Stirling-PDF/.github/workflows/build.yml

name: Build and Test Workflow

on:
  workflow_dispatch:
  # push:
  #   branches: ["main"]
  pull_request:
    branches: ["main"]

# cancel in-progress jobs if a new job is triggered
# This is useful to avoid running multiple builds for the same branch if a new commit is pushed
# or a pull request is updated.
# It helps to save resources and time by ensuring that only the latest commit is built and tested
# This is particularly useful for long-running jobs that may take a while to complete.
# The `group` is set to a combination of the workflow name, event name, and branch name.
# This ensures that jobs are grouped by the workflow and branch, allowing for cancellation of
# in-progress jobs when a new commit is pushed to the same branch or a new pull request is opened.
concurrency:
  group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.event.pull_request.number || github.ref_name || github.ref }}
  cancel-in-progress: true

permissions:
  contents: read

jobs:
  files-changed:
    name: detect what files changed
    runs-on: ubuntu-latest
    timeout-minutes: 3
    # Map a step output to a job output
    outputs:
      build: ${{ steps.changes.outputs.build }}
      app: ${{ steps.changes.outputs.app }}
      project: ${{ steps.changes.outputs.project }}
      openapi: ${{ steps.changes.outputs.openapi }}
    steps:
      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0

      - name: Check for file changes
        uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
        id: changes
        with:
          filters: ".github/config/.files.yaml"
  build:
    runs-on: ubuntu-latest

    permissions:
      actions: read
      security-events: write

    strategy:
      fail-fast: false
      matrix:
        jdk-version: [17, 21]
        spring-security: [true, false]

    steps:
      - name: Harden Runner
        uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
        with:
          egress-policy: audit

      - name: Checkout repository
        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0

      - name: Set up JDK ${{ matrix.jdk-version }}
        uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
        with:
          java-version: ${{ matrix.jdk-version }}
          distribution: "temurin"

      - name: Setup Gradle
        uses: gradle/actions/setup-gradle@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2 # v5.0.0
        with:
          gradle-version: 8.14

      - name: Build with Gradle and spring security ${{ matrix.spring-security }}
        run: ./gradlew clean build
        env:
          DISABLE_ADDITIONAL_FEATURES: ${{ matrix.spring-security }}

      - name: Check Test Reports Exist
        id: check-reports
        if: always()
        run: |
          declare -a dirs=(
            "app/core/build/reports/tests/"
            "app/core/build/test-results/"
            "app/common/build/reports/tests/"
            "app/common/build/test-results/"
            "app/proprietary/build/reports/tests/"
            "app/proprietary/build/test-results/"
          )
          missing_reports=()
          for dir in "${dirs[@]}"; do
            if [ ! -d "$dir" ]; then
              missing_reports+=("$dir")
            fi
          done
          if [ ${#missing_reports[@]} -gt 0 ]; then
            echo "ERROR: The following required test report directories are missing:"
            printf '%s\n' "${missing_reports[@]}"
            exit 1
          fi
          echo "All required test report directories are present"          

      - name: Upload Test Reports
        if: always()
        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
        with:
          name: test-reports-jdk-${{ matrix.jdk-version }}-spring-security-${{ matrix.spring-security }}
          path: |
            app/core/build/reports/tests/
            app/core/build/test-results/
            app/core/build/reports/problems/
            app/common/build/reports/tests/
            app/common/build/test-results/
            app/common/build/reports/problems/
            app/proprietary/build/reports/tests/
            app/proprietary/build/test-results/
            app/proprietary/build/reports/problems/
            build/reports/problems/            
          retention-days: 3
          if-no-files-found: warn

  check-generateOpenApiDocs:
    if: needs.files-changed.outputs.openapi == 'true'
    needs: [files-changed, build]
    runs-on: ubuntu-latest
    steps:
      - name: Harden Runner
        uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
        with:
          egress-policy: audit

      - name: Checkout repository
        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0

      - name: Set up JDK 17
        uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
        with:
          java-version: "17"
          distribution: "temurin"

      - name: Setup Gradle
        uses: gradle/actions/setup-gradle@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2 # v5.0.0

      - name: Generate OpenAPI documentation
        run: ./gradlew :stirling-pdf:generateOpenApiDocs
        env:
          DISABLE_ADDITIONAL_FEATURES: true
      
      - name: Upload OpenAPI Documentation
        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
        with:
          name: openapi-docs
          path: ./SwaggerDoc.json

  check-licence:
    if: needs.files-changed.outputs.build == 'true'
    needs: [files-changed, build]
    runs-on: ubuntu-latest
    steps:
      - name: Harden Runner
        uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
        with:
          egress-policy: audit

      - name: Checkout repository
        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0

      - name: Set up JDK 17
        uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
        with:
          java-version: "17"
          distribution: "temurin"

      - name: Check licenses for compatibility
        run: ./gradlew clean checkLicense
        env:
          DISABLE_ADDITIONAL_FEATURES: false
          STIRLING_PDF_DESKTOP_UI: true

      - name: FAILED - Check licenses for compatibility
        if: failure()
        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
        with:
          name: dependencies-without-allowed-license.json
          path: |
            build/reports/dependency-license/dependencies-without-allowed-license.json            
          retention-days: 3

  docker-compose-tests:
    if: needs.files-changed.outputs.project == 'true'
    needs: files-changed
    # if: github.event_name == 'push' && github.ref == 'refs/heads/main' ||
    #     (github.event_name == 'pull_request' &&
    #     contains(github.event.pull_request.labels.*.name, 'licenses') == false &&
    #     (
    #       contains(github.event.pull_request.labels.*.name, 'Front End') ||
    #       contains(github.event.pull_request.labels.*.name, 'Java') ||
    #       contains(github.event.pull_request.labels.*.name, 'Back End') ||
    #       contains(github.event.pull_request.labels.*.name, 'Security') ||
    #       contains(github.event.pull_request.labels.*.name, 'API') ||
    #       contains(github.event.pull_request.labels.*.name, 'Docker') ||
    #       contains(github.event.pull_request.labels.*.name, 'Test')
    #     )
    #     )

    runs-on: ubuntu-latest

    steps:
      - name: Harden Runner
        uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
        with:
          egress-policy: audit

      - name: Checkout Repository
        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0

      - name: Set up Java 17
        uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
        with:
          java-version: "17"
          distribution: "temurin"

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1

      - name: Install Docker Compose
        run: |
          sudo curl -SL "https://github.com/docker/compose/releases/download/v2.37.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
          sudo chmod +x /usr/local/bin/docker-compose          

      - name: Set up Python
        uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
        with:
          python-version: "3.12"
          cache: 'pip' # caching pip dependencies
          cache-dependency-path: ./testing/cucumber/requirements.txt

      - name: Pip requirements
        run: |
          pip install --require-hashes -r ./testing/cucumber/requirements.txt          

      - name: Run Docker Compose Tests
        run: |
          chmod +x ./testing/test_webpages.sh
          chmod +x ./testing/test.sh
          chmod +x ./testing/test_disabledEndpoints.sh
          ./testing/test.sh          

  test-build-docker-images:
    if: github.event_name == 'pull_request' && needs.files-changed.outputs.project == 'true'
    needs: [files-changed, build, check-generateOpenApiDocs, check-licence]
    runs-on: ubuntu-latest
    strategy:
      fail-fast: false
      matrix:
        docker-rev: ["Dockerfile", "Dockerfile.ultra-lite", "Dockerfile.fat"]
    steps:
      - name: Harden Runner
        uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
        with:
          egress-policy: audit

      - name: Checkout Repository
        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0

      - name: Set up JDK 17
        uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
        with:
          java-version: "17"
          distribution: "temurin"

      - name: Set up Gradle
        uses: gradle/actions/setup-gradle@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2 # v5.0.0
        with:
          gradle-version: 8.14

      - name: Build application
        run: ./gradlew clean build
        env:
          DISABLE_ADDITIONAL_FEATURES: true
          STIRLING_PDF_DESKTOP_UI: false

      - name: Set up QEMU
        uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0

      - name: Set up Docker Buildx
        id: buildx
        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1

      - name: Build ${{ matrix.docker-rev }}
        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
        with:
          builder: ${{ steps.buildx.outputs.name }}
          context: .
          file: ./${{ matrix.docker-rev }}
          push: false
          cache-from: type=gha
          cache-to: type=gha,mode=max
          platforms: linux/amd64,linux/arm64/v8
          provenance: true
          sbom: true

      - name: Upload Reports
        if: always()
        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
        with:
          name: reports-docker-${{ matrix.docker-rev }}
          path: |
            build/reports/tests/
            build/test-results/
            build/reports/problems/            
          retention-days: 3
          if-no-files-found: warn