Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix build/publish workflow; add force publish parameter #432

Closed
wants to merge 28 commits into from
Closed

Fix build/publish workflow; add force publish parameter #432

Show file tree
Hide file tree
Changes from 27 commits
Commits
Show all changes
28 commits
Select commit Hold shift + click to select a range
d47b0ad
Remove deprecated actions
bennavapbc Feb 7, 2025
8fb8e4c
WIP
bennavapbc Feb 7, 2025
b893afe
Comment out SonarQube / Quality gate steps
bennavapbc Feb 10, 2025
bc27f62
Use different gradle action
bennavapbc Feb 10, 2025
449815e
Revert to previous gradle action
bennavapbc Feb 10, 2025
bfa7d0b
Updates per Jenkins script
bennavapbc Feb 10, 2025
ce1affe
Comment out basicAuthentication
bennavapbc Feb 10, 2025
e852e1d
WIP
bennavapbc Feb 10, 2025
8e54e50
Add repo variable 'AWS_REGION'
bennavapbc Feb 10, 2025
9ac6a5d
Rework
bennavapbc Feb 10, 2025
9e13e85
Test SonarQube
bennavapbc Feb 10, 2025
d262462
Test
bennavapbc Feb 10, 2025
958c104
Comment out conditional
bennavapbc Feb 10, 2025
ebca430
Rework sonar
bennavapbc Feb 10, 2025
629ba81
WIP
bennavapbc Feb 10, 2025
7dc5e4a
WIP
bennavapbc Feb 10, 2025
436c396
WIP
bennavapbc Feb 10, 2025
49188bc
WIP
bennavapbc Feb 10, 2025
2905c50
WIP
bennavapbc Feb 10, 2025
bba13c8
WIP 2
bennavapbc Feb 10, 2025
e7042dd
WIP
bennavapbc Feb 10, 2025
04840aa
Test
bennavapbc Feb 10, 2025
74c303d
Test
bennavapbc Feb 10, 2025
f9a852f
Try to get snapshot version to update
bennavapbc Feb 10, 2025
60cbb50
Remove conditional
bennavapbc Feb 10, 2025
0cd52a8
Update build/publish workflow
bennavapbc Feb 11, 2025
b3b9e6b
Remove testing branch
bennavapbc Feb 11, 2025
8da9be5
Remove temporary configs for testing
bennavapbc Feb 11, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
71 changes: 36 additions & 35 deletions .github/workflows/build.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,13 +5,22 @@ on:
branches:
- main
pull_request:
bennavapbc marked this conversation as resolved.
Show resolved Hide resolved
workflow_dispatch: # Allow manual trigger
inputs:
forcePublish:
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I will test this after I merge this code to master (because I see no way to test manual triggers).

description: 'Force publish snapshots of libraries to Artifactory even if not main branch'
type: boolean
default: 'false' # boolean values are actually strings
required: false

env:
ARTIFACTORY_URL: ${{ secrets.ARTIFACTORY_URL }}

jobs:
build:
runs-on: ubuntu-latest
runs-on: self-hosted
env:
AWS_REGION: ${{ vars.AWS_REGION }}

steps:
- name: Checkout Code
Expand All @@ -24,60 +33,48 @@ jobs:
distribution: 'corretto'

- name: Set up Gradle
uses: gradle/gradle-build-action@v2
uses: gradle/actions/setup-gradle@v4
with:
gradle-version: '8.10'

- name: Build Libraries
env:
ARTIFACTORY_USER: ${{ secrets.ARTIFACTORY_USER }}
ARTIFACTORY_PASSWORD: ${{ secrets.ARTIFACTORY_PASSWORD }}
run: gradle -b build.gradle

- name: Test Libraries
env:
ARTIFACTORY_USER: ${{ secrets.ARTIFACTORY_USER }}
ARTIFACTORY_PASSWORD: ${{ secrets.ARTIFACTORY_PASSWORD }}
gradle-version: '7.2'

- name: Set env vars from AWS params
uses: cmsgov/ab2d-bcda-dpc-platform/actions/aws-params-env-action@main
with:
params: |
ARTIFACTORY_URL=/artifactory/url
ARTIFACTORY_USER=/artifactory/user
ARTIFACTORY_PASSWORD=/artifactory/password
SONAR_HOST_URL=/sonarqube/url
SONAR_TOKEN=/sonarqube/token

- name: Build and test libraries
run: gradle clean test --info -b build.gradle

- name: Build Jars
env:
ARTIFACTORY_USER: ${{ secrets.ARTIFACTORY_USER }}
ARTIFACTORY_PASSWORD: ${{ secrets.ARTIFACTORY_PASSWORD }}
- name: Build JARs
run: gradle jar --info -b build.gradle

- name: SonarQube Analysis
env:
ARTIFACTORY_USER: ${{ secrets.ARTIFACTORY_USER }}
ARTIFACTORY_PASSWORD: ${{ secrets.ARTIFACTORY_PASSWORD }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
run: |
gradle sonarqube \
-Dsonar.projectKey=ab2d-lib-project \
-Dsonar.host.url=https://sonarqube.cloud.cms.gov \
-Dsonar.login=${{ secrets.SONAR_TOKEN }}
-Dsonar.host.url=$SONAR_HOST_URL \
-Dsonar.login=$SONAR_TOKEN

- name: Quality Gate
id: quality-gate
uses: sonarsource/sonarcloud-github-action@v2
id: sonarqube-quality-gate-check
uses: sonarsource/sonarqube-quality-gate-action@master
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
scanMetadataReportFile: build/sonar/report-task.txt
timeout-minutes: 10

- name: Generate SBOM
env:
ARTIFACTORY_USER: ${{ secrets.ARTIFACTORY_USER }}
ARTIFACTORY_PASSWORD: ${{ secrets.ARTIFACTORY_PASSWORD }}
run: gradle cyclonedxBom

- name: Publish Libraries
- name: Publish libraries from main branch
if: github.ref == 'refs/heads/main'
env:
ARTIFACTORY_USER: ${{ secrets.ARTIFACTORY_USER }}
ARTIFACTORY_PASSWORD: ${{ secrets.ARTIFACTORY_PASSWORD }}
run: |
# Check for artifacts to deploy
versionPublishedList=$(gradle -q lookForArtifacts)
versionPublishedList=$(SUPPRESS_LOGGING_BRANCH_CLASSIFIER=true gradle -q lookForArtifacts)

deployScript=""
for entry in $(echo "$versionPublishedList" | tr "'''" "\n"); do
Expand All @@ -95,3 +92,7 @@ jobs:
else
echo "No artifacts to publish."
fi

- name: Force publish libraries
if: inputs.forcePublish == 'true'
run: gradle artifactoryPublish -b build.gradle
bennavapbc marked this conversation as resolved.
Show resolved Hide resolved
15 changes: 8 additions & 7 deletions .github/workflows/gitleaks.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,10 +14,11 @@ jobs:
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GITLEAKS_LICENSE: ${{ secrets.GITLEAKS_LICENSE}}
- name: Slack notification
if: failure()
env:
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
uses: Ilshidur/action-slack@master
with:
args: 'Potential Secrets found in: https://github.com/{{ GITHUB_REPOSITORY }}/commit/{{ GITHUB_SHA }} Link to build with full gitleaks output: https://github.com/{{ GITHUB_REPOSITORY }}/commit/{{ GITHUB_SHA }}/checks'
# TODO enable this
# - name: Slack notification
# if: failure()
# env:
# SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
# uses: Ilshidur/action-slack@master
# with:
# args: 'Potential Secrets found in: https://github.com/{{ GITHUB_REPOSITORY }}/commit/{{ GITHUB_SHA }} Link to build with full gitleaks output: https://github.com/{{ GITHUB_REPOSITORY }}/commit/{{ GITHUB_SHA }}/checks'
68 changes: 0 additions & 68 deletions .github/workflows/publish.yaml
View file
Open in desktop

This file was deleted.

13 changes: 8 additions & 5 deletions build.gradle
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ ext {
// AB2D libraries
fhirVersion='2.1.0'
bfdVersion='3.2.0'
aggregatorVersion='2.0.1'
aggregatorVersion='2.0.2' // should publish snapshot TODO remove
filtersVersion='2.1.0'
eventClientVersion='3.2.5'
propertiesClientVersion='2.0.0'
Expand Down Expand Up @@ -112,9 +112,9 @@ allprojects {
username = project.artifactory_user
password = project.artifactory_password
}
authentication {
basic(BasicAuthentication)
}
// authentication {
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Commented this out because of this error:
image

// basic(BasicAuthentication)
// }
}
}
}
Expand Down Expand Up @@ -158,7 +158,10 @@ subprojects {
jar {
processResources.exclude('checkstyle.xml')
classifier "main".equalsIgnoreCase(gitBranch()) || "main".equalsIgnoreCase(System.getenv('BRANCH_NAME')) ? "" : "SNAPSHOT"
out.println("**** building branch - " + gitBranch() + ", classifier - " + classifier + " - CI branch - " + System.getenv('BRANCH_NAME'))
// suppress the '*** building branch' logs
if (!'true'.equals(System.getenv("SUPPRESS_LOGGING_BRANCH_CLASSIFIER"))) {
out.println("**** building branch - " + gitBranch() + ", classifier - " + classifier + " - CI branch - " + System.getenv('BRANCH_NAME'))
}
}

test {
Expand Down
Loading