Skip to content

Update database dependencies #10222

Update database dependencies

Update database dependencies #10222

Workflow file for this run

name: terraware-server
on:
push:
branches:
- main
# Renovate waits for CI builds to succeed before opening PRs, so we need to run builds on
# pushes to its branches.
- renovate/**
tags:
# Releases with date-based tags, e.g., v20230411.1
- v2[0-9]+.[0-9]+
pull_request:
branches-ignore:
# No need to run the workflow on Renovate PRs; it will have already run on the branches.
- renovate/**
permissions:
id-token: write
contents: read
concurrency:
group: ${{ github.ref }}-${{ github.workflow }}
# Cancel in-progress builds on PRs, but not on staging deploys.
cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}
jobs:
build:
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v4
- name: Fetch tip of main branch to support diffing
run: git fetch --depth 1 origin main
- name: Set environment
run: ./.github/scripts/set-environment.sh
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets[env.AWS_ROLE_SECRET_NAME] }}
aws-region: ${{ secrets[env.AWS_REGION_SECRET_NAME] }}
- name: Set up Java
id: setup-java
uses: actions/setup-java@v4
with:
distribution: "corretto"
java-version: "23"
- name: Tell Gradle where the Java installation is
run: |
echo "org.gradle.java.installations.paths=${{ steps.setup-java.outputs.path }}" >> gradle.properties
- name: Cache dependencies
id: cache-gradle
uses: actions/cache@v4
with:
path: |
~/.gradle
~/.m2
node_modules
key: 4-${{ hashFiles('*.gradle.kts', 'gradle.properties', 'yarn.lock') }}
# The build/test process is broken out into individual steps here so it's easier to watch
# the progress of the build in the GitHub UI and so it's clearer what failed if the build
# has problems; locally, "./gradlew check" will do all this in a single command.
- name: Download dependencies
run: |
docker pull postgres:13
./gradlew downloadDependencies yarn
- name: Generate jOOQ classes
run: ./gradlew generateJooqClasses
- name: Check code style
run: ./gradlew spotlessCheck
- name: Compile main
run: ./gradlew classes
- name: Generate OpenAPI docs to test that server can start up
run: ./gradlew generateOpenApiDocs
# The "yq" command here removes some values that are always different between staging and
# CI but aren't actual changes to the API schema; that way the diff will show "no changes"
# if the schema itself hasn't changed.
- name: Diff OpenAPI docs against staging
run: |
if curl -f -s https://staging.terraware.io/v3/api-docs.yaml > /tmp/staging.yaml; then
for f in openapi.yaml /tmp/staging.yaml; do
yq -i '
.info.version = null |
.servers[0].url = null |
.components.securitySchemes.openId.openIdConnectUrl = null' "$f"
done
diff -u /tmp/staging.yaml openapi.yaml || true
else
echo Unable to fetch OpenAPI schema from staging
fi
- name: Compile tests
run: ./gradlew testClasses
- name: Run tests
run: ./gradlew test
- name: Run tests that depend on external services
# If there's a problem with an external service, we don't want the workflow to fail, but we
# still want errors flagged in the workflow's log.
continue-on-error: true
if: env.IS_CD == 'false'
run: ./gradlew test --tests='*ExternalTest'
env:
TERRAWARE_ATLASSIAN_ACCOUNT: ${{ secrets.TEST_ATLASSIAN_ACCOUNT }}
TERRAWARE_ATLASSIAN_APIHOST: ${{ secrets.TEST_ATLASSIAN_HOST }}
TERRAWARE_ATLASSIAN_APITOKEN: ${{ secrets.TEST_ATLASSIAN_TOKEN }}
TERRAWARE_ATLASSIAN_SERVICEDESKKEY: ${{ secrets.TEST_ATLASSIAN_SERVICE_DESK_KEY }}
TEST_BALENA_API_KEY: ${{ secrets.TEST_BALENA_API_KEY }}
TEST_S3_BUCKET_NAME: terraware-ci-test
- name: Extract Docker image layers
run: make -C docker prepare
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Log into Docker Hub
if: env.DOCKER_TAGS != ''
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Cache Docker build layers
uses: actions/cache@v4
with:
path: /tmp/.buildx-cache
key: 2-buildx
- name: Build Docker image and push if on main branch or tag
uses: docker/build-push-action@v6
with:
context: build/docker
tags: ${{ env.DOCKER_TAGS }}
platforms: linux/amd64,linux/arm64
push: ${{ env.DOCKER_TAGS != '' }}
cache-from: type=local,src=/tmp/.buildx-cache
cache-to: type=local,mode=max,dest=/tmp/.buildx-cache-new
- name: Move Docker build cache
run: |
rm -rf /tmp/.buildx-cache
mv /tmp/.buildx-cache-new /tmp/.buildx-cache
- name: Connect to Tailscale
uses: tailscale/github-action@v2
with:
oauth-client-id: ${{ secrets.TAILSCALE_OAUTH_CLIENT_ID }}
oauth-secret: ${{ secrets.TAILSCALE_OAUTH_CLIENT_SECRET }}
tags: tag:github
- name: Deploy
if: env.IS_CD == 'true'
env:
SSH_KEY: ${{ secrets[env.SSH_KEY_SECRET_NAME] }}
SSH_USER: ${{ secrets[env.SSH_USER_SECRET_NAME] }}
run: ./.github/scripts/deploy.sh
- name: Log into Jira
if: env.TIER == 'PROD'
uses: atlassian/gajira-login@master
env:
JIRA_BASE_URL: ${{ secrets.JIRA_BASE_URL }}
JIRA_USER_EMAIL: ${{ secrets.JIRA_USER_EMAIL }}
JIRA_API_TOKEN: ${{ secrets.JIRA_API_TOKEN }}
- name: Create Jira Transition List
if: env.TIER == 'PROD'
run: >
curl https://terraware.github.io/terraware-server/unreleased.log |
grep -E 'SW-[0-9]+' -o |
sort -u > ./docs/jiralist.txt
- name: Transition Jira Issues
if: env.TIER == 'PROD'
uses: terraware/gajira-transition-multiple@master
with:
issueList: ./docs/jiralist.txt
transition: "Released to Production from Done"