fix: Grant temp access only if user in search scope [DHIS2-18784] [2.39] #36993
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Run api tests | |
env: | |
# This is to make sure Maven don't timeout fetching dependencies. See: https://github.com/actions/virtual-environments/issues/1499 | |
MAVEN_OPTS: -Dhttp.keepAlive=false -Dmaven.wagon.http.pool=false -Dmaven.wagon.http.retryHandler.class=standard -Dmaven.wagon.http.retryHandler.count=3 -Dmaven.wagon.httpconnectionManager.ttlSeconds=125 | |
on: | |
push: | |
branches: | |
- master | |
pull_request: | |
concurrency: | |
group: ${{ github.workflow}}-${{ github.ref }} | |
cancel-in-progress: true | |
jobs: | |
api-test: | |
env: | |
# We only publish to Dockerhub on PRs from https://github.com/dhis2/dhis2-core. PRs from forks or dependabot cannot access secrets. | |
DOCKERHUB_PUSH: ${{ github.event_name == 'pull_request' && !github.event.pull_request.head.repo.fork && github.actor != 'dependabot[bot]' }} | |
CORE_IMAGE_NAME: "dhis2/core-pr:${{ github.event_name == 'pull_request' && github.event.number || 'local' }}" | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Set up JDK 11 | |
uses: actions/setup-java@v4 | |
with: | |
java-version: 11 | |
distribution: temurin | |
cache: maven | |
- name: Login to Docker Hub | |
if: ${{ env.DOCKERHUB_PUSH == 'true' }} | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.DHIS2_BOT_DOCKER_HUB_USERNAME }} | |
password: ${{ secrets.DHIS2_BOT_DOCKER_HUB_PASSWORD }} | |
- name: Build war | |
run: | | |
mvn clean install --threads 2C --batch-mode --no-transfer-progress -DskipTests -Dmaven.test.skip=true -f dhis-2/pom.xml -pl -dhis-web-embedded-jetty,-dhis-test-integration,-dhis-test-coverage | |
mvn clean install --threads 2C --batch-mode --no-transfer-progress -DskipTests -Dmaven.test.skip=true -f dhis-2/dhis-web/pom.xml | |
- name: Build container image | |
run: | | |
if [ "$DOCKERHUB_PUSH" = "true" ]; then | |
# build and publish multi-arch images using Jib. Image is used for api tests in | |
# this workflow and can be pulled from Dockerhub by devs to run locally, ... | |
mvn --batch-mode --no-transfer-progress -DskipTests -Dmaven.test.skip=true -f dhis-2/dhis-web/dhis-web-portal/pom.xml jib:build -PjibBuild \ | |
-Djib.to.image=$CORE_IMAGE_NAME -Djib.container.labels=DHIS2_BUILD_REVISION=${{github.event.pull_request.head.sha}},DHIS2_BUILD_BRANCH=${{github.head_ref}} | |
else | |
# only build image for running api tests in this workflow i.e. master, 2.39, ... | |
mvn --batch-mode --no-transfer-progress -DskipTests -Dmaven.test.skip=true -f ./dhis-2/dhis-web/dhis-web-portal/pom.xml jib:dockerBuild \ | |
-Djib.to.image=$CORE_IMAGE_NAME | |
fi | |
- name: Run tests | |
run: | | |
cd dhis-2/dhis-test-e2e | |
DHIS2_IMAGE=$CORE_IMAGE_NAME docker compose -f docker-compose.yml -f docker-compose.e2e.yml up --remove-orphans --exit-code-from test | |
- name: Upload logs | |
if: failure() | |
run: | | |
cd dhis-2/dhis-test-e2e | |
docker compose logs web > ~/logs.txt | |
- uses: actions/upload-artifact@v4 | |
if: failure() | |
with: | |
name: "tomcat_logs" | |
path: '~/logs.txt' |