Skip to content

Fixing issues with multi level unnesting in extract implementation an… #3851

Fixing issues with multi level unnesting in extract implementation an…

Fixing issues with multi level unnesting in extract implementation an… #3851

Workflow file for this run

# This workflow will build the software and documentation to ensure there are no errors, and also
# execute the tests.
#
# The FHIR server build is separated into three tranches, to minimise overall build time:
#
# Tranche 1: ModificationTest, AggregateQueryTest, ExtractTest
# Tranche 2: ManifestConverterTest, integration tests
# Tranche 3: All other FHIR server tests, tests from utilities and terminology modules
#
# There are a set of performance benchmarks that run and upload their results to a S3 bucket.
#
# This workflow also deploys a pre-release version of the software to Docker Hub and Maven Central,
# if the branch is a release branch (`release/**`).
name: Test
on:
push:
branches-ignore:
- gh-pages
env:
# The add-exports and add-opens flags are required for Java 17
MAVEN_OPTS: --add-exports=java.base/sun.nio.ch=ALL-UNNAMED --add-opens=java.base/java.net=ALL-UNNAMED
jobs:
encoders:
name: Encoders
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
# This is required so that git-commit-id-plugin can find the latest tag.
fetch-depth: 0
- name: Set up JDK
uses: actions/setup-java@v4
with:
java-version: 17
distribution: "zulu"
- name: Cache local Maven repository
uses: actions/cache@v4
with:
path: ~/.m2/repository
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
restore-keys: |-
${{ runner.os }}-maven-
- name: Run the verify goal with Maven
env:
# If the actor is not Dependabot, we ignore test failures and rely upon the Surefire
# report action to report them.
PATHLING_OPTS: ${{ github.actor == 'dependabot[bot]' && '' || '-Dmaven.test.failure.ignore' }}
run: >-
mvn --batch-mode verify
-pl encoders -am
${{ env.PATHLING_OPTS }}
timeout-minutes: 20
- name: Upload encoders test reports
uses: actions/upload-artifact@v4
with:
name: encoders-surefire-reports
path: encoders/target/surefire-reports
- name: Upload test coverage report
uses: actions/upload-artifact@v4
with:
name: encoders-coverage
path: "**/jacoco.xml"
- name: Upload dump files
uses: actions/upload-artifact@v4
with:
name: encoders-dump-files
path: |-
**/*.dump
**/*.dumpstream
- name: Publish test results
# If the actor is Dependabot, we need to avoid anything that requires access to secrets.
if: github.actor != 'dependabot[bot]'
uses: scacap/action-surefire-report@v1
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
check_name: Encoders test report
fail_on_test_failures: true
fhir-server-1:
name: FHIR server (tranche 1)
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
# This is required so that git-commit-id-plugin can find the latest tag.
fetch-depth: 0
- name: Set up JDK
uses: actions/setup-java@v4
with:
java-version: 17
distribution: "zulu"
- name: Cache local Maven repository
uses: actions/cache@v4
with:
path: ~/.m2/repository
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
restore-keys: |-
${{ runner.os }}-maven-
- name: Cache test data
id: cache-test-data
uses: actions/cache@v4
with:
path: fhir-server/src/test/resources/test-data/parquet
key: ${{ runner.os }}-test-data-${{ hashFiles('fhir-server/src/test/resources/test-data/fhir/*.ndjson', 'encoders/src/main/**/*.java', 'encoders/src/main/**/*.scala', 'fhir-server/src/main/java/au/csiro/pathling/io/Database.java') }}
- name: Run the verify goal with Maven
env:
# Activate the "tranche 1" test profile. If there is a cache hit on the test data, we
# don't need to import it.
PATHLING_PROFILES: testTranche1${{ steps.cache-test-data.outputs.cache-hit && ',!importTestData' || '' }}
# If the actor is not Dependabot, we ignore test failures and rely upon the Surefire
# report action to report them.
PATHLING_OPTS: >-
-DskipEncodersTests
-DskipUtilitiesTests
-DskipTerminologyTests
-DskipFhirPathTests
${{ github.actor == 'dependabot[bot]' && '' || '-Dmaven.test.failure.ignore' }}
run: >-
mvn --batch-mode verify
-pl fhir-server -am
-P${{ env.PATHLING_PROFILES }}
${{ env.PATHLING_OPTS }}
timeout-minutes: 30
- name: Upload fhir-server test reports
uses: actions/upload-artifact@v4
with:
name: fhir-server-1-surefire-reports
path: fhir-server/target/surefire-reports
- name: Upload test coverage report
uses: actions/upload-artifact@v4
with:
name: fhir-server-1-coverage
path: "**/jacoco.xml"
- name: Upload timing log
uses: actions/upload-artifact@v4
with:
name: fhir-server-1-timing-log
path: fhir-server/target/timing.log
- name: Upload dump files
uses: actions/upload-artifact@v4
with:
name: fhir-server-1-dump-files
path: |-
**/*.dump
**/*.dumpstream
- name: Publish test results
# If the actor is Dependabot, we need to avoid anything that requires access to secrets.
if: github.actor != 'dependabot[bot]'
uses: scacap/action-surefire-report@v1
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
check_name: FHIR server test report 1
fail_on_test_failures: true
fhir-server-2:
name: FHIR server (tranche 2)
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
# This is required so that git-commit-id-plugin can find the latest tag.
fetch-depth: 0
- name: Set up JDK
uses: actions/setup-java@v4
with:
java-version: 17
distribution: "zulu"
- name: Cache local Maven repository
uses: actions/cache@v4
with:
path: ~/.m2/repository
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
restore-keys: |-
${{ runner.os }}-maven-
- name: Cache test data
id: cache-test-data
uses: actions/cache@v4
with:
path: fhir-server/src/test/resources/test-data/parquet
key: ${{ runner.os }}-test-data-${{ hashFiles('fhir-server/src/test/resources/test-data/fhir/*.ndjson', 'encoders/src/main/**/*.java', 'encoders/src/main/**/*.scala', 'fhir-server/src/main/java/au/csiro/pathling/io/Database.java') }}
- name: Run the verify goal with Maven
env:
# Activate the "tranche 2" test profile. If there is a cache hit on the test data, we
# don't need to import it.
PATHLING_PROFILES: testTranche2${{ steps.cache-test-data.outputs.cache-hit && ',!importTestData' || '' }}
# If the actor is not Dependabot, we ignore test failures and rely upon the Surefire
# report action to report them.
PATHLING_OPTS: >-
-DskipEncodersTests
-DskipUtilitiesTests
-DskipTerminologyTests
-DskipFhirPathTests
${{ github.actor == 'dependabot[bot]' && '' || '-Dmaven.test.failure.ignore' }}
run: >-
mvn --batch-mode verify
-pl fhir-server -am
-P${{ env.PATHLING_PROFILES }}
${{ env.PATHLING_OPTS }}
timeout-minutes: 30
- name: Upload fhir-server test reports
uses: actions/upload-artifact@v4
with:
name: fhir-server-2-surefire-reports
path: fhir-server/target/surefire-reports
- name: Upload test coverage report
uses: actions/upload-artifact@v4
with:
name: fhir-server-2-coverage
path: "**/jacoco.xml"
- name: Upload timing log
uses: actions/upload-artifact@v4
with:
name: fhir-server-2-timing-log
path: fhir-server/target/timing.log
- name: Upload dump files
uses: actions/upload-artifact@v4
with:
name: fhir-server-2-dump-files
path: |-
**/*.dump
**/*.dumpstream
- name: Publish test results
# If the actor is Dependabot, we need to avoid anything that requires access to secrets.
if: github.actor != 'dependabot[bot]'
uses: scacap/action-surefire-report@v1
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
check_name: FHIR server test report 2
fail_on_test_failures: true
# This job builds the FHIR server, and runs all tests that do not fall into tranches 1 or 2.
fhir-server-3:
name: FHIR server (tranche 3)
runs-on: ubuntu-latest
steps:
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
role-to-assume: arn:aws:iam::865780493209:role/PathlingBenchmarkUpload
aws-region: ap-southeast-2
- name: Checkout code
uses: actions/checkout@v4
with:
# This is required so that git-commit-id-plugin can find the latest tag.
fetch-depth: 0
- name: Set up JDK
uses: actions/setup-java@v4
with:
java-version: 17
distribution: "zulu"
- name: Cache local Maven repository
uses: actions/cache@v4
with:
path: ~/.m2/repository
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
restore-keys: |-
${{ runner.os }}-maven-
- name: Cache test data
id: cache-test-data
uses: actions/cache@v4
with:
path: fhir-server/src/test/resources/test-data/parquet
key: ${{ runner.os }}-test-data-${{ hashFiles('fhir-server/src/test/resources/test-data/fhir/*.ndjson', 'encoders/src/main/**/*.java', 'encoders/src/main/**/*.scala', 'fhir-server/src/main/java/au/csiro/pathling/io/Database.java') }}
- name: Run the verify goal with Maven
env:
# Activate the "tranche 3" test profile. If there is a cache hit on the test data, we
# don't need to import it.
PATHLING_PROFILES: testTranche3${{ steps.cache-test-data.outputs.cache-hit && ',!importTestData' || '' }}
# If the actor is not Dependabot, we ignore test failures and rely upon the Surefire
# report action to report them.
PATHLING_OPTS: >-
-DskipEncodersTests
${{ github.actor == 'dependabot[bot]' && '' || '-Dmaven.test.failure.ignore' }}
run: >-
mvn --batch-mode verify
-pl fhir-server -am
-P${{ env.PATHLING_PROFILES }}
${{ env.PATHLING_OPTS }}
timeout-minutes: 30
- name: Upload utilities test reports
uses: actions/upload-artifact@v4
with:
name: utilities-surefire-reports
path: utilities/target/surefire-reports
- name: Upload terminology test reports
uses: actions/upload-artifact@v4
with:
name: terminology-surefire-reports
path: terminology/target/surefire-reports
- name: Upload FHIRPath test reports
uses: actions/upload-artifact@v4
with:
name: fhirpath-surefire-reports
path: fhirpath/target/surefire-reports
- name: Upload FHIR server test reports
uses: actions/upload-artifact@v4
with:
name: fhir-server-3-surefire-reports
path: fhir-server/target/surefire-reports
- name: Upload FHIR server test coverage report
uses: actions/upload-artifact@v4
with:
name: fhir-server-3-coverage
path: "**/jacoco.xml"
- name: Upload timing log
uses: actions/upload-artifact@v4
with:
name: fhir-server-3-timing-log
path: fhir-server/target/timing.log
- name: Upload dump files
uses: actions/upload-artifact@v4
with:
name: fhir-server-3-dump-files
path: |-
**/*.dump
**/*.dumpstream
- name: Publish test results
# If the actor is Dependabot, we need to avoid anything that requires access to secrets.
if: github.actor != 'dependabot[bot]'
uses: scacap/action-surefire-report@v1
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
check_name: FHIR server test report 3
fail_on_test_failures: true
- name: Upload SQL on FHIR test report to S3
run: aws s3 cp fhirpath/target/fhir-view-compliance-test.json s3://pathling-benchmark/test-reports/${{ github.ref }}/sof-test-results.json
# This job builds, tests and scans the FHIR server Docker image.
docker-image:
name: Docker image
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
# This is required so that git-commit-id-plugin can find the latest tag.
fetch-depth: 0
- name: Set up JDK
uses: actions/setup-java@v4
with:
java-version: 17
distribution: "zulu"
- name: Cache local Maven repository
uses: actions/cache@v4
with:
path: ~/.m2/repository
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
restore-keys: |-
${{ runner.os }}-maven-
- name: Run the verify goal with Maven
if: github.actor == 'dependabot[bot]'
env:
# If the actor is Dependabot we skip the system test, as it requires access to secrets.
PATHLING_OPTS: >-
-DskipSurefireTests
-DskipITs
-Dpathling.dockerArchitecture=amd64
run: >-
mvn --batch-mode verify
-pl fhir-server -am
-Pdocker,!importTestData
${{ env.PATHLING_OPTS }}
timeout-minutes: 15
- name: Run the verify goal with Maven
if: github.actor != 'dependabot[bot]'
env:
PATHLING_OPTS: >-
-DskipSurefireTests
-Dmaven.test.failure.ignore
-Dpathling.dockerArchitecture=amd64
-Dpathling.systemTest.auth.clientSecret=${{ secrets.TEST_CLIENT_SECRET }}
run: >-
mvn --batch-mode verify
-pl fhir-server -am
-Pdocker,!importTestData
${{ env.PATHLING_OPTS }}
timeout-minutes: 15
- name: Scan Docker image for vulnerabilities
uses: aquasecurity/trivy-action@master
env:
TRIVY_OFFLINE_SCAN: true
with:
image-ref: "aehrc/pathling:${{ github.sha }}"
exit-code: "1"
ignore-unfixed: true
scanners: "vuln"
severity: CRITICAL
timeout: 20m
- name: Publish test results
# If the actor is Dependabot, we need to avoid anything that requires access to secrets.
if: github.actor != 'dependabot[bot]'
uses: scacap/action-surefire-report@v1
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
check_name: Docker image test report
fail_on_test_failures: true
js-client:
name: JavaScript client
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
# This is required so that git-commit-id-plugin can find the latest tag.
fetch-depth: 0
- name: Set up JDK
uses: actions/setup-java@v4
with:
java-version: 17
distribution: "zulu"
- uses: actions/setup-node@v4
with:
node-version: "16"
- name: Cache local Maven repository
uses: actions/cache@v4
with:
path: ~/.m2/repository
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
restore-keys: |-
${{ runner.os }}-maven-
- name: Run the verify goal with Maven
run: >-
mvn --batch-mode verify
-pl lib/js -am
timeout-minutes: 5
import:
name: Import lambda
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
# This is required so that git-commit-id-plugin can find the latest tag.
fetch-depth: 0
- name: Set up JDK
uses: actions/setup-java@v4
with:
java-version: 17
distribution: "zulu"
- uses: actions/setup-node@v4
with:
node-version: "16"
- name: Cache local Maven repository
uses: actions/cache@v4
with:
path: ~/.m2/repository
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
restore-keys: |-
${{ runner.os }}-maven-
- name: Run the verify goal with Maven
run: |
mvn --batch-mode verify \
-pl lib/import -am
timeout-minutes: 5
- name: Upload import lambda
uses: actions/upload-artifact@v4
with:
name: import-lambda
path: lib/import/target/pathling-import-lambda.zip
python-api:
name: Python API
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
# This is required so that git-commit-id-plugin can find the latest tag.
fetch-depth: 0
- name: Set up JDK
uses: actions/setup-java@v4
with:
java-version: 17
distribution: "zulu"
- name: Cache local Maven repository
uses: actions/cache@v4
with:
path: ~/.m2/repository
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
restore-keys: |-
${{ runner.os }}-maven-
- name: Set up Python 3.8
uses: actions/setup-python@v4
id: pythoninstall
with:
python-version: 3.8
- name: Cache Python packages
uses: actions/cache@v4
id: pythoncache
with:
path: /home/runner/.cache/pip
key: ${{ runner.os }}-pip-${{ hashFiles('lib/python/requirements/dev.txt', 'lib/python/requirements/package.txt') }}
- name: Run the install goal with Maven
env:
# If the actor is not Dependabot, we ignore test failures and rely upon the Surefire
# report action to report them.
PATHLING_OPTS: >-
-DskipEncodersTests
-DskipUtilitiesTests
-DskipTerminologyTests
-DskipFhirPathTests
${{ github.actor == 'dependabot[bot]' && '' || '-Dmaven.test.failure.ignore' }}
PYSPARK_PYTHON: ${{ steps.pythoninstall.outputs.python-path }}
PYSPARK_DRIVER_PYTHON: ${{ steps.pythoninstall.outputs.python-path }}
run: >-
mvn --batch-mode install
-pl lib/python -am
${{ env.PATHLING_OPTS }}
timeout-minutes: 30
- name: Upload library API test reports
uses: actions/upload-artifact@v4
with:
name: library-api-surefire-reports
path: library-api/target/surefire-reports
- name: Upload library API test coverage report
uses: actions/upload-artifact@v4
with:
name: library-api-coverage
path: "**/jacoco.xml"
- name: Upload Python API test coverage report
uses: actions/upload-artifact@v4
with:
name: python-api-coverage
path: lib/python/**/coverage.xml
R-api:
name: R API
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
# This is required so that git-commit-id-plugin can find the latest tag.
fetch-depth: 0
- name: Set up JDK
uses: actions/setup-java@v4
with:
java-version: 17
distribution: "zulu"
- name: Cache local Maven repository
uses: actions/cache@v4
with:
path: ~/.m2/repository
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
restore-keys: |-
${{ runner.os }}-maven-
- name: Cache R packages
uses: actions/cache@v2
with:
path: ${{ runner.temp }}/Library
key: r-packages-${{ runner.os }}-${{ hashFiles('lib/R/DESCRIPTION.src') }}
restore-keys: r-packages-${{ runner.os }}-
- name: Extract Spark version
working-directory: lib/R
run: echo "SPARK_VERSION=$(mvn help:evaluate -Dexpression=pathling.Rapi.sparkVersion -q -DforceStdout)" >> $GITHUB_ENV
- name: Extract Hadoop version
working-directory: lib/R
run: echo "HADOOP_VERSION=$(mvn help:evaluate -Dexpression=pathling.Rapi.hadoopMajorVersion -q -DforceStdout)" >> $GITHUB_ENV
- name: Cache Spark
id: cache-spark
uses: actions/cache@v2
with:
path: /home/runner/spark/spark-${{ env.SPARK_VERSION }}-bin-hadoop${{ env.HADOOP_VERSION }}
key: spark-${{ env.SPARK_VERSION }}-bin-hadoop${{ env.HADOOP_VERSION }}
- name: Install Pandoc
uses: r-lib/actions/setup-pandoc@v2
- name: Install R
uses: r-lib/actions/setup-r@v2
with:
r-version: "4.1.3"
use-public-rspm: true
- name: Install texlive and libcurl
run: sudo apt-get install -y texlive-latex-base texlive-fonts-extra libcurl4-openssl-dev
- name: Run the install goal with Maven
env:
# If the actor is not Dependabot, we ignore test failures and rely upon the Surefire
# report action to report them.
R_KEEP_PKG_SOURCE: yes
PATHLING_OPTS: >-
-DskipEncodersTests
-DskipUtilitiesTests
-DskipTerminologyTests
-DskipFhirPathTests
-DskipLibraryApiTests
${{ github.actor == 'dependabot[bot]' && '' || '-Dmaven.test.failure.ignore' }}
run: >-
mvn --batch-mode install
-pl lib/R -am -Pdocs
${{ env.PATHLING_OPTS }}
timeout-minutes: 60
- name: Upload check logs
uses: actions/upload-artifact@v2
if: always()
with:
name: r-check-logs
path: |
lib/R/target/pathling.Rcheck/*.log
lib/R/target/pathling.Rcheck/*.out
lib/R/target/pathling.Rcheck/*.fail
- name: Upload package as artifact
uses: actions/upload-artifact@v2
with:
name: r-package
path: lib/R/target/pathling_*.tar.gz
site:
name: Site
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
# This is required so that git-commit-id-plugin can find the latest tag.
fetch-depth: 0
- name: Set up JDK
uses: actions/setup-java@v4
with:
java-version: 17
distribution: "zulu"
- name: Set up Helm
uses: azure/setup-helm@v3
with:
version: 3.13.2
- uses: actions/setup-node@v4
with:
node-version: "16"
- name: Cache local Maven repository
uses: actions/cache@v4
with:
path: ~/.m2/repository
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
restore-keys: |-
${{ runner.os }}-maven-
- name: Cache R packages
uses: actions/cache@v2
with:
path: ${{ runner.temp }}/Library
key: r-packages-${{ runner.os }}-${{ hashFiles('lib/R/DESCRIPTION.src') }}
restore-keys: r-packages-${{ runner.os }}-
- name: Extract Spark version
working-directory: lib/R
run: echo "SPARK_VERSION=$(mvn help:evaluate -Dexpression=pathling.Rapi.sparkVersion -q -DforceStdout)" >> $GITHUB_ENV
- name: Extract Hadoop version
working-directory: lib/R
run: echo "HADOOP_VERSION=$(mvn help:evaluate -Dexpression=pathling.Rapi.hadoopMajorVersion -q -DforceStdout)" >> $GITHUB_ENV
- name: Cache Spark
id: cache-spark
uses: actions/cache@v2
with:
path: /home/runner/spark/spark-${{ env.SPARK_VERSION }}-bin-hadoop${{ env.HADOOP_VERSION }}
key: spark-${{ env.SPARK_VERSION }}-bin-hadoop${{ env.HADOOP_VERSION }}
- name: Install Pandoc
uses: r-lib/actions/setup-pandoc@v2
- name: Install R
uses: r-lib/actions/setup-r@v2
with:
r-version: "4.1.3"
use-public-rspm: true
- name: Install texlive and libcurl
run: sudo apt-get install -y texlive-latex-base texlive-fonts-extra libcurl4-openssl-dev
- name: Run the verify goal with Maven
env:
R_KEEP_PKG_SOURCE: yes
run: >-
mvn --batch-mode verify
-pl site -am
-Pdocs
-DskipTests
timeout-minutes: 45
upload-coverage:
name: Upload coverage
runs-on: ubuntu-latest
needs: [ encoders, fhir-server-1, fhir-server-2, fhir-server-3, python-api ]
if: github.actor != 'dependabot[bot]'
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Download encoders coverage report
uses: actions/download-artifact@v4
with:
name: encoders-coverage
path: encoders-coverage
- name: Download library API coverage report
uses: actions/download-artifact@v4
with:
name: library-api-coverage
path: library-api-coverage
- name: Download Python API coverage report
uses: actions/download-artifact@v4
with:
name: python-api-coverage
path: python-api-coverage
- name: Download FHIR server coverage report 1
uses: actions/download-artifact@v4
with:
name: fhir-server-1-coverage
path: fhir-server-1-coverage
- name: Download FHIR server coverage report 2
uses: actions/download-artifact@v4
with:
name: fhir-server-2-coverage
path: fhir-server-2-coverage
- name: Download FHIR server coverage report 3
uses: actions/download-artifact@v4
with:
name: fhir-server-3-coverage
path: fhir-server-3-coverage
- name: Upload coverage to Codecov
uses: codecov/codecov-action@v2
deploy-pre-release:
name: Pre-release deployment
needs: [ encoders, fhir-server-1, fhir-server-2, fhir-server-3, docker-image ]
runs-on: ubuntu-latest
# If the branch starts with "release/", we deploy pre-release packages.
if: startsWith(github.ref, 'refs/heads/release/')
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
# This is required so that git-commit-id-plugin can find the latest tag.
fetch-depth: 0
- name: Set up JDK
uses: actions/setup-java@v4
with:
java-version: 17
distribution: "zulu"
- name: Cache local Maven repository
uses: actions/cache@v4
with:
path: ~/.m2/repository
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
restore-keys: |
${{ runner.os }}-maven-
- name: Login to Docker Hub
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Install GPG key
run: |
cat <(echo -e "${{ secrets.GPG_KEY }}") | gpg --batch --import
gpg --list-secret-keys --keyid-format LONG
- name: Configure Maven settings
uses: s4u/[email protected]
with:
servers: |
[{
"id": "ossrh",
"username": "${{ secrets.OSSRH_USERNAME }}",
"password": "${{ secrets.OSSRH_PASSWORD }}"
}]
- name: Run the deploy goal with Maven
run: |
TAG=$(echo '${{ github.ref }}' | sed 's/refs\/heads\/release\///')
mvn --batch-mode deploy \
-pl fhir-server,library-api,library-runtime -am \
-PmavenPreRelease,dockerPreRelease,docs \
-Dpathling.fhirServerDockerTag=$TAG \
-DskipTests -DskipScalaDocs \
-Dgpg.passphrase="${{ secrets.GPG_PASSPHRASE }}"
timeout-minutes: 30