Build #146
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build | |
| on: | |
| push: | |
| pull_request: | |
| workflow_dispatch: | |
| schedule: | |
| - cron: "0 8 * * *" | |
| permissions: | |
| id-token: write | |
| contents: read | |
| jobs: | |
| build-and-test: | |
| name: Build and Test | |
| runs-on: ubuntu-latest | |
| services: | |
| docker: | |
| image: docker:20.10.7 | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 # Shallow clones should be disabled for a better SonarCloud analysis | |
| - name: Set up JDK 17 | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: '17' | |
| distribution: 'temurin' | |
| - name: Cache SonarCloud packages | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.sonar/cache | |
| key: ${{ runner.os }}-sonar | |
| restore-keys: ${{ runner.os }}-sonar | |
| - name: Cache Maven dependencies | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.m2 | |
| key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} | |
| restore-keys: ${{ runner.os }}-maven | |
| - name: Set timezone | |
| run: | | |
| export TZ=America/Los_Angeles | |
| - name: Setup Maven settings | |
| run: | | |
| cp .github/maven-settings.xml $HOME/.m2/settings.xml | |
| sed -i "s/-SNAPSHOT/-github-build-${{ github.run_number }}/" pom.xml | |
| - name: Authenticate to Google Cloud | |
| uses: google-github-actions/auth@v2 | |
| with: | |
| project_id: ${{ secrets.WORKLOAD_IDENTITY_PROJECT }} | |
| workload_identity_provider: ${{ secrets.WORKLOAD_IDENTITY_PROVIDER }} | |
| create_credentials_file: true | |
| export_environment_variables: true | |
| cleanup_credentials: true | |
| - name: Set up OAuth2 access token for Docker | |
| run: | | |
| echo "ACCESS_TOKEN=$(gcloud auth print-access-token)" >> $GITHUB_ENV | |
| - name: Docker login to Artifact Registry | |
| run: echo "${{ env.ACCESS_TOKEN }}" | docker login -u oauth2accesstoken --password-stdin https://us-west1-docker.pkg.dev | |
| - name: Test and Build with Maven | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any | |
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
| run: | | |
| mvn -e -Dfailsafe.rerunFailingTestsCount=3 -Dmaven.javadoc.skip=true \ | |
| "-Duser.timezone=America/Los_Angeles" \ | |
| "-Dhsqldb.database.url=jdbc:hsqldb:file:target/hsqldb;shutdown=true" \ | |
| -Dhsqldb.database.user=SA -Dhsqldb.database.password= -Pcoverage,hsqldb verify && | |
| bash test-postgres.sh && | |
| bash test-sqlserver.sh && | |
| bash test-oracle.sh && | |
| mvn -e org.jacoco:jacoco-maven-plugin:report org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.projectKey=susom_database | |
| - name: Display Surefire reports on failure | |
| if: failure() | |
| run: | | |
| for F in target/surefire-reports/*.txt; do echo $F; cat $F; echo; done | |
| deploy-snapshots: | |
| name: Deploy to Artifact Registry | |
| runs-on: ubuntu-latest | |
| if: github.repository == 'susom/database' && github.ref == 'refs/heads/master' && github.event_name == 'push' | |
| needs: build-and-test | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up JDK 17 | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: '17' | |
| distribution: 'temurin' | |
| - name: Cache Maven dependencies | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.m2 | |
| key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} | |
| restore-keys: ${{ runner.os }}-maven | |
| - name: Setup Maven settings | |
| run: | | |
| cp .github/maven-settings.xml $HOME/.m2/settings.xml | |
| sed -i "s/-SNAPSHOT/-github-build-${{ github.run_number }}/" pom.xml | |
| - name: Authenticate to Google Cloud | |
| uses: google-github-actions/auth@v2 | |
| with: | |
| project_id: ${{ secrets.WORKLOAD_IDENTITY_PROJECT }} | |
| workload_identity_provider: ${{ secrets.WORKLOAD_IDENTITY_PROVIDER }} | |
| create_credentials_file: true | |
| export_environment_variables: true | |
| cleanup_credentials: true | |
| - name: Set up OAuth2 access token for Maven | |
| run: | | |
| echo "ACCESS_TOKEN=$(gcloud auth print-access-token)" >> $GITHUB_ENV | |
| - name: Deploy to Maven | |
| run: mvn --batch-mode -e -DskipTests=true deploy |