Skip to content

[CORE-69]: Bump bio.terra:java-pfb-library from 0.55.0 to 0.57.0 in the minor-and-patch-updates group #3689

[CORE-69]: Bump bio.terra:java-pfb-library from 0.55.0 to 0.57.0 in the minor-and-patch-updates group

[CORE-69]: Bump bio.terra:java-pfb-library from 0.55.0 to 0.57.0 in the minor-and-patch-updates group #3689

Workflow file for this run

name: Publish contract tests
on:
pull_request:
branches:
- main
paths-ignore: [ '**.md' ]
push:
branches:
- main
paths-ignore: [ '**.md' ]
concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.ref }}
cancel-in-progress: true
env:
WDS_RUN_ID: ${{ github.event.repository.name }}-${{ github.run_id }}
PUBLISH_CONTRACT_RUN_NAME: 'publish-contracts-${{ github.event.repository.name }}-${{ github.run_id }}-${{ github.run_attempt }}'
WDS_PACTS_ARTIFACT: wds-pacts-${{ github.event.repository.name }}-${{ github.run_id }}
WDS_PACTS_OUTPUT_DIR: service/build/pacts/
CAN_I_DEPLOY_RUN_NAME: 'can-i-deploy-${{ github.event.repository.name }}-${{ github.run_id }}-${{ github.run_attempt }}'
jobs:
bump-check:
runs-on: ubuntu-latest
outputs:
is-bump: ${{ steps.bumpcheck.outputs.is-bump }}
steps:
- uses: actions/checkout@v4
- name: Skip version bump merges
id: bumpcheck
uses: ./.github/actions/bump-skip
with:
event-name: ${{ github.event_name }}
# The primary objective of this section is to carefully control the dispatching of tags,
# ensuring it only occurs during the 'Tag, publish, deploy' workflow.
# However, a challenge arises with contract tests, as they require knowledge of the upcoming tag
# before the actual deployment. To address this, we leverage the dry run feature provided by bumper.
# This allows us to obtain the next tag for publishing contracts and verifying consumer pacts without
# triggering the tag dispatch. This approach sidesteps the need for orchestrating multiple workflows,
# simplifying our implementation.
#
# We regulate the tag job to meet the following requirements according to the trigger event type:
# 1. pull_request event (due to opening or updating of PR branch):
# dry-run flag is set to false
# this allows the new semver tag #major.#minor.#patch-#commit to be used to identity pacticipant version for development purpose
# PR has no effect on the value of the latest tag in settings.gradle on disk
# 2. PR merge to main, this triggers a push event on the main branch:
# dry-run flag is set to true
# this allows the new semver tag #major.#minor.#patch to be used to identity pacticipant version, and
# this action will not update the value of the latest tag in settings.gradle on disk
#
# Note: All workflows from the same PR merge should have the same copy of settings.gradle on disk,
# which should be the one from the HEAD of the main branch before the workflow starts running
regulated-tag-job:
needs: [ bump-check ]
if: ${{ needs.bump-check.outputs.is-bump == 'no' }}
uses: ./.github/workflows/tag.yml
with:
# The 'ref' parameter ensures that the consumer version is postfixed with the HEAD commit of the PR branch,
# facilitating cross-referencing of a pact between Pact Broker and GitHub.
ref: ${{ github.head_ref || '' }}
# The 'dry-run' parameter prevents the new tag from being dispatched.
dry-run: true
release-branches: main
secrets: inherit
init-github-context:
runs-on: ubuntu-latest
outputs:
sha-short: ${{ steps.extract-branch.outputs.sha-short }}
repo-branch: ${{ steps.extract-branch.outputs.repo-branch }}
repo-version: ${{ steps.extract-branch.outputs.repo-version }}
steps:
- uses: actions/checkout@v4
- name: Extract branch
id: extract-branch
run: |
GITHUB_EVENT_NAME=${{ github.event_name }}
if [[ "$GITHUB_EVENT_NAME" == "push" ]]; then
GITHUB_REF=${{ github.ref }}
GITHUB_SHA=${{ github.sha }}
elif [[ "$GITHUB_EVENT_NAME" == "pull_request" ]]; then
GITHUB_REF=refs/heads/${{ github.head_ref }}
GITHUB_SHA=${{ github.event.pull_request.head.sha }}
elif [[ "$GITHUB_EVENT_NAME" == "merge_group" ]]; then
GITHUB_REF=refs/heads/${{ github.head_ref }}
else
echo "Failed to extract branch information"
exit 1
fi
echo "repo-branch=${GITHUB_REF/refs\/heads\//""}" >> $GITHUB_OUTPUT
echo "repo-version=${GITHUB_SHA}" >> $GITHUB_OUTPUT
- name: Echo repo and branch information
run: |
echo "repo-owner=${{ github.repository_owner }}"
echo "repo-name=${{ github.event.repository.name }}"
echo "repo-branch=${{ steps.extract-branch.outputs.repo-branch }}"
echo "repo-version=${{ steps.extract-branch.outputs.repo-version }}"
run-consumer-contract-tests:
runs-on: ubuntu-latest
needs: [ init-github-context ]
outputs:
pact-paths: ${{ steps.locate-pacts.outputs.pact-paths }}
steps:
- name: Checkout current code
uses: actions/checkout@v4
- name: Set up JDK
uses: actions/setup-java@v4
with:
java-version: '17'
distribution: 'temurin'
- name: Setup Gradle
uses: gradle/actions/setup-gradle@v4
- name: Run consumer tests
run: ./gradlew pactTests
- name: Locate pact files
id: locate-pacts
run: |
pactPaths=$(find "$WDS_PACTS_OUTPUT_DIR" -type f -name "*.json" | jq -cnR "[inputs]")
echo "pact-paths=$pactPaths" >> $GITHUB_OUTPUT
- name: Upload pact files to artifact
id: upload-pacts
uses: actions/upload-artifact@v4
with:
name: ${{ env.WDS_PACTS_ARTIFACT }}
path: ${{ env.WDS_PACTS_OUTPUT_DIR }}
retention-days: 1
publish-pacts-job:
runs-on: ubuntu-latest
needs: [ regulated-tag-job, init-github-context, run-consumer-contract-tests ]
strategy:
matrix:
pact_path: ${{ fromJson(needs.run-consumer-contract-tests.outputs.pact-paths) }}
steps:
- name: Download pact files from artifact
id: download-pacts
uses: actions/download-artifact@v4
with:
name: ${{ env.WDS_PACTS_ARTIFACT }}
path: ${{ env.WDS_PACTS_OUTPUT_DIR }}
- name: Encode pact as non-breaking base64 string
id: encode-pact
run: |
nonBreakingB64=$(cat "${{ matrix.pact_path }}" | base64 -w 0)
echo "pact-b64=${nonBreakingB64}" >> $GITHUB_OUTPUT
- name: Dispatch to terra-github-workflows
uses: broadinstitute/workflow-dispatch@v4
with:
run-name: '${{ env.PUBLISH_CONTRACT_RUN_NAME }}-${{ matrix.pact_path }}'
workflow: .github/workflows/publish-contracts.yaml
repo: broadinstitute/terra-github-workflows
ref: refs/heads/main
token: ${{ secrets.BROADBOT_TOKEN }} # github token for access to kick off a job in the private repo
inputs: '{
"run-name": "${{ env.PUBLISH_CONTRACT_RUN_NAME }}-${{ matrix.pact_path }}",
"pact-b64": "${{ steps.encode-pact.outputs.pact-b64 }}",
"repo-owner": "${{ github.repository_owner }}",
"repo-name": "${{ github.event.repository.name }}",
"repo-branch": "${{ needs.init-github-context.outputs.repo-branch }}",
"release-tag": "${{ needs.regulated-tag-job.outputs.new-tag }}"
}'
can-i-deploy: # The can-i-deploy job will run as a result of a PR. It reports the pact verification statuses on all deployed environments.
runs-on: ubuntu-latest
needs: [ run-consumer-contract-tests, regulated-tag-job ]
strategy:
matrix:
pacticipant-name: ["wds", "cwds"]
steps:
- name: Dispatch to terra-github-workflows
uses: broadinstitute/workflow-dispatch@v4
with:
run-name: "${{ env.CAN_I_DEPLOY_RUN_NAME }}-${{ matrix.pacticipant-name }}"
workflow: .github/workflows/can-i-deploy.yaml
repo: broadinstitute/terra-github-workflows
ref: refs/heads/main
token: ${{ secrets.BROADBOT_TOKEN }} # github token for access to kick off a job in the private repo
inputs: '{
"run-name": "${{ env.CAN_I_DEPLOY_RUN_NAME }}-${{ matrix.pacticipant-name }}",
"pacticipant": "${{ matrix.pacticipant-name }}",
"version": "${{ needs.regulated-tag-job.outputs.new-tag }}"
}'