name: Build and Test Workflow on: pull_request: branches: ["main", "V2", "V2-gha"] workflow_dispatch: permissions: contents: read jobs: files-changed: name: detect what files changed runs-on: ubuntu-latest timeout-minutes: 3 outputs: build: ${{ steps.changes.outputs.build }} app: ${{ steps.changes.outputs.app }} project: ${{ steps.changes.outputs.project }} openapi: ${{ steps.changes.outputs.openapi }} steps: - uses: actions/checkout@v2 - name: Check for file changes uses: dorny/paths-filter@v3.0.2 id: changes with: filters: .github/config/.files.yaml build: runs-on: ubuntu-latest permissions: actions: read security-events: write strategy: fail-fast: false matrix: jdk-version: [17, 21] spring-security: [true, false] steps: - name: Harden Runner uses: step-security/harden-runner@v2.12.2 with: egress-policy: audit - name: Checkout repository uses: actions/checkout@v4.2.2 - name: Set up JDK ${{ matrix.jdk-version }} uses: actions/setup-java@v4.7.1 with: java-version: ${{ matrix.jdk-version }} distribution: "temurin" - name: Setup Gradle uses: gradle/actions/setup-gradle@v4.4.1 with: gradle-version: 8.14 - name: Build with Gradle and spring security ${{ matrix.spring-security }} run: ./gradlew clean build env: DISABLE_ADDITIONAL_FEATURES: ${{ matrix.spring-security }} - name: Check Test Reports Exist if: always() run: | declare -a dirs=( "app/core/build/reports/tests/" "app/core/build/test-results/" "app/common/build/reports/tests/" "app/common/build/test-results/" "app/proprietary/build/reports/tests/" "app/proprietary/build/test-results/" ) for dir in "${dirs[@]}"; do if [ ! -d "$dir" ]; then echo "Missing $dir" exit 1 fi done - name: Upload Test Reports if: always() uses: actions/upload-artifact@v4.6.2 with: name: test-reports-jdk-${{ matrix.jdk-version }}-spring-security-${{ matrix.spring-security }} path: | app/**/build/reports/tests/ app/**/build/test-results/ app/**/build/reports/problems/ build/reports/problems/ retention-days: 3 if-no-files-found: warn check-generateOpenApiDocs: if: needs.files-changed.outputs.openapi == 'true' needs: [files-changed] runs-on: ubuntu-latest steps: - name: Harden Runner uses: step-security/harden-runner@v2.12.2 with: egress-policy: audit - uses: actions/checkout@v4.2.2 - name: Set up JDK 17 uses: actions/setup-java@v4.7.1 with: java-version: "17" distribution: "temurin" - uses: gradle/actions/setup-gradle@v4.4.1 - name: Generate OpenAPI documentation run: ./gradlew :stirling-pdf:generateOpenApiDocs - name: Upload OpenAPI Documentation uses: actions/upload-artifact@v4.6.2 with: name: openapi-docs path: ./SwaggerDoc.json frontend-validation: runs-on: ubuntu-latest steps: - name: Harden Runner uses: step-security/harden-runner@v2.12.2 with: egress-policy: audit - name: Checkout repository uses: actions/checkout@v4.2.2 - name: Set up Node.js uses: actions/setup-node@v4.1.0 with: node-version: '20' cache: 'npm' cache-dependency-path: frontend/package-lock.json - name: Install frontend dependencies run: cd frontend && npm ci - name: Build frontend run: cd frontend && npm run build - name: Run frontend tests run: cd frontend && npm test --passWithNoTests --watchAll=false || true - name: Upload frontend build artifacts uses: actions/upload-artifact@v4.6.2 with: name: frontend-build path: frontend/dist/ retention-days: 3 check-licence: if: needs.files-changed.outputs.build == 'true' needs: [files-changed, build] runs-on: ubuntu-latest steps: - name: Harden Runner uses: step-security/harden-runner@v2.12.2 with: egress-policy: audit - name: Checkout repository uses: actions/checkout@v4.2.2 - name: Set up JDK 17 uses: actions/setup-java@v4.7.1 with: java-version: "17" distribution: "temurin" - name: check the licenses for compatibility run: ./gradlew clean checkLicense - name: FAILED - check the licenses for compatibility if: failure() uses: actions/upload-artifact@v4.6.2 with: name: dependencies-without-allowed-license.json path: build/reports/dependency-license/dependencies-without-allowed-license.json retention-days: 3 docker-compose-tests: if: needs.files-changed.outputs.project == 'true' needs: files-changed # if: github.event_name == 'push' && github.ref == 'refs/heads/main' || # (github.event_name == 'pull_request' && # contains(github.event.pull_request.labels.*.name, 'licenses') == false && # ( # contains(github.event.pull_request.labels.*.name, 'Front End') || # contains(github.event.pull_request.labels.*.name, 'Java') || # contains(github.event.pull_request.labels.*.name, 'Back End') || # contains(github.event.pull_request.labels.*.name, 'Security') || # contains(github.event.pull_request.labels.*.name, 'API') || # contains(github.event.pull_request.labels.*.name, 'Docker') || # contains(github.event.pull_request.labels.*.name, 'Test') # ) # ) runs-on: ubuntu-latest steps: - name: Harden Runner uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2 with: egress-policy: audit - name: Checkout Repository uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up Java 17 uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1 with: java-version: "17" distribution: "temurin" - name: Set up Docker Buildx uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 - name: Install Docker Compose run: | sudo curl -SL "https://github.com/docker/compose/releases/download/v2.37.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose sudo chmod +x /usr/local/bin/docker-compose - name: Set up Python uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 with: python-version: "3.12" cache: 'pip' # caching pip dependencies cache-dependency-path: ./testing/cucumber/requirements.txt - name: Pip requirements run: | pip install --require-hashes -r ./testing/cucumber/requirements.txt - name: Run Docker Compose Tests run: | chmod +x ./testing/test_webpages.sh chmod +x ./testing/test.sh chmod +x ./testing/test_disabledEndpoints.sh ./testing/test.sh test-build-docker-images: if: github.event_name == 'pull_request' && needs.files-changed.outputs.project == 'true' needs: [files-changed, build, check-generateOpenApiDocs, check-licence] runs-on: ubuntu-latest strategy: fail-fast: false matrix: docker-rev: ["Dockerfile", "Dockerfile.ultra-lite", "Dockerfile.fat"] steps: - name: Harden Runner uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2 with: egress-policy: audit - name: Checkout Repository uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up JDK 17 uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1 with: java-version: "17" distribution: "temurin" - name: Set up Gradle uses: gradle/actions/setup-gradle@ac638b010cf58a27ee6c972d7336334ccaf61c96 # v4.4.1 with: gradle-version: 8.14 - name: Build application run: ./gradlew clean build env: DISABLE_ADDITIONAL_FEATURES: true STIRLING_PDF_DESKTOP_UI: false - name: Set up QEMU uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 - name: Set up Docker Buildx id: buildx uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 - name: Build ${{ matrix.docker-rev }} uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 with: builder: ${{ steps.buildx.outputs.name }} context: . file: ./${{ matrix.docker-rev }} push: false cache-from: type=gha cache-to: type=gha,mode=max platforms: linux/amd64,linux/arm64/v8 provenance: true sbom: true - name: Upload Reports if: always() uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: name: reports-docker-${{ matrix.docker-rev }} path: | build/reports/tests/ build/test-results/ build/reports/problems/ retention-days: 3 if-no-files-found: warn