Skip to content

fix: Workflow fixed. #23

fix: Workflow fixed.

fix: Workflow fixed. #23

Workflow file for this run

name: Post-merge workflow
on:
pull_request:
types:
- closed
branches:
- main
jobs:
post_merge:
if: github.event.pull_request.merged == true
runs-on: ubuntu-latest
environment: dev-cd
permissions:
id-token: write
packages: write
contents: write
#outputs:
# new_release_published: ${{ steps.semantic.outputs.new_release_published }}
# new_release_version: ${{ steps.semantic.outputs.new_release_version }}
steps:
#
# Checkout the source code.
#
- name: Checkout the source code
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab
with:
token: ${{ secrets.GIT_PAT }}
fetch-depth: 0
#
# Calculate of the new version (dry-run).
#
- name: Calculate of the new version (dry-run)
uses: cycjimmy/semantic-release-action@8e58d20d0f6c8773181f43eb74d6a05e3099571d
id: semantic
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
semantic_version: 19
branch: main
extra_plugins: |
@semantic-release/release-notes-generator@10.0.3
@semantic-release/git@10.0.1
dry_run: true
#
# Cache JDK.
#
- name: Cache JDK
if: steps.semantic.outputs.new_release_published == 'true'
uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8
id: cache-jdk
with:
key: OpenJDK17U-jdk_x64_linux_hotspot_17.0.7_7.tar.gz
path: |
${{ runner.temp }}/jdk_setup.tar.gz
${{ runner.temp }}/jdk_setup.sha256
#
# Download JDK and verify its hash.
#
- name: Download JDK and verify its hash
if: steps.semantic.outputs.new_release_published == 'true' && steps.cache-jdk.outputs.cache-hit != 'true'
run: |
echo "e9458b38e97358850902c2936a1bb5f35f6cffc59da9fcd28c63eab8dbbfbc3b ${{ runner.temp }}/jdk_setup.tar.gz" >> ${{ runner.temp }}/jdk_setup.sha256
curl -L "https://github.com/adoptium/temurin17-binaries/releases/download/jdk-17.0.7%2B7/OpenJDK17U-jdk_x64_linux_hotspot_17.0.7_7.tar.gz" -o "${{ runner.temp }}/jdk_setup.tar.gz"
sha256sum --check --status "${{ runner.temp }}/jdk_setup.sha256"
#
# Setup JDK.
#
- name: Setup JDK
if: steps.semantic.outputs.new_release_published == 'true'
uses: actions/setup-java@5ffc13f4174014e2d4d4572b3d74c3fa61aeb2c2
with:
distribution: "jdkfile"
jdkFile: "${{ runner.temp }}/jdk_setup.tar.gz"
java-version: "17"
cache: maven
#
# Cache Maven.
#
- name: Cache Maven
if: steps.semantic.outputs.new_release_published == 'true'
uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8
id: cache-maven
with:
key: apache-maven-3.9.2-bin.tar.gz
path: |
${{ runner.temp }}/maven_setup.tar.gz
${{ runner.temp }}/maven_setup.sha256
#
# Download Maven and verify its hash.
#
- name: Download Maven and verify its hash
if: steps.semantic.outputs.new_release_published == 'true' && steps.cache-maven.outputs.cache-hit != 'true'
run: |
echo "809ef3220c6d179195c06c324cb9a6d34d8ecba566c5cfd8eb83167bc034117d ${{ runner.temp }}/maven_setup.tar.gz" >> ${{ runner.temp }}/maven_setup.sha256
curl -L "https://archive.apache.org/dist/maven/maven-3/3.9.2/binaries/apache-maven-3.9.2-bin.tar.gz" -o "${{ runner.temp }}/maven_setup.tar.gz"
sha256sum --check --status "${{ runner.temp }}/maven_setup.sha256"
#
# Setup Maven.
#
- name: Setup Maven
if: steps.semantic.outputs.new_release_published == 'true'
run: |
mkdir ${{ runner.temp }}/maven
tar -xvf ${{ runner.temp }}/maven_setup.tar.gz -C ${{ runner.temp }}/maven --strip-components=1
echo "<settings><servers><server><id>github</id><username>${{ secrets.GIT_USER }}</username><password>${{ secrets.GIT_PAT }}</password></server></servers></settings>" >> ${{ runner.temp }}/settings.xml
#
# RELEASE CANDIDATE - Update of pom.xml with the new version.
#
- name: RELEASE CANDIDATE - Update of pom.xml with the new version
if: steps.semantic.outputs.new_release_published == 'true'
run: ${{ runner.temp }}/maven/bin/mvn versions:set -DnewVersion=${{ steps.semantic.outputs.new_release_version }}-RC -s ${{ runner.temp }}/settings.xml --no-transfer-progress
#
# RELEASE CANDIDATE - Execute unit-test + Calculate test coverage + SCA with Sonar.
#
- name: RELEASE CANDIDATE - Execute unit-test + Calculate test coverage + SCA with Sonar
if: steps.semantic.outputs.new_release_published == 'true'
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
run: ${{ runner.temp }}/maven/bin/mvn verify -Pvalidate -s ${{ runner.temp }}/settings.xml --no-transfer-progress
#
# RELEASE CANDIDATE - Build native executable.
#
- name: RELEASE CANDIDATE - Build native executable
if: steps.semantic.outputs.new_release_published == 'true'
run: ${{ runner.temp }}/maven/bin/mvn clean package -Pnative -Dmaven.test.skip=true -Dquarkus.native.container-build=true -Dquarkus.native.builder-image=quay.io/quarkus/ubi-quarkus-mandrel-builder-image@sha256:05baf3fd2173f6f25ad35216b6b066c35fbfb97f06daba75efb5b22bc0a85b9c -s ${{ runner.temp }}/settings.xml --no-transfer-progress
#
# RELEASE CANDIDATE - Build Docker image.
#
- name: RELEASE CANDIDATE - Build Docker image
if: steps.semantic.outputs.new_release_published == 'true'
run: docker build -f src/main/docker/Dockerfile.native-micro -t ghcr.io/${{ github.repository }}:${{ steps.semantic.outputs.new_release_version }}-RC .
#
# RELEASE CANDIDATE - Push Docker image.
#
- name: RELEASE CANDIDATE - Push Docker image
if: steps.semantic.outputs.new_release_published == 'true'
run: |
echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
docker push -a ghcr.io/${{ github.repository }}
#
# Login to Azure.
#
- name: Login to Azure
if: steps.semantic.outputs.new_release_published == 'true'
uses: azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
#
# RELEASE CANDIDATE - Update Container App.
#
- name: RELEASE CANDIDATE - Update Container App
if: steps.semantic.outputs.new_release_published == 'true'
uses: azure/CLI@fa0f960f00db49b95fdb54328a767aee31e80105
with:
inlineScript: |
az config set extension.use_dynamic_install=yes_without_prompt
az containerapp update -n ${{ secrets.AZURE_CONTAINER_APP_NAME }} -g ${{ secrets.AZURE_RESOURCE_GROUP_NAME }} --image ghcr.io/${{ github.repository }}:${{ steps.semantic.outputs.new_release_version }}-RC
#
# Install Node.
#
- name: Install Node
if: steps.semantic.outputs.new_release_published == 'true'
uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c
with:
node-version: "18.16.0"
#
# Install Newman.
#
- name: Install Newman
if: steps.semantic.outputs.new_release_published == 'true'
run: npm install -g newman
#
# Run Postman collection.
#
- name: Run Postman collection
if: steps.semantic.outputs.new_release_published == 'true'
run: newman run src/test/postman/mil-auth.postman_collection.json -e src/test/postman/dev.postman_environment.json
#
# STABLE - Update of pom.xml with the new version.
#
- name: STABLE - Update of pom.xml with the new version
if: steps.semantic.outputs.new_release_published == 'true'
run: |
${{ runner.temp }}/maven/bin/mvn versions:set -DnewVersion=${{ steps.semantic.outputs.new_release_version }} -s ${{ runner.temp }}/settings.xml --no-transfer-progress
git config user.name "GitHub Workflow"
git config user.email "<>"
git add pom.xml
git commit -m "pom.xml updated with new version ${{ steps.semantic.outputs.new_release_version }}"
git push origin main
#
# Calculation of the new version (again) with tagging + releasing + etc.
#
- name: Calculation of the new version (w/o dry_run) and put tag
if: steps.semantic.outputs.new_release_published == 'true'
uses: cycjimmy/semantic-release-action@8e58d20d0f6c8773181f43eb74d6a05e3099571d
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
semantic_version: 19
branch: main
extra_plugins: |
@semantic-release/release-notes-generator@10.0.3
@semantic-release/git@10.0.1
dry_run: false
#
# STABLE - Build native executable.
#
- name: STABLE - Build native executable
if: steps.semantic.outputs.new_release_published == 'true'
run: ${{ runner.temp }}/maven/bin/mvn clean package -Pnative -Dmaven.test.skip=true -Dquarkus.native.container-build=true -Dquarkus.native.builder-image=quay.io/quarkus/ubi-quarkus-mandrel-builder-image@sha256:05baf3fd2173f6f25ad35216b6b066c35fbfb97f06daba75efb5b22bc0a85b9c -s ${{ runner.temp }}/settings.xml --no-transfer-progress
#
# STABLE - Build Docker image.
#
- name: STABLE - Build Docker image
if: steps.semantic.outputs.new_release_published == 'true'
run: docker build -f src/main/docker/Dockerfile.native-micro -t ghcr.io/${{ github.repository }}:latest -t ghcr.io/${{ github.repository }}:${{ steps.semantic.outputs.new_release_version }} .
#
# STABLE - Push Docker image.
#
- name: STABLE - Push Docker image
if: steps.semantic.outputs.new_release_published == 'true'
run: |
echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
docker push -a ghcr.io/${{ github.repository }}
#
# STABLE - Update Container App.
#
- name: STABLE - Update Container App
if: steps.semantic.outputs.new_release_published == 'true'
uses: azure/CLI@fa0f960f00db49b95fdb54328a767aee31e80105
with:
inlineScript: |
az config set extension.use_dynamic_install=yes_without_prompt
az containerapp update -n ${{ secrets.AZURE_CONTAINER_APP_NAME }} -g ${{ secrets.AZURE_RESOURCE_GROUP_NAME }} --image ghcr.io/${{ github.repository }}:${{ steps.semantic.outputs.new_release_version }}