Bump amazoncorretto from 21 to 25 in /data-processing-service #1577
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This workflow is used to perform static code analysis on a gradle build | |
| name: "Sonar Scanner" | |
| on: | |
| workflow_call: | |
| secrets: | |
| CDC_NBS_SANDBOX_SHARED_SERVICES_ACCOUNTID: | |
| description: "Secret named CDC_NBS_SANDBOX_SHARED_SERVICES_ACCOUNTID where ECR resides." | |
| required: true | |
| PASSED_GITHUB_TOKEN: | |
| description: "Secret named GITHUB_TOKEN that references the github token for this repository." | |
| required: true | |
| SONAR_TOKEN: | |
| description: "Secret named SONAR_TOKEN that references the sonar token secret corresponding to the project in sonarcloud." | |
| required: true | |
| DATABASE_USER: | |
| description: "Test database username" | |
| required: true | |
| DATABASE_PASSWORD: | |
| description: "Test database password" | |
| required: true | |
| pull_request: | |
| paths: | |
| - "data-ingestion-service/**" | |
| - "data-processing-service/**" | |
| - "hl7-parser/**" | |
| - "cdaschema/**" | |
| - "deduplication/**" | |
| - ".github/workflows/sonar.yaml" | |
| env: | |
| deployment_env: dev | |
| accountid: ${{secrets.cdc_nbs_sandbox_shared_services_accountid}} | |
| sonar_token: ${{secrets.SONAR_TOKEN}} | |
| test_database_user: ${{secrets.DATABASE_USER}} | |
| test_database_password: ${{secrets.DATABASE_PASSWORD}} | |
| jobs: | |
| pipeline: | |
| name: Build, test and analyze | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@v6 | |
| with: | |
| fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis | |
| - name: Set up JDK 21 | |
| uses: actions/setup-java@v5 | |
| with: | |
| java-version: 21 | |
| distribution: "zulu" # Alternative distribution options are available | |
| - name: Cache SonarCloud packages | |
| uses: actions/cache@v5 | |
| with: | |
| path: ~/.sonar/cache | |
| key: ${{ runner.os }}-sonar | |
| restore-keys: ${{ runner.os }}-sonar | |
| - name: Cache Gradle packages | |
| uses: actions/cache@v5 | |
| with: | |
| path: ~/.gradle/caches | |
| key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle') }} | |
| restore-keys: ${{ runner.os }}-gradle | |
| - name: Configure Environment Variables | |
| run: | | |
| github_repo_name="$(echo "$GITHUB_REPOSITORY" | cut -d'/' -f2)" | |
| echo "github_repo_name=$github_repo_name" >> "$GITHUB_ENV" | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v4 | |
| - name: Cache Docker layers | |
| uses: actions/cache@v5 | |
| with: | |
| path: /tmp/.buildx-cache | |
| # Use branch name for key, falling back to a shared key for initial layers | |
| key: ${{ runner.os }}-buildx-${{ github.ref }} | |
| restore-keys: | | |
| ${{ runner.os }}-buildx-${{ github.ref }} | |
| ${{ runner.os }}-buildx-main- | |
| ${{ runner.os }}-buildx- | |
| - name: Build test dataingestion mssql image | |
| uses: docker/build-push-action@v7 | |
| with: | |
| context: ./containers/db | |
| tags: local/di-mssql:latest | |
| build-args: | | |
| DATABASE_PASSWORD=fake.fake.fake.1234 | |
| load: true | |
| cache-from: type=local,src=/tmp/.buildx-cache | |
| cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max | |
| - name: Move Buildx cache | |
| if: success() | |
| run: | | |
| # Move the cache created by the build step to the location actions/cache expects | |
| rm -rf /tmp/.buildx-cache | |
| mv /tmp/.buildx-cache-new /tmp/.buildx-cache | |
| - name: Save Docker layers cache | |
| uses: actions/cache/save@v5 | |
| with: | |
| path: /tmp/.buildx-cache | |
| # The key must match the primary key used in the restore step | |
| key: ${{ runner.os }}-buildx-${{ github.ref }} | |
| - name: Build and analyze | |
| working-directory: ./ | |
| env: | |
| GITHUB_TOKEN: ${{ env.passed_github_token }} # Needed to get PR information, if any | |
| SONAR_TOKEN: ${{ env.sonar_token }} | |
| DATABASE_USER: ${{ env.test_database_user }} | |
| DATABASE_PASSWORD: ${{ env.test_database_password }} | |
| run: | | |
| ./gradlew build test sonarqube \ | |
| "-Dorg.gradle.jvmargs=-Xms512m -Xmx4g -XX:MaxMetaspaceSize=1g" \ | |
| -Dtesting.database.mssql.image=local/di-mssql:latest | |
| - name: Publish Testing Reports | |
| if: always() | |
| uses: actions/upload-artifact@v7 | |
| with: | |
| name: all-test-reports | |
| # The '**' tells GitHub to look in every sub-folder for reports | |
| path: "**/build/reports/**" |