-
Notifications
You must be signed in to change notification settings - Fork 0
140 lines (123 loc) · 6.09 KB
/
build-and-test.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
name: Build & Test Kotlin
on:
push:
branches-ignore:
# ignore temporary branches created by the merge queue.
# merge queue will trigger the workflow using the `merge_group` event.
# If the workflow was triggered twice (without ignoring temporary merge queue branches)
# two events would trigger the workflow out if which the second run cancels the first
# one causing the merge queue to detect a failed status check ultimately blocking the merge queue.
- "gh-readonly-queue/main/**"
# Run this workflow in the merge queue to pass mandatory jobs
merge_group:
types: [checks_requested]
concurrency:
group: ci-${{ github.workflow }}-${{ github.ref }}
# Only cancel previous runs unless on 'defaultBranch' (which is set in template configuration).
# defaultBranch is set to: 'main'.
cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}
jobs:
only-config-changed:
name: Configuration change validation
timeout-minutes: 5
runs-on: ubuntu-latest
outputs:
result: ${{ steps.only-config-changed.outputs.only_configuration_files_have_changed }}
steps:
- name: Checkout code
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
with:
fetch-depth: ${{ (github.event.repository.default_branch == github.ref_name && 2) || 0 }}
ref: ${{ github.event.repository.default_branch }}
- name: Validate that only configuration files have been changed
shell: python
id: only-config-changed
env:
CONFIG_DIRECTORIES: '["k8s/product-staging", "k8s/product-dev", "k8s/product-production"]'
run: |
import os
import json
import subprocess
cmd_str=""
if "${{ github.event.repository.default_branch }}" == "${{ github.ref_name }}":
# This means we are in the default branch, we want the directories that changed since the previous commit
cmd_str="git diff --name-only HEAD^ HEAD | xargs dirname"
else:
# We're in a PR, we want the directories changed from the PR branch
cmd_str="git diff --name-only origin/${{ github.ref_name }} | xargs dirname"
diff=subprocess.run(cmd_str, capture_output=True, shell=True).stdout.decode('utf-8')
changed_files = str(diff).splitlines()
sanitized_changed_files = set(filter(None, changed_files))
print("Changed files: ", sanitized_changed_files)
config_directories = set(json.loads(os.getenv('CONFIG_DIRECTORIES')))
print("Config directories: ", config_directories)
only_configuration_files_have_changed = str(sanitized_changed_files.issubset(config_directories)).lower()
print(only_configuration_files_have_changed)
with open(os.environ['GITHUB_OUTPUT'], 'a') as fh:
print(f'only_configuration_files_have_changed={only_configuration_files_have_changed}', file=fh)
build:
name: Build & Test
if: ${{ needs.only-config-changed.outputs.result == 'false' }}
needs: only-config-changed
runs-on: ubuntu-latest-8-cores
timeout-minutes: 30
steps:
- name: Checkout code
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
# Login to AWS for fetching CI/CD cache.
- name: Configure AWS credentials
if: ${{ github.event.repository.visibility != 'public' }}
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_CICD_S3_CACHE }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_CICD_S3_CACHE }}
aws-region: eu-west-1
special-characters-workaround: true
# Check whether the current code has already been run in CI/CD.
- name: Check CI/CD cache
if: ${{ github.event.repository.visibility != 'public' }}
uses: pleo-io/s3-cache-action@a31b5deab8cbe70ec47bbc95819b5c3d61ba8723 # v3.0.0
id: s3-cache
with:
bucket-name: pleo-cicd-s3-cache
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_CICD_S3_CACHE }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_CICD_S3_CACHE }}
aws-region: eu-west-1
# Set up a JDK environment for building, testing and releasing.
- name: Set up JDK 17
uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1
with:
java-version: 17
distribution: temurin
# Allow caching Gradle executions to further speed up CI/CD steps invoking Gradle.
- name: Setup Gradle
uses: gradle/actions/setup-gradle@db19848a5fa7950289d3668fb053140cf3028d43 # v3.3.2
with:
gradle-version: wrapper
cache-read-only: ${{ github.event.repository.default_branch != github.ref_name }}
dependency-graph: ${{ github.event.repository.default_branch == github.ref_name && 'generate-and-submit' || 'disabled' }}
# Check whether the project builds.
- name: Gradle Build
run: ./gradlew build -x test
env:
GRADLE_USER: ${{ secrets.GITHUB_ACTOR }}
GRADLE_READ_KEY: ${{ secrets.GH_REGISTRY_GRADLE_TOKEN }}
JOB_RUNR_REPO_PASSWORD: ${{ secrets.JOB_RUNR_REPO_PASSWORD }}
- name: Run Unit Tests
if: steps.s3-cache.outputs.processed != 'true'
run: ./gradlew check
env:
GRADLE_USER: ${{ secrets.GITHUB_ACTOR }}
GRADLE_READ_KEY: ${{ secrets.GH_REGISTRY_GRADLE_TOKEN }}
JOB_RUNR_REPO_PASSWORD: ${{ secrets.JOB_RUNR_REPO_PASSWORD }}
- name: Publish Unit Tests report to GitHub
if: steps.s3-cache.outputs.processed != 'true'
uses: mikepenz/action-junit-report@9379f0ccddcab154835d4e2487555ee79614fe95 # v4.2.1
with:
check_name: Unit Tests report
report_paths: "**/build/test-results/test/TEST-*.xml"
- name: Trigger release
if: ${{ github.ref == 'refs/heads/main' }}
uses: peter-evans/repository-dispatch@ff45666b9427631e3450c54a1bcbee4d9ff4d7c0 # v3
with:
event-type: release