Merge pull request #523 from frankframework/add-issue-ops #635
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and Test Application | |
| on: | |
| pull_request: | |
| types: [ opened, synchronize, reopened ] | |
| branches: [ master ] | |
| push: | |
| branches: [ master ] | |
| env: | |
| JAVA_VERSION: 21 | |
| NODE_VERSION: 23 | |
| PNPM_VERSION: 10.4.0 | |
| REGISTRY: ghcr.io | |
| IMAGE_NAME: ${{ github.repository }} | |
| jobs: | |
| build-and-test: | |
| name: Build & Run All Tests | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v5 | |
| - name: Set up JDK ${{ env.JAVA_VERSION }} | |
| uses: actions/setup-java@v5 | |
| with: | |
| java-version: ${{ env.JAVA_VERSION }} | |
| distribution: 'temurin' | |
| cache: 'maven' | |
| - name: Install pnpm | |
| uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 | |
| with: | |
| version: ${{ env.PNPM_VERSION }} | |
| - name: Set up Node.js ${{ env.NODE_VERSION }} | |
| id: pnpm-modules-cache | |
| uses: actions/setup-node@v6 | |
| with: | |
| node-version: ${{ env.NODE_VERSION }} | |
| cache: 'pnpm' | |
| cache-dependency-path: 'pnpm-lock.yaml' | |
| - name: Install Frontend Dependencies | |
| run: pnpm install --frozen-lockfile --ignore-scripts | |
| working-directory: src/main/frontend | |
| - name: Lint Frontend | |
| run: pnpm lint | |
| working-directory: src/main/frontend | |
| - name: Lint Backend | |
| run: mvn checkstyle:check | |
| - name: Test Frontend | |
| run: pnpm test --watch=false --browsers=ChromeHeadless | |
| working-directory: src/main/frontend | |
| - name: Test & Build Backend and run E2E Tests | |
| run: mvn clean package "-Dspring.profiles.active=local-seed" | |
| - name: Upload CI Artifacts on Failure | |
| if: failure() | |
| uses: actions/upload-artifact@v5 | |
| with: | |
| name: test-artifacts | |
| path: | | |
| target/surefire-reports/ | |
| target/failsafe-reports/ | |
| target/cypress/ | |
| retention-days: 7 | |
| docker-publish: | |
| needs: build-and-test | |
| if: github.ref == 'refs/heads/master' && github.event_name == 'push' | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: write | |
| # This is used to complete the identity challenge | |
| # with sigstore/fulcio when running outside of PRs. | |
| id-token: write | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v5 | |
| # First setup and build the artifact to ensure it's available for the Docker build | |
| - name: Set up JDK ${{ env.JAVA_VERSION }} | |
| uses: actions/setup-java@v5 | |
| with: | |
| java-version: ${{ env.JAVA_VERSION }} | |
| distribution: 'temurin' | |
| cache: 'maven' | |
| - name: Install pnpm | |
| uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 | |
| with: | |
| version: ${{ env.PNPM_VERSION }} | |
| - name: Set up Node.js ${{ env.NODE_VERSION }} | |
| id: pnpm-modules-cache | |
| uses: actions/setup-node@v6 | |
| with: | |
| node-version: ${{ env.NODE_VERSION }} | |
| cache: 'pnpm' | |
| cache-dependency-path: 'pnpm-lock.yaml' | |
| - name: Install Frontend Dependencies | |
| run: pnpm install --frozen-lockfile --ignore-scripts | |
| working-directory: src/main/frontend | |
| - name: Build | |
| run: mvn clean package -DskipTests "-Dspring.profiles.active=prod" -Drevision="0.0.${{ github.run_number }}" | |
| # Install the cosign tool except on PR | |
| # https://github.com/sigstore/cosign-installer | |
| - name: Install cosign | |
| if: github.event_name != 'pull_request' | |
| uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0 | |
| with: | |
| cosign-release: 'v2.2.4' | |
| # Set up BuildKit Docker container builder to be able to build | |
| # multi-platform images and export cache | |
| # https://github.com/docker/setup-buildx-action | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 | |
| # Login against a Docker registry except on PR | |
| # https://github.com/docker/login-action | |
| - name: Log into registry ${{ env.REGISTRY }} | |
| if: github.event_name != 'pull_request' | |
| uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| # Extract metadata (tags, labels) for Docker | |
| # https://github.com/docker/metadata-action | |
| - name: Extract Docker metadata for insights application | |
| id: meta | |
| uses: docker/metadata-action@318604b99e75e41977312d83839a89be02ca4893 # v5.9.0 | |
| with: | |
| images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
| tags: | | |
| type=ref,event=branch | |
| type=raw,value=0.0.${{ github.run_number }} | |
| # Build and push Docker image with Buildx (don't push on PR) | |
| # https://github.com/docker/build-push-action | |
| - name: Build and push Docker image | |
| id: build-and-push | |
| uses: docker/build-push-action@9e436ba9f2d7bcd1d038c8e55d039d37896ddc5d | |
| with: | |
| context: . | |
| file: docker/Dockerfile | |
| push: ${{ github.event_name != 'pull_request' }} | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| # Sign the resulting Docker image digest except on PRs. | |
| # This will only write to the public Rekor transparency log when the Docker | |
| # repository is public to avoid leaking data. If you would like to publish | |
| # transparency data even for private images, pass --force to cosign below. | |
| # https://github.com/sigstore/cosign | |
| - name: Sign the published Docker image | |
| if: ${{ github.event_name != 'pull_request' }} | |
| env: | |
| # https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable | |
| TAGS: ${{ steps.meta.outputs.tags }} | |
| DIGEST: ${{ steps.build-and-push.outputs.digest }} | |
| # This step uses the identity token to provision an ephemeral certificate | |
| # against the sigstore community Fulcio instance. | |
| run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST} |