.github/workflows/push-branch.yml

# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
# This workflow will build a Java project with Gradle and cache/restore any dependencies to improve the workflow execution time
# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-java-with-gradle

name: CI caab-data-api push to branch

on:
  push:
    branches-ignore:
      - main
      - 'feature-dev/*'
      - 'feature-test/*'

permissions:
  contents: read
  packages: write

jobs:
  build-test-publish:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - name: Set up JDK 21
        uses: actions/setup-java@v3
        with:
          java-version: '21'
          distribution: 'temurin'
      - name: Setup Gradle
        uses: gradle/actions/setup-gradle@v4

      - name: Build & test
        run: ./gradlew build jacocoTestCoverageVerification
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

      - name: Integration Test
        run: ./gradlew integrationTest

      - name: Update snapshot version
        run: ./gradlew updateSnapshotVersion

      - name: Publish package
        run: ./gradlew publish
        env:
            GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

  vulnerability-scan:
    runs-on: ubuntu-latest

    env:
      SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
      SNYK_ORG: legal-aid-agency
      SNYK_TEST_EXCLUDE: build,generated
      SNYK_TARGET_REFERENCE: main

    steps:
      - uses: actions/checkout@v3
      - name: Set up JDK 21
        uses: actions/setup-java@v3
        with:
          java-version: '21'
          distribution: 'temurin'
      - uses: snyk/actions/setup@0.4.0
      - name: Install snyk-delta
        run: |
          npm config set prefix '~/.local/'
          mkdir -p ~/.local/bin
          export PATH="$HOME/.local/bin/:$PATH"
          npm install -g snyk-delta
      - name: Identify new vulnerabilities
        run: ./snyk/snyk_delta_all_projects.sh --org=$SNYK_ORG --exclude=$SNYK_TEST_EXCLUDE --target-reference=$SNYK_TARGET_REFERENCE
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      - name: Run code test
        uses: snyk/actions/gradle@0.4.0
        with:
          command: code test
          args: --org=${SNYK_ORG}