wenqiglantz · May 14, 2023 03:29
diff --git a/java-maven-build-test-container-rds.yml b/java-maven-build-test-container-rds.yml
 name: Build and Test workflow for applications accessing RDS in the pipeline

 on:
  workflow_call:
    inputs:
      # pass in environment through manual trigger, if not passed in, default to 'dev'
      env:
        required: true
        type: string
        default: 'dev'
      ...
        
 jobs:

  build:
    name: Build and Test
    runs-on: ubuntu-latest

    # accommodating monorepo, this sets the working directory at the job level, for multi repo, defaults to "."
    defaults:
      run:
        working-directory: ${{ inputs.working-directory }}

    # important to specify environment here, defaults to 'dev', so github ations knows where to retrieve the secrets
    environment: ${{ inputs.env || 'dev' }}

    # Service containers to run with `build`
    services:
      # Label used to access the service container
      postgres:
        # Docker Hub image
        image: postgres
        # Provide env variables for postgres
        env:
          POSTGRES_USER: ${{ vars.POSTGRES_USER }}
          POSTGRES_PASSWORD: ${{ secrets.POSTGRES_PASSWORD }}
          POSTGRES_DATABASE: ${{ vars.POSTGRES_DATABASE }}
          POSTGRES_SCHEMA: ${{ vars.POSTGRES_SCHEMA }}
        # Set health checks to wait until postgres has started
        options: >-
          --health-cmd pg_isready
          --health-interval 10s
          --health-timeout 5s
          --health-retries 5
        ports:
          # Maps tcp port 5432 on service container to the host
          - 5432:5432
          
    # only run this job for auto trigger by PR merge, if manual trigger for other environments than dev,
    # no need to run this job as the image will be pulled and promoted to envs higher than dev
    # also dependabot PRs do not need to run this flow as GitHub prohibits dependabot PRs to access workflows
    # dealing with secrets due to security reason.
    if: (inputs.env == null || inputs.env == 'dev') && github.actor != 'dependabot[bot]'
    steps:
      - name: Harden Runner
        uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969
        with:
          egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs

      - name: Checkout Code
        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab

      - name: Configure AWS credentials
        uses: aws-actions/configure-aws-credentials@e1e17a757e536f70e52b5a12b2e8d1d1c60e04ef
        with:
          role-to-assume: ${{ secrets.ROLE_TO_ASSUME }}
          aws-region: ${{ secrets.AWS_REGION }}

      - name: Setup jdk
        uses: actions/setup-java@de1bb2b0c5634f0fc4438d7aa9944e68f9bf86cc
        with:
          java-version: 17
          distribution: 'adopt'
          cache: maven

      - name: Connect to PostgreSQL
        # Runs a script that creates PostgreSQL schema, tables, populates the table with data
        run: |
          echo "verify that the database is running"
          ps -ef | grep postgres
          
          echo "notice how the postgres service runs as container that is separated from the workflow runtime environment"
          docker ps
          
          echo "Confirm that connectivity to the postgres service is working"
          psql -e -U $POSTGRES_USER -c "SELECT version();"
          psql -e -U $POSTGRES_USER -c "SELECT current_user;"
          psql -e -U $POSTGRES_USER -c "SELECT current_schema;"
          
          echo "creating database"
          createdb -U $POSTGRES_USER $POSTGRES_DATABASE
          
          cd $GITHUB_WORKSPACE
          echo "execute rds init script to create tables and populate seed data"
          psql -e -U $POSTGRES_USER -f $RDS_INIT_FILE

          psql -e -U $POSTGRES_USER -c "SELECT current_user;"
          psql -e -U $POSTGRES_USER -c "SELECT current_schema;"

        # Environment variables used by the script to populate the db.
        env:
          # The hostname used to communicate with the PostgreSQL service container
          PGHOST: localhost
          PGPORT: 5432
          POSTGRES_USER: ${{ vars.POSTGRES_USER }}
          PGPASSWORD: ${{ secrets.POSTGRES_PASSWORD }}
          POSTGRES_DATABASE: ${{ vars.POSTGRES_DATABASE }}
          POSTGRES_SCHEMA: ${{ vars.POSTGRES_SCHEMA }}
          RDS_INIT_FILE: ${{ inputs.rds-init-file }}
          
      - name: Set project version as environment variable and build with maven
        env:
          INSTALL_PRIVATE_LIB: ${{ inputs.install-private-lib }}
          PAT: ${{ secrets.NPM_TOKEN }}
        run: |          
          if [[ "$INSTALL_PRIVATE_LIB" == true ]]; then
            echo "PROJECT_VERSION=$(mvn -s $GITHUB_WORKSPACE/settings.xml help:evaluate -Dexpression=project.version -q -DforceStdout)" >> $GITHUB_ENV
            mvn -s $GITHUB_WORKSPACE/settings.xml clean install ${{ inputs.maven-params }} -B --file pom.xml            
          else
            echo "PROJECT_VERSION=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)" >> $GITHUB_ENV
            mvn clean install ${{ inputs.maven-params }} -B --file pom.xml
          fi
       ...
	name: Build and Test workflow for applications accessing RDS in the pipeline

	on:
	workflow_call:
	inputs:
	# pass in environment through manual trigger, if not passed in, default to 'dev'
	env:
	required: true
	type: string
	default: 'dev'
	...

	jobs:

	build:
	name: Build and Test
	runs-on: ubuntu-latest

	# accommodating monorepo, this sets the working directory at the job level, for multi repo, defaults to "."
	defaults:
	run:
	working-directory: ${{ inputs.working-directory }}

	# important to specify environment here, defaults to 'dev', so github ations knows where to retrieve the secrets
	environment: ${{ inputs.env \|\| 'dev' }}

	# Service containers to run with `build`
	services:
	# Label used to access the service container
	postgres:
	# Docker Hub image
	image: postgres
	# Provide env variables for postgres
	env:
	POSTGRES_USER: ${{ vars.POSTGRES_USER }}
	POSTGRES_PASSWORD: ${{ secrets.POSTGRES_PASSWORD }}
	POSTGRES_DATABASE: ${{ vars.POSTGRES_DATABASE }}
	POSTGRES_SCHEMA: ${{ vars.POSTGRES_SCHEMA }}
	# Set health checks to wait until postgres has started
	options: >-
	--health-cmd pg_isready
	--health-interval 10s
	--health-timeout 5s
	--health-retries 5
	ports:
	# Maps tcp port 5432 on service container to the host
	- 5432:5432

	# only run this job for auto trigger by PR merge, if manual trigger for other environments than dev,
	# no need to run this job as the image will be pulled and promoted to envs higher than dev
	# also dependabot PRs do not need to run this flow as GitHub prohibits dependabot PRs to access workflows
	# dealing with secrets due to security reason.
	if: (inputs.env == null \|\| inputs.env == 'dev') && github.actor != 'dependabot[bot]'
	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969
	with:
	egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs

	- name: Checkout Code
	uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab

	- name: Configure AWS credentials
	uses: aws-actions/configure-aws-credentials@e1e17a757e536f70e52b5a12b2e8d1d1c60e04ef
	with:
	role-to-assume: ${{ secrets.ROLE_TO_ASSUME }}
	aws-region: ${{ secrets.AWS_REGION }}

	- name: Setup jdk
	uses: actions/setup-java@de1bb2b0c5634f0fc4438d7aa9944e68f9bf86cc
	with:
	java-version: 17
	distribution: 'adopt'
	cache: maven

	- name: Connect to PostgreSQL
	# Runs a script that creates PostgreSQL schema, tables, populates the table with data
	run: \|
	echo "verify that the database is running"
	ps -ef \| grep postgres

	echo "notice how the postgres service runs as container that is separated from the workflow runtime environment"
	docker ps

	echo "Confirm that connectivity to the postgres service is working"
	psql -e -U $POSTGRES_USER -c "SELECT version();"
	psql -e -U $POSTGRES_USER -c "SELECT current_user;"
	psql -e -U $POSTGRES_USER -c "SELECT current_schema;"

	echo "creating database"
	createdb -U $POSTGRES_USER $POSTGRES_DATABASE

	cd $GITHUB_WORKSPACE
	echo "execute rds init script to create tables and populate seed data"
	psql -e -U $POSTGRES_USER -f $RDS_INIT_FILE

	psql -e -U $POSTGRES_USER -c "SELECT current_user;"
	psql -e -U $POSTGRES_USER -c "SELECT current_schema;"

	# Environment variables used by the script to populate the db.
	env:
	# The hostname used to communicate with the PostgreSQL service container
	PGHOST: localhost
	PGPORT: 5432
	POSTGRES_USER: ${{ vars.POSTGRES_USER }}
	PGPASSWORD: ${{ secrets.POSTGRES_PASSWORD }}
	POSTGRES_DATABASE: ${{ vars.POSTGRES_DATABASE }}
	POSTGRES_SCHEMA: ${{ vars.POSTGRES_SCHEMA }}
	RDS_INIT_FILE: ${{ inputs.rds-init-file }}

	- name: Set project version as environment variable and build with maven
	env:
	INSTALL_PRIVATE_LIB: ${{ inputs.install-private-lib }}
	PAT: ${{ secrets.NPM_TOKEN }}
	run: \|
	if [[ "$INSTALL_PRIVATE_LIB" == true ]]; then
	echo "PROJECT_VERSION=$(mvn -s $GITHUB_WORKSPACE/settings.xml help:evaluate -Dexpression=project.version -q -DforceStdout)" >> $GITHUB_ENV
	mvn -s $GITHUB_WORKSPACE/settings.xml clean install ${{ inputs.maven-params }} -B --file pom.xml
	else
	echo "PROJECT_VERSION=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)" >> $GITHUB_ENV
	mvn clean install ${{ inputs.maven-params }} -B --file pom.xml
	fi
	...