Skip to content
Back to pull request #224

Update codecov/codecov-action action to v5 #1333

Sign in to view logs

Update codecov/codecov-action action to v5

Update codecov/codecov-action action to v5 #1333

Workflow file for this run

.github/workflows/build.yml at 1f72501
name: Build
on:
push:
branches:
- main
- develop
tags:
- 'v*.*.*'
pull_request:
branches:
- main
- develop
schedule:
- cron: '0 1 * * *'
jobs:
build:
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v4
- name: Set up JDK 17
uses: actions/setup-java@v4
with:
distribution: 'temurin'
java-version: 17
- name: Cache Local Maven Repo
uses: actions/cache@v4
with:
path: ~/.m2/repository
key: maven-${{ hashFiles('pom.xml') }}
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: java
queries: security-and-quality
- name: Build
run: mvn -B verify
- name: Upload coverage to Codecov
uses: codecov/codecov-action@v5
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
- name: Upload Flare Jar
uses: actions/upload-artifact@v4
with:
name: flare-jar
path: target/flare.jar
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build and Export to Docker
uses: docker/build-push-action@v6
with:
context: .
tags: flare:latest
outputs: type=docker,dest=/tmp/flare.tar
- name: Upload flare Image
uses: actions/upload-artifact@v4
with:
name: flare-image
path: /tmp/flare.tar
image-scan:
needs: build
runs-on: ubuntu-24.04
steps:
- name: Download Flare Image
uses: actions/download-artifact@v4
with:
name: flare-image
path: /tmp
- name: Load Flare Image
run: docker load --input /tmp/flare.tar
- name: Check out Git repository
uses: actions/checkout@v4
- name: Run Trivy Vulnerability Scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: flare:latest
format: sarif
output: trivy-results.sarif
severity: 'CRITICAL,HIGH'
timeout: '15m0s'
env:
TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db:2
TRIVY_JAVA_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-java-db:1
- name: Upload Trivy Scan Results to GitHub Security Tab
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: trivy-results.sarif
integration-test-default-config:
needs: build
runs-on: ubuntu-24.04
steps:
- name: Check out Git repository
uses: actions/checkout@v4
- name: Download Flare Image
uses: actions/download-artifact@v4
with:
name: flare-image
path: /tmp
- name: Load Flare Image
run: docker load --input /tmp/flare.tar
- name: Run Flare
run: docker run -p 8080:8080 -d flare:latest
- name: Wait for Flare
run: .github/scripts/wait-for-url.sh http://localhost:8080/cache/stats
integration-test:
needs: build
strategy:
matrix:
test:
- no-auth
- basic-auth
- oauth
- no-auth-cohort-enabled
runs-on: ubuntu-24.04
steps:
- name: Check out Git repository
uses: actions/checkout@v4
- name: Install Blazectl
run: .github/scripts/install-blazectl.sh
- name: Download Flare Image
uses: actions/download-artifact@v4
with:
name: flare-image
path: /tmp
- name: Load Flare Image
run: docker load --input /tmp/flare.tar
- name: Run Flare and Blaze
run: docker compose -f .github/integration-test/${{ matrix.test }}/docker-compose.yml up -d --wait --wait-timeout 300
- name: Load Data
run: .github/integration-test/${{ matrix.test }}/load-data.sh
- name: Query for Viral sinusitis (disorder)
run: .github/scripts/execute-query.sh 444814009 69
- name: Query for Viral sinusitis (disorder) cohort not enabled
if: ${{ matrix.test == 'no-auth' }}
run: .github/scripts/execute-cohort-query-not-enabled.sh 444814009
- name: Query for Viral sinusitis (disorder) cohort enabled
if: ${{ matrix.test == 'no-auth-cohort-enabled' }}
run: .github/scripts/execute-cohort-query-enabled.sh 444814009 69 16
push-image:
needs:
- build
- integration-test-default-config
- integration-test
- image-scan
runs-on: ubuntu-24.04
if: ${{ ! startsWith(github.head_ref, 'dependabot/')}}
steps:
- name: Check out Git repository
uses: actions/checkout@v4
- name: Set up JDK 17 for Maven Build
uses: actions/setup-java@v4
with:
distribution: 'temurin'
java-version: 17
- name: Maven Build for Ontology Download
run: mvn process-resources
- name: Download Flare Jar
uses: actions/download-artifact@v4
with:
name: flare-jar
path: target
- name: Download Flare Image
uses: actions/download-artifact@v4
with:
name: flare-image
path: /tmp
- name: Load Flare Image
run: docker load --input /tmp/flare.tar
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Docker meta
id: docker-meta
uses: docker/metadata-action@v5
with:
images: |
ghcr.io/medizininformatik-initiative/flare
tags: |
type=schedule
type=ref,event=branch
type=ref,event=pr
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
- name: Build and push
uses: docker/build-push-action@v6
with:
context: .
platforms: linux/amd64,linux/arm64
push: true
tags: ${{ steps.docker-meta.outputs.tags }}
labels: ${{ steps.docker-meta.outputs.labels }}
- name: Release
uses: softprops/action-gh-release@v2
if: startsWith(github.ref, 'refs/tags/')