Skip to content

feat: mTLS security scope restriction #1379

feat: mTLS security scope restriction

feat: mTLS security scope restriction #1379

Workflow file for this run

# Main build pipeline, operates on `dev` branch which is our integration branch
name: CI Dev branch
on:
push:
branches: [ "dev" ] # trap each push to dev branch
paths: # but react only to changes in code or pipeline definition
- evita*/**/*.java
- evita*/**/pom.xml
- evita_external_api/evita_external_api_lab/src/main/resources/META-INF/lab/gui/dist/**
- jacoco/**/pom.xml
- docker/**
- .github/**
pull_request_target:
branches: [ "dev" ] # also trap pull requests to dev branch
paths: # but react only to changes in code or pipeline definition
- evita*/**/*.java
- evita*/**/pom.xml
- .github/**.*
permissions:
id-token: write
contents: write
actions: read
checks: write
pull-requests: read
security-events: write
statuses: write
concurrency:
group: ${{ github.head_ref || github.ref_name }} # for the same branch (dev or PR)
cancel-in-progress: true # run only one workflow at a time (cancel the previous)
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3 # checkout sources
- name: Setup Java JDK
uses: actions/setup-java@v3 # setup JDK 17 for building
with:
distribution: 'temurin'
java-version: '17'
cache: 'maven'
server-id: ossrh
server-username: MAVEN_USERNAME
server-password: MAVEN_CENTRAL_TOKEN
gpg-private-key: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }}
gpg-passphrase: MAVEN_GPG_PASSPHRASE
- name: Build with Maven # run Maven with tests
run: |
mvn -T 1C -B package -P unitAndFunctional jacoco:report-aggregate -V --fail-at-end -Dmaven.test.skip=false --file pom.xml
jacoco/jacoco-summary.sh jacoco/target/site/jacoco-aggregate/jacoco.csv
- name: Upload test results # upload XML with unit test results to artifact `test-results` for `test-report.yml`
uses: actions/upload-artifact@v4
if: success() || failure()
with:
name: test-results
path: 'evita*/**/target/surefire-reports/TEST-*.xml'
- name: Upload evitaDB server artifact # upload `evita-server.jar` for `docker-canary.yml` to deploy to DockerHub
uses: actions/upload-artifact@v4
if: success()
with:
name: evita-server.jar
path: 'evita_server/target/evita-server.jar'
- name: Upload coverage to Codecov # upload code coverage from Jacoco to codecov
uses: codecov/codecov-action@v3
# Optional: Uploads the full dependency graph to GitHub to improve the quality of Dependabot alerts this repository can receive
- name: Update dependency graph
uses: advanced-security/maven-dependency-submission-action@v3
- name: Deploy with Maven # deploy SNAPSHOTS to Maven repository
run: |
mvn -T 1C -B deploy -DdeployAtEnd=true -Dmaven.test.skip=true --file pom.xml
continue-on-error: true
env:
MAVEN_USERNAME: ${{ secrets.MAVEN_USERNAME }}
MAVEN_CENTRAL_TOKEN: ${{ secrets.MAVEN_CENTRAL_TOKEN }}
MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }}