From 5dd984613dd9a2a3e89eed645ff25c49d4adabe0 Mon Sep 17 00:00:00 2001
From: Eno Akpan <37722472+knapii-developments@users.noreply.github.com>
Date: Mon, 8 Jan 2024 10:15:03 -0500
Subject: [PATCH] DDO-3366 Add build to GHA (#241)

* Test workflow

* Make executable

* Add docker tag

* Make file executable

* Try again

* Opps

* Add test back
---
 .../workflows/thurloe-build-tag-publish.yml   | 102 ++++++++++++++++++
 docker/build_jar.sh                           |  21 ++++
 2 files changed, 123 insertions(+)
 create mode 100644 .github/workflows/thurloe-build-tag-publish.yml
 create mode 100755 docker/build_jar.sh

diff --git a/.github/workflows/thurloe-build-tag-publish.yml b/.github/workflows/thurloe-build-tag-publish.yml
new file mode 100644
index 00000000..bcc4a0a3
--- /dev/null
+++ b/.github/workflows/thurloe-build-tag-publish.yml
@@ -0,0 +1,102 @@
+# Github action to Build thurloe, add/promote semantic tagging and then run tests
+
+name: thurloe-build-tag-publish-and-run-tests
+
+on:
+  pull_request:
+    paths-ignore: ['**.md']
+  push:
+    branches:
+      - develop
+    paths-ignore: ['**.md']
+env:
+    GCR_REGISTRY: gcr.io/broad-dsp-gcr-public/thurloe
+    # Region-specific Google Docker repository where GOOGLE_PROJECT/REPOSITORY_NAME can be found
+    GOOGLE_DOCKER_REPOSITORY: us-central1-docker.pkg.dev
+    
+jobs:
+  thurloe-build-tag-publish-job:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: 'read'
+      id-token: 'write'
+    outputs:
+      tag: ${{ steps.tag.outputs.tag }}
+    steps:
+      - uses: 'actions/checkout@v3'
+
+      - name: Bump the tag to a new version
+        uses: databiosphere/github-actions/actions/bumper@bumper-0.0.6
+        id: tag
+        env:
+          DEFAULT_BUMP: patch
+          GITHUB_TOKEN: ${{ secrets.BROADBOT_TOKEN }}
+          RELEASE_BRANCHES: develop
+          WITH_V: true
+      
+      # Persist output tag from bumper to $GITHUB_ENV.
+      - id: persist-tag
+        name: Persist tag
+        run: |
+          echo "DOCKER_TAG=${{ steps.tag.outputs.tag }}" >> $GITHUB_ENV
+                
+      - name: Auth to GCP
+        id: 'auth'
+        uses: google-github-actions/auth@v2
+
+        with:
+          token_format: 'id_token'
+          workload_identity_provider: 'projects/1038484894585/locations/global/workloadIdentityPools/github-wi-pool/providers/github-wi-provider'
+          service_account: 'gcr-publish@broad-dsp-gcr-public.iam.gserviceaccount.com'
+          id_token_audience: "1038484894585-k8qvf7l876733laev0lm8kenfa2lj6bn.apps.googleusercontent.com"
+
+
+      # Install gcloud, `setup-gcloud` automatically picks up authentication from `auth`.
+      - name: 'Set up Cloud SDK'
+        uses: 'google-github-actions/setup-gcloud@v1'
+
+      - name: Explicitly auth Docker for Artifact Registry
+        run: gcloud auth configure-docker $GOOGLE_DOCKER_REPOSITORY --quiet      
+      
+
+      # Build jar to GCR
+      - id: build-thurloe
+        name: Build Thurloe jar
+        run: |
+          cd $GITHUB_WORKSPACE
+          ./docker/build_jar.sh
+
+      # Publish jar to GCR
+      - id: publish-thurloe
+        name: Publish Thurloe
+        run: |
+          cd $GITHUB_WORKSPACE
+          docker build -t ${{ github.event.repository.full_name }}:${DOCKER_TAG} --pull .
+          docker tag ${{ github.event.repository.full_name }}:${DOCKER_TAG} ${{ env.GCR_REGISTRY }}:${DOCKER_TAG}
+          gcloud docker -- push $GCR_REGISTRY:${DOCKER_TAG}
+    
+ 
+  report-to-sherlock:
+    # Report new thurloe version to Broad DevOps
+    uses: broadinstitute/sherlock/.github/workflows/client-report-app-version.yaml@main
+    needs: thurloe-build-tag-publish-job
+    with:
+      new-version: ${{ needs.thurloe-build-tag-publish-job.outputs.tag }}
+      chart-name: 'thurloe'
+    permissions:
+      contents: 'read'
+      id-token: 'write'
+
+  set-version-in-dev:
+    # Put new thurloe version in Broad dev environment
+    uses: broadinstitute/sherlock/.github/workflows/client-set-environment-app-version.yaml@main
+    needs: [thurloe-build-tag-publish-job, report-to-sherlock]
+    with:
+      new-version: ${{ needs.thurloe-build-tag-publish-job.outputs.tag }}
+      chart-name: 'thurloe'
+      environment-name: 'dev'
+    secrets:
+      sync-git-token: ${{ secrets.BROADBOT_TOKEN }}
+    permissions:
+      id-token: 'write'
+          
\ No newline at end of file
diff --git a/docker/build_jar.sh b/docker/build_jar.sh
new file mode 100755
index 00000000..c4d80b5f
--- /dev/null
+++ b/docker/build_jar.sh
@@ -0,0 +1,21 @@
+#!/bin/bash
+
+# This script provides an entry point to assemble the Thurloe jar file.
+
+# Enable strict evaluation semantics
+set -e
+
+
+echo "building thurloe jar..."
+
+docker run --rm -v $PWD:/working \
+-v jar-cache:/root/.ivy \
+-v jar-cache:/root/.ivy2 sbtscala/scala-sbt:openjdk-17.0.2_1.7.2_2.13.10 /working/docker/install.sh /working
+
+
+EXIT_CODE=$?
+
+if [ $EXIT_CODE != 0 ]; then
+    echo "jar build exited with status $EXIT_CODE"
+    exit $EXIT_CODE
+fi