feat(#181): Notify Third Party — selectable resource URLs + energy & … #245
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI/CD Pipeline | |
| on: | |
| push: | |
| branches: [ main, develop ] | |
| pull_request: | |
| branches: [ main, develop ] | |
| env: | |
| JAVA_VERSION: '25' | |
| MAVEN_OPTS: -Xmx3072m | |
| jobs: | |
| build-and-test: | |
| name: Build and Test All Modules | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 # Shallow clones should be disabled for better SonarCloud analysis | |
| - name: Set up JDK 25 | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: ${{ env.JAVA_VERSION }} | |
| distribution: 'temurin' | |
| cache: 'maven' | |
| - name: Cache Maven packages | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.m2/repository | |
| key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} | |
| restore-keys: | | |
| ${{ runner.os }}-maven- | |
| - name: Cache SonarCloud packages | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.sonar/cache | |
| key: ${{ runner.os }}-sonar | |
| restore-keys: ${{ runner.os }}-sonar | |
| - name: Build all modules | |
| run: mvn clean install -DskipTests | |
| - name: Run tests - openespi-common | |
| run: mvn test -pl openespi-common -am | |
| - name: Run tests - openespi-datacustodian | |
| run: mvn test -pl openespi-datacustodian -am | |
| # TODO: Enable when authserver implementation is complete | |
| # - name: Run tests - openespi-authserver | |
| # run: mvn test -pl openespi-authserver -am | |
| # env: | |
| # SPRING_PROFILES_ACTIVE: test | |
| - name: Run tests - openespi-thirdparty | |
| run: mvn test -pl openespi-thirdparty -am | |
| - name: Run integration tests with TestContainers | |
| # -am ("also make") builds upstream dependencies first — required so the new | |
| # openespi-handoff module is rebuilt and reinstalled before the integration tests | |
| # compile, matching the pattern used by the unit-test steps above. | |
| run: mvn verify -Pintegration-tests -pl openespi-common,openespi-datacustodian,openespi-thirdparty -am | |
| - name: Run integration tests - openespi-authserver (TestContainers, tagged) | |
| # The authserver module's UNIT tests are pre-existing-broken on the H2 local/test profiles | |
| # and stay excluded from CI (see the commented full-module step above). This runs ONLY the | |
| # Docker-backed integration tests tagged @Tag("testcontainers-it"): the MySQL schema/client | |
| # suite and the Phase 2.0 auth-code-flow orchestration test (#148), against a real MySQL via | |
| # Testcontainers. -Dgroups selects by tag, so the broken unit tests are not executed. | |
| run: mvn test -pl openespi-authserver -am -Dgroups=testcontainers-it -DfailIfNoTests=false | |
| # JaCoCo reports are automatically generated during test phase (configured in root pom.xml) | |
| - name: Upload test results | |
| if: always() | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: test-results | |
| path: | | |
| **/target/surefire-reports/ | |
| **/target/failsafe-reports/ | |
| - name: Upload coverage reports | |
| if: always() | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: coverage-reports | |
| path: | | |
| **/target/site/jacoco/ | |
| sonarcloud: | |
| name: SonarCloud Analysis | |
| runs-on: ubuntu-latest | |
| needs: build-and-test | |
| if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 # Shallow clones should be disabled for better SonarCloud analysis | |
| - name: Set up JDK 25 | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: ${{ env.JAVA_VERSION }} | |
| distribution: 'temurin' | |
| cache: 'maven' | |
| - name: Cache Maven packages | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.m2/repository | |
| key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} | |
| restore-keys: | | |
| ${{ runner.os }}-maven- | |
| - name: Cache SonarCloud packages | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.sonar/cache | |
| key: ${{ runner.os }}-sonar | |
| restore-keys: ${{ runner.os }}-sonar | |
| - name: Build modules for SonarCloud | |
| run: mvn clean verify -pl openespi-common,openespi-datacustodian,openespi-thirdparty -am | |
| - name: Analyze with SonarCloud | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
| run: | | |
| mvn org.sonarsource.scanner.maven:sonar-maven-plugin:sonar \ | |
| -Dsonar.projectKey=GreenButtonAlliance_OpenESPI-GreenButton-Java \ | |
| -Dsonar.organization=greenbuttonalliance \ | |
| -Dsonar.host.url=https://sonarcloud.io \ | |
| -Dsonar.coverage.jacoco.xmlReportPaths=**/target/site/jacoco/jacoco.xml | |
| security-scan: | |
| name: Security Vulnerability Scan | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up JDK 25 | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: ${{ env.JAVA_VERSION }} | |
| distribution: 'temurin' | |
| cache: 'maven' | |
| - name: Run OWASP Dependency Check | |
| run: mvn org.owasp:dependency-check-maven:check | |
| continue-on-error: true | |
| - name: Upload OWASP report | |
| if: always() | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: owasp-report | |
| path: target/dependency-check-report.html |