Connecting the resolving FHIR evaluator to extract query executor imp… #3834
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This workflow will build the software and documentation to ensure there are no errors, and also | |
# execute the tests. | |
# | |
# The FHIR server build is separated into three tranches, to minimise overall build time: | |
# | |
# Tranche 1: ModificationTest, AggregateQueryTest, ExtractTest | |
# Tranche 2: ManifestConverterTest, integration tests | |
# Tranche 3: All other FHIR server tests, tests from utilities and terminology modules | |
# | |
# There are a set of performance benchmarks that run and upload their results to a S3 bucket. | |
# | |
# This workflow also deploys a pre-release version of the software to Docker Hub and Maven Central, | |
# if the branch is a release branch (`release/**`). | |
name: Test | |
on: | |
push: | |
branches-ignore: | |
- gh-pages | |
env: | |
# The add-exports and add-opens flags are required for Java 17 | |
MAVEN_OPTS: --add-exports=java.base/sun.nio.ch=ALL-UNNAMED --add-opens=java.base/java.net=ALL-UNNAMED | |
jobs: | |
encoders: | |
name: Encoders | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
with: | |
# This is required so that git-commit-id-plugin can find the latest tag. | |
fetch-depth: 0 | |
- name: Set up JDK | |
uses: actions/setup-java@v4 | |
with: | |
java-version: 17 | |
distribution: "zulu" | |
- name: Cache local Maven repository | |
uses: actions/cache@v4 | |
with: | |
path: ~/.m2/repository | |
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} | |
restore-keys: |- | |
${{ runner.os }}-maven- | |
- name: Run the verify goal with Maven | |
env: | |
# If the actor is not Dependabot, we ignore test failures and rely upon the Surefire | |
# report action to report them. | |
PATHLING_OPTS: ${{ github.actor == 'dependabot[bot]' && '' || '-Dmaven.test.failure.ignore' }} | |
run: >- | |
mvn --batch-mode verify | |
-pl encoders -am | |
${{ env.PATHLING_OPTS }} | |
timeout-minutes: 20 | |
- name: Upload encoders test reports | |
uses: actions/upload-artifact@v4 | |
with: | |
name: encoders-surefire-reports | |
path: encoders/target/surefire-reports | |
- name: Upload test coverage report | |
uses: actions/upload-artifact@v4 | |
with: | |
name: encoders-coverage | |
path: "**/jacoco.xml" | |
- name: Upload dump files | |
uses: actions/upload-artifact@v4 | |
with: | |
name: encoders-dump-files | |
path: |- | |
**/*.dump | |
**/*.dumpstream | |
- name: Publish test results | |
# If the actor is Dependabot, we need to avoid anything that requires access to secrets. | |
if: github.actor != 'dependabot[bot]' | |
uses: scacap/action-surefire-report@v1 | |
with: | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
check_name: Encoders test report | |
fail_on_test_failures: true | |
fhir-server-1: | |
name: FHIR server (tranche 1) | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
with: | |
# This is required so that git-commit-id-plugin can find the latest tag. | |
fetch-depth: 0 | |
- name: Set up JDK | |
uses: actions/setup-java@v4 | |
with: | |
java-version: 17 | |
distribution: "zulu" | |
- name: Cache local Maven repository | |
uses: actions/cache@v4 | |
with: | |
path: ~/.m2/repository | |
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} | |
restore-keys: |- | |
${{ runner.os }}-maven- | |
- name: Cache test data | |
id: cache-test-data | |
uses: actions/cache@v4 | |
with: | |
path: fhir-server/src/test/resources/test-data/parquet | |
key: ${{ runner.os }}-test-data-${{ hashFiles('fhir-server/src/test/resources/test-data/fhir/*.ndjson', 'encoders/src/main/**/*.java', 'encoders/src/main/**/*.scala', 'fhir-server/src/main/java/au/csiro/pathling/io/Database.java') }} | |
- name: Run the verify goal with Maven | |
env: | |
# Activate the "tranche 1" test profile. If there is a cache hit on the test data, we | |
# don't need to import it. | |
PATHLING_PROFILES: testTranche1${{ steps.cache-test-data.outputs.cache-hit && ',!importTestData' || '' }} | |
# If the actor is not Dependabot, we ignore test failures and rely upon the Surefire | |
# report action to report them. | |
PATHLING_OPTS: >- | |
-DskipEncodersTests | |
-DskipUtilitiesTests | |
-DskipTerminologyTests | |
-DskipFhirPathTests | |
${{ github.actor == 'dependabot[bot]' && '' || '-Dmaven.test.failure.ignore' }} | |
run: >- | |
mvn --batch-mode verify | |
-pl fhir-server -am | |
-P${{ env.PATHLING_PROFILES }} | |
${{ env.PATHLING_OPTS }} | |
timeout-minutes: 30 | |
- name: Upload fhir-server test reports | |
uses: actions/upload-artifact@v4 | |
with: | |
name: fhir-server-1-surefire-reports | |
path: fhir-server/target/surefire-reports | |
- name: Upload test coverage report | |
uses: actions/upload-artifact@v4 | |
with: | |
name: fhir-server-1-coverage | |
path: "**/jacoco.xml" | |
- name: Upload timing log | |
uses: actions/upload-artifact@v4 | |
with: | |
name: fhir-server-1-timing-log | |
path: fhir-server/target/timing.log | |
- name: Upload dump files | |
uses: actions/upload-artifact@v4 | |
with: | |
name: fhir-server-1-dump-files | |
path: |- | |
**/*.dump | |
**/*.dumpstream | |
- name: Publish test results | |
# If the actor is Dependabot, we need to avoid anything that requires access to secrets. | |
if: github.actor != 'dependabot[bot]' | |
uses: scacap/action-surefire-report@v1 | |
with: | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
check_name: FHIR server test report 1 | |
fail_on_test_failures: true | |
fhir-server-2: | |
name: FHIR server (tranche 2) | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
with: | |
# This is required so that git-commit-id-plugin can find the latest tag. | |
fetch-depth: 0 | |
- name: Set up JDK | |
uses: actions/setup-java@v4 | |
with: | |
java-version: 17 | |
distribution: "zulu" | |
- name: Cache local Maven repository | |
uses: actions/cache@v4 | |
with: | |
path: ~/.m2/repository | |
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} | |
restore-keys: |- | |
${{ runner.os }}-maven- | |
- name: Cache test data | |
id: cache-test-data | |
uses: actions/cache@v4 | |
with: | |
path: fhir-server/src/test/resources/test-data/parquet | |
key: ${{ runner.os }}-test-data-${{ hashFiles('fhir-server/src/test/resources/test-data/fhir/*.ndjson', 'encoders/src/main/**/*.java', 'encoders/src/main/**/*.scala', 'fhir-server/src/main/java/au/csiro/pathling/io/Database.java') }} | |
- name: Run the verify goal with Maven | |
env: | |
# Activate the "tranche 2" test profile. If there is a cache hit on the test data, we | |
# don't need to import it. | |
PATHLING_PROFILES: testTranche2${{ steps.cache-test-data.outputs.cache-hit && ',!importTestData' || '' }} | |
# If the actor is not Dependabot, we ignore test failures and rely upon the Surefire | |
# report action to report them. | |
PATHLING_OPTS: >- | |
-DskipEncodersTests | |
-DskipUtilitiesTests | |
-DskipTerminologyTests | |
-DskipFhirPathTests | |
${{ github.actor == 'dependabot[bot]' && '' || '-Dmaven.test.failure.ignore' }} | |
run: >- | |
mvn --batch-mode verify | |
-pl fhir-server -am | |
-P${{ env.PATHLING_PROFILES }} | |
${{ env.PATHLING_OPTS }} | |
timeout-minutes: 30 | |
- name: Upload fhir-server test reports | |
uses: actions/upload-artifact@v4 | |
with: | |
name: fhir-server-2-surefire-reports | |
path: fhir-server/target/surefire-reports | |
- name: Upload test coverage report | |
uses: actions/upload-artifact@v4 | |
with: | |
name: fhir-server-2-coverage | |
path: "**/jacoco.xml" | |
- name: Upload timing log | |
uses: actions/upload-artifact@v4 | |
with: | |
name: fhir-server-2-timing-log | |
path: fhir-server/target/timing.log | |
- name: Upload dump files | |
uses: actions/upload-artifact@v4 | |
with: | |
name: fhir-server-2-dump-files | |
path: |- | |
**/*.dump | |
**/*.dumpstream | |
- name: Publish test results | |
# If the actor is Dependabot, we need to avoid anything that requires access to secrets. | |
if: github.actor != 'dependabot[bot]' | |
uses: scacap/action-surefire-report@v1 | |
with: | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
check_name: FHIR server test report 2 | |
fail_on_test_failures: true | |
# This job builds the FHIR server, and runs all tests that do not fall into tranches 1 or 2. | |
fhir-server-3: | |
name: FHIR server (tranche 3) | |
runs-on: ubuntu-latest | |
steps: | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v1 | |
with: | |
role-to-assume: arn:aws:iam::865780493209:role/PathlingBenchmarkUpload | |
aws-region: ap-southeast-2 | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
with: | |
# This is required so that git-commit-id-plugin can find the latest tag. | |
fetch-depth: 0 | |
- name: Set up JDK | |
uses: actions/setup-java@v4 | |
with: | |
java-version: 17 | |
distribution: "zulu" | |
- name: Cache local Maven repository | |
uses: actions/cache@v4 | |
with: | |
path: ~/.m2/repository | |
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} | |
restore-keys: |- | |
${{ runner.os }}-maven- | |
- name: Cache test data | |
id: cache-test-data | |
uses: actions/cache@v4 | |
with: | |
path: fhir-server/src/test/resources/test-data/parquet | |
key: ${{ runner.os }}-test-data-${{ hashFiles('fhir-server/src/test/resources/test-data/fhir/*.ndjson', 'encoders/src/main/**/*.java', 'encoders/src/main/**/*.scala', 'fhir-server/src/main/java/au/csiro/pathling/io/Database.java') }} | |
- name: Run the verify goal with Maven | |
env: | |
# Activate the "tranche 3" test profile. If there is a cache hit on the test data, we | |
# don't need to import it. | |
PATHLING_PROFILES: testTranche3${{ steps.cache-test-data.outputs.cache-hit && ',!importTestData' || '' }} | |
# If the actor is not Dependabot, we ignore test failures and rely upon the Surefire | |
# report action to report them. | |
PATHLING_OPTS: >- | |
-DskipEncodersTests | |
${{ github.actor == 'dependabot[bot]' && '' || '-Dmaven.test.failure.ignore' }} | |
run: >- | |
mvn --batch-mode verify | |
-pl fhir-server -am | |
-P${{ env.PATHLING_PROFILES }} | |
${{ env.PATHLING_OPTS }} | |
timeout-minutes: 30 | |
- name: Upload utilities test reports | |
uses: actions/upload-artifact@v4 | |
with: | |
name: utilities-surefire-reports | |
path: utilities/target/surefire-reports | |
- name: Upload terminology test reports | |
uses: actions/upload-artifact@v4 | |
with: | |
name: terminology-surefire-reports | |
path: terminology/target/surefire-reports | |
- name: Upload FHIRPath test reports | |
uses: actions/upload-artifact@v4 | |
with: | |
name: fhirpath-surefire-reports | |
path: fhirpath/target/surefire-reports | |
- name: Upload FHIR server test reports | |
uses: actions/upload-artifact@v4 | |
with: | |
name: fhir-server-3-surefire-reports | |
path: fhir-server/target/surefire-reports | |
- name: Upload FHIR server test coverage report | |
uses: actions/upload-artifact@v4 | |
with: | |
name: fhir-server-3-coverage | |
path: "**/jacoco.xml" | |
- name: Upload timing log | |
uses: actions/upload-artifact@v4 | |
with: | |
name: fhir-server-3-timing-log | |
path: fhir-server/target/timing.log | |
- name: Upload dump files | |
uses: actions/upload-artifact@v4 | |
with: | |
name: fhir-server-3-dump-files | |
path: |- | |
**/*.dump | |
**/*.dumpstream | |
- name: Publish test results | |
# If the actor is Dependabot, we need to avoid anything that requires access to secrets. | |
if: github.actor != 'dependabot[bot]' | |
uses: scacap/action-surefire-report@v1 | |
with: | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
check_name: FHIR server test report 3 | |
fail_on_test_failures: true | |
- name: Upload SQL on FHIR test report to S3 | |
run: aws s3 cp fhirpath/target/fhir-view-compliance-test.json s3://pathling-benchmark/test-reports/${{ github.ref }}/sof-test-results.json | |
# This job builds, tests and scans the FHIR server Docker image. | |
docker-image: | |
name: Docker image | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
with: | |
# This is required so that git-commit-id-plugin can find the latest tag. | |
fetch-depth: 0 | |
- name: Set up JDK | |
uses: actions/setup-java@v4 | |
with: | |
java-version: 17 | |
distribution: "zulu" | |
- name: Cache local Maven repository | |
uses: actions/cache@v4 | |
with: | |
path: ~/.m2/repository | |
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} | |
restore-keys: |- | |
${{ runner.os }}-maven- | |
- name: Run the verify goal with Maven | |
if: github.actor == 'dependabot[bot]' | |
env: | |
# If the actor is Dependabot we skip the system test, as it requires access to secrets. | |
PATHLING_OPTS: >- | |
-DskipSurefireTests | |
-DskipITs | |
-Dpathling.dockerArchitecture=amd64 | |
run: >- | |
mvn --batch-mode verify | |
-pl fhir-server -am | |
-Pdocker,!importTestData | |
${{ env.PATHLING_OPTS }} | |
timeout-minutes: 15 | |
- name: Run the verify goal with Maven | |
if: github.actor != 'dependabot[bot]' | |
env: | |
PATHLING_OPTS: >- | |
-DskipSurefireTests | |
-Dmaven.test.failure.ignore | |
-Dpathling.dockerArchitecture=amd64 | |
-Dpathling.systemTest.auth.clientSecret=${{ secrets.TEST_CLIENT_SECRET }} | |
run: >- | |
mvn --batch-mode verify | |
-pl fhir-server -am | |
-Pdocker,!importTestData | |
${{ env.PATHLING_OPTS }} | |
timeout-minutes: 15 | |
- name: Scan Docker image for vulnerabilities | |
uses: aquasecurity/trivy-action@master | |
env: | |
TRIVY_OFFLINE_SCAN: true | |
with: | |
image-ref: "aehrc/pathling:${{ github.sha }}" | |
exit-code: "1" | |
ignore-unfixed: true | |
scanners: "vuln" | |
severity: CRITICAL | |
timeout: 20m | |
- name: Publish test results | |
# If the actor is Dependabot, we need to avoid anything that requires access to secrets. | |
if: github.actor != 'dependabot[bot]' | |
uses: scacap/action-surefire-report@v1 | |
with: | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
check_name: Docker image test report | |
fail_on_test_failures: true | |
js-client: | |
name: JavaScript client | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
with: | |
# This is required so that git-commit-id-plugin can find the latest tag. | |
fetch-depth: 0 | |
- name: Set up JDK | |
uses: actions/setup-java@v4 | |
with: | |
java-version: 17 | |
distribution: "zulu" | |
- uses: actions/setup-node@v4 | |
with: | |
node-version: "16" | |
- name: Cache local Maven repository | |
uses: actions/cache@v4 | |
with: | |
path: ~/.m2/repository | |
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} | |
restore-keys: |- | |
${{ runner.os }}-maven- | |
- name: Run the verify goal with Maven | |
run: >- | |
mvn --batch-mode verify | |
-pl lib/js -am | |
timeout-minutes: 5 | |
import: | |
name: Import lambda | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
with: | |
# This is required so that git-commit-id-plugin can find the latest tag. | |
fetch-depth: 0 | |
- name: Set up JDK | |
uses: actions/setup-java@v4 | |
with: | |
java-version: 17 | |
distribution: "zulu" | |
- uses: actions/setup-node@v4 | |
with: | |
node-version: "16" | |
- name: Cache local Maven repository | |
uses: actions/cache@v4 | |
with: | |
path: ~/.m2/repository | |
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} | |
restore-keys: |- | |
${{ runner.os }}-maven- | |
- name: Run the verify goal with Maven | |
run: | | |
mvn --batch-mode verify \ | |
-pl lib/import -am | |
timeout-minutes: 5 | |
- name: Upload import lambda | |
uses: actions/upload-artifact@v4 | |
with: | |
name: import-lambda | |
path: lib/import/target/pathling-import-lambda.zip | |
python-api: | |
name: Python API | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
with: | |
# This is required so that git-commit-id-plugin can find the latest tag. | |
fetch-depth: 0 | |
- name: Set up JDK | |
uses: actions/setup-java@v4 | |
with: | |
java-version: 17 | |
distribution: "zulu" | |
- name: Cache local Maven repository | |
uses: actions/cache@v4 | |
with: | |
path: ~/.m2/repository | |
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} | |
restore-keys: |- | |
${{ runner.os }}-maven- | |
- name: Set up Python 3.8 | |
uses: actions/setup-python@v4 | |
id: pythoninstall | |
with: | |
python-version: 3.8 | |
- name: Cache Python packages | |
uses: actions/cache@v4 | |
id: pythoncache | |
with: | |
path: /home/runner/.cache/pip | |
key: ${{ runner.os }}-pip-${{ hashFiles('lib/python/requirements/dev.txt', 'lib/python/requirements/package.txt') }} | |
- name: Run the install goal with Maven | |
env: | |
# If the actor is not Dependabot, we ignore test failures and rely upon the Surefire | |
# report action to report them. | |
PATHLING_OPTS: >- | |
-DskipEncodersTests | |
-DskipUtilitiesTests | |
-DskipTerminologyTests | |
-DskipFhirPathTests | |
${{ github.actor == 'dependabot[bot]' && '' || '-Dmaven.test.failure.ignore' }} | |
PYSPARK_PYTHON: ${{ steps.pythoninstall.outputs.python-path }} | |
PYSPARK_DRIVER_PYTHON: ${{ steps.pythoninstall.outputs.python-path }} | |
run: >- | |
mvn --batch-mode install | |
-pl lib/python -am | |
${{ env.PATHLING_OPTS }} | |
timeout-minutes: 30 | |
- name: Upload library API test reports | |
uses: actions/upload-artifact@v4 | |
with: | |
name: library-api-surefire-reports | |
path: library-api/target/surefire-reports | |
- name: Upload library API test coverage report | |
uses: actions/upload-artifact@v4 | |
with: | |
name: library-api-coverage | |
path: "**/jacoco.xml" | |
- name: Upload Python API test coverage report | |
uses: actions/upload-artifact@v4 | |
with: | |
name: python-api-coverage | |
path: lib/python/**/coverage.xml | |
R-api: | |
name: R API | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
with: | |
# This is required so that git-commit-id-plugin can find the latest tag. | |
fetch-depth: 0 | |
- name: Set up JDK | |
uses: actions/setup-java@v4 | |
with: | |
java-version: 17 | |
distribution: "zulu" | |
- name: Cache local Maven repository | |
uses: actions/cache@v4 | |
with: | |
path: ~/.m2/repository | |
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} | |
restore-keys: |- | |
${{ runner.os }}-maven- | |
- name: Cache R packages | |
uses: actions/cache@v2 | |
with: | |
path: ${{ runner.temp }}/Library | |
key: r-packages-${{ runner.os }}-${{ hashFiles('lib/R/DESCRIPTION.src') }} | |
restore-keys: r-packages-${{ runner.os }}- | |
- name: Extract Spark version | |
working-directory: lib/R | |
run: echo "SPARK_VERSION=$(mvn help:evaluate -Dexpression=pathling.Rapi.sparkVersion -q -DforceStdout)" >> $GITHUB_ENV | |
- name: Extract Hadoop version | |
working-directory: lib/R | |
run: echo "HADOOP_VERSION=$(mvn help:evaluate -Dexpression=pathling.Rapi.hadoopMajorVersion -q -DforceStdout)" >> $GITHUB_ENV | |
- name: Cache Spark | |
id: cache-spark | |
uses: actions/cache@v2 | |
with: | |
path: /home/runner/spark/spark-${{ env.SPARK_VERSION }}-bin-hadoop${{ env.HADOOP_VERSION }} | |
key: spark-${{ env.SPARK_VERSION }}-bin-hadoop${{ env.HADOOP_VERSION }} | |
- name: Install Pandoc | |
uses: r-lib/actions/setup-pandoc@v2 | |
- name: Install R | |
uses: r-lib/actions/setup-r@v2 | |
with: | |
r-version: "4.1.3" | |
use-public-rspm: true | |
- name: Install texlive and libcurl | |
run: sudo apt-get install -y texlive-latex-base texlive-fonts-extra libcurl4-openssl-dev | |
- name: Run the install goal with Maven | |
env: | |
# If the actor is not Dependabot, we ignore test failures and rely upon the Surefire | |
# report action to report them. | |
R_KEEP_PKG_SOURCE: yes | |
PATHLING_OPTS: >- | |
-DskipEncodersTests | |
-DskipUtilitiesTests | |
-DskipTerminologyTests | |
-DskipFhirPathTests | |
-DskipLibraryApiTests | |
${{ github.actor == 'dependabot[bot]' && '' || '-Dmaven.test.failure.ignore' }} | |
run: >- | |
mvn --batch-mode install | |
-pl lib/R -am -Pdocs | |
${{ env.PATHLING_OPTS }} | |
timeout-minutes: 60 | |
- name: Upload check logs | |
uses: actions/upload-artifact@v2 | |
if: always() | |
with: | |
name: r-check-logs | |
path: | | |
lib/R/target/pathling.Rcheck/*.log | |
lib/R/target/pathling.Rcheck/*.out | |
lib/R/target/pathling.Rcheck/*.fail | |
- name: Upload package as artifact | |
uses: actions/upload-artifact@v2 | |
with: | |
name: r-package | |
path: lib/R/target/pathling_*.tar.gz | |
site: | |
name: Site | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
with: | |
# This is required so that git-commit-id-plugin can find the latest tag. | |
fetch-depth: 0 | |
- name: Set up JDK | |
uses: actions/setup-java@v4 | |
with: | |
java-version: 17 | |
distribution: "zulu" | |
- name: Set up Helm | |
uses: azure/setup-helm@v3 | |
with: | |
version: 3.13.2 | |
- uses: actions/setup-node@v4 | |
with: | |
node-version: "16" | |
- name: Cache local Maven repository | |
uses: actions/cache@v4 | |
with: | |
path: ~/.m2/repository | |
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} | |
restore-keys: |- | |
${{ runner.os }}-maven- | |
- name: Cache R packages | |
uses: actions/cache@v2 | |
with: | |
path: ${{ runner.temp }}/Library | |
key: r-packages-${{ runner.os }}-${{ hashFiles('lib/R/DESCRIPTION.src') }} | |
restore-keys: r-packages-${{ runner.os }}- | |
- name: Extract Spark version | |
working-directory: lib/R | |
run: echo "SPARK_VERSION=$(mvn help:evaluate -Dexpression=pathling.Rapi.sparkVersion -q -DforceStdout)" >> $GITHUB_ENV | |
- name: Extract Hadoop version | |
working-directory: lib/R | |
run: echo "HADOOP_VERSION=$(mvn help:evaluate -Dexpression=pathling.Rapi.hadoopMajorVersion -q -DforceStdout)" >> $GITHUB_ENV | |
- name: Cache Spark | |
id: cache-spark | |
uses: actions/cache@v2 | |
with: | |
path: /home/runner/spark/spark-${{ env.SPARK_VERSION }}-bin-hadoop${{ env.HADOOP_VERSION }} | |
key: spark-${{ env.SPARK_VERSION }}-bin-hadoop${{ env.HADOOP_VERSION }} | |
- name: Install Pandoc | |
uses: r-lib/actions/setup-pandoc@v2 | |
- name: Install R | |
uses: r-lib/actions/setup-r@v2 | |
with: | |
r-version: "4.1.3" | |
use-public-rspm: true | |
- name: Install texlive and libcurl | |
run: sudo apt-get install -y texlive-latex-base texlive-fonts-extra libcurl4-openssl-dev | |
- name: Run the verify goal with Maven | |
env: | |
R_KEEP_PKG_SOURCE: yes | |
run: >- | |
mvn --batch-mode verify | |
-pl site -am | |
-Pdocs | |
-DskipTests | |
timeout-minutes: 45 | |
upload-coverage: | |
name: Upload coverage | |
runs-on: ubuntu-latest | |
needs: [ encoders, fhir-server-1, fhir-server-2, fhir-server-3, python-api ] | |
if: github.actor != 'dependabot[bot]' | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Download encoders coverage report | |
uses: actions/download-artifact@v4 | |
with: | |
name: encoders-coverage | |
path: encoders-coverage | |
- name: Download library API coverage report | |
uses: actions/download-artifact@v4 | |
with: | |
name: library-api-coverage | |
path: library-api-coverage | |
- name: Download Python API coverage report | |
uses: actions/download-artifact@v4 | |
with: | |
name: python-api-coverage | |
path: python-api-coverage | |
- name: Download FHIR server coverage report 1 | |
uses: actions/download-artifact@v4 | |
with: | |
name: fhir-server-1-coverage | |
path: fhir-server-1-coverage | |
- name: Download FHIR server coverage report 2 | |
uses: actions/download-artifact@v4 | |
with: | |
name: fhir-server-2-coverage | |
path: fhir-server-2-coverage | |
- name: Download FHIR server coverage report 3 | |
uses: actions/download-artifact@v4 | |
with: | |
name: fhir-server-3-coverage | |
path: fhir-server-3-coverage | |
- name: Upload coverage to Codecov | |
uses: codecov/codecov-action@v2 | |
deploy-pre-release: | |
name: Pre-release deployment | |
needs: [ encoders, fhir-server-1, fhir-server-2, fhir-server-3, docker-image ] | |
runs-on: ubuntu-latest | |
# If the branch starts with "release/", we deploy pre-release packages. | |
if: startsWith(github.ref, 'refs/heads/release/') | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
with: | |
# This is required so that git-commit-id-plugin can find the latest tag. | |
fetch-depth: 0 | |
- name: Set up JDK | |
uses: actions/setup-java@v4 | |
with: | |
java-version: 17 | |
distribution: "zulu" | |
- name: Cache local Maven repository | |
uses: actions/cache@v4 | |
with: | |
path: ~/.m2/repository | |
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} | |
restore-keys: | | |
${{ runner.os }}-maven- | |
- name: Login to Docker Hub | |
uses: docker/login-action@v1 | |
with: | |
username: ${{ secrets.DOCKER_USERNAME }} | |
password: ${{ secrets.DOCKER_PASSWORD }} | |
- name: Install GPG key | |
run: | | |
cat <(echo -e "${{ secrets.GPG_KEY }}") | gpg --batch --import | |
gpg --list-secret-keys --keyid-format LONG | |
- name: Configure Maven settings | |
uses: s4u/[email protected] | |
with: | |
servers: | | |
[{ | |
"id": "ossrh", | |
"username": "${{ secrets.OSSRH_USERNAME }}", | |
"password": "${{ secrets.OSSRH_PASSWORD }}" | |
}] | |
- name: Run the deploy goal with Maven | |
run: | | |
TAG=$(echo '${{ github.ref }}' | sed 's/refs\/heads\/release\///') | |
mvn --batch-mode deploy \ | |
-pl fhir-server,library-api,library-runtime -am \ | |
-PmavenPreRelease,dockerPreRelease,docs \ | |
-Dpathling.fhirServerDockerTag=$TAG \ | |
-DskipTests -DskipScalaDocs \ | |
-Dgpg.passphrase="${{ secrets.GPG_PASSPHRASE }}" | |
timeout-minutes: 30 |