mesh-sandbox/.github/workflows/merge-develop.yml at develop · NHSDigital/mesh-sandbox · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
name: pull-request
on:
  push:
    branches:
      - develop

jobs:
  coverage:
    runs-on: ubuntu-latest
    permissions:
      contents: write
      checks: write
      pull-requests: write
    if: github.repository == 'NHSDigital/mesh-sandbox' && !contains(github.event.head_commit.message, 'tag release version:')
    steps:
      - name: checkout
        uses: actions/checkout@v6
        with:
          fetch-depth: 0

      - name: setup python
        uses: actions/setup-python@v6
        with:
          python-version-file: "pyproject.toml"

      - name: setup poetry
        uses: abatilo/actions-poetry@0dd19c9498c3dc8728967849d0d2eae428a8a3d8
        with:
          poetry-version: 2.1.2

      - name: add poetry plugins
        run: |
          poetry self add "poetry-dynamic-versioning[plugin]"

      - name: cache virtualenv
        uses: actions/cache@v5
        with:
          path: |
            .venv
          key: ${{ runner.os }}-poetry-v2-${{ hashFiles('./poetry.lock') }}

      - name: git reset
        run: git reset --hard

      - name: install dependencies
        run: make install-ci

      - name: installs unrar
        run: |
          sudo apt update
          sudo apt-get install unrar -yq

      - name: setup java
        if: success() || failure()
        uses: actions/setup-java@v5
        with:
          distribution: "corretto"
          java-version: "11"

      - name: start docker containers
        run: make up

      - name: code coverage
        run: make coverage-ci

      - name: code coverage report
        if: ${{ github.event_name == 'pull_request' }}
        uses: orgoro/coverage@7dbd48c7f7ed09df337ff40058340c85bc93cb3d
        with:
          coverageFile: reports/coverage.xml
          token: ${{ secrets.GITHUB_TOKEN }}
          thresholdAll: 0.85

      - name: setup java
        if: github.actor != 'dependabot[bot]' && (success() || failure())
        uses: actions/setup-java@v5
        with:
          distribution: "corretto"
          java-version: "17"

      - name: provision sonar-scanner
        if: github.actor != 'dependabot[bot]' && (success() || failure())
        run: |
          export SONAR_VERSION="4.7.0.2747"
          wget -q --max-redirect=0 "https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-${SONAR_VERSION}.zip" -O sonar-scanner.zip
          unzip -q ./sonar-scanner.zip
          mv ./sonar-scanner-${SONAR_VERSION} ./sonar-scanner
          scripts/sonar_tests.py

      - name: run sonar scan
        if: github.actor != 'dependabot[bot]' && (success() || failure())
        run: |
          PATH="$PWD/sonar-scanner/bin:$PATH"
          sonar-scanner
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

      - name: publish junit reports
        if: success() || failure()
        uses: mikepenz/action-junit-report@49b2ca06f62aa7ef83ae6769a2179271e160d8e4
        with:
          check_name: junit reports
          report_paths: reports/junit/*.xml

      - name: stop docker containers
        if: success() || failure()
        run: make down

  publish:
    runs-on: ubuntu-latest
    permissions:
      contents: write
      checks: write
      pull-requests: write
    if: github.repository == 'NHSDigital/mesh-sandbox'  && github.actor != 'dependabot[bot]' && !contains(github.event.head_commit.message, 'tag release version:')
    steps:
      - name: checkout
        uses: actions/checkout@v6
        with:
          fetch-depth: 0

      - name: clean
        run: |
          git clean -fdx
          find . -type f | xargs chmod g+w

      - name: setup python
        uses: actions/setup-python@v6
        with:
          python-version-file: "pyproject.toml"

      - name: setup poetry
        uses: abatilo/actions-poetry@0dd19c9498c3dc8728967849d0d2eae428a8a3d8
        with:
          poetry-version: 2.1.2

      - name: add poetry plugins
        run: |
          poetry self add "poetry-dynamic-versioning[plugin]"

      - name: poetry build
        run: |
          version="v$(poetry version patch | rev | cut -d' ' -f1 | rev)"
          echo "RELEASE_VERSION=$version" >> $GITHUB_ENV
          git tag $version
          poetry build --format=wheel

      - name: create release
        id: create_release
        uses: actions/create-release@v1
        continue-on-error: false
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
          tag_name: ${{ env.RELEASE_VERSION }}
          release_name: ${{ env.RELEASE_VERSION }}

      - name: poetry config
        env:
          POETRY_PYPI_TOKEN_PYPI: ${{ secrets.PYPI_TOKEN }}
        run: |
          poetry config pypi-token.pypi "$POETRY_PYPI_TOKEN_PYPI"

      - name: poetry publish
        run: poetry publish