From b6fd69983a780aaa9d0328b5eb1a1a00540f3ca3 Mon Sep 17 00:00:00 2001 From: Jordan Guinn Date: Tue, 10 Mar 2026 12:41:36 -0700 Subject: [PATCH 1/7] Update Build-and-deploy-deduplication-api.yaml --- .../Build-and-deploy-deduplication-api.yaml | 104 +++++++++++------- 1 file changed, 66 insertions(+), 38 deletions(-) diff --git a/.github/workflows/Build-and-deploy-deduplication-api.yaml b/.github/workflows/Build-and-deploy-deduplication-api.yaml index 6d6d809ad..46b67383c 100644 --- a/.github/workflows/Build-and-deploy-deduplication-api.yaml +++ b/.github/workflows/Build-and-deploy-deduplication-api.yaml @@ -1,38 +1,66 @@ -#name: Build and push deduplication-api image to ECR -#on: -# push: -# branches: -# - main -# - rel-** -# paths: -# - "deduplication/**" -# -#jobs: -## APP-145: turned off sonar scan for now until it is fixed (1/8/26) -## sonar_scan: -## permissions: -## id-token: write -## contents: read -## uses: ./.github/workflows/sonar.yaml -## secrets: -## CDC_NBS_SANDBOX_SHARED_SERVICES_ACCOUNTID: ${{secrets.CDC_NBS_SANDBOX_SHARED_SERVICES_ACCOUNTID}} -## PASSED_GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} -## SONAR_TOKEN: ${{secrets.SONAR_TOKEN}} -## DATABASE_USER: ${{secrets.DATABASE_USER}} -## DATABASE_PASSWORD: ${{secrets.DATABASE_PASSWORD}} -# call-build-microservice-container-workflow: -# permissions: -# id-token: write -# contents: read -# security-events: write -# name: Build Container -## needs: sonar_scan -# uses: CDCgov/NEDSS-Workflows/.github/workflows/Build-gradle-microservice-container.yaml@main -# with: -# microservice_name: nbs7-deduplication-api -# dockerfile_relative_path: -f ./deduplication/Dockerfile . -# environment_classifier: SNAPSHOT -# java_version: "21" -# secrets: -# NBS_ACCOUNTID: ${{secrets.NBS_ACCOUNTID}} -# +name: Build and push deduplication-api image to ECR +on: + push: + branches: + - main + - rel-** + paths: + - "deduplication/**" + +jobs: + sonar_scan: + permissions: + id-token: write + contents: read + uses: ./.github/workflows/sonar.yaml + secrets: + CDC_NBS_SANDBOX_SHARED_SERVICES_ACCOUNTID: ${{secrets.CDC_NBS_SANDBOX_SHARED_SERVICES_ACCOUNTID}} + PASSED_GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} + SONAR_TOKEN: ${{secrets.SONAR_TOKEN}} + DATABASE_USER: ${{secrets.DATABASE_USER}} + DATABASE_PASSWORD: ${{secrets.DATABASE_PASSWORD}} + PARAMETER_SECRET: ${{secrets.PARAMETER_SECRET}} + TOKEN_SECRET: ${{secrets.TOKEN_SECRET}} + extract-version-suffix: + name: Extract image tag from version + needs: sonar_scan + runs-on: ubuntu-latest + outputs: + image_tag: ${{ steps.parse.outputs.image_tag }} + steps: + - name: Checkout repo + uses: actions/checkout@v4 + - name: Read version from build.gradle and extract suffix + id: parse + run: | + version_line=$(grep "^version" ./deduplication/build.gradle) + version=$(echo "$version_line" | sed -E "s/version *= *['\"]([^'\"]+)['\"]/\1/") + echo "Full version: $version" + + # Default value + image_tag="SNAPSHOT" + + # Match SNAPSHOT-123 + if [[ "$version" =~ SNAPSHOT-([0-9]+) ]]; then + image_tag="SNAPSHOT-${BASH_REMATCH[1]}" + elif [[ "$version" =~ SNAPSHOT ]]; then + image_tag="SNAPSHOT" + fi + + echo "image_tag=$image_tag" >> $GITHUB_OUTPUT + call-build-microservice-container-workflow: + permissions: + id-token: write + contents: read + security-events: write + name: Build Container + needs: sonar_scan + uses: CDCgov/NEDSS-Workflows/.github/workflows/Build-gradle-microservice-container.yaml@main + with: + microservice_name: nbs7-deduplication-api + dockerfile_relative_path: -f ./deduplication/Dockerfile . + environment_classifier: ${{ needs.extract-version-suffix.outputs.image_tag }} + java_version: "21" + secrets: + NBS_ACCOUNTID: ${{secrets.NBS_ACCOUNTID}} + From e754b5d4d1a2f5176af5c2432d724bae40503c0e Mon Sep 17 00:00:00 2001 From: Jordan Guinn Date: Tue, 10 Mar 2026 13:03:56 -0700 Subject: [PATCH 2/7] Update Build-and-deploy-deduplication-api.yaml --- .github/workflows/Build-and-deploy-deduplication-api.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/Build-and-deploy-deduplication-api.yaml b/.github/workflows/Build-and-deploy-deduplication-api.yaml index 46b67383c..19031cd0c 100644 --- a/.github/workflows/Build-and-deploy-deduplication-api.yaml +++ b/.github/workflows/Build-and-deploy-deduplication-api.yaml @@ -19,8 +19,6 @@ jobs: SONAR_TOKEN: ${{secrets.SONAR_TOKEN}} DATABASE_USER: ${{secrets.DATABASE_USER}} DATABASE_PASSWORD: ${{secrets.DATABASE_PASSWORD}} - PARAMETER_SECRET: ${{secrets.PARAMETER_SECRET}} - TOKEN_SECRET: ${{secrets.TOKEN_SECRET}} extract-version-suffix: name: Extract image tag from version needs: sonar_scan From d9a20ecbc69bf33e7596d5e275647ffde0a76742 Mon Sep 17 00:00:00 2001 From: Jordan Guinn Date: Tue, 10 Mar 2026 20:36:39 -0700 Subject: [PATCH 3/7] Update Build-and-deploy-deduplication-api.yaml --- .github/workflows/Build-and-deploy-deduplication-api.yaml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/Build-and-deploy-deduplication-api.yaml b/.github/workflows/Build-and-deploy-deduplication-api.yaml index 19031cd0c..893ab8d48 100644 --- a/.github/workflows/Build-and-deploy-deduplication-api.yaml +++ b/.github/workflows/Build-and-deploy-deduplication-api.yaml @@ -4,8 +4,9 @@ on: branches: - main - rel-** - paths: - - "deduplication/**" + - jg/re-enable-deduplication-api-deploy-workflow + # paths: + # - "deduplication/**" jobs: sonar_scan: From 8f1ee4dbdf5e2a55740d99aa71c117b94f8f13da Mon Sep 17 00:00:00 2001 From: Jordan Guinn Date: Tue, 10 Mar 2026 20:37:45 -0700 Subject: [PATCH 4/7] Update sonar.yaml --- .github/workflows/sonar.yaml | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/.github/workflows/sonar.yaml b/.github/workflows/sonar.yaml index 41b6ebb17..c1f1104cd 100644 --- a/.github/workflows/sonar.yaml +++ b/.github/workflows/sonar.yaml @@ -20,12 +20,6 @@ on: DATABASE_PASSWORD: description: "Test database password" required: true - TOKEN_SECRET: - description: "Secret named TOKEN_SECRET that references a default JWT token key" - required: true - PARAMETER_SECRET: - description: "Secret named PARAMETER_SECRET that references a default key for encrypting search parameters" - required: true pull_request: paths: - "data-ingestion-service/**" @@ -41,8 +35,6 @@ env: sonar_token: ${{secrets.SONAR_TOKEN}} test_database_user: ${{secrets.DATABASE_USER}} test_database_password: ${{secrets.DATABASE_PASSWORD}} - token_secret: ${{secrets.TOKEN_SECRET}} - parameter_secret: ${{secrets.PARAMETER_SECRET}} jobs: pipeline: @@ -128,8 +120,6 @@ jobs: SONAR_TOKEN: ${{ env.sonar_token }} DATABASE_USER: ${{ env.test_database_user }} DATABASE_PASSWORD: ${{ env.test_database_password }} - TOKEN_SECRET: ${{ env.token_secret }} - PARAMETER_SECRET: ${{ env.parameter_secret }} run: | ./gradlew build test sonarqube \ "-Dorg.gradle.jvmargs=-Xms512m -Xmx4g -XX:MaxMetaspaceSize=1g" \ From 083cb265e51dcc94ea4cd830153dd930bcbe3880 Mon Sep 17 00:00:00 2001 From: Jordan Guinn Date: Tue, 10 Mar 2026 20:38:43 -0700 Subject: [PATCH 5/7] Update Build-and-deploy-deduplication-api.yaml --- .github/workflows/Build-and-deploy-deduplication-api.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/Build-and-deploy-deduplication-api.yaml b/.github/workflows/Build-and-deploy-deduplication-api.yaml index 893ab8d48..e3669371a 100644 --- a/.github/workflows/Build-and-deploy-deduplication-api.yaml +++ b/.github/workflows/Build-and-deploy-deduplication-api.yaml @@ -53,7 +53,7 @@ jobs: contents: read security-events: write name: Build Container - needs: sonar_scan + needs: extract-version-suffix uses: CDCgov/NEDSS-Workflows/.github/workflows/Build-gradle-microservice-container.yaml@main with: microservice_name: nbs7-deduplication-api From a52176b2b6931411871b61cdf1c38dd54262aa53 Mon Sep 17 00:00:00 2001 From: Jordan Guinn Date: Tue, 10 Mar 2026 20:52:22 -0700 Subject: [PATCH 6/7] Revert "Update Build-and-deploy-deduplication-api.yaml" This reverts commit d9a20ecbc69bf33e7596d5e275647ffde0a76742. --- .github/workflows/Build-and-deploy-deduplication-api.yaml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/Build-and-deploy-deduplication-api.yaml b/.github/workflows/Build-and-deploy-deduplication-api.yaml index e3669371a..36636d9fc 100644 --- a/.github/workflows/Build-and-deploy-deduplication-api.yaml +++ b/.github/workflows/Build-and-deploy-deduplication-api.yaml @@ -4,9 +4,8 @@ on: branches: - main - rel-** - - jg/re-enable-deduplication-api-deploy-workflow - # paths: - # - "deduplication/**" + paths: + - "deduplication/**" jobs: sonar_scan: From 8398a9508414815959bb6257d97d28cc2654bc47 Mon Sep 17 00:00:00 2001 From: Jordan Guinn Date: Wed, 11 Mar 2026 09:51:15 -0700 Subject: [PATCH 7/7] Update .github/workflows/Build-and-deploy-deduplication-api.yaml Co-authored-by: Mary McGrath --- .github/workflows/Build-and-deploy-deduplication-api.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/Build-and-deploy-deduplication-api.yaml b/.github/workflows/Build-and-deploy-deduplication-api.yaml index 36636d9fc..7b4fe64e9 100644 --- a/.github/workflows/Build-and-deploy-deduplication-api.yaml +++ b/.github/workflows/Build-and-deploy-deduplication-api.yaml @@ -1,5 +1,6 @@ name: Build and push deduplication-api image to ECR on: + workflow_dispatch: push: branches: - main