ci: unify usage of gradle setup action #687
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build & Test Kotlin | |
on: | |
push: | |
branches-ignore: | |
# ignore temporary branches created by the merge queue. | |
# merge queue will trigger the workflow using the `merge_group` event. | |
# If the workflow was triggered twice (without ignoring temporary merge queue branches) | |
# two events would trigger the workflow out if which the second run cancels the first | |
# one causing the merge queue to detect a failed status check ultimately blocking the merge queue. | |
- "gh-readonly-queue/main/**" | |
# Run this workflow in the merge queue to pass mandatory jobs | |
merge_group: | |
types: [checks_requested] | |
concurrency: | |
group: ci-${{ github.workflow }}-${{ github.ref }} | |
# Only cancel previous runs unless on 'defaultBranch' (which is set in template configuration). | |
# defaultBranch is set to: 'main'. | |
cancel-in-progress: ${{ github.ref != 'refs/heads/main' }} | |
jobs: | |
only-config-changed: | |
name: Configuration change validation | |
timeout-minutes: 5 | |
runs-on: ubuntu-latest | |
outputs: | |
result: ${{ steps.only-config-changed.outputs.only_configuration_files_have_changed }} | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 | |
with: | |
fetch-depth: ${{ (github.event.repository.default_branch == github.ref_name && 2) || 0 }} | |
ref: ${{ github.event.repository.default_branch }} | |
- name: Validate that only configuration files have been changed | |
shell: python | |
id: only-config-changed | |
env: | |
CONFIG_DIRECTORIES: '["k8s/product-staging", "k8s/product-dev", "k8s/product-production"]' | |
run: | | |
import os | |
import json | |
import subprocess | |
cmd_str="" | |
if "${{ github.event.repository.default_branch }}" == "${{ github.ref_name }}": | |
# This means we are in the default branch, we want the directories that changed since the previous commit | |
cmd_str="git diff --name-only HEAD^ HEAD | xargs dirname" | |
else: | |
# We're in a PR, we want the directories changed from the PR branch | |
cmd_str="git diff --name-only origin/${{ github.ref_name }} | xargs dirname" | |
diff=subprocess.run(cmd_str, capture_output=True, shell=True).stdout.decode('utf-8') | |
changed_files = str(diff).splitlines() | |
sanitized_changed_files = set(filter(None, changed_files)) | |
print("Changed files: ", sanitized_changed_files) | |
config_directories = set(json.loads(os.getenv('CONFIG_DIRECTORIES'))) | |
print("Config directories: ", config_directories) | |
only_configuration_files_have_changed = str(sanitized_changed_files.issubset(config_directories)).lower() | |
print(only_configuration_files_have_changed) | |
with open(os.environ['GITHUB_OUTPUT'], 'a') as fh: | |
print(f'only_configuration_files_have_changed={only_configuration_files_have_changed}', file=fh) | |
build: | |
name: Build & Test | |
if: ${{ needs.only-config-changed.outputs.result == 'false' }} | |
needs: only-config-changed | |
runs-on: ubuntu-latest-8-cores | |
timeout-minutes: 30 | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 | |
# Login to AWS for fetching CI/CD cache. | |
- name: Configure AWS credentials | |
if: ${{ github.event.repository.visibility != 'public' }} | |
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_CICD_S3_CACHE }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_CICD_S3_CACHE }} | |
aws-region: eu-west-1 | |
special-characters-workaround: true | |
# Check whether the current code has already been run in CI/CD. | |
- name: Check CI/CD cache | |
if: ${{ github.event.repository.visibility != 'public' }} | |
uses: pleo-io/s3-cache-action@a31b5deab8cbe70ec47bbc95819b5c3d61ba8723 # v3.0.0 | |
id: s3-cache | |
with: | |
bucket-name: pleo-cicd-s3-cache | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_CICD_S3_CACHE }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_CICD_S3_CACHE }} | |
aws-region: eu-west-1 | |
# Set up a JDK environment for building, testing and releasing. | |
- name: Set up JDK 17 | |
uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1 | |
with: | |
java-version: 17 | |
distribution: temurin | |
# Allow caching Gradle executions to further speed up CI/CD steps invoking Gradle. | |
- name: Setup Gradle | |
uses: gradle/actions/setup-gradle@d156388eb19639ec20ade50009f3d199ce1e2808 # v4.1.0 | |
with: | |
# Cache only updated on release. | |
cache-read-only: true | |
# Check whether the project builds. | |
- name: Gradle Build | |
run: ./gradlew build -x test | |
env: | |
GRADLE_USER: ${{ secrets.GITHUB_ACTOR }} | |
GRADLE_READ_KEY: ${{ secrets.GH_REGISTRY_GRADLE_TOKEN }} | |
JOB_RUNR_REPO_PASSWORD: ${{ secrets.JOB_RUNR_REPO_PASSWORD }} | |
- name: Run Unit Tests | |
if: steps.s3-cache.outputs.processed != 'true' | |
run: ./gradlew check | |
env: | |
GRADLE_USER: ${{ secrets.GITHUB_ACTOR }} | |
GRADLE_READ_KEY: ${{ secrets.GH_REGISTRY_GRADLE_TOKEN }} | |
JOB_RUNR_REPO_PASSWORD: ${{ secrets.JOB_RUNR_REPO_PASSWORD }} | |
- name: Publish Unit Tests report to GitHub | |
if: steps.s3-cache.outputs.processed != 'true' | |
uses: mikepenz/action-junit-report@9379f0ccddcab154835d4e2487555ee79614fe95 # v4.2.1 | |
with: | |
check_name: Unit Tests report | |
report_paths: "**/build/test-results/test/TEST-*.xml" | |
- name: Trigger release | |
if: ${{ github.ref == 'refs/heads/main' }} | |
uses: peter-evans/repository-dispatch@ff45666b9427631e3450c54a1bcbee4d9ff4d7c0 # v3 | |
with: | |
event-type: release |