OpenESPI-GreenButton-Java/.github/workflows/ci.yml at main · GreenButtonAlliance/OpenESPI-GreenButton-Java · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
name: CI/CD Pipeline

on:
  push:
    branches: [ main, develop ]
  pull_request:
    branches: [ main, develop ]

env:
  JAVA_VERSION: '25'
  MAVEN_OPTS: -Xmx3072m

jobs:
  build-and-test:
    name: Build and Test All Modules
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
        with:
          fetch-depth: 0  # Shallow clones should be disabled for better SonarCloud analysis

      - name: Set up JDK 25
        uses: actions/setup-java@v4
        with:
          java-version: ${{ env.JAVA_VERSION }}
          distribution: 'temurin'
          cache: 'maven'

      - name: Cache Maven packages
        uses: actions/cache@v4
        with:
          path: ~/.m2/repository
          key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
          restore-keys: |
            ${{ runner.os }}-maven-

      - name: Cache SonarCloud packages
        uses: actions/cache@v4
        with:
          path: ~/.sonar/cache
          key: ${{ runner.os }}-sonar
          restore-keys: ${{ runner.os }}-sonar

      - name: Build all modules
        run: mvn clean install -DskipTests

      - name: Run tests - openespi-common
        run: mvn test -pl openespi-common -am

      - name: Run tests - openespi-datacustodian
        run: mvn test -pl openespi-datacustodian -am

      # TODO: Enable when authserver implementation is complete
      # - name: Run tests - openespi-authserver
      #   run: mvn test -pl openespi-authserver -am
      #   env:
      #     SPRING_PROFILES_ACTIVE: test

      - name: Run tests - openespi-thirdparty
        run: mvn test -pl openespi-thirdparty -am

      - name: Run integration tests with TestContainers
        run: mvn verify -Pintegration-tests -pl openespi-common,openespi-datacustodian,openespi-thirdparty

      # JaCoCo reports are automatically generated during test phase (configured in root pom.xml)

      - name: Upload test results
        if: always()
        uses: actions/upload-artifact@v4
        with:
          name: test-results
          path: |
            **/target/surefire-reports/
            **/target/failsafe-reports/

      - name: Upload coverage reports
        if: always()
        uses: actions/upload-artifact@v4
        with:
          name: coverage-reports
          path: |
            **/target/site/jacoco/

  sonarcloud:
    name: SonarCloud Analysis
    runs-on: ubuntu-latest
    needs: build-and-test
    if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository

    steps:
      - name: Checkout code
        uses: actions/checkout@v4
        with:
          fetch-depth: 0  # Shallow clones should be disabled for better SonarCloud analysis

      - name: Set up JDK 25
        uses: actions/setup-java@v4
        with:
          java-version: ${{ env.JAVA_VERSION }}
          distribution: 'temurin'
          cache: 'maven'

      - name: Cache Maven packages
        uses: actions/cache@v4
        with:
          path: ~/.m2/repository
          key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
          restore-keys: |
            ${{ runner.os }}-maven-

      - name: Cache SonarCloud packages
        uses: actions/cache@v4
        with:
          path: ~/.sonar/cache
          key: ${{ runner.os }}-sonar
          restore-keys: ${{ runner.os }}-sonar

      - name: Build modules for SonarCloud
        run: mvn clean verify -pl openespi-common,openespi-datacustodian,openespi-thirdparty -am

      - name: Analyze with SonarCloud
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
        run: |
          mvn org.sonarsource.scanner.maven:sonar-maven-plugin:sonar \
            -Dsonar.projectKey=GreenButtonAlliance_OpenESPI-GreenButton-Java \
            -Dsonar.organization=greenbuttonalliance \
            -Dsonar.host.url=https://sonarcloud.io \
            -Dsonar.coverage.jacoco.xmlReportPaths=**/target/site/jacoco/jacoco.xml

  security-scan:
    name: Security Vulnerability Scan
    runs-on: ubuntu-latest

    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Set up JDK 25
        uses: actions/setup-java@v4
        with:
          java-version: ${{ env.JAVA_VERSION }}
          distribution: 'temurin'
          cache: 'maven'

      - name: Run OWASP Dependency Check
        run: mvn org.owasp:dependency-check-maven:check
        continue-on-error: true

      - name: Upload OWASP report
        if: always()
        uses: actions/upload-artifact@v4
        with:
          name: owasp-report
          path: target/dependency-check-report.html