SDCSRM-542 Dependabot Security Only PRs #238
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: Checks and Tests | |
| on: | |
| push: | |
| branches: [ main ] | |
| pull_request: | |
| branches: [ main ] | |
| jobs: | |
| java-checks-and-tests: | |
| name: Java Checks and Tests | |
| runs-on: ubuntu-latest | |
| # Add "id-token" with the required permissions. | |
| permissions: | |
| contents: 'read' | |
| id-token: 'write' | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| # Google auth allows maven to pull artifacts from our registry | |
| # And acquire a token for authenticating with the docker registry | |
| - id: auth | |
| name: Authenticate to Google Cloud | |
| uses: google-github-actions/auth@v1 | |
| with: | |
| token_format: 'access_token' | |
| workload_identity_provider: ${{ secrets.WIF_PROVIDER }} | |
| service_account: ${{ secrets.SERVICE_ACCOUNT }} | |
| # Authenticating with Dockerhub ensures image pulls are authenticated, so not as severely rate limited | |
| - name: Log in to Dockerhub | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| # Also log docker in to GCP, to allow image pulls from our private registries | |
| - name: Log in to Google Docker Artifact Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: europe-west2-docker.pkg.dev | |
| username: oauth2accesstoken | |
| password: ${{ steps.auth.outputs.access_token }} | |
| - name: Set Up JDK 17 | |
| uses: actions/setup-java@v3 | |
| with: | |
| java-version: 17 | |
| distribution: temurin | |
| cache: maven | |
| - name: Set Up Docker Network | |
| run: docker network create ssdcrmdockerdev_default | |
| - name: Maven Checks | |
| run: make check-mvn | |
| - name: Run Tests | |
| run: mvn verify jacoco:report | |
| - name: Run Codecov | |
| uses: codecov/codecov-action@v3 | |
| with: | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| # NB: fail_ci_if_error is enabled to make any teething issues with Codecov visible. | |
| # If Codecov has outage issues in the future, this can be toggled to false to allow the action to pass. | |
| fail_ci_if_error: true | |
| node-checks: | |
| name: Node Checks | |
| runs-on: ubuntu-latest | |
| defaults: | |
| run: | |
| working-directory: ui | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| - name: Set Up Node | |
| uses: actions/setup-node@v3 | |
| with: | |
| node-version: 16 | |
| - name: Update NPM | |
| # The setup node action links the version of NPM to the version of node | |
| # However, locally we use an up-to-date NPM so CI needs to match this | |
| # See https://github.com/actions/setup-node/issues/529 | |
| run: npm install -g [email protected] | |
| - name: Install Dependencies | |
| run: make install | |
| - name: Run Format Check | |
| run: make format-check | |
| - name: Run Package Audit | |
| run: make package-audit |