BFD-3111: Fix build errors caused by file permissions #10982
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: 'CI - Java' | |
| on: | |
| pull_request: | |
| merge_group: | |
| env: | |
| # workflow file matchers - workflow jobs will only run if matching files are found | |
| # please see https://github.com/CMSgov/beneficiary-fhir-data/pull/773 for why we | |
| # are using this workflow logic | |
| # NOTE: I can't find anything in the spec that suggests that '\' is used as a string-continuation | |
| # symbol. However, see the following StackOverflow post for an example: | |
| # https://stackoverflow.com/questions/6268391/is-there-a-way-to-represent-a-long-string-that-doesnt-have-any-whitespace-on-mul | |
| workflow_files_re: "(\ | |
| ^apps/pom.xml|\ | |
| ^apps/Dockerfile|\ | |
| ^apps/bfd-|\ | |
| ^ops/ansible/roles/bfd-db-migrator/|\ | |
| ^ops/ansible/roles/bfd-pipeline/|\ | |
| ^ops/ansible/roles/bfd-server/|\ | |
| ^.github/workflows/ci-ansible.yml|\ | |
| ^.github/workflows/ci-java.yml)" | |
| jobs: | |
| workflow: | |
| name: Checking workflow | |
| runs-on: ubuntu-20.04 | |
| outputs: | |
| files: ${{ steps.workflow_files.outputs.files }} | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 2 | |
| - id: workflow_files | |
| name: Set output | |
| run: | | |
| echo "files<<EOF" >> $GITHUB_OUTPUT | |
| echo "$(git diff --name-only --diff-filter=ACMRTD HEAD^ HEAD | grep -E '${{ env.workflow_files_re }}')" >> $GITHUB_OUTPUT | |
| echo "EOF" >> $GITHUB_OUTPUT | |
| mvn-fmt-maven-plugin: | |
| runs-on: ubuntu-20.04 | |
| needs: workflow | |
| if: needs.workflow.outputs.files | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: 'Setup JDK' | |
| uses: actions/setup-java@v3 | |
| with: | |
| java-version: '21' | |
| distribution: 'corretto' | |
| - name: 'Generate maven toolchain config' | |
| run: | | |
| cat << EOF > ~/.m2/toolchains.xml | |
| <toolchains> | |
| <toolchain> | |
| <type>jdk</type> | |
| <provides> | |
| <version>21</version> | |
| <vendor>OpenJDK</vendor> | |
| </provides> | |
| <configuration> | |
| <jdkHome>$JAVA_HOME</jdkHome> | |
| </configuration> | |
| </toolchain> | |
| </toolchains> | |
| EOF | |
| - name: 'Run maven ${{ matrix.mvn_commmand }}' | |
| run: mvn com.spotify.fmt:fmt-maven-plugin:check | |
| working-directory: ./apps | |
| mvn-verify: | |
| runs-on: ubuntu-20.04 | |
| needs: workflow | |
| if: needs.workflow.outputs.files | |
| steps: | |
| - name: 'Checkout repo' | |
| uses: actions/checkout@v3 | |
| - name: 'Setup JDK' | |
| uses: actions/setup-java@v3 | |
| with: | |
| java-version: '21' | |
| distribution: 'corretto' | |
| - name: 'Generate Maven Config' | |
| run: | | |
| cat << EOF > ~/.m2/toolchains.xml | |
| <toolchains> | |
| <toolchain> | |
| <type>jdk</type> | |
| <provides> | |
| <version>21</version> | |
| <vendor>OpenJDK</vendor> | |
| </provides> | |
| <configuration> | |
| <jdkHome>$JAVA_HOME</jdkHome> | |
| </configuration> | |
| </toolchain> | |
| </toolchains> | |
| EOF | |
| - name: 'Run Maven Build on FDA Drug Utility' | |
| run: mvn --threads 1C --batch-mode -Dmaven.build.cache.enabled=false install | |
| working-directory: ./apps/bfd-data-fda | |
| - name: 'Run Maven Build on NPI Org Utility' | |
| run: mvn --threads 1C --batch-mode -Dmaven.build.cache.enabled=false install | |
| working-directory: ./apps/bfd-data-npi | |
| - name: 'Run Maven Build' | |
| run: mvn --threads 1C --quiet --batch-mode -Dmaven.build.cache.enabled=false verify | |
| working-directory: ./apps | |
| - name: 'Install yq' | |
| run: | | |
| sudo wget https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 -O /usr/bin/yq | |
| sudo chmod +x /usr/bin/yq | |
| - name: Login to GitHub Container Registry | |
| run: | | |
| echo "${{ secrets.GITHUB_TOKEN }}" \ | |
| | docker login ghcr.io -u ${{ github.actor }} --password-stdin | |
| - name: Build and Deliver Apps Container Image | |
| run: | | |
| BFD_PARENT_VERSION="$(yq '.project.version' pom.xml)" | |
| SANITIZED_REF="${GITHUB_REF_NAME////-}" | |
| IMAGE_NAME="ghcr.io/cmsgov/bfd-apps" | |
| SHORT_SHA="$(git rev-parse --short HEAD)" | |
| FULL_BRANCH_TAG="${IMAGE_NAME}:${SANITIZED_REF}" # human readable, branch name tag | |
| FULL_COMMIT_TAG="${IMAGE_NAME}:${SHORT_SHA}" # a short sha suffixed image tag | |
| echo "Building ${BFD_PARENT_VERSION} Container" | |
| docker build --tag "$FULL_BRANCH_TAG" --build-arg="BFD_VERSION=${BFD_PARENT_VERSION}" . | |
| docker tag "$FULL_BRANCH_TAG" "$FULL_COMMIT_TAG" | |
| docker push "$FULL_BRANCH_TAG" | |
| docker push "$FULL_COMMIT_TAG" | |
| working-directory: apps | |
| # NOTE: Temporarily disable fhir-validation in support of BFD-2198 | |
| # TODO: Re-enable post BFD-2198 with more thoughtful implementation | |
| # fhir-validate: | |
| # runs-on: ubuntu-20.04 | |
| # steps: | |
| # - name: 'Checkout repo' | |
| # uses: actions/checkout@v3 | |
| # - name: 'Create local branch references' | |
| # # Check out the branches to build references for use in the next step | |
| # run: git fetch && git checkout master && git checkout $GITHUB_HEAD_REF | |
| # - name: 'Set up Python' | |
| # if: steps.run_check.outputs.skip == 'false' | |
| # uses: actions/setup-python@v3 | |
| # with: | |
| # python-version: '3.10.5' | |
| # - name: 'Check for new/modified resources' | |
| # id: run_check | |
| # # Checks if there are any modified resources in the endpoint responses | |
| # # grep returns non-zero exit code when no matches are found, so only skip if the condition fails | |
| # run: | | |
| # can_skip=$(if [[ $(python3 ops/fhir_validations/diff_check.py) ]]; then echo "true"; else echo "false"; fi) | |
| # if [[ $can_skip == 'true' ]]; then echo "No modified resources found, skipping rest of job."; else echo "Found modified resources, validating..."; fi | |
| # echo ::set-output name=skip::$can_skip | |
| # - name: 'Install Python dependencies' | |
| # if: steps.run_check.outputs.skip == 'false' | |
| # run: | | |
| # python -m pip install --upgrade pip | |
| # pip install -r ops/fhir_validations/requirements.txt | |
| # - name: 'Set up JDK' | |
| # if: steps.run_check.outputs.skip == 'false' | |
| # uses: actions/setup-java@v1 | |
| # with: | |
| # java-version: '11' | |
| # - name: 'Download FHIR validator' | |
| # if: steps.run_check.outputs.skip == 'false' | |
| # uses: wei/wget@v1 | |
| # with: | |
| # #TODO: Pinning to 5.6.68 due to bug in latest release, re-evaluate later. | |
| # args: https://github.com/hapifhir/org.hl7.fhir.core/releases/download/5.6.68/validator_cli.jar | |
| # - name: 'Verify FHIR resource' | |
| # id: validate_fhir | |
| # if: steps.run_check.outputs.skip == 'false' | |
| # run: | | |
| # is_valid="false" | |
| # if output=$(python3 ops/fhir_validations/validations.py -r) ; then is_valid="true" ; fi | |
| # echo "$output" | |
| # output=$([[ $output =~ .*(Results:[^$'\n']*).* ]] && echo "${BASH_REMATCH[1]}") | |
| # echo ::set-output name=valid::$is_valid | |
| # echo ::set-output name=output::$output | |
| # - name: 'Job Outcome' | |
| # if: steps.run_check.outputs.skip == 'false' | |
| # run: | | |
| # is_valid="${{ steps.validate_fhir.outputs.valid }}" | |
| # output="${{ steps.validate_fhir.outputs.output }}" | |
| # echo "$output" >> $GITHUB_STEP_SUMMARY | |
| # printf "$output\n" | |
| # if [ "$is_valid" = "false" ] ; then exit 1 ; fi | |
| # ansible system testing | |
| ansible-role-bfd-pipeline: | |
| needs: mvn-verify | |
| uses: ./.github/workflows/ci-ansible.yml | |
| with: | |
| role: bfd-pipeline | |
| ansible-role-bfd-server: | |
| needs: mvn-verify | |
| uses: ./.github/workflows/ci-ansible.yml | |
| with: | |
| role: bfd-server | |
| ansible-role-bfd-db-migrator: | |
| needs: mvn-verify | |
| uses: ./.github/workflows/ci-ansible.yml | |
| with: | |
| role: bfd-db-migrator |