test for setting secure envs #8196
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "DPC CI Workflow" | |
| on: | |
| pull_request: | |
| paths-ignore: | |
| - .github/workflows/opt-out-* | |
| - lambda/** | |
| workflow_dispatch: # Allow manual trigger | |
| push: | |
| paths: | |
| - .github/workflows/ci-workflow.yml | |
| env: | |
| VAULT_PW: ${{ secrets.VAULT_PW }} | |
| REPORT_COVERAGE: true | |
| DPC_CA_CERT: ${{ secrets.DPC_CA_CERT }} | |
| ENV: "github-ci" | |
| jobs: | |
| build-api: | |
| name: "Build and Test API" | |
| runs-on: self-hosted | |
| steps: | |
| - name: chmod working directory | |
| run: | | |
| sudo chmod -R 777 . | |
| - name: Checkout Code | |
| uses: actions/checkout@v4 | |
| - name: "Set up Ansible" | |
| run: | | |
| sudo dnf -y install python3 python3-pip | |
| pip install ansible | |
| make secure-envs | |
| wc -l ops/config/decrypted/local.env | |
| - name: Setup Java | |
| uses: actions/setup-java@v3 | |
| with: | |
| java-version: '11' | |
| distribution: temurin | |
| cache: maven | |
| - name: Install Maven 3.6.3 | |
| run: | | |
| export PATH="$PATH:/opt/maven/bin" | |
| echo "PATH=$PATH" >> $GITHUB_ENV | |
| if mvn -v; then echo "Maven already installed" && exit 0; else echo "Installing Maven"; fi | |
| tmpdir="$(mktemp -d)" | |
| curl -LsS https://archive.apache.org/dist/maven/maven-3/3.6.3/binaries/apache-maven-3.6.3-bin.tar.gz | tar xzf - -C "$tmpdir" | |
| sudo rm -rf /opt/maven | |
| sudo mv "$tmpdir/apache-maven-3.6.3" /opt/maven | |
| - name: Clean maven | |
| run: | | |
| mvn -ntp -U clean | |
| - name: "API Build" | |
| run: | | |
| make ci-app | |
| - name: "Move jacoco reports" | |
| run: | | |
| sudo mkdir jacoco-reports | |
| sudo cp ./dpc-aggregation/target/site/jacoco-it/jacoco.xml jacoco-reports/dpc-aggregation-it-jacoco.xml | |
| sudo cp ./dpc-aggregation/target/site/jacoco/jacoco.xml jacoco-reports/dpc-aggregation-jacoco.xml | |
| sudo cp ./dpc-api/target/site/jacoco-it/jacoco.xml jacoco-reports/dpc-api-it-jacoco.xml | |
| sudo cp ./dpc-api/target/site/jacoco/jacoco.xml jacoco-reports/dpc-api-jacoco.xml | |
| sudo cp ./dpc-attribution/target/site/jacoco-it/jacoco.xml jacoco-reports/dpc-attribution-it-jacoco.xml | |
| sudo cp ./dpc-attribution/target/site/jacoco/jacoco.xml jacoco-reports/dpc-attribution-jacoco.xml | |
| sudo cp ./dpc-bluebutton/target/site/jacoco/jacoco.xml jacoco-reports/dpc-bluebutton-jacoco.xml | |
| sudo cp ./dpc-common/target/site/jacoco/jacoco.xml jacoco-reports/dpc-common-jacoco.xml | |
| sudo cp ./dpc-consent/target/site/jacoco-it/jacoco.xml jacoco-reports/dpc-consent-it-jacoco.xml | |
| sudo cp ./dpc-consent/target/site/jacoco/jacoco.xml jacoco-reports/dpc-consent-jacoco.xml | |
| sudo cp ./dpc-macaroons/target/site/jacoco/jacoco.xml jacoco-reports/dpc-macaroons-jacoco.xml | |
| sudo cp ./dpc-queue/target/site/jacoco/jacoco.xml jacoco-reports/dpc-queue-jacoco.xml | |
| - name: Upload jacoco reports | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: code-coverage-report-dpc-api | |
| path: ./jacoco-reports |