache if cache name mismatches)
uses: actions/cache@v4
with:
# See https://github.com/actions/toolkit/issues/713 for why we use */*/* to be able to exclude dependency-check-data from the cache
path: |
~/.m2/repository/*/*/*
!~/.m2/repository/org/owasp/dependency-check-data
key: maven-${{ runner.os }}-${{ hashFiles('**/pom.xml') }}
restore-keys: maven-${{ runner.os }}-${{ github.ref_protected && hashFiles('**/pom.xml') || '' }} # If the key doesn't exist, tries to find a previous cache to speedup build, except for protected branches (to make sure we have a clean cache)
- name: Get today's date
id: get-date
run: |
echo "today=$(/bin/date -u "+%Y-%m-%d")" >> $GITHUB_OUTPUT
shell: bash
- name: Restore latest owasp-dependency-check cache
uses: actions/cache@v4
with:
path: ~/.m2/repository/org/owasp/dependency-check-data
key: owasp-dependency-check-${{ steps.get-date.outputs.today }} # The key changes every day
restore-keys: owasp-dependency-check- # If the key doesn't exist, tries to find a previous cache
- name: Build and test
run: >
mvn --settings .ci/github-actions-settings.xml
-Pvitam,no-cve-proxy
-Dspotless.check.skip
-Ddependency-check.skip
--batch-mode --errors -U
--projects '!cots/vitamui-mongo-express'
verify
env:
SERVICE_NEXUS_URL: ${{ secrets.SERVICE_NEXUS_URL }}
CI_USR: ${{ secrets.CI_USR }}
CI_PSW: ${{ secrets.CI_PSW }}
- name: Save JUnit report as artifact
uses: mikepenz/action-junit-report@v4.3.1
if: success() || failure() # always run even if the previous step fails
with:
report_paths: |
**/target/surefire-reports/*.xml
check_name: Backend Test Report
- name: Save test & coverage reports as artifact
if: success() || failure() # always run even if the previous step fails
uses: actions/upload-artifact@v4
with:
name: backend-test-reports
path: |
**/target/surefire-reports/*.xml
**/target/site/jacoco/jacoco.xml
- name: Save generated classes as (temporary) artifact for SonarCloud analysis
if: ${{ github.event_name == 'push' && github.ref_protected }} # only save generated classes when executing SonarCloud analysis
uses: actions/upload-artifact@v4
with:
name: backend-generated-classes
path: |
**/target/classes/**/*
**/target/test-classes/**/*
sonarcloud:
name: Run SonarCloud analysis
needs: [build-frontend, build-backend]
if: ${{ github.event_name == 'push' && github.ref_protected }} # only run SonarCloud analysis on protected branches
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Restore maven cache # We need maven cache for Sonar to have access to java libraries code
uses: actions/cache/restore@v4
with:
fail-on-cache-miss: true
path: |
~/.m2/repository/*/*/*
!~/.m2/repository/org/owasp/dependency-check-data
key: maven-${{ runner.os }}-${{ hashFiles('**/pom.xml') }}
- name: Copy m2 repository in workspace "lib" directory to make it available from SonarCloud docker container # If not copied in the source code folder, it's not visible by the docker container
run: cp -r ~/.m2/repository ${{ github.workspace }}/lib
- name: Download frontend test reports
uses: actions/download-artifact@v4
with:
name: frontend-test-reports
- name: Download backend test reports
uses: actions/download-artifact@v4
with:
name: backend-test-reports
- name: Download backend target directories
uses: actions/download-artifact@v4
with:
name: backend-generated-classes
- name: SonarCloud Scan
uses: sonarsource/sonarcloud-github-action@v3.0.0
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
- name: Delete temporary artifact
uses: geekyeggo/delete-artifact@v5.1.0
if: success() || failure() # always run even if the previous step fails
with:
name: backend-generated-classes