-
Notifications
You must be signed in to change notification settings - Fork 0
148 lines (118 loc) · 3.78 KB
/
ci.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
name: CI
on:
# Run on every pull request
pull_request:
branches: [main]
types: [opened, synchronize, reopened]
push:
branches: [main]
env:
JAVA_VERSION: 17
# Will build the binaries, run tests and checks on them and if everything succeeds AND it is a push
# to the main branch will build and deploy a snapshot release of the binaries
jobs:
# Basic Gradle wrapper validation. This step is run first, due to security
# concerns. Running our whole pipeline with Gradle with a corrupt wrapper,
# could expose our secrets, and we definitely want to prevent this.
validation:
name: Gradle wrapper validation
runs-on: ubuntu-latest
steps:
- name: Check out repo
uses: actions/checkout@v4
- name: Validate Gradle wrapper
uses: gradle/wrapper-validation-action@v3
assemble:
name: Build
runs-on: ubuntu-latest
needs: [validation]
steps:
- name: Check out repo
uses: actions/checkout@v4
- name: Set up Java
uses: actions/setup-java@v4
with:
java-version: ${{ env.JAVA_VERSION }}
distribution: temurin
cache: 'gradle'
- name: Gradle Assemble
run: |
./gradlew --stacktrace assemble --no-daemon --info
test:
permissions:
id-token: write
contents: read
checks: write
runs-on: ubuntu-latest
needs: [validation]
steps:
- name: Check out repo
uses: actions/checkout@v4
- name: Set up Java
uses: actions/setup-java@v4
with:
java-version: ${{ env.JAVA_VERSION }}
distribution: temurin
cache: 'gradle'
- name: Gradle test
run: |
./gradlew test --no-daemon --stacktrace --info
- name: Test Report
uses: dorny/test-reporter@v1
if: success() || failure()
with:
name: JUnit Tests
path: 'build/test-results/test/*.xml'
reporter: java-junit
fail-on-error: true
- name: Upload Test Results
uses: actions/upload-artifact@v4
if: always()
with:
name: test-results
path: build/test-results
- name: Upload Build Report
uses: actions/upload-artifact@v4
if: always()
with:
name: build-reports
path: build/reports
auto-merge:
runs-on: ubuntu-latest
needs: [test]
if: ${{ github.event_name == 'pull_request' && github.event.pull_request.user.login == 'dependabot[bot]' }}
permissions:
pull-requests: write
contents: write
steps:
- name: Dependabot metadata
id: dependabot-metadata
uses: dependabot/fetch-metadata@v2.2.0
- name: Auto merge patch and minor updates
if: ${{steps.dependabot-metadata.outputs.update-type == 'version-update:semver-patch' || steps.dependabot-metadata.outputs.update-type == 'version-update:semver-minor'}}
run: gh pr merge --auto --merge "$PR_URL"
env:
PR_URL: ${{github.event.pull_request.html_url}}
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
build-image:
name: Build Docker Image
runs-on: ubuntu-latest
needs: [assemble, test]
if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }}
steps:
- name: Check out repo
uses: actions/checkout@v4
- name: Set up Java
uses: actions/setup-java@v4
with:
java-version: ${{ env.JAVA_VERSION }}
distribution: temurin
cache: 'gradle'
- name: Login to Quay
uses: docker/login-action@v3
with:
registry: quay.io
username: ${{ secrets.QUAY_IO_USERNAME }}
password: ${{ secrets.QUAY_IO_PASSWORD }}
- name: Build Rolling Docker Image
run: ./gradlew jib --no-daemon -x test