bump 1.2.34 #284

Workflow file for this run

.github/workflows/build-and-test.yml at 7f0e7c8

	# This workflow will build a Java project with Gradle
	# For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-gradle

	name: Java CI with Gradle

	on:
	workflow_dispatch: {}
	push:
	branches: [ master ]
	paths-ignore: [ '**.md' ]
	pull_request:
	# Branch settings require status checks before merging, so don't add paths-ignore.
	branches: [ master ]

	env:
	VAULT_ADDR: https://clotho.broadinstitute.org:8200
	VAULT_SERVICE_ACCOUNT_ADMIN_PATH: secret/dsde/terra/crl-test/default/service-account-admin.json
	VAULT_SERVICE_ACCOUNT_USER_PATH: secret/dsde/terra/crl-test/default/service-account-user.json
	VAULT_AZURE_MANAGED_APP_CLIENT_PATH: secret/dsde/terra/azure/common/managed-app-publisher
	# Where to store the retrieved service accounts credentials for Google integration tests.
	SERVICE_ACCOUNT_ADMIN_FILE: src/testFixtures/resources/integration_service_account_admin.json
	SERVICE_ACCOUNT_USER_FILE: src/testFixtures/resources/integration_service_account_user.json
	SERVICE_ACCOUNT_JANITOR_CLIENT_FILE: src/testFixtures/resources/integration_service_account_janitor_client.json
	AZURE_MANAGED_APP_FILE: src/testFixtures/resources/integration_azure_managed_app_client.json
	AZURE_CREDENTIALS_FILE: src/testFixtures/resources/integration_azure_env.properties

	jobs:
	build-and-test:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v3
	- name: Pull Vault image
	run: docker pull vault:1.1.0
	# Currently, there's no way to add capabilities to Docker actions on Git, and Vault needs IPC_LOCK to run.
	- name: Get Vault token
	id: vault-token-step
	run: \|
	VAULT_TOKEN=$(docker run --rm --cap-add IPC_LOCK \
	-e "VAULT_ADDR=${VAULT_ADDR}" \
	vault:1.1.0 \
	vault write -field token \
	auth/approle/login role_id=${{ secrets.VAULT_APPROLE_ROLE_ID }} \
	secret_id=${{ secrets.VAULT_APPROLE_SECRET_ID }})
	echo ::add-mask::$VAULT_TOKEN
	echo vault-token=$VAULT_TOKEN >> $GITHUB_OUTPUT
	- name: Get service account credentials from Vault
	id: vault-secret-step
	run: \|
	docker run --rm --cap-add IPC_LOCK \
	-e "VAULT_TOKEN=${{ steps.vault-token-step.outputs.vault-token }}" \
	-e "VAULT_ADDR=${VAULT_ADDR}" \
	vault:1.1.0 \
	vault read -format json $VAULT_SERVICE_ACCOUNT_ADMIN_PATH \
	\| jq .data > $SERVICE_ACCOUNT_ADMIN_FILE &&#
	docker run --rm --cap-add IPC_LOCK \
	-e "VAULT_TOKEN=${{ steps.vault-token-step.outputs.vault-token }}" \
	-e "VAULT_ADDR=${VAULT_ADDR}" \
	vault:1.1.0 \
	vault read -format json $VAULT_SERVICE_ACCOUNT_USER_PATH \
	\| jq .data > $SERVICE_ACCOUNT_USER_FILE &&#
	docker run --rm --cap-add IPC_LOCK \
	-e "VAULT_TOKEN=${{ steps.vault-token-step.outputs.vault-token }}" \
	-e "VAULT_ADDR=${VAULT_ADDR}" \
	vault:1.1.0 \
	vault read -format json $VAULT_AZURE_MANAGED_APP_CLIENT_PATH \
	\| jq .data > $AZURE_MANAGED_APP_FILE
	- name: Write Janitor Client SA file
	run: \|
	JANITOR_SA_B64=${{ secrets.CRL_JANITOR_CLIENT_SA_B64 }}
	echo ::add-mask::$JANITOR_SA_B64
	echo $JANITOR_SA_B64 \| base64 --decode > ${SERVICE_ACCOUNT_JANITOR_CLIENT_FILE}
	- name: Write Azure properties file
	run: \|
	AZURE_MANAGED_APP_CLIENT_ID=$(jq -r '."client-id"' ${AZURE_MANAGED_APP_FILE})
	AZURE_MANAGED_APP_CLIENT_SECRET=$(jq -r '."client-secret"' ${AZURE_MANAGED_APP_FILE})
	AZURE_MANAGED_APP_TENANT_ID=$(jq -r '."tenant-id"' ${AZURE_MANAGED_APP_FILE})
	cat > ${AZURE_CREDENTIALS_FILE} <<EOF
	integration.azure.admin.clientId=${AZURE_MANAGED_APP_CLIENT_ID}
	integration.azure.admin.clientSecret=${AZURE_MANAGED_APP_CLIENT_SECRET}
	integration.azure.admin.tenantId=${AZURE_MANAGED_APP_TENANT_ID}
	EOF
	- name: Set up JDK 17
	uses: actions/setup-java@v3
	with:
	distribution: 'temurin'
	java-version: 17
	# See https://github.com/actions/cache/blob/main/examples.md#java---gradle
	- name: Cache Gradle packages
	uses: actions/cache@v3
	with:
	path: \|
	~/.gradle/caches
	~/.gradle/wrapper
	key: v1-${{ runner.os }}-gradle-${{ hashfiles('/gradle-wrapper.properties') }}-${{ hashFiles('/*.gradle') }}
	restore-keys: v1-${{ runner.os }}-gradle-${{ hashfiles('**/gradle-wrapper.properties') }}
	- name: Grant execute permission for gradlew
	run: chmod +x gradlew
	- name: Build, assemble and test
	run: ./gradlew build -x minniekenny --scan # skip minniekenny
	# TODO(CA-814): Determine how to run tests based on modified packages.
	- name: Integration test
	id: integration-test
	run: ./gradlew integrationTest --scan
	- name: Upload test reports
	if: always()
	uses: actions/upload-artifact@v3
	with:
	name: Test Reports
	path: \|
	**/build/reports/tests

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

bump 1.2.34 #284

Workflow file

bump 1.2.34 #284

Jobs

Run details

Workflow file for this run