Skip to content

BFD-3234: Exclude kernel updates when patching app amis #11323

BFD-3234: Exclude kernel updates when patching app amis

BFD-3234: Exclude kernel updates when patching app amis #11323

Workflow file for this run

name: 'CI - Java'
on:
pull_request:
merge_group:
env:
# workflow file matchers - workflow jobs will only run if matching files are found
# please see https://github.com/CMSgov/beneficiary-fhir-data/pull/773 for why we
# are using this workflow logic
# NOTE: I can't find anything in the spec that suggests that '\' is used as a string-continuation
# symbol. However, see the following StackOverflow post for an example:
# https://stackoverflow.com/questions/6268391/is-there-a-way-to-represent-a-long-string-that-doesnt-have-any-whitespace-on-mul
workflow_files_re: "(\
^apps/pom.xml|\
^apps/Dockerfile|\
^apps/bfd-|\
^ops/ansible/roles/bfd-db-migrator/|\
^ops/ansible/roles/bfd-pipeline/|\
^ops/ansible/roles/bfd-server/|\
^.github/workflows/ci-ansible.yml|\
^.github/workflows/ci-java.yml)"
jobs:
workflow:
name: Checking workflow
runs-on: ubuntu-20.04
outputs:
files: ${{ steps.workflow_files.outputs.files }}
steps:
- name: Checkout repository
uses: actions/checkout@v3
with:
fetch-depth: 2
- id: workflow_files
name: Set output
run: |
echo "files<<EOF" >> $GITHUB_OUTPUT
echo "$(git diff --name-only --diff-filter=ACMRTD HEAD^ HEAD | grep -E '${{ env.workflow_files_re }}')" >> $GITHUB_OUTPUT
echo "EOF" >> $GITHUB_OUTPUT
mvn-fmt-maven-plugin:
runs-on: ubuntu-20.04
needs: workflow
if: needs.workflow.outputs.files
steps:
- uses: actions/checkout@v3
- name: 'Setup JDK'
uses: actions/setup-java@v3
with:
java-version: '21'
distribution: 'corretto'
- name: 'Run maven ${{ matrix.mvn_commmand }}'
run: mvn com.spotify.fmt:fmt-maven-plugin:check
working-directory: ./apps
mvn-verify:
runs-on: ubuntu-20.04
needs: workflow
outputs:
BFD_PARENT_VERSION: ${{ steps.bfd-parent-version.outputs.BFD_PARENT_VERSION }}
if: needs.workflow.outputs.files
steps:
- name: 'Checkout repo'
uses: actions/checkout@v3
- name: 'Setup JDK'
uses: actions/setup-java@v3
with:
java-version: '21'
distribution: 'corretto'
- name: 'Run Maven Build'
run: mvn --threads 1C --quiet --batch-mode -Dmaven.build.cache.enabled=false -Dapidocgen.skip=false verify
working-directory: ./apps
- name: 'Install yq'
run: |
sudo wget https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 -O /usr/bin/yq
sudo chmod +x /usr/bin/yq
- name: Login to GitHub Container Registry
run: |
echo "${{ secrets.GITHUB_TOKEN }}" \
| docker login ghcr.io -u ${{ github.actor }} --password-stdin
- name: Determine the BFD Parent Version
id: bfd-parent-version
run: |
echo "BFD_PARENT_VERSION=$(yq '.project.version' apps/pom.xml)" >> "$GITHUB_OUTPUT"
echo "BFD_PARENT_VERSION=$(yq '.project.version' apps/pom.xml)" >> "$GITHUB_ENV"
- name: Build and Deliver Apps Container Image
run: |
SANITIZED_REF="${GITHUB_REF_NAME////-}"
IMAGE_NAME="ghcr.io/cmsgov/bfd-apps"
SHORT_SHA="$(git rev-parse --short HEAD)"
FULL_BRANCH_TAG="${IMAGE_NAME}:${SANITIZED_REF}" # human readable, branch name tag
FULL_COMMIT_TAG="${IMAGE_NAME}:${SHORT_SHA}" # a short sha suffixed image tag
echo "Building ${BFD_PARENT_VERSION} Container"
docker build --tag "$FULL_BRANCH_TAG" --build-arg="BFD_VERSION=${BFD_PARENT_VERSION}" .
docker tag "$FULL_BRANCH_TAG" "$FULL_COMMIT_TAG"
docker push "$FULL_BRANCH_TAG"
docker push "$FULL_COMMIT_TAG"
working-directory: apps
# NOTE: Temporarily disable fhir-validation in support of BFD-2198
# TODO: Re-enable post BFD-2198 with more thoughtful implementation
# fhir-validate:
# runs-on: ubuntu-20.04
# steps:
# - name: 'Checkout repo'
# uses: actions/checkout@v3
# - name: 'Create local branch references'
# # Check out the branches to build references for use in the next step
# run: git fetch && git checkout master && git checkout $GITHUB_HEAD_REF
# - name: 'Set up Python'
# if: steps.run_check.outputs.skip == 'false'
# uses: actions/setup-python@v3
# with:
# python-version: '3.10.5'
# - name: 'Check for new/modified resources'
# id: run_check
# # Checks if there are any modified resources in the endpoint responses
# # grep returns non-zero exit code when no matches are found, so only skip if the condition fails
# run: |
# can_skip=$(if [[ $(python3 ops/fhir_validations/diff_check.py) ]]; then echo "true"; else echo "false"; fi)
# if [[ $can_skip == 'true' ]]; then echo "No modified resources found, skipping rest of job."; else echo "Found modified resources, validating..."; fi
# echo ::set-output name=skip::$can_skip
# - name: 'Install Python dependencies'
# if: steps.run_check.outputs.skip == 'false'
# run: |
# python -m pip install --upgrade pip
# pip install -r ops/fhir_validations/requirements.txt
# - name: 'Set up JDK'
# if: steps.run_check.outputs.skip == 'false'
# uses: actions/setup-java@v1
# with:
# java-version: '11'
# - name: 'Download FHIR validator'
# if: steps.run_check.outputs.skip == 'false'
# uses: wei/wget@v1
# with:
# #TODO: Pinning to 5.6.68 due to bug in latest release, re-evaluate later.
# args: https://github.com/hapifhir/org.hl7.fhir.core/releases/download/5.6.68/validator_cli.jar
# - name: 'Verify FHIR resource'
# id: validate_fhir
# if: steps.run_check.outputs.skip == 'false'
# run: |
# is_valid="false"
# if output=$(python3 ops/fhir_validations/validations.py -r) ; then is_valid="true" ; fi
# echo "$output"
# output=$([[ $output =~ .*(Results:[^$'\n']*).* ]] && echo "${BASH_REMATCH[1]}")
# echo ::set-output name=valid::$is_valid
# echo ::set-output name=output::$output
# - name: 'Job Outcome'
# if: steps.run_check.outputs.skip == 'false'
# run: |
# is_valid="${{ steps.validate_fhir.outputs.valid }}"
# output="${{ steps.validate_fhir.outputs.output }}"
# echo "$output" >> $GITHUB_STEP_SUMMARY
# printf "$output\n"
# if [ "$is_valid" = "false" ] ; then exit 1 ; fi
# ansible system testing
ansible-role-bfd-pipeline:
needs: mvn-verify
uses: ./.github/workflows/ci-ansible.yml
with:
role: bfd-pipeline
bfd_version: ${{ needs.mvn-verify.outputs.BFD_PARENT_VERSION }}
ansible-role-bfd-server:
needs: mvn-verify
uses: ./.github/workflows/ci-ansible.yml
with:
role: bfd-server
bfd_version: ${{ needs.mvn-verify.outputs.BFD_PARENT_VERSION }}
ansible-role-bfd-db-migrator:
needs: mvn-verify
uses: ./.github/workflows/ci-ansible.yml
with:
role: bfd-db-migrator
bfd_version: ${{ needs.mvn-verify.outputs.BFD_PARENT_VERSION }}