Merge pull request #326 from medizininformatik-initiative/feature/325… #1157

Workflow file for this run

	name: Docker

	on:
	push:
	branches:
	- '**'
	tags:
	- v[0-9]+.[0-9]+.[0-9]+**
	pull_request:
	branches:
	- master

	jobs:

	tests:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4

	- name: Set up JDK 17
	uses: actions/setup-java@v4
	with:
	distribution: 'temurin'
	java-version: 17

	- name: Cache Local Maven Repo
	uses: actions/cache@v4
	with:
	path: ~/.m2/repository
	key: tests-maven-${{ hashFiles('pom.xml') }}

	- uses: s4u/maven-settings-action@v3.0.0
	with:
	servers: \|
	[{"id": "mii", "username": "${{ github.actor }}", "password": "${{ secrets.GITHUB_TOKEN }}"}]

	- name: Initialize CodeQL
	uses: github/codeql-action/init@v3
	with:
	languages: java
	queries: security-and-quality

	- name: Run Tests
	run: mvn -Pdownload-ontology -B verify

	- name: Upload coverage to Codecov
	uses: codecov/codecov-action@v4
	env:
	CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
	with:
	fail_ci_if_error: true

	- name: Perform CodeQL Analysis
	uses: github/codeql-action/analyze@v3

	- name: Upload Feasibility Backend Jar
	uses: actions/upload-artifact@v4
	with:
	name: backend-jar
	path: target/feasibilityBackend.jar

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3

	- name: Build and Export to Docker
	uses: docker/build-push-action@v5
	with:
	context: .
	tags: backend:latest
	outputs: type=docker,dest=/tmp/feasibilityBackend.tar

	- name: Upload Feasibility Backend Image
	uses: actions/upload-artifact@v4
	with:
	name: backend-image
	path: /tmp/feasibilityBackend.tar

	security-scan:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4

	- name: Set up JDK 17
	uses: actions/setup-java@v4
	with:
	distribution: 'zulu'
	java-version: 17

	- name: Cache Local Maven Repo
	uses: actions/cache@v4
	with:
	path: ~/.m2/repository
	key: security-scan-maven-${{ hashFiles('pom.xml') }}

	- uses: s4u/maven-settings-action@v3.0.0
	with:
	servers: \|
	[{"id": "mii", "username": "${{ github.actor }}", "password": "${{ secrets.GITHUB_TOKEN }}"}]

	- name: Maven Package
	run: mvn -Pdownload-ontology -B -DskipTests package

	- name: Build and push Docker image
	uses: docker/build-push-action@v5
	with:
	context: .
	tags: security-scan-build:latest
	push: false

	- name: Run Trivy Vulnerability Scanner
	uses: aquasecurity/trivy-action@master
	with:
	image-ref: security-scan-build:latest
	format: sarif
	output: trivy-results.sarif
	severity: 'CRITICAL,HIGH'
	timeout: '15m0s'

	- name: Upload Trivy Scan Results to GitHub Security Tab
	uses: github/codeql-action/upload-sarif@v3
	with:
	sarif_file: trivy-results.sarif

	integration-test:
	needs: tests
	runs-on: ubuntu-22.04

	steps:
	- name: Check out Git repository
	uses: actions/checkout@v4

	- name: Download Feasibility Backend Image
	uses: actions/download-artifact@v4
	with:
	name: backend-image
	path: /tmp

	- name: Install jq
	uses: dcarbone/install-jq-action@v1.0.1

	- name: Load Feasibility Backend Image
	run: docker load --input /tmp/feasibilityBackend.tar

	- name: Download ontology files from github
	run: .github/scripts/download-and-unpack-ontology.sh

	- name: Run Feasibility Backend with Database, Keycloak and Blaze
	run: docker compose -f .github/integration-test/docker-compose.yml up -d

	- name: Wait for Feasibility Backend
	run: .github/scripts/wait-for-url.sh http://localhost:8091/actuator/health

	- name: Check if Feasibility Backend is correctly running with the feasibility user
	run: .github/scripts/check-if-running-as-feasibility-user.sh

	- name: Wait for Blaze
	run: .github/scripts/wait-for-url.sh http://localhost:8082/health

	- name: Load Data
	run: .github/scripts/load-test-data.sh

	- name: Wait for Keycloak
	run: .github/scripts/wait-for-url.sh http://localhost:8083/auth/

	- name: Create Test User in Keycloak
	run: .github/scripts/create-keycloak-user.sh

	- name: Wait for Flare
	run: .github/scripts/wait-for-url.sh http://localhost:8092/cache/stats

	- name: Post Test Query
	run: .github/scripts/post-test-query.sh

	- name: Dump docker logs on failure
	if: failure()
	uses: jwalton/gh-docker-logs@v2

	release:
	if: ${{ startsWith(github.ref, 'refs/tags/v') }}
	needs:
	- tests
	- integration-test
	- security-scan
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4

	- name: Set up JDK 17
	uses: actions/setup-java@v4
	with:
	distribution: 'temurin'
	java-version: 17

	- name: Cache Local Maven Repo
	uses: actions/cache@v4
	with:
	path: ~/.m2/repository
	key: release-maven-${{ hashFiles('pom.xml') }}

	- uses: s4u/maven-settings-action@v3.0.0
	with:
	servers: \|
	[{"id": "mii", "username": "${{ github.actor }}", "password": "${{ secrets.GITHUB_TOKEN }}"}]

	- name: Prepare Version
	id: prep
	run: \|
	echo ::set-output name=repository::$(echo $GITHUB_REPOSITORY \| tr '[:upper:]' '[:lower:]')
	echo ::set-output name=version::${GITHUB_REF#refs/tags/v}

	- name: Maven Package
	run: mvn -Pdownload-ontology -B -DskipTests package

	- name: Login to GitHub Docker Registry
	uses: docker/login-action@v1
	with:
	registry: ghcr.io
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Set up QEMU
	uses: docker/setup-qemu-action@v1

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3

	- name: Build and push Docker image
	uses: docker/build-push-action@v5
	with:
	context: .
	platforms: linux/amd64,linux/arm64
	tags: \|
	ghcr.io/${{ steps.prep.outputs.repository }}:latest
	ghcr.io/${{ steps.prep.outputs.repository }}:${{ steps.prep.outputs.version }}
	push: true

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Merge pull request #326 from medizininformatik-initiative/feature/325… #1157

Workflow file

Merge pull request #326 from medizininformatik-initiative/feature/325… #1157

Jobs

Run details

Workflow file for this run