Skip to content
This repository was archived by the owner on Mar 20, 2025. It is now read-only.
CI

CI #847

Sign in to view logs

CI

CI #847

Workflow file for this run

.github/workflows/ci.yml at b8271eb
name: CI
on:
release:
types: [released, prereleased]
push:
branches:
- main
pull_request:
schedule:
- cron: '0 0 * * *'
permissions:
contents: read
packages: write
jobs:
test:
name: Test
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- name: Checkout
uses: actions/checkout@v4.2.2
- name: Set up JDK
uses: actions/setup-java@v4
with:
distribution: corretto
java-version: 17
cache: 'gradle'
- name: Compile and test
run: ./gradlew build --info
- name: Check coverage
run: ./gradlew jacocoTestCoverageVerification --info
- name: Archive code coverage results
uses: actions/upload-artifact@v4
if: failure()
with:
name: build-reports
path: '*/build/reports'
retention-days: 1
dependency_check:
name: Dependency checks
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- name: Checkout
uses: actions/checkout@v4.2.2
- name: Set up JDK
uses: actions/setup-java@v4
with:
distribution: corretto
java-version: 17
cache: 'gradle'
- name: Build JARs for scan
run: ./gradlew assemble
- name: Run dependency checks
uses: dependency-check/Dependency-Check_Action@main
env:
# actions/setup-java changes JAVA_HOME so it needs to be reset to match the depcheck image
JAVA_HOME: /opt/jdk
with:
project: 'spring-oidc'
path: '.'
format: 'HTML'
out: 'reports'
args: >
--failOnCVSS 7
--suppression dependency-check-suppressions.xml
- name: Upload Test results
uses: actions/upload-artifact@v4
with:
name: OWASP Dependency Check report
path: ${{ github.workspace }}/reports
retention-days: 7
publish:
name: Publish
needs: [test, dependency_check]
if: github.event_name == 'release'
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- name: Checkout
uses: actions/checkout@v4.2.2
- name: Set up JDK
uses: actions/setup-java@v4
with:
distribution: corretto
java-version: 17
cache: 'gradle'
- name: Gradle publish
run: ./gradlew publish --info --no-daemon
env:
GH_USERNAME: ${{ secrets.GH_USERNAME }}
GH_TOKEN: ${{ secrets.GH_TOKEN }}
end:
name: End
needs: [test, dependency_check, publish]
if: always()
runs-on: ubuntu-latest
timeout-minutes: 5
env:
SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
steps:
- name: Build summary
id: summary
env:
TEST: ${{ needs.test.result }}
DEPENDENCY_CHECK: ${{ needs.dependency_check.result }}
PUBLISH: ${{ needs.publish.result }}
run: |
echo "success=$(if [[ "$TEST$DEPENDENCY_CHECK$PUBLISH" =~ ^(success|skipped)+$ ]]; then echo "true"; else echo "false"; fi)" >> $GITHUB_OUTPUT
- name: Notify slack fail
if: steps.summary.outputs.success != 'true' && env.SLACK_BOT_TOKEN != 0
uses: slackapi/slack-github-action@v1.27.0
with:
channel-id: dev
payload: |
{
"text": "${{github.repository}}: CI failed",
"blocks": [
{
"type": "header",
"text": {
"type": "plain_text",
"emoji": true,
"text": ":x: ${{github.repository}}: CI failed"
}
},
{
"type": "context",
"elements": [
{
"type": "mrkdwn",
"text": "Repository: <${{github.server_url}}/${{github.repository}}|${{github.repository}}>"
},
{
"type": "mrkdwn",
"text": "Triggered by: *${{github.triggering_actor}}*"
}
]
},
{
"type": "section",
"text": {
"type": "mrkdwn",
"text": "See failed run: <${{github.server_url}}/${{github.repository}}/actions/runs/${{github.run_id}}|${{github.run_id}}>"
}
}
]
}