chore(deps): bump io.projectreactor:reactor-core from 3.4.23 to 3.6.5 #1310
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: CI build | |
| on: | |
| schedule: | |
| - cron: '0 10 * * *' # every day at 10am | |
| push: | |
| branches: | |
| - master | |
| tags: | |
| - 'v*.*.*' | |
| pull_request: | |
| jobs: | |
| compile: | |
| name: Compile with maven | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout codebase | |
| uses: actions/checkout@v4 | |
| - name: Set up JDK 17 | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: '17' | |
| distribution: 'temurin' | |
| cache: maven | |
| - name: Build with Maven | |
| run: mvn --quiet clean compile -DskipTests=True | |
| build-and-run: | |
| name: Run application | |
| runs-on: ubuntu-latest | |
| needs: | |
| - compile | |
| steps: | |
| - name: Checkout codebase | |
| uses: actions/checkout@v4 | |
| - name: Set up JDK 17 | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: '17' | |
| distribution: 'temurin' | |
| - name: Build with Maven | |
| run: mvn --quiet clean install -DskipTests=True | |
| - name: Run jar file | |
| run: nohup mvn spring-boot:test-run -Dspring-boot.run.profiles=dev > /dev/null 2>&1 & | |
| - name: Wait for application to start | |
| run: .github/scripts/wait_for_url.sh localhost:8081/api/actuator/health | |
| lint: | |
| name: Lint Code Base | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout Code | |
| uses: actions/checkout@v4 | |
| - name: Lint Code Base | |
| run: mvn clean com.spotify.fmt:fmt-maven-plugin:check | |
| unit-tests: | |
| name: Unit tests | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build-and-run | |
| steps: | |
| - name: Checkout codebase | |
| uses: actions/checkout@v4 | |
| - name: Set up JDK 17 | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: '17' | |
| distribution: 'temurin' | |
| cache: maven | |
| - name: Run unit tests | |
| run: mvn --quiet clean test -B --file pom.xml | |
| - name: Upload coverage to Codecov | |
| uses: codecov/codecov-action@v4 | |
| with: | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| fail_ci_if_error: true | |
| flags: unit | |
| integration-tests: | |
| name: Integration tests | |
| runs-on: ubuntu-latest | |
| needs: | |
| - unit-tests | |
| steps: | |
| - name: Checkout codebase | |
| uses: actions/checkout@v4 | |
| - name: Set up JDK 17 | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: '17' | |
| distribution: 'temurin' | |
| cache: maven | |
| - name: Run integration tests | |
| run: mvn --quiet clean verify -B -Dfmt.skip -Dspring.profiles.active=test | |
| - name: Upload coverage to Codecov | |
| uses: codecov/codecov-action@v4 | |
| with: | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| fail_ci_if_error: true | |
| flags: unit | |
| analyze: | |
| name: CodeQL Analysis | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 120 | |
| permissions: | |
| actions: read | |
| contents: write | |
| security-events: write | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Set up JDK 17 | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: '17' | |
| distribution: 'temurin' | |
| cache: maven | |
| - name: Initialize CodeQL | |
| uses: github/codeql-action/init@v3 | |
| with: | |
| languages: java | |
| - name: Compile with maven | |
| run: mvn --quiet -B clean package -Dmaven.test.skip=true | |
| - name: Perform CodeQL Analysis | |
| uses: github/codeql-action/analyze@v3 | |
| with: | |
| category: java | |
| - name: Update dependency graph | |
| uses: advanced-security/maven-dependency-submission-action@v4 | |
| build-image: | |
| name: Build docker image | |
| runs-on: ubuntu-latest | |
| needs: | |
| - integration-tests | |
| steps: | |
| - name: Checkout codebase | |
| uses: actions/checkout@v4 | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Build and push | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| tags: bbmrieric/negotiator:latest | |
| outputs: type=docker,dest=/tmp/negotiator.tar | |
| - name: Upload image | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: negotiator | |
| path: /tmp/negotiator.tar | |
| image-scan: | |
| needs: build-image | |
| runs-on: ubuntu-latest | |
| permissions: | |
| security-events: write | |
| steps: | |
| - name: Download artifact | |
| uses: actions/download-artifact@v4.1.0 | |
| with: | |
| name: negotiator | |
| path: /tmp | |
| - name: Load image | |
| run: docker load --input /tmp/negotiator.tar | |
| - name: Check out Git repository | |
| uses: actions/checkout@v4 | |
| - name: Run Trivy Vulnerability Scanner | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| image-ref: bbmrieric/negotiator:latest | |
| format: sarif | |
| output: trivy-results.sarif | |
| severity: 'CRITICAL,HIGH' | |
| timeout: '15m0s' | |
| - name: Upload Trivy Scan Results to GitHub Security Tab | |
| if: ${{ (github.repository_owner == 'bbmri-eric') || (vars.IMAGE_SCAN_UPLOAD == 'true') }} | |
| uses: github/codeql-action/upload-sarif@v3 | |
| with: | |
| sarif_file: trivy-results.sarif | |
| system-test: | |
| name: System tests | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build-image | |
| steps: | |
| - name: Download artifact | |
| uses: actions/download-artifact@v4.1.0 | |
| with: | |
| name: negotiator | |
| path: /tmp | |
| - name: Checkout codebase | |
| uses: actions/checkout@v4 | |
| - name: Load image | |
| run: docker load --input /tmp/negotiator.tar | |
| - name: Clone deployment repo | |
| run: git clone https://gitlab.bbmri-eric.eu/negotiator-deployment/negotiator-deployment-template.git /opt/negotiator | |
| - name: Run docker compose | |
| run: cd /opt/negotiator && docker compose -f compose.yaml -f $GITHUB_WORKSPACE/.github/compose-overrides/compose.override.system.yaml up -d negotiator | |
| - name: Wait | |
| run: sleep 30 | |
| - name: Get docker logs | |
| run: docker logs negotiator | |
| - name: Get running containers | |
| run: docker ps | |
| - name: Check health | |
| run: $GITHUB_WORKSPACE/.github/scripts/check_health.sh negotiator | |
| - name: Send request | |
| run: $GITHUB_WORKSPACE/.github/scripts/new_request.sh | |
| oauth-test: | |
| name: OAuth2 Authorization tests | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build-image | |
| steps: | |
| - name: Download artifact | |
| uses: actions/download-artifact@v4.1.0 | |
| with: | |
| name: negotiator | |
| path: /tmp | |
| - name: Load image | |
| run: docker load --input /tmp/negotiator.tar | |
| - name: Checkout codebase | |
| uses: actions/checkout@v4 | |
| - name: Setup environment with auth server | |
| run: cd .github/oauth-test/ && docker compose up -d | |
| - name: Wait | |
| run: sleep 30 | |
| - name: Get docker logs | |
| run: docker logs negotiator | |
| - name: Check health | |
| run: .github/scripts/check_health.sh negotiator | |
| - name: Send authenticated request | |
| run: chmod +x .github/scripts/send_authenticated_request.sh && .github/scripts/send_authenticated_request.sh | |
| backwards-compatibility: | |
| name: DB migration tests | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build-image | |
| steps: | |
| - name: Download artifact | |
| uses: actions/download-artifact@v4.1.0 | |
| with: | |
| name: negotiator | |
| path: /tmp | |
| - name: Clone deployment repo | |
| run: git clone https://gitlab.bbmri-eric.eu/negotiator-deployment/negotiator-deployment-template.git /opt/negotiator | |
| - name: Run docker compose | |
| run: cd /opt/negotiator && docker compose up -d negotiator | |
| - name: Wait | |
| run: sleep 30 | |
| - name: Down docker compose | |
| run: cd /opt/negotiator && docker compose down | |
| - name: Remove image | |
| run: docker image rm bbmrieric/negotiator | |
| - name: Load image | |
| run: docker load --input /tmp/negotiator.tar | |
| - name: Run docker compose | |
| run: cd /opt/negotiator && docker compose up -d negotiator | |
| - name: Wait | |
| run: sleep 30 | |
| - name: Get docker logs | |
| run: docker logs negotiator | |
| - name: Checkout codebase | |
| uses: actions/checkout@v4 | |
| - name: Check health | |
| run: .github/scripts/check_health.sh negotiator | |
| build-push-image: | |
| name: Publish Docker image | |
| runs-on: ubuntu-latest | |
| needs: | |
| - system-test | |
| - oauth-test | |
| - backwards-compatibility | |
| permissions: | |
| packages: write | |
| contents: read | |
| steps: | |
| - name: Checkout codebase | |
| uses: actions/checkout@v4 | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Login to DockerHub | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USER }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.repository_owner }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Docker meta | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: | | |
| bbmrieric/negotiator | |
| ghcr.io/${{ github.repository_owner }}/negotiator | |
| tags: | | |
| type=ref,event=branch | |
| type=raw,value=${{ github.head_ref }},event=pr | |
| type=semver,pattern={{version}} | |
| type=semver,pattern={{major}}.{{minor}} | |
| type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'master') }} | |
| - name: Build and push | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| platforms: linux/amd64,linux/arm64 | |
| push: true | |
| labels: ${{ steps.meta.outputs.labels }} | |
| tags: ${{ steps.meta.outputs.tags }} | |
| build-args: ARTIFACT_VERSION=${{ github.ref_name }} | |
| publish-jar: | |
| if: github.event_name == 'push' && github.ref_type == 'tag' | |
| name: Publish JAR file | |
| runs-on: ubuntu-latest | |
| needs: | |
| - system-test | |
| - oauth-test | |
| - backwards-compatibility | |
| steps: | |
| - name: Checkout codebase | |
| uses: actions/checkout@v4 | |
| - name: Set up JDK 17 | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: '17' | |
| distribution: 'temurin' | |
| cache: maven | |
| - name: Publish package | |
| run: mvn --quiet -B versions:set -DnewVersion="${ARTIFACT_VERSION//v}" | |
| env: | |
| ARTIFACT_VERSION: ${{ github.ref_name }} | |
| - name: Publish package | |
| run: mvn --batch-mode deploy | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |