Update dependency com.google.auth:google-auth-library-oauth2-http to … #10224
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: terraware-server | |
| on: | |
| push: | |
| branches: | |
| - main | |
| # Renovate waits for CI builds to succeed before opening PRs, so we need to run builds on | |
| # pushes to its branches. | |
| - renovate/** | |
| tags: | |
| # Releases with date-based tags, e.g., v20230411.1 | |
| - v2[0-9]+.[0-9]+ | |
| pull_request: | |
| branches-ignore: | |
| # No need to run the workflow on Renovate PRs; it will have already run on the branches. | |
| - renovate/** | |
| permissions: | |
| id-token: write | |
| contents: read | |
| concurrency: | |
| group: ${{ github.ref }}-${{ github.workflow }} | |
| # Cancel in-progress builds on PRs, but not on staging deploys. | |
| cancel-in-progress: ${{ github.ref != 'refs/heads/main' }} | |
| jobs: | |
| build: | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Fetch tip of main branch to support diffing | |
| run: git fetch --depth 1 origin main | |
| - name: Set environment | |
| run: ./.github/scripts/set-environment.sh | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: ${{ secrets[env.AWS_ROLE_SECRET_NAME] }} | |
| aws-region: ${{ secrets[env.AWS_REGION_SECRET_NAME] }} | |
| - name: Set up Java | |
| id: setup-java | |
| uses: actions/setup-java@v4 | |
| with: | |
| distribution: "corretto" | |
| java-version: "23" | |
| - name: Tell Gradle where the Java installation is | |
| run: | | |
| echo "org.gradle.java.installations.paths=${{ steps.setup-java.outputs.path }}" >> gradle.properties | |
| - name: Cache dependencies | |
| id: cache-gradle | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/.gradle | |
| ~/.m2 | |
| node_modules | |
| key: 4-${{ hashFiles('*.gradle.kts', 'gradle.properties', 'yarn.lock') }} | |
| # The build/test process is broken out into individual steps here so it's easier to watch | |
| # the progress of the build in the GitHub UI and so it's clearer what failed if the build | |
| # has problems; locally, "./gradlew check" will do all this in a single command. | |
| - name: Download dependencies | |
| run: | | |
| docker pull postgres:13 | |
| ./gradlew downloadDependencies yarn | |
| - name: Generate jOOQ classes | |
| run: ./gradlew generateJooqClasses | |
| - name: Check code style | |
| run: ./gradlew spotlessCheck | |
| - name: Compile main | |
| run: ./gradlew classes | |
| - name: Generate OpenAPI docs to test that server can start up | |
| run: ./gradlew generateOpenApiDocs | |
| # The "yq" command here removes some values that are always different between staging and | |
| # CI but aren't actual changes to the API schema; that way the diff will show "no changes" | |
| # if the schema itself hasn't changed. | |
| - name: Diff OpenAPI docs against staging | |
| run: | | |
| if curl -f -s https://staging.terraware.io/v3/api-docs.yaml > /tmp/staging.yaml; then | |
| for f in openapi.yaml /tmp/staging.yaml; do | |
| yq -i ' | |
| .info.version = null | | |
| .servers[0].url = null | | |
| .components.securitySchemes.openId.openIdConnectUrl = null' "$f" | |
| done | |
| diff -u /tmp/staging.yaml openapi.yaml || true | |
| else | |
| echo Unable to fetch OpenAPI schema from staging | |
| fi | |
| - name: Compile tests | |
| run: ./gradlew testClasses | |
| - name: Run tests | |
| run: ./gradlew test | |
| - name: Run tests that depend on external services | |
| # If there's a problem with an external service, we don't want the workflow to fail, but we | |
| # still want errors flagged in the workflow's log. | |
| continue-on-error: true | |
| if: env.IS_CD == 'false' | |
| run: ./gradlew test --tests='*ExternalTest' | |
| env: | |
| TERRAWARE_ATLASSIAN_ACCOUNT: ${{ secrets.TEST_ATLASSIAN_ACCOUNT }} | |
| TERRAWARE_ATLASSIAN_APIHOST: ${{ secrets.TEST_ATLASSIAN_HOST }} | |
| TERRAWARE_ATLASSIAN_APITOKEN: ${{ secrets.TEST_ATLASSIAN_TOKEN }} | |
| TERRAWARE_ATLASSIAN_SERVICEDESKKEY: ${{ secrets.TEST_ATLASSIAN_SERVICE_DESK_KEY }} | |
| TEST_BALENA_API_KEY: ${{ secrets.TEST_BALENA_API_KEY }} | |
| TEST_S3_BUCKET_NAME: terraware-ci-test | |
| - name: Extract Docker image layers | |
| run: make -C docker prepare | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Log into Docker Hub | |
| if: env.DOCKER_TAGS != '' | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - name: Cache Docker build layers | |
| uses: actions/cache@v4 | |
| with: | |
| path: /tmp/.buildx-cache | |
| key: 2-buildx | |
| - name: Build Docker image and push if on main branch or tag | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: build/docker | |
| tags: ${{ env.DOCKER_TAGS }} | |
| platforms: linux/amd64,linux/arm64 | |
| push: ${{ env.DOCKER_TAGS != '' }} | |
| cache-from: type=local,src=/tmp/.buildx-cache | |
| cache-to: type=local,mode=max,dest=/tmp/.buildx-cache-new | |
| - name: Move Docker build cache | |
| run: | | |
| rm -rf /tmp/.buildx-cache | |
| mv /tmp/.buildx-cache-new /tmp/.buildx-cache | |
| - name: Connect to Tailscale | |
| uses: tailscale/github-action@v2 | |
| with: | |
| oauth-client-id: ${{ secrets.TAILSCALE_OAUTH_CLIENT_ID }} | |
| oauth-secret: ${{ secrets.TAILSCALE_OAUTH_CLIENT_SECRET }} | |
| tags: tag:github | |
| - name: Deploy | |
| if: env.IS_CD == 'true' | |
| env: | |
| SSH_KEY: ${{ secrets[env.SSH_KEY_SECRET_NAME] }} | |
| SSH_USER: ${{ secrets[env.SSH_USER_SECRET_NAME] }} | |
| run: ./.github/scripts/deploy.sh | |
| - name: Log into Jira | |
| if: env.TIER == 'PROD' | |
| uses: atlassian/gajira-login@master | |
| env: | |
| JIRA_BASE_URL: ${{ secrets.JIRA_BASE_URL }} | |
| JIRA_USER_EMAIL: ${{ secrets.JIRA_USER_EMAIL }} | |
| JIRA_API_TOKEN: ${{ secrets.JIRA_API_TOKEN }} | |
| - name: Create Jira Transition List | |
| if: env.TIER == 'PROD' | |
| run: > | |
| curl https://terraware.github.io/terraware-server/unreleased.log | | |
| grep -E 'SW-[0-9]+' -o | | |
| sort -u > ./docs/jiralist.txt | |
| - name: Transition Jira Issues | |
| if: env.TIER == 'PROD' | |
| uses: terraware/gajira-transition-multiple@master | |
| with: | |
| issueList: ./docs/jiralist.txt | |
| transition: "Released to Production from Done" |