chore(deps): update github-actions #909
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: ci | |
on: | |
push: | |
branches: | |
- master | |
- beta | |
release: | |
types: [created] | |
pull_request: | |
branches: | |
- master | |
- beta | |
permissions: read-all | |
jobs: | |
build: | |
uses: miracum/.github/.github/workflows/standard-build.yaml@abfae5033f23299a721ddda53263e32d18f33d8a # v1.12.12 | |
permissions: | |
contents: write | |
id-token: write | |
packages: write | |
pull-requests: write | |
actions: read | |
security-events: write | |
with: | |
enable-build-test-layer: true | |
enable-upload-test-image: true | |
secrets: | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
add-test-coverage: | |
runs-on: ubuntu-22.04 | |
needs: | |
- build | |
permissions: | |
# for add Coverage PR Comment | |
pull-requests: write | |
if: ${{ github.event_name == 'pull_request' }} | |
steps: | |
# <https://docs.docker.com/storage/containerd/> | |
# via <https://github.com/docker/setup-buildx-action/issues/257> | |
- name: Set up containerd image store | |
shell: bash | |
run: | | |
jq '. | .+{"features": {"containerd-snapshotter": true}}' /etc/docker/daemon.json > /tmp/docker-daemon-with-containerd.json | |
sudo mv /tmp/docker-daemon-with-containerd.json /etc/docker/daemon.json | |
cat /etc/docker/daemon.json | |
sudo systemctl restart docker | |
docker info -f '{{ .DriverStatus }}' | |
- name: Download test image | |
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
with: | |
name: ${{ needs.build.outputs.image-slug }}-test | |
path: /tmp | |
- name: Load test image | |
run: | | |
docker load --input /tmp/image-test.tar | |
docker image ls | |
- name: Copy unit test coverage reports from test container | |
env: | |
UNIT_TEST_IMAGE: ${{ fromJson(needs.build.outputs.test-image-meta-json).tags[0] }} | |
run: | | |
docker create --name=unit-test-container "${UNIT_TEST_IMAGE}" | |
docker cp unit-test-container:/test ${{ github.workspace }}/test | |
- name: Add coverage to PR | |
id: jacoco | |
uses: madrapps/jacoco-report@7c362aca34caf958e7b1c03464bd8781db9f8da7 # v1.7.1 | |
with: | |
paths: | | |
${{ github.workspace }}/test/jacoco/test/jacocoTestReport.xml | |
token: ${{ secrets.GITHUB_TOKEN }} | |
min-coverage-overall: 40 | |
min-coverage-changed-files: 60 | |
update-comment: true | |
title: "## Code Coverage Report" | |
test: | |
name: run k8s smoke test | |
runs-on: ubuntu-22.04 | |
if: ${{ github.event_name == 'pull_request' || github.ref_name == 'beta' }} | |
needs: | |
- build | |
permissions: | |
contents: read | |
steps: | |
- name: Checkout | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- name: Create KinD cluster | |
uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3 # v1.12.0 | |
with: | |
cluster_name: kind | |
- name: Download image | |
if: ${{ github.event_name == 'pull_request' }} | |
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
with: | |
name: ${{ needs.build.outputs.image-slug }} | |
path: /tmp | |
- name: Load image into KinD | |
if: ${{ github.event_name == 'pull_request' }} | |
run: | | |
kind load image-archive /tmp/image.tar | |
# list images in cluster | |
docker exec kind-control-plane crictl images | |
- name: Install test chart | |
env: | |
IMAGE_TAG: ${{ needs.build.outputs.image-version }} | |
run: | | |
helm dep up tests/k8s | |
# start by first installing the Strimzi and Prometheus operators | |
helm upgrade --install \ | |
--set "stream-processors.enabled=false" \ | |
--set "stream-processors.processors.obds-to-fhir.container.image.tag=${IMAGE_TAG}" \ | |
--wait \ | |
--timeout=10m \ | |
obds-to-fhir-test \ | |
tests/k8s | |
kubectl wait kafka/obds-to-fhir-kafka --for=condition=Ready --timeout=300s | |
# install the actual obds-to-fhir stream processor | |
helm upgrade --install \ | |
--set "stream-processors.enabled=true" \ | |
--set "stream-processors.processors.obds-to-fhir.container.image.tag=${IMAGE_TAG}" \ | |
--wait \ | |
--timeout=10m \ | |
obds-to-fhir-test \ | |
tests/k8s | |
- name: Run Helm test to make sure everything started correctly | |
run: | | |
helm test obds-to-fhir-test | |
- name: Print cluster logs | |
if: always() | |
run: | | |
kubectl cluster-info dump -o yaml | tee kind-cluster-dump.txt | |
- name: Upload cluster dump | |
if: always() | |
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 | |
with: | |
name: kind-cluster-dump.txt | |
path: | | |
kind-cluster-dump.txt | |
lint: | |
uses: miracum/.github/.github/workflows/standard-lint.yaml@abfae5033f23299a721ddda53263e32d18f33d8a # v1.12.12 | |
permissions: | |
contents: read | |
pull-requests: write | |
issues: write | |
security-events: write | |
actions: read | |
with: | |
codeql-languages: '["java"]' | |
enable-codeql: true | |
java-version: "21" | |
secrets: | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
release: | |
uses: miracum/.github/.github/workflows/standard-release.yaml@abfae5033f23299a721ddda53263e32d18f33d8a # v1.12.12 | |
needs: | |
- lint | |
- build | |
permissions: | |
contents: write | |
pull-requests: write | |
issues: write | |
secrets: | |
semantic-release-token: ${{ secrets.MIRACUM_BOT_SEMANTIC_RELEASE_TOKEN }} |