Nightly and CICD Jobs #473
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Nightly and CICD Jobs | |
on: | |
pull_request: | |
branches: [ main ] | |
schedule: | |
- cron: '0 0 * * *' # Run at midnight every day | |
workflow_dispatch: | |
permissions: | |
id-token: write | |
contents: read | |
security-events: write | |
jobs: | |
validate-bicep: | |
name: "Infra Biceps Validation" | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Filter Changes | |
uses: dorny/paths-filter@v2 | |
id: changes | |
with: | |
filters: | | |
app-service: | |
- 'deploy/app-service/**' | |
aks: | |
- 'deploy/aks/**' | |
aca: | |
- 'deploy/aca/**' | |
- name: Build App Service Bicep for linting | |
if: steps.changes.outputs.app-service == 'true' | |
uses: azure/CLI@v1 | |
with: | |
inlineScript: az config set bicep.use_binary_from_path=false && az bicep build -f deploy/app-service/infra/main.bicep --stdout | |
- name: Build AKS Bicep for linting | |
if: steps.changes.outputs.aks == 'true' | |
uses: azure/CLI@v1 | |
with: | |
inlineScript: az config set bicep.use_binary_from_path=false && az bicep build -f deploy/aks/infra/main.bicep --stdout | |
- name: Build ACA Bicep for linting | |
if: steps.changes.outputs.aca == 'true' | |
uses: azure/CLI@v1 | |
with: | |
inlineScript: az config set bicep.use_binary_from_path=false && az bicep build -f deploy/aca/infra/main.bicep --stdout | |
- name: Run PSRule analysis on App Service deployment | |
uses: microsoft/[email protected] | |
with: | |
modules: PSRule.Rules.Azure | |
baseline: Azure.Pillar.Security | |
inputPath: deploy/app-service/infra/*.test.bicep | |
outputFormat: Sarif | |
outputPath: reports/ps-rule-results.sarif | |
summary: true | |
continue-on-error: true | |
env: | |
PSRULE_CONFIGURATION_AZURE_BICEP_FILE_EXPANSION: 'true' | |
PSRULE_CONFIGURATION_AZURE_BICEP_FILE_EXPANSION_TIMEOUT: '30' | |
- name: Upload results to security tab | |
uses: github/codeql-action/upload-sarif@v3 | |
if: github.repository == 'Azure-Samples/azure-search-openai-demo-java' | |
with: | |
sarif_file: reports/ps-rule-results.sarif | |
frontend: | |
name: "Front-end validation" | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Build React Frontend | |
run: | | |
echo "Building front-end and merge into Spring Boot static folder." | |
cd ./app/frontend | |
npm install | |
npm run build | |
mkdir -p ../backend/src/main/resources/static | |
cp -r ./build/* ../backend/src/main/resources/static | |
backend: | |
name: "Backend validation" | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Set up Java version | |
uses: actions/setup-java@v2 | |
with: | |
distribution: 'microsoft' | |
java-version: '17' | |
cache: 'maven' | |
- name: Verify Indexer project | |
run: | | |
echo "Testing indexer project." | |
cd ./app/indexer | |
mvn test | |
- name: Build Spring Boot App | |
run: | | |
echo "Building Spring Boot app." | |
cd ./app/backend | |
mvn verify |