Skip to content

Permission Checks now use Wildcard semantics. (#2355) #1

Permission Checks now use Wildcard semantics. (#2355)

Permission Checks now use Wildcard semantics. (#2355) #1

Workflow file for this run

# Continuous integration
name: CI
# Run in master and dev branches and in all pull requests to those branches
on:
push:
branches: [ master ]
pull_request:
branches: [ master ]
env:
DOCKER_IMAGE: ohdsi/webapi
jobs:
# Build and test the code
build:
# The type of runner that the job will run on
runs-on: ubuntu-latest
env:
MAVEN_PROFILE: webapi-postgresql
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- uses: actions/checkout@v2
- uses: actions/setup-java@v1
with:
java-version: 8
- name: Maven cache
uses: actions/cache@v2
with:
# Cache gradle directories
path: ~/.m2
# Key for restoring and saving the cache
key: ${{ runner.os }}-maven-${{ hashFiles('pom.xml') }}
restore-keys: |
${{ runner.os }}-maven-
- name: Build code
run: mvn -B -DskipTests=true -DskipUnitTests=true -P${{ env.MAVEN_PROFILE }} package
- name: Test
# Skipping unit and integration tests for now, because they keep failing.
run: mvn -B -DskipUnitTests=true -DskipITtests=true -P${{ env.MAVEN_PROFILE }} test
# Check that the docker image builds correctly
# Push to ohdsi/atlas:master for commits on master.
docker:
# The type of runner that the job will run on
runs-on: ubuntu-latest
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- uses: actions/checkout@v2
- name: Cache Docker layers
uses: actions/cache@v2
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ github.sha }}
restore-keys: |
${{ runner.os }}-buildx-
# Add Docker labels and tags
- name: Docker meta
id: docker_meta
uses: crazy-max/ghaction-docker-meta@v1
with:
images: ${{ env.DOCKER_IMAGE }}
# Setup docker build environment
- name: Set up QEMU
uses: docker/setup-qemu-action@v1
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
- name: Set build parameters
id: build_params
run: |
echo "::set-output name=sha8::${GITHUB_SHA::8}"
if [ ${{ github.event_name == 'pull_request' }} ]; then
echo "::set-output name=push::false"
echo "::set-output name=load::true"
echo "::set-output name=platforms::linux/amd64"
else
echo "::set-output name=push::true"
echo "::set-output name=load::false"
echo "::set-output name=platforms::linux/amd64,linux/arm64"
fi
- name: Login to DockerHub
uses: docker/login-action@v1
if: steps.build_params.outputs.push == 'true'
with:
username: ${{ secrets.DOCKER_HUB_USERNAME }}
password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
- name: Build and push
id: docker_build
uses: docker/build-push-action@v2
with:
context: ./
file: ./Dockerfile
cache-from: type=local,src=/tmp/.buildx-cache
cache-to: type=local,dest=/tmp/.buildx-cache,mode=max
platforms: ${{ steps.build_params.outputs.platforms }}
push: ${{ steps.build_params.outputs.push }}
load: ${{ steps.build_params.outputs.load }}
build-args: |
GIT_BRANCH=${{ steps.docker_meta.outputs.version }}
GIT_COMMIT_ID_ABBREV=${{ steps.build_params.outputs.sha8 }}
tags: ${{ steps.docker_meta.outputs.tags }}
# Use runtime labels from docker_meta as well as fixed labels
labels: |
${{ steps.docker_meta.outputs.labels }}
maintainer=Joris Borgdorff <[email protected]>, Lee Evans - www.ltscomputingllc.com
org.opencontainers.image.authors=Joris Borgdorff <[email protected]>, Lee Evans - www.ltscomputingllc.com
org.opencontainers.image.vendor=OHDSI
org.opencontainers.image.licenses=Apache-2.0
# If the image was pushed, we need to pull it again to inspect it
- name: Pull image
if: steps.build_params.outputs.push == 'true'
run: docker pull ${{ env.DOCKER_IMAGE }}:${{ steps.docker_meta.outputs.version }}
- name: Inspect image
run: |
docker image inspect ${{ env.DOCKER_IMAGE }}:${{ steps.docker_meta.outputs.version }}