forked from SORMAS-Foundation/SORMAS-Project
-
Notifications
You must be signed in to change notification settings - Fork 0
75 lines (63 loc) · 3.15 KB
/
ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
# This workflow will build a Java project with Maven
# For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-maven
name: Java CI with Maven
env:
JAVA: 11
PRIVILEGED_RUN: ${{ (github.event_name == 'push' && github.ref == 'refs/heads/development') || github.event.pull_request.head.repo.full_name == github.repository }}
on:
push:
branches: [ development, master ]
pull_request:
branches: [ development ]
jobs:
test:
name: mvn verify
runs-on: ubuntu-latest
steps:
- name: Checkout repository (with token)
# Check if PR results from the repository: if yes, we have access to the secrets.
# The token is only needed for privileged actions from within the repo, so no need
# to make it available on 3rd party PRs
if: ${{ fromJSON(env.PRIVILEGED_RUN) }}
uses: actions/checkout@v2
with:
token: ${{ secrets.SORMAS_VITAGROUP_TOKEN }}
- name: Checkout repository (without token)
# Check if PR results from a fork: if yes, we cannot access the token.
# The token is only needed for privileged actions from within the repo, so no need
# to make it available on 3rd party PRs
if: ${{ !fromJSON(env.PRIVILEGED_RUN) }}
uses: actions/checkout@v2
- name: Set up JDK ${{ env.JAVA }}
uses: actions/setup-java@v1
with:
java-version: ${{ env.JAVA }}
- name: Cache Maven packages
# Check if PR results from the repository: if yes, it is safe to cache dependencies.
# This is to keep us safe from cache poisoning through 3rd party PRs.
if: ${{ fromJSON(env.PRIVILEGED_RUN) }}
# FIXME(@JonasCir) #3733 remove '**/*.pom' once serverlib pom is renamed
uses: actions/cache@v2
with:
path: ~/.m2
key: ${{ runner.os }}-java-${{ env.JAVA }}-m2-${{ hashFiles('**/pom.xml', '**/*.pom') }}
restore-keys: ${{ runner.os }}-java-${{ env.JAVA }}-m2
- name: Run mvn verify
# FIXME(@JonasCir) see https://github.com/hzi-braunschweig/SORMAS-Project/issues/3730#issuecomment-745165678
working-directory: ./sormas-base
run: mvn verify -B -ntp
- name: Commit external visits API spec to development
# Privileged action needing a secret token. Since this only runs on development in our own repo
# the token will be available through a privileged checkout.
if: github.event_name == 'push' && github.ref == 'refs/heads/development' && hashFiles('sormas-rest/target/external_visits_API.yaml') != hashFiles('openapi/external_visits_API.yaml')
# https://stackoverflow.com/questions/59604922/authorize-bash-to-access-github-protected-branch
run: |
git config --global user.name "sormas-vitagroup"
git config --global user.email "[email protected]"
rm -rf openapi
mkdir openapi/
cp sormas-rest/target/external_visits_API.* openapi
git add openapi
git commit -m "[GitHub Actions] Update external visits API spec files"
git pull --rebase
git push