Skip to content

chore: Uncomment build/deploy workflow for deduplication API #536

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
JordanGuinn wants to merge 7 commits into
base: main
Choose a base branch
from
Open

chore: Uncomment build/deploy workflow for deduplication API #536

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
b6fd699
Update Build-and-deploy-deduplication-api.yaml
JordanGuinn Mar 10, 2026
e754b5d
Update Build-and-deploy-deduplication-api.yaml
JordanGuinn Mar 10, 2026
d9a20ec
Update Build-and-deploy-deduplication-api.yaml
JordanGuinn Mar 11, 2026
8f1ee4d
Update sonar.yaml
JordanGuinn Mar 11, 2026
083cb26
Update Build-and-deploy-deduplication-api.yaml
JordanGuinn Mar 11, 2026
a52176b
Revert "Update Build-and-deploy-deduplication-api.yaml"
JordanGuinn Mar 11, 2026
8398a95
Update .github/workflows/Build-and-deploy-deduplication-api.yaml
JordanGuinn Mar 11, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
103 changes: 65 additions & 38 deletions .github/workflows/Build-and-deploy-deduplication-api.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,38 +1,65 @@
#name: Build and push deduplication-api image to ECR
#on:
# push:
# branches:
# - main
# - rel-**
# paths:
# - "deduplication/**"
#
#jobs:
## APP-145: turned off sonar scan for now until it is fixed (1/8/26)
## sonar_scan:
## permissions:
## id-token: write
## contents: read
## uses: ./.github/workflows/sonar.yaml
## secrets:
## CDC_NBS_SANDBOX_SHARED_SERVICES_ACCOUNTID: ${{secrets.CDC_NBS_SANDBOX_SHARED_SERVICES_ACCOUNTID}}
## PASSED_GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
## SONAR_TOKEN: ${{secrets.SONAR_TOKEN}}
## DATABASE_USER: ${{secrets.DATABASE_USER}}
## DATABASE_PASSWORD: ${{secrets.DATABASE_PASSWORD}}
# call-build-microservice-container-workflow:
# permissions:
# id-token: write
# contents: read
# security-events: write
# name: Build Container
## needs: sonar_scan
# uses: CDCgov/NEDSS-Workflows/.github/workflows/Build-gradle-microservice-container.yaml@main
# with:
# microservice_name: nbs7-deduplication-api
# dockerfile_relative_path: -f ./deduplication/Dockerfile .
# environment_classifier: SNAPSHOT
# java_version: "21"
# secrets:
# NBS_ACCOUNTID: ${{secrets.NBS_ACCOUNTID}}
#
name: Build and push deduplication-api image to ECR
on:
workflow_dispatch:
push:
branches:
- main
- rel-**
paths:
- "deduplication/**"

jobs:
sonar_scan:
permissions:
id-token: write
contents: read
uses: ./.github/workflows/sonar.yaml
secrets:
CDC_NBS_SANDBOX_SHARED_SERVICES_ACCOUNTID: ${{secrets.CDC_NBS_SANDBOX_SHARED_SERVICES_ACCOUNTID}}
PASSED_GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
SONAR_TOKEN: ${{secrets.SONAR_TOKEN}}
DATABASE_USER: ${{secrets.DATABASE_USER}}
DATABASE_PASSWORD: ${{secrets.DATABASE_PASSWORD}}
extract-version-suffix:
name: Extract image tag from version
needs: sonar_scan
runs-on: ubuntu-latest
outputs:
image_tag: ${{ steps.parse.outputs.image_tag }}
steps:
- name: Checkout repo
uses: actions/checkout@v4
- name: Read version from build.gradle and extract suffix
id: parse
run: |
version_line=$(grep "^version" ./deduplication/build.gradle)
version=$(echo "$version_line" | sed -E "s/version *= *['\"]([^'\"]+)['\"]/\1/")
echo "Full version: $version"

# Default value
image_tag="SNAPSHOT"

# Match SNAPSHOT-123
if [[ "$version" =~ SNAPSHOT-([0-9]+) ]]; then
image_tag="SNAPSHOT-${BASH_REMATCH[1]}"
elif [[ "$version" =~ SNAPSHOT ]]; then
image_tag="SNAPSHOT"
fi

echo "image_tag=$image_tag" >> $GITHUB_OUTPUT
call-build-microservice-container-workflow:
permissions:
id-token: write
contents: read
security-events: write
name: Build Container
needs: extract-version-suffix
uses: CDCgov/NEDSS-Workflows/.github/workflows/Build-gradle-microservice-container.yaml@main
with:
microservice_name: nbs7-deduplication-api
dockerfile_relative_path: -f ./deduplication/Dockerfile .
environment_classifier: ${{ needs.extract-version-suffix.outputs.image_tag }}
java_version: "21"
secrets:
NBS_ACCOUNTID: ${{secrets.NBS_ACCOUNTID}}

10 changes: 0 additions & 10 deletions .github/workflows/sonar.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,12 +20,6 @@ on:
DATABASE_PASSWORD:
description: "Test database password"
required: true
TOKEN_SECRET:
description: "Secret named TOKEN_SECRET that references a default JWT token key"
required: true
PARAMETER_SECRET:
description: "Secret named PARAMETER_SECRET that references a default key for encrypting search parameters"
required: true
pull_request:
paths:
- "data-ingestion-service/**"
Expand All @@ -41,8 +35,6 @@ env:
sonar_token: ${{secrets.SONAR_TOKEN}}
test_database_user: ${{secrets.DATABASE_USER}}
test_database_password: ${{secrets.DATABASE_PASSWORD}}
token_secret: ${{secrets.TOKEN_SECRET}}
parameter_secret: ${{secrets.PARAMETER_SECRET}}

jobs:
pipeline:
Expand Down Expand Up @@ -128,8 +120,6 @@ jobs:
SONAR_TOKEN: ${{ env.sonar_token }}
DATABASE_USER: ${{ env.test_database_user }}
DATABASE_PASSWORD: ${{ env.test_database_password }}
TOKEN_SECRET: ${{ env.token_secret }}
PARAMETER_SECRET: ${{ env.parameter_secret }}
run: |
./gradlew build test sonarqube \
"-Dorg.gradle.jvmargs=-Xms512m -Xmx4g -XX:MaxMetaspaceSize=1g" \
Expand Down
Loading