-
Notifications
You must be signed in to change notification settings - Fork 1
168 lines (140 loc) · 5.49 KB
/
Copy pathci.yml
File metadata and controls
168 lines (140 loc) · 5.49 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
name: CI/CD Pipeline
on:
push:
branches: [ main, develop ]
pull_request:
branches: [ main, develop ]
env:
JAVA_VERSION: '25'
MAVEN_OPTS: -Xmx3072m
jobs:
build-and-test:
name: Build and Test All Modules
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0 # Shallow clones should be disabled for better SonarCloud analysis
- name: Set up JDK 25
uses: actions/setup-java@v4
with:
java-version: ${{ env.JAVA_VERSION }}
distribution: 'temurin'
cache: 'maven'
- name: Cache Maven packages
uses: actions/cache@v4
with:
path: ~/.m2/repository
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
restore-keys: |
${{ runner.os }}-maven-
- name: Cache SonarCloud packages
uses: actions/cache@v4
with:
path: ~/.sonar/cache
key: ${{ runner.os }}-sonar
restore-keys: ${{ runner.os }}-sonar
- name: Build all modules
run: mvn clean install -DskipTests
- name: Run tests - openespi-common
run: mvn test -pl openespi-common -am
- name: Run tests - openespi-datacustodian
run: mvn test -pl openespi-datacustodian -am
# TODO: Enable when authserver implementation is complete
# - name: Run tests - openespi-authserver
# run: mvn test -pl openespi-authserver -am
# env:
# SPRING_PROFILES_ACTIVE: test
- name: Run tests - openespi-thirdparty
run: mvn test -pl openespi-thirdparty -am
- name: Run integration tests with TestContainers
# -am ("also make") builds upstream dependencies first — required so the new
# openespi-handoff module is rebuilt and reinstalled before the integration tests
# compile, matching the pattern used by the unit-test steps above.
run: mvn verify -Pintegration-tests -pl openespi-common,openespi-datacustodian,openespi-thirdparty -am
- name: Run integration tests - openespi-authserver (TestContainers, tagged)
# The authserver module's UNIT tests are pre-existing-broken on the H2 local/test profiles
# and stay excluded from CI (see the commented full-module step above). This runs ONLY the
# Docker-backed integration tests tagged @Tag("testcontainers-it"): the MySQL schema/client
# suite and the Phase 2.0 auth-code-flow orchestration test (#148), against a real MySQL via
# Testcontainers. -Dgroups selects by tag, so the broken unit tests are not executed.
run: mvn test -pl openespi-authserver -am -Dgroups=testcontainers-it -DfailIfNoTests=false
# JaCoCo reports are automatically generated during test phase (configured in root pom.xml)
- name: Upload test results
if: always()
uses: actions/upload-artifact@v4
with:
name: test-results
path: |
**/target/surefire-reports/
**/target/failsafe-reports/
- name: Upload coverage reports
if: always()
uses: actions/upload-artifact@v4
with:
name: coverage-reports
path: |
**/target/site/jacoco/
sonarcloud:
name: SonarCloud Analysis
runs-on: ubuntu-latest
needs: build-and-test
if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0 # Shallow clones should be disabled for better SonarCloud analysis
- name: Set up JDK 25
uses: actions/setup-java@v4
with:
java-version: ${{ env.JAVA_VERSION }}
distribution: 'temurin'
cache: 'maven'
- name: Cache Maven packages
uses: actions/cache@v4
with:
path: ~/.m2/repository
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
restore-keys: |
${{ runner.os }}-maven-
- name: Cache SonarCloud packages
uses: actions/cache@v4
with:
path: ~/.sonar/cache
key: ${{ runner.os }}-sonar
restore-keys: ${{ runner.os }}-sonar
- name: Build modules for SonarCloud
run: mvn clean verify -pl openespi-common,openespi-datacustodian,openespi-thirdparty -am
- name: Analyze with SonarCloud
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
run: |
mvn org.sonarsource.scanner.maven:sonar-maven-plugin:sonar \
-Dsonar.projectKey=GreenButtonAlliance_OpenESPI-GreenButton-Java \
-Dsonar.organization=greenbuttonalliance \
-Dsonar.host.url=https://sonarcloud.io \
-Dsonar.coverage.jacoco.xmlReportPaths=**/target/site/jacoco/jacoco.xml
security-scan:
name: Security Vulnerability Scan
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up JDK 25
uses: actions/setup-java@v4
with:
java-version: ${{ env.JAVA_VERSION }}
distribution: 'temurin'
cache: 'maven'
- name: Run OWASP Dependency Check
run: mvn org.owasp:dependency-check-maven:check
continue-on-error: true
- name: Upload OWASP report
if: always()
uses: actions/upload-artifact@v4
with:
name: owasp-report
path: target/dependency-check-report.html