-
Notifications
You must be signed in to change notification settings - Fork 83
112 lines (98 loc) · 3.29 KB
/
nightly-jobs.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
name: Nightly and CICD Jobs
on:
pull_request:
branches: [ main ]
schedule:
- cron: '0 0 * * *' # Run at midnight every day
workflow_dispatch:
permissions:
id-token: write
contents: read
security-events: write
jobs:
validate-bicep:
name: "Infra Biceps Validation"
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Filter Changes
uses: dorny/paths-filter@v2
id: changes
with:
filters: |
app-service:
- 'deploy/app-service/**'
aks:
- 'deploy/aks/**'
aca:
- 'deploy/aca/**'
- name: Build App Service Bicep for linting
if: steps.changes.outputs.app-service == 'true'
uses: azure/CLI@v1
with:
inlineScript: az config set bicep.use_binary_from_path=false && az bicep build -f deploy/app-service/infra/main.bicep --stdout
- name: Build AKS Bicep for linting
if: steps.changes.outputs.aks == 'true'
uses: azure/CLI@v1
with:
inlineScript: az config set bicep.use_binary_from_path=false && az bicep build -f deploy/aks/infra/main.bicep --stdout
- name: Build ACA Bicep for linting
if: steps.changes.outputs.aca == 'true'
uses: azure/CLI@v1
with:
inlineScript: az config set bicep.use_binary_from_path=false && az bicep build -f deploy/aca/infra/main.bicep --stdout
- name: Run PSRule analysis on App Service deployment
uses: microsoft/[email protected]
with:
modules: PSRule.Rules.Azure
baseline: Azure.Pillar.Security
inputPath: deploy/app-service/infra/*.test.bicep
outputFormat: Sarif
outputPath: reports/ps-rule-results.sarif
summary: true
continue-on-error: true
env:
PSRULE_CONFIGURATION_AZURE_BICEP_FILE_EXPANSION: 'true'
PSRULE_CONFIGURATION_AZURE_BICEP_FILE_EXPANSION_TIMEOUT: '30'
- name: Upload results to security tab
uses: github/codeql-action/upload-sarif@v3
if: github.repository == 'Azure-Samples/azure-search-openai-demo-java'
with:
sarif_file: reports/ps-rule-results.sarif
frontend:
name: "Front-end validation"
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Build React Frontend
run: |
echo "Building front-end and merge into Spring Boot static folder."
cd ./app/frontend
npm install
npm run build
mkdir -p ../backend/src/main/resources/static
cp -r ./build/* ../backend/src/main/resources/static
backend:
name: "Backend validation"
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set up Java version
uses: actions/setup-java@v2
with:
distribution: 'microsoft'
java-version: '17'
cache: 'maven'
- name: Verify Indexer project
run: |
echo "Testing indexer project."
cd ./app/indexer
mvn test
- name: Build Spring Boot App
run: |
echo "Building Spring Boot app."
cd ./app/backend
mvn verify