Merge branch 'develop' into TASK-7353

Author: pfurio

.github/workflows/build-java-app-workflow.yml

@@ -10,36 +10,103 @@ on:
         type: string
         required: false
         default: "build-folder"
+      upload_artifact:
+        type: boolean
+        required: false
+        default: true
+      dependency_repos:
+        # Comma-separated list of dependency repositories to clone and build before building the main project.
+        type: string
+        required: false
+        default: ""
+      needs_hadoop_preparation:
+        type: boolean
+        required: false
+        default: false
+      hadoop_flavour:
+        type: string
+        required: false
+        default: ""
+      java_commons_libs_branch:
+        type: string
+        required: false
+        default: "develop"
     outputs:
       version:
         description: "Project version"
         value: ${{ jobs.build-workflow.outputs.version }}
+      cache_key:
+        description: "Cache key used for Maven repository"
+        value: ${{ jobs.build-workflow.outputs.cache_key }}
 
 jobs:
   build-workflow:
     name: Build Java app
     runs-on: ${{ vars.UBUNTU_VERSION }}
     outputs:
       version: ${{ steps.get_project_version.outputs.version }}
+      cache_key: ${{ runner.os }}-maven-${{ inputs.hadoop_flavour || vars.HADOOP_FLAVOUR }}-${{ steps.clone_dependencies.outputs.dependencies_sha }}
     steps:
       - uses: actions/checkout@v4
+        name: Checkout main repository
+        id: "checkout-main"
+        ## This checkout pulls the code of the repository where this workflow is being used
         with:
           fetch-depth: '10'
+      - uses: actions/checkout@v4
+        if: ${{ inputs.dependency_repos != '' }}
+        name: Checkout java-common-libs repository
+        id: "checkout-java-common-libs"
+        ## This checkout pulls the code of the java-common-libs repository to get the scripts
+        ## Checkout to "java-common-libs" folder.
+        ## Filter by ".github" folder
+        with:
+          repository: opencb/java-common-libs
+          ref: ${{ inputs.java_commons_libs_branch }}
+          path: java-common-libs
+          fetch-depth: '1'
       - name: Set up JDK 8
         uses: actions/setup-java@v4
         with:
           distribution: 'temurin'
           java-version: '8'
           cache: 'maven'
-      - name: Install dependencies branches
+      - name: Clone dependencies
+        id: clone_dependencies
+        if: ${{ inputs.dependency_repos != '' }}
+        run: |
+          if [ -f "java-common-libs/.github/workflows/scripts/get_same_branch.sh" ]; then
+            chmod +x java-common-libs/.github/workflows/scripts/get_same_branch.sh
+            export DEPENDENCIES_SHA=${{ github.sha }}
+            java-common-libs/.github/workflows/scripts/get_same_branch.sh "${{ github.ref_name }}" "${{ inputs.dependency_repos }}"
+          fi
+      - name: Cache local Maven repository
+        id: cache
+        uses: actions/cache@v4
+        with:
+          path: ~/.m2/repository
+          key: ${{ runner.os }}-maven-${{ inputs.hadoop_flavour || vars.HADOOP_FLAVOUR }}-${{ steps.clone_dependencies.outputs.dependencies_sha }}
+          restore-keys: |
+            ${{ runner.os }}-maven-${{ inputs.hadoop_flavour || vars.HADOOP_FLAVOUR }}-
+      - name: Compile dependencies
+        if: ${{ inputs.dependency_repos != '' }}
         run: |
-          if [ -f "./.github/workflows/scripts/get_same_branch.sh" ]; then
-            chmod +x ./.github/workflows/scripts/get_same_branch.sh
-            ./.github/workflows/scripts/get_same_branch.sh ${{ github.ref_name }}
+          if [ -f "java-common-libs/.github/workflows/scripts/compile_same_branch.sh" ]; then
+            chmod +x java-common-libs/.github/workflows/scripts/compile_same_branch.sh
+            java-common-libs/.github/workflows/scripts/compile_same_branch.sh "${{ inputs.dependency_repos }}"
           fi
+      - name: Prepare Hadoop profile
+        if: ${{ inputs.needs_hadoop_preparation == true }}
+        run: |
+          chmod +x ./.github/workflows/scripts/prepare_hadoop.sh
+          ./.github/workflows/scripts/prepare_hadoop.sh --hadoop-flavour "${{ inputs.hadoop_flavour || vars.HADOOP_FLAVOUR }}"
+        env:
+          THIRDPARTY_READ_TOKEN: ${{ secrets.THIRDPARTY_READ_TOKEN }}
+
       - name: Maven Build (skip tests)
         run: mvn -T 2 clean install -DskipTests ${{ inputs.maven_opts }} --no-transfer-progress
       - uses: actions/upload-artifact@v4
+        if: ${{ inputs.upload_artifact == true }}
         with:
           name: ${{ inputs.build_folder }}
           path: build
@@ -49,3 +116,4 @@ jobs:
           echo "version=`mvn help:evaluate -q -Dexpression=project.version -DforceStdout`" >> $GITHUB_OUTPUT
       - name: test-version-from-check
         run: echo "Project version is " ${{ steps.get_project_version.outputs.version }}
+

.github/workflows/debug-token.yml

@@ -0,0 +1,88 @@
+name: Debug ZETTA_REPO_ACCESS_TOKEN and Permissions
+
+on:
+  workflow_dispatch:
+
+jobs:
+  debug-token-and-permissions:
+    runs-on: ${{ vars.UBUNTU_VERSION }}
+    env:
+      ZETTA_REPO_ACCESS_TOKEN: ${{ secrets.ZETTA_REPO_ACCESS_TOKEN }}
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 1
+      - name: Show runner and workflow context
+        run: |
+          echo "Runner: $(uname -a)"
+          echo "GitHub Actor: $GITHUB_ACTOR"
+          echo "Workflow: $GITHUB_WORKFLOW"
+          echo "Event: $GITHUB_EVENT_NAME"
+          echo "Repository: $GITHUB_REPOSITORY"
+          echo "Job: $GITHUB_JOB"
+          echo "Workspace: $GITHUB_WORKSPACE"
+          echo "Home: $HOME"
+          echo "Shell: $SHELL"
+          echo "GitHub Ref: $GITHUB_REF"
+          echo "GitHub SHA: $GITHUB_SHA"
+          echo "GitHub Run ID: $GITHUB_RUN_ID"
+          echo "GitHub Run Number: $GITHUB_RUN_NUMBER"
+
+      - name: Show GitHub Actions permissions
+        run: |
+          echo "Permissions JSON:"
+          cat $GITHUB_EVENT_PATH | jq '.workflow_run?.permissions // .permissions // "No permissions found"'
+
+      - name: Check ZETTA_REPO_ACCESS_TOKEN presence and length
+        run: |
+          if [ -z "$ZETTA_REPO_ACCESS_TOKEN" ]; then
+            echo "ZETTA_REPO_ACCESS_TOKEN is NOT set"
+            exit 1
+          else
+            echo "ZETTA_REPO_ACCESS_TOKEN is set"
+            echo "Length: ${#ZETTA_REPO_ACCESS_TOKEN}"
+            echo "First 4 chars: ${ZETTA_REPO_ACCESS_TOKEN:0:4}"
+          fi
+      - id: get_ci_core_xetabase_branch
+        name: "Get CI-CORE current branch for Xetabase from target branch"
+        run: |
+          chmod +x ./.github/workflows/scripts/get_opencga_enterprise_branch.sh
+          echo "secrets.ZETTA_REPO_ACCESS_TOKEN: ${{ secrets.ZETTA_REPO_ACCESS_TOKEN }}"
+          xetabase_branch=$(./.github/workflows/scripts/get_opencga_enterprise_branch.sh "java-common-libs" "develop" "TASK-8067")
+          echo "__CI CORE Xetabase ref:__ \"${xetabase_branch}\"" | tee -a ${GITHUB_STEP_SUMMARY}
+          REPO_URI="https://$ZETTA_REPO_ACCESS_TOKEN@github.com/zetta-genomics/opencga-enterprise.git"
+          echo "$(git ls-remote "$REPO_URI" "TASK-8067")"
+        env:
+          ZETTA_REPO_ACCESS_TOKEN: ${{ secrets.ZETTA_REPO_ACCESS_TOKEN }}
+      - id: get_xetabase_branch
+        name: "Get JCL current branch for Xetabase from target branch"
+        run: |
+          chmod +x ./.github/workflows/scripts/get-xetabase-branch.sh
+          echo "github.event.pull_request.base.ref: develop"
+          echo "github.event.pull_request.head.ref: TASK-8067"
+          echo "secrets.ZETTA_REPO_ACCESS_TOKEN: ${{ secrets.ZETTA_REPO_ACCESS_TOKEN }}"
+          xetabase_branch=$(./.github/workflows/scripts/get-xetabase-branch.sh "develop" "TASK-8067")
+          echo "__Xetabase ref:__ \"${xetabase_branch}\"" | tee -a ${GITHUB_STEP_SUMMARY}
+        env:
+          ZETTA_REPO_ACCESS_TOKEN: ${{ secrets.ZETTA_REPO_ACCESS_TOKEN }}
+      - name: Clone OpenCGA Enterprise branch '${{ inputs.branch }}'
+        uses: actions/checkout@v4
+        with:
+          repository: zetta-genomics/opencga-enterprise
+          ref: TASK-8067
+          token: ${{ env.ZETTA_REPO_ACCESS_TOKEN }}
+          path: xetbase-opencga-enterprise
+          fetch-depth: "10"
+
+      - name: Try to clone the private repo with token
+        run: |
+          set -x
+          git clone https://$ZETTA_REPO_ACCESS_TOKEN@github.com/zetta-genomics/opencga-enterprise.git || true
+
+      - name: Show authenticated user (if possible)
+        run: |
+          curl -H "Authorization: token $ZETTA_REPO_ACCESS_TOKEN" https://api.github.com/user
+
+      - name: Show environment variables (filtered)
+        run: |
+          env | grep -E 'GITHUB|ZETTA|RUNNER|CI'

.github/workflows/deploy-maven-repository-workflow.yml

@@ -6,6 +6,9 @@ on:
       maven_opts:
         type: string
         required: false
+      cache_key:
+        type: string
+        required: false
     secrets:
       MAVEN_GPG_PASSPHRASE:
         required: true
@@ -32,6 +35,14 @@ jobs:
           server-password: MAVEN_NEXUS_PASSWORD                   # env variable for token in deploy
           gpg-private-key: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }}   # Value of the GPG private key to import
           gpg-passphrase: MAVEN_GPG_PASSPHRASE                    # env variable for GPG private key passphrase
+      - name: Cache local Maven repository
+        uses: actions/cache/restore@v4
+        if: ${{ inputs.cache_key != '' }}
+        with:
+          path: ~/.m2/repository
+          key: ${{ inputs.cache_key }}
+          ## Force cache hit to avoid analyzing with incomplete dependencies
+          fail-on-cache-miss: true
       - name: Deploy to Maven Central repository
         run: mvn clean deploy -DskipTests -Pdeploy-maven ${{ inputs.maven_opts }} --no-transfer-progress
         env:

.github/workflows/develop.yml

@@ -14,3 +14,5 @@ jobs:
     uses: ./.github/workflows/deploy-maven-repository-workflow.yml
     needs: build
     secrets: inherit
+    with:
+      cache_key: ${{ needs.build.outputs.cache_key }}

.github/workflows/release.yml

@@ -13,6 +13,8 @@ jobs:
     uses: ./.github/workflows/deploy-maven-repository-workflow.yml
     needs: build
     secrets: inherit
+    with:
+      cache_key: ${{ needs.build.outputs.cache_key }}
 
   release:
     uses: ./.github/workflows/release-github-workflow.yml

.github/workflows/scripts/compile_same_branch.sh

@@ -0,0 +1,23 @@
+
+WORKSPACE=${WORKSPACE:-/home/runner/work/}
+
+
+function compile() {
+  local REPO=$1
+  if [ ! -d "${WORKSPACE}/$REPO" ]; then
+    echo "Directory ${WORKSPACE}/$REPO does not exist. Skip compile"
+    return 0;
+  fi
+  echo "::group::Compiling '$REPO' project from branch $BRANCH_NAME"
+  cd "${WORKSPACE}/$REPO" || exit 2
+  mvn clean install -DskipTests --no-transfer-progress
+  echo "::endgroup::"
+}
+
+## Comma separated list of repos to compile
+REPOS=$1
+
+IFS=',' read -ra REPO_ARRAY <<<"$REPOS"
+for REPO in "${REPO_ARRAY[@]}"; do
+  compile "$REPO"
+done

.github/workflows/scripts/get-xetabase-branch.sh

@@ -10,7 +10,13 @@ get_xetabase_branch() {
 
   # If the branch begins with 'TASK' and exists in the opencga-enterprise repository, I return it
   if [[ $current_branch == TASK* ]]; then
-    if [ "$(git ls-remote "https://$ZETTA_REPO_ACCESS_TOKEN@github.com/zetta-genomics/opencga-enterprise.git" "$current_branch" )" ] ; then
+    REPO_URI=
+    if [ -z "$ZETTA_REPO_ACCESS_TOKEN" ]; then
+      REPO_URI="git@github.com:zetta-genomics/opencga-enterprise.git"
+    else
+      REPO_URI="https://$ZETTA_REPO_ACCESS_TOKEN@github.com/zetta-genomics/opencga-enterprise.git"
+    fi
+    if [ "$(git ls-remote "$REPO_URI" "$current_branch" )" ] ; then
       echo "$current_branch";
       return 0;
     fi

.github/workflows/scripts/get_opencga_enterprise_branch.sh

@@ -0,0 +1,79 @@
+#!/usr/bin/env bash
+# get_opencga_enterprise_branch.sh
+#
+# This script computes the correct opencga-enterprise branch to use for testing a PR in any Xetabase component repo.
+# It unifies the logic previously duplicated in java-common-libs, biodata, and opencga.
+#
+# Inputs:
+#   1. project (artifactId from pom.xml)
+#   2. base_ref (target branch of the PR)
+#   3. head_ref (source branch of the PR)
+#
+# Output:
+#   Prints the resolved opencga-enterprise branch to stdout.
+#   Exits with non-zero and error message if it cannot resolve a branch.
+
+set -euo pipefail
+
+project="$1"
+base_ref="$2"
+head_ref="$3"
+REPO_URI="https://$ZETTA_REPO_ACCESS_TOKEN@github.com/zetta-genomics/opencga-enterprise.git"
+
+# 1. If the branch begins with 'TASK' and exists in the opencga-enterprise repository, return it
+if [[ $head_ref == TASK* ]]; then
+  if [ "$(git ls-remote "$REPO_URI" "$head_ref")" ] ; then
+    echo "$head_ref";
+    exit 0
+  fi
+fi
+
+# 2. If the base_ref is 'develop', always map to develop
+if [[ "$base_ref" == "develop" ]]; then
+  echo "develop"
+  exit 0
+fi
+
+# 3. release-* branch logic
+if [[ "$base_ref" =~ ^release-([0-9]+)\. ]]; then
+  major="${BASH_REMATCH[1]}"
+  # Project-specific offset for release branch mapping
+  case "$project" in
+    java-common-libs)
+      offset=3
+      ;;
+    biodata|opencga)
+      offset=1
+      ;;
+    opencga-enterprise)
+      # If the project is opencga-enterprise, use the branch as-is
+      echo "$base_ref"
+      exit 0
+      ;;
+    *)
+      echo "ERROR: Unknown project '$project' for release branch mapping" >&2
+      exit 1
+      ;;
+  esac
+  new_major=$((major - offset))
+  if (( new_major < 1 )); then
+    echo "ERROR: Computed release branch version < 1 for $project (base_ref: $base_ref, offset: $offset)" >&2
+    exit 1
+  fi
+  # Extract the rest of the version (minor and patch) from base_ref
+  rest_version=$(echo "$base_ref" | sed -E "s/^release-[0-9]+(\..*)/\1/")
+  target_branch="release-${new_major}${rest_version}"
+  # Check if the exact branch exists (fix: do not escape quotes)
+  if [ "$(git ls-remote --heads "$REPO_URI" "$target_branch")" ]; then
+    echo "$target_branch"
+    exit 0
+  else
+    echo "ERROR: No matching release branch '$target_branch' found in opencga-enterprise for $project (base_ref: $base_ref, offset: $offset)" >&2
+    exit 1
+  fi
+fi
+
+# 4. Fallback: fail with clear error
+echo "ERROR: Could not resolve opencga-enterprise branch for project '$project' (base_ref: $base_ref, head_ref: $head_ref)" >&2
+exit 1
+