Skip to content

[AN-294] Address Dependabot security findings #763

[AN-294] Address Dependabot security findings

[AN-294] Address Dependabot security findings #763

Workflow file for this run

name: Red Ring Tests
on:
pull_request:
# only run on pr when touching files known to have red-ring tests
paths:
- google/src/test/scala/org/broadinstitute/dsde/workbench/google/GoogleUtilitiesSpec.scala
- .github/workflows/red-ring-tests.yml
schedule:
# run twice a day at 10:00 and 22:00 UTC every day of the week
- cron: "0 10/12 * * *"
env:
STATIC_PUBSUB_TOPIC_1: red-ring-static-01
STATIC_PUBSUB_SUBSCRIPTION_1: red-ring-static-01-sub
GOOGLE_PROJECT: broad-dsde-qa
jobs:
red-ring-test:
runs-on: Ubuntu-20.04
permissions:
contents: 'read'
id-token: 'write'
steps:
- uses: actions/checkout@v4
- name: Auth to GCP
id: 'auth'
uses: google-github-actions/auth@v1
with:
token_format: 'access_token'
workload_identity_provider: 'projects/1038484894585/locations/global/workloadIdentityPools/github-wi-pool/providers/github-wi-provider'
service_account: 'workbench-libs@broad-dsde-qa.iam.gserviceaccount.com'
- name: Set SA token env
run: |
echo "SA_TOKEN=${{ steps.auth.outputs.access_token }}" >> "$GITHUB_ENV"
- name: Run red ring test
id: run-red-ring-test
run: |
ls -ltraR
sbt "project workbenchGoogle" coverage "testOnly -- -n RedRingTest" coverageReport
- uses: actions/upload-artifact@v4
if: always()
with:
name: test-reports
path: 'google/target/test-reports/'
upload-test-results:
needs: [red-ring-test]
if: always()
permissions:
contents: 'read'
id-token: 'write'
uses: broadinstitute/dsp-reusable-workflows/.github/workflows/upload_test_results_to_biquery.yaml@main
# Always attempt to run if pull_request, as we want to report the appVersion even if the tests fail.
# never run on cron or other runs as we don't want extranaeous build reporting.
with:
service-name: 'workbench-libs'
test-uuid: ${{ github.run_id }} # run id of this gha
environment: 'red-ring'
artifact: 'test-reports'
big-query-table: 'broad-dsde-qa.automated_testing.test_results'
subuuid: ${{ github.run_id }} # run id of this gha