-
Notifications
You must be signed in to change notification settings - Fork 1
147 lines (125 loc) · 4.63 KB
/
test.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
name: Test
on: push
jobs:
unittests:
name: Run unit tests
# Run on merge to main, where the commit name starts with "Bump version:" (for bump2version)
# if: "startsWith(github.event.head_commit.message, 'Bump version:')"
runs-on: ubuntu-latest
env:
DOCKER_BUILDKIT: 1
BUILDKIT_PROGRESS: plain
CLOUDSDK_CORE_DISABLE_PROMPTS: 1
# used for generating API
SM_DOCKER: samplemetadata:dev
defaults:
run:
shell: bash -eo pipefail -l {0}
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: '3.11'
- uses: actions/setup-java@v4
with:
distribution: 'temurin' # See 'Supported distributions' for available options
java-version: '17'
- name: Setup build env
run: |
set -euxo pipefail
pip install --no-deps -r requirements-dev.txt
# openapi-generator
wget https://repo1.maven.org/maven2/org/openapitools/openapi-generator-cli/5.3.0/openapi-generator-cli-5.3.0.jar -O openapi-generator-cli.jar
# liquibase connector
pushd db/
wget https://repo1.maven.org/maven2/org/mariadb/jdbc/mariadb-java-client/3.0.3/mariadb-java-client-3.0.3.jar
popd
# liquibase
VERSION=4.28.0
curl -L https://github.com/liquibase/liquibase/releases/download/v${VERSION}/liquibase-${VERSION}.zip --output liquibase-${VERSION}.zip
unzip -o -d liquibase liquibase-${VERSION}.zip
echo "$(pwd)/liquibase" >> $GITHUB_PATH
- name: 'build image'
run: |
docker build \
--build-arg SM_ENVIRONMENT=local \
--tag $SM_DOCKER \
-f deploy/api/Dockerfile \
.
- name: 'build deployable API'
run: |
export OPENAPI_COMMAND="java -jar openapi-generator-cli.jar"
python regenerate_api.py
pip install .
- name: 'Run unit tests'
id: runtests
run: |
coverage run -m pytest --doctest-modules --doctest-continue-on-failure test/ --junitxml=test-execution.xml
rc=$?
coverage xml
echo "rc=$rc" >> $GITHUB_OUTPUT
- name: 'Upload coverage report'
uses: codecov/codecov-action@v4
with:
files: ./coverage.xml
token: ${{ secrets.CODECOV_TOKEN }}
- name: 'Save coverage report as an Artifact'
uses: actions/upload-artifact@v4
with:
name: coverage-report
path: ./coverage.xml
- name: 'Save execution report as an Artifact'
uses: actions/upload-artifact@v4
with:
name: execution-report
path: ./test-execution.xml
- name: 'build web front-end'
run: |
set -eo pipefail
pushd web
# installs package-lock, not what it thinks it should be
npm ci
npm run build
rc=$?
echo "web_rc=$rc" >> $GITHUB_OUTPUT
# eventually run web front-end tests
popd
- name: Fail if unit tests are not passing
if: ${{ steps.runtests.outputs.rc != 0}}
uses: actions/github-script@v6
with:
script: |
core.setFailed('Unittests failed with rc = ${{ steps.runtests.outputs.rc }}')
- name: Fail if web build fails
if: ${{ steps.runtests.outputs.rc != 0}}
uses: actions/github-script@v6
with:
script: |
core.setFailed('Web failed to build with rc = ${{ steps.runtests.outputs.web_rc }}')
sonarqube:
name: SonarQube scan
runs-on: ubuntu-latest
needs: unittests
environment: production
if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/dev'
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
# Download the coverage report artifact
- name: 'Download coverage and execution report'
uses: actions/download-artifact@v4
with:
pattern: '*-report'
# Perform the SonarQube scan
- uses: sonarsource/sonarqube-scan-action@master
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
# Optional: Fail the job if Quality Gate is red
# If you wish to fail your job when the Quality Gate is red, uncomment the
# following lines. This would typically be used to fail a deployment.
# - uses: sonarsource/sonarqube-quality-gate-action@master
# timeout-minutes: 5
# env:
# SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}