.github/workflows/build.yaml

name: Build
on:
  push:
    branches:
      - main
    paths-ignore:
      - '.gitignore'
      - '.github/**'
      - '**/*.md'
  pull_request:
    types: [opened, synchronize, reopened]

concurrency:
  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
  cancel-in-progress: true

jobs:
  Test_Build:
    name: Run Tests and Deploy
    runs-on: ubuntu-latest
    environment: ${{ github.ref=='refs/heads/main' && 'build_main' || 'build_pr' }}
    timeout-minutes: 20
    permissions:
       contents: read
       packages: write
       pull-requests: write
       actions: write
       statuses: write
       checks: write
    steps:
      - uses: actions/checkout@v3
        with:
          fetch-depth: 0
          ref: ${{ github.event.pull_request.head.sha }}
      - name: Set up JDK 11
        uses: actions/setup-java@v3
        with:
          java-version: 11
          distribution: 'temurin'
          cache: 'maven'
      - name: Set Build Params
        run: |
          export SKIP_FLAGS_NON_UNIT_TESTS="-Dcheckstyle.skip -Dpmd.skip -Dcpd.skip -Dfindbugs.skip -Dspotbugs.skip"
          echo "SKIP_FLAGS_NON_UNIT_TESTS=$SKIP_FLAGS_NON_UNIT_TESTS" >> $GITHUB_ENV
          echo "SKIP_FLAGS_ALL_TESTS=$SKIP_FLAGS_NON_UNIT_TESTS -Dmaven.test.skip=true" >> $GITHUB_ENV
          echo "$GITHUB_REF_NAME"
          echo "$GITHUB_EVENT_NAME"
          if [[ $GITHUB_REF_NAME == "main" ]]; then
            export WHITESOURCE_SCAN=true
            export GITHUB_PACKAGES_DEPLOY=true
            export DOCKER_PUSH=true
          else
            export WHITESOURCE_SCAN=false
            export GITHUB_PACKAGES_DEPLOY=false
            export DOCKER_PUSH=false
          fi
          echo "DOCKER_PUSH=$DOCKER_PUSH" >> $GITHUB_ENV
          echo "WHITESOURCE_SCAN=$WHITESOURCE_SCAN" >> $GITHUB_ENV
          echo "GITHUB_PACKAGES_DEPLOY=$GITHUB_PACKAGES_DEPLOY" >> $GITHUB_ENV
      - name: Static Code Analysis
        run: mvn -B compile -Pmaas-static-code-analysis --file service/pom.xml
      - name: Unit Tests
        run: mvn -B test $SKIP_FLAGS_NON_UNIT_TESTS --file service/pom.xml
      - name: Generate Artifacts
        run: |
          mvn install $SKIP_FLAGS_ALL_TESTS --file service/pom.xml
      - name: Sonar Scan
        env:
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
          SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
        run: |
          mvn -B $SKIP_FLAGS_ALL_TESTS \
            org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.projectKey=SolaceLabs_event-management-agent \
            --file service/pom.xml
      - name: WhiteSource Scan
        if: env.WHITESOURCE_SCAN=='true'
        env:
          unified_agent_url: "https://github.com/whitesource/unified-agent-distribution/releases/latest/download/wss-unified-agent.jar"
          unified_agent_sha_url: "https://github.com/whitesource/unified-agent-distribution/releases/latest/download/wss-unified-agent.jar.sha256"
          WS_APIKEY: ${{ secrets.WHITESOURCE_API_KEY }}
          WS_PROJECTTOKEN: ${{ secrets.WHITESOURCE_PROJECT_TOKEN }}
          TARGET_DIR: "service/application/target/lib"
          WS_EXCLUDES: "local-storage-plugin*.jar,plugin*.jar,kafka-plugin*.jar,confluent-schema-registry-plugin*.jar"
        run: |
          echo "Whitesource- Downloading and verifying latest Agent"

          curl -LJOs ${{ env.unified_agent_url }}
          sha_from_jar=$(sha256sum  wss-unified-agent.jar | awk '{print $1}')
          curl -LJOs ${{ env.unified_agent_sha_url }}
          sha_from_file=$(cat wss-unified-agent.jar.sha256 | awk '{print $1}')
          if [[ "$sha_from_file" == "$sha_from_jar" ]]; then
              echo "Integrity of the wss-unified-agent.jar file verified .."
          else
              echo "Integrity check of wss-unified-agent.jar file failed .."
              echo "sha_from_jar: $sha_from_jar"
              echo "sha_from_file: $sha_from_file"
              exit 1
          fi

          echo "Whitesource- Copying Maven Dependencies"
          mvn dependency:copy-dependencies -DincludeScope=runtime -DoutputDirectory=target/lib --file service/pom.xml

          echo "Whitesource- Running scan"
          java -jar wss-unified-agent.jar -d  ${{ env.TARGET_DIR }}  -logLevel Info
      - name: Configure AWS credentials
        if: env.DOCKER_PUSH=='true'
        uses: aws-actions/configure-aws-credentials@v2
        with:
          aws-access-key-id: ${{ secrets.EMA_AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.EMA_AWS_SECRET_ACCESS_KEY }}
          aws-region: ${{ secrets.EMA_AWS_DEFAULT_REGION }}
      - name: Login to Amazon ECR
        if: env.DOCKER_PUSH=='true'
        id: login-ecr
        uses: aws-actions/amazon-ecr-login@v1.6.0
      - name: Docker Build/Push
        if: env.DOCKER_PUSH=='true'
        working-directory: service/application/docker
        run: |
          ./buildEventManagementAgentDocker.sh -t main
          ECR_DOCKER_IMAGE="${{ steps.login-ecr.outputs.registry }}/${{ github.event.repository.name }}:main"
          docker tag "${{ github.event.repository.name }}:main" $ECR_DOCKER_IMAGE
          docker push $ECR_DOCKER_IMAGE
          #Tag/Push additional Docker image
          SHORT_GIT_SHA=${GITHUB_SHA:0:10}
          JAR_VERSION=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout --file ../pom.xml)
          ADDITIONAL_ECR_DOCKER_IMAGE_TAG="$ECR_DOCKER_IMAGE-$JAR_VERSION-$SHORT_GIT_SHA"
          docker tag "${{ github.event.repository.name }}:main" $ADDITIONAL_ECR_DOCKER_IMAGE_TAG
          docker push $ADDITIONAL_ECR_DOCKER_IMAGE_TAG
      - name: Deploy Artifacts
        if: env.GITHUB_PACKAGES_DEPLOY=='true'
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: |
          mvn deploy $SKIP_FLAGS_ALL_TESTS -Dmaven.install.skip=true --file service/pom.xml
      - name: Publishing Test Results - Checkstyle
        if: always()
        uses: jwgmeligmeyling/checkstyle-github-action@master
        with:
          path: '**/checkstyle-result.xml'
      - name: Publishing Test Results - PMD
        if: always()
        uses: jwgmeligmeyling/pmd-github-action@master
        with:
          path: '**/pmd.xml'
      - name: Publishing Test Results - SpotBugs
        if: always()
        uses: jwgmeligmeyling/spotbugs-github-action@master
        with:
          path: '**/spotbugsXml.xml'
      - name: Publishing Test Results - Unit Tests Pre-Condition
        if: always()
        id: unit_test_report_exists
        uses: andstor/file-existence-action@v2
        with:
          files: "**/surefire-reports/**/*.xml"
      - name: Publishing Test Results - Unit Tests
        uses: dorny/test-reporter@v1
        if: always() && steps.unit_test_report_exists.outputs.files_exists == 'true'
        with:
          name: Unit Tests
          path: "**/surefire-reports/**/*.xml"
          reporter: java-junit
          fail-on-error: true
          only-summary: 'true'