Skip to content
-3 Trunk Workflow

Trunk #1857

Sign in to view logs

Trunk

Trunk #1857

Workflow file for this run

.github/workflows/cicd_3-trunk.yml at a43368b
# Trunk Checks Workflow
#
# This workflow is triggered on pushes to the main branch or manually via workflow_dispatch.
# It orchestrates a comprehensive set of checks, builds, tests, and deployments for the trunk (main) branch.
#
# Key features:
# - Triggered on push to main or manual dispatch
# - Configurable options for reusing previous builds and running all tests
# - Comprehensive checks including build, tests, Semgrep analysis, and CLI artifact building
# - Deployment to the trunk environment
# - Final reporting of the workflow status
name: '-3 Trunk Workflow'
run-name: "Trunk${{ inputs.java-version && format(' [{0}]', inputs.java-version) || '' }}"
on:
push:
branches:
- main
- master
workflow_dispatch:
inputs:
reuse-previous-build:
description: 'Indicates if the workflow should reuse the previous build'
type: boolean
default: true
build-on-missing-artifacts:
type: boolean
description: 'Indicates if the workflow should build on missing artifacts'
default: false
run-all-tests:
description: 'Run all tests'
type: boolean
default: false
publish-npm-sdk-libs:
description: 'Publish NPM SDKs'
type: boolean
default: false
disable-semgrep:
description: 'Disable Semgrep job'
type: boolean
default: false
java-version:
description: 'Override Java version (SDKMAN format, e.g., 25.0.1-open)'
type: string
required: false
default: ''
maven-compiler-release:
description: 'Override Maven compiler release version (e.g., 21). Preferred over source/target.'
type: string
required: false
default: ''
artifact-suffix:
description: 'Override artifact suffix (e.g., -java25, -java25.0.1, -java25-ms). If not set, derived from java-version major.'
type: string
required: false
default: ''
jobs:
# Initialize the trunk check process
initialize:
name: Initialize
uses: ./.github/workflows/cicd_comp_initialize-phase.yml
with:
reuse-previous-build: ${{ inputs.reuse-previous-build || github.event_name != 'workflow_dispatch' }}
build-on-missing-artifacts: ${{ inputs.build-on-missing-artifacts || github.event_name != 'workflow_dispatch' }}
# Enable change detection to determine if SDK libs changed (for publishing decision)
# Note: Trunk doesn't use filter outputs for test selection - it uses run-all-tests input
change-detection: 'enabled'
# Build job - only runs if no artifacts were found during initialization
build:
name: Trunk Build
needs: [ initialize ]
if: needs.initialize.outputs.found_artifacts == 'false'
uses: ./.github/workflows/cicd_comp_build-phase.yml
with:
java-version: ${{ github.event.inputs.java-version || '' }}
maven-compiler-release: ${{ github.event.inputs.maven-compiler-release || '' }}
artifact-suffix: ${{ github.event.inputs.artifact-suffix || '' }}
permissions:
contents: read
packages: write
# Test job - runs various tests
test:
name: Trunk Test
needs: [ initialize,build ]
if: always() && !failure() && !cancelled()
uses: ./.github/workflows/cicd_comp_test-phase.yml
with:
run-all-tests: ${{ inputs.run-all-tests || false }}
artifact-run-id: ${{ needs.initialize.outputs.artifact-run-id }}
e2e: false
java-version: ${{ github.event.inputs.java-version || '' }}
maven-compiler-release: ${{ github.event.inputs.maven-compiler-release || '' }}
artifact-suffix: ${{ github.event.inputs.artifact-suffix || '' }}
secrets:
DOTCMS_LICENSE: ${{ secrets.DOTCMS_LICENSE }}
permissions:
contents: read
packages: write
semgrep:
name: Trunk Semgrep
needs: [ initialize, test ]
if: always() && !failure() && !cancelled() && vars.DISABLE_SEMGREP != 'true'
uses: ./.github/workflows/cicd_comp_semgrep-phase.yml
with:
artifact-run-id: ${{ needs.initialize.outputs.artifact-run-id }}
secrets:
SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }}
# CLI Build job - builds CLI artifacts
# Skipped when java-version is overridden due to GraalVM/Quarkus compatibility requirements
build-cli:
name: CLI Build
needs: [ initialize,test ]
if: always() && !failure() && !cancelled() && !inputs.java-version
uses: ./.github/workflows/cicd_comp_cli-native-build-phase.yml
with:
buildNativeImage: true
artifact-run-id: ${{ needs.initialize.outputs.artifact-run-id }}
branch: ${{ github.ref }}
# Deployment job - deploys to the trunk environment
deployment:
needs: [ initialize,build-cli,semgrep,test ]
if: always() && !failure() && !cancelled()
uses: ./.github/workflows/cicd_comp_deployment-phase.yml
with:
artifact-run-id: ${{ needs.initialize.outputs.artifact-run-id }}
deploy-cli: true
publish-npm-sdk-libs: ${{ fromJSON(needs.initialize.outputs.filters).sdk_libs == 'true' && github.event_name != 'workflow_dispatch' }}
environment: trunk
# tag-identifier intentionally omitted: trunk uses only the environment name as its tag
java-version: ${{ github.event.inputs.java-version || '' }}
artifact-suffix: ${{ github.event.inputs.artifact-suffix || '' }}
secrets:
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}
EE_REPO_USERNAME: ${{ secrets.EE_REPO_USERNAME }}
EE_REPO_PASSWORD: ${{ secrets.EE_REPO_PASSWORD }}
NPM_ORG_TOKEN: ${{ secrets.NPM_ORG_TOKEN }}
SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
# Finalize job - aggregates results from previous jobs
finalize:
name: Finalize
if: always()
needs: [ initialize, build, build-cli, test, semgrep, deployment]
uses: ./.github/workflows/cicd_comp_finalize-phase.yml
with:
artifact-run-id: ${{ needs.initialize.outputs.artifact-run-id }}
needsData: ${{ toJson(needs) }}
# Report job - generates and sends the final workflow report
report:
name: Report
if: always()
needs: [ finalize ]
uses: ./.github/workflows/cicd_post-workflow-reporting.yml
secrets:
SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}