BC-7676 Updated k8s jobs to run as non-root users where easily possible #21487
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Test | |
on: | |
push: | |
branches: [ main ] | |
pull_request: | |
branches: [ main ] | |
workflow_dispatch: | |
permissions: | |
contents: read | |
env: | |
MONGODB_VERSION: 6.0 | |
NODE_VERSION: '18' | |
jobs: | |
feathers_tests_cov: | |
runs-on: ubuntu-latest | |
timeout-minutes: 30 | |
steps: | |
- name: checkout | |
uses: actions/checkout@v4 | |
- name: Setup node | |
uses: actions/setup-node@v4 | |
with: | |
node-version: ${{ env.NODE_VERSION }} | |
- name: Start MongoDB | |
uses: supercharge/[email protected] | |
with: | |
mongodb-version: ${{ env.MONGODB_VERSION }} | |
- name: environment setup | |
run: | | |
sh scripts/unitTestFeathers.sh | |
- name: npm ci | |
run: npm ci --prefer-offline --no-audit | |
- name: feathers:Test - test with coverage | |
run: npm run feathers:test | |
nest_tests_cov: | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
shard: [1, 2, 3, 4, 5, 6, 7, 8] | |
services: | |
rabbitmq: | |
image: rabbitmq:3 | |
ports: | |
- 5672:5672 | |
steps: | |
- name: checkout | |
uses: actions/checkout@v4 | |
- name: Setup node | |
uses: actions/setup-node@v4 | |
with: | |
node-version: ${{ env.NODE_VERSION }} | |
- name: Start MongoDB | |
uses: supercharge/[email protected] | |
with: | |
mongodb-version: ${{ env.MONGODB_VERSION }} | |
- name: npm ci | |
run: npm ci --prefer-offline --no-audit | |
- name: nest:test:cov - test all with coverage | |
timeout-minutes: 15 | |
run: export RUN_WITHOUT_JEST_COVERAGE='true' && export NODE_OPTIONS='--max_old_space_size=4096' && ./node_modules/.bin/jest --shard=${{ matrix.shard }}/${{ strategy.job-total }} --coverage --force-exit | |
- name: save-coverage | |
run: mv coverage/lcov.info coverage/${{matrix.shard}}.info | |
- name: "upload-artifacts" | |
uses: actions/upload-artifact@v4 | |
with: | |
name: coverage-artifacts-${{ matrix.shard }} | |
path: coverage/ | |
sonarcloud: | |
name: SonarCloud coverage | |
runs-on: ubuntu-latest | |
needs: [nest_tests_cov] | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- uses: actions/download-artifact@v4 | |
with: | |
pattern: coverage-artifacts-* | |
path: coverage | |
merge-multiple: true | |
- name: Merge Code Coverage | |
run: | | |
sudo apt-get install -y lcov | |
find coverage -name *.info -exec echo -a {} \; | xargs lcov -o merged-lcov.info | |
- uses: actions/setup-java@v4 | |
with: | |
distribution: 'temurin' | |
java-version: '17' | |
- name: SonarCloud upload coverage | |
uses: SonarSource/[email protected] | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
SONAR_TOKEN: ${{ secrets.SONARCLOUD_TOKEN }} | |
nest_lint: | |
runs-on: ubuntu-latest | |
timeout-minutes: 6 | |
steps: | |
- name: checkout | |
uses: actions/checkout@v4 | |
- name: Setup node | |
uses: actions/setup-node@v4 | |
with: | |
node-version: ${{ env.NODE_VERSION }} | |
- name: npm ci | |
run: npm ci --prefer-offline --no-audit | |
- name: nest:lint | |
run: npm run nest:lint |