feat(76455): inline the test layer of the Dockerfile in the CI/CD for simplifying the microservice's Dockerfiles

Author: bogdandina

.github/workflows/ci-cd-java.yml

@@ -26,11 +26,10 @@ on:
       runTestsInsideDocker:
         required: false
         type: boolean
-        default: false
+        default: true
 
 env:
   IMAGE_NAME_MIXED_CASE: "${{ github.repository }}"
-  TEST_STAGE: test
 
 jobs:
   build-check-test-push:
@@ -87,7 +86,35 @@ jobs:
         run: |
           mvn spotless:check
 
-      - name: Run tests outside Docker
+      - name: Run unit tests inside Docker
+        if: ${{ inputs.runTestsInsideDocker }}
+        working-directory: ${{ inputs.workingDirectory }}
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_ACTOR_ARG: ${{ github.actor }}
+          DOCKER_BUILDKIT: "1"
+        run: |
+          cat > /tmp/Dockerfile.test << DOCKERFILE
+          # syntax=docker/dockerfile:1
+          # check=error=true
+          FROM ${TEST_BASE_IMAGE}
+          WORKDIR /usr/app
+          ARG GITHUB_ACTOR=github-actions
+          COPY . .
+          COPY .mvn/settings.xml /root/.m2/settings.xml
+          RUN --mount=type=secret,id=github_token \
+              export GITHUB_TOKEN="\$(cat /run/secrets/github_token)" && \
+              export GITHUB_ACTOR="\$GITHUB_ACTOR" && \
+              ./mvnw -B test
+          DOCKERFILE
+          docker build \
+            --secret id=github_token,env=GITHUB_TOKEN \
+            --build-arg "GITHUB_ACTOR=${GITHUB_ACTOR_ARG}" \
+            -f /tmp/Dockerfile.test \
+            .
+
+      - name: Run unit tests outside Docker
+        if: ${{ !inputs.runTestsInsideDocker }}
         working-directory: ${{ inputs.workingDirectory }}
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -145,19 +172,6 @@ jobs:
 
           echo "IMAGE_NAME=${IMAGE_NAME}" >> "$GITHUB_ENV"
 
-      - name: Build & run tests inside Docker
-        if: ${{ inputs.runTestsInsideDocker }}
-        uses: docker/build-push-action@v6
-        with:
-          context: ${{ inputs.workingDirectory }}
-          load: true
-          target: "${{ env.TEST_STAGE }}"
-          tags: "${{ env.IMAGE_NAME }}:${{ env.TEST_STAGE }}"
-          secrets:
-            github_token=${{ secrets.GITHUB_TOKEN }}
-          build-args:
-            GITHUB_ACTOR=${{ github.actor }}
-
       - name: Build Docker Image
         uses: docker/build-push-action@v6
         with:

.github/workflows/ci-cd-kotlin.yml

@@ -21,6 +21,14 @@ on:
         required: false
         type: boolean
         default: false
+      runTestsInsideDocker:
+        required: false
+        type: boolean
+        default: true
+      hasIntegrationTests:
+        required: false
+        type: boolean
+        default: false
 
 env:
   IMAGE_NAME_MIXED_CASE: "${{ github.repository }}"
@@ -36,25 +44,86 @@ jobs:
           clean: 'true'
           fetch-depth: 2
 
+      # Required since custom scripts from /scripts are being used
+      - name: Resolve shared workflow ref
+        run: |
+          set -euo pipefail
+          SHARED_WORKFLOW_REF=$(grep -roh \
+            'transitdata-shared-workflows/.github/workflows/[^@]*@[^ "'\'']*' \
+            "${GITHUB_WORKSPACE}/.github/workflows/" 2>/dev/null \
+            | sed 's/.*@//' | head -1 || true)
+
+          if [[ -z "${SHARED_WORKFLOW_REF}" ]]; then
+            echo "::warning::Could not detect shared workflow ref from caller workflows; falling back to main"
+            SHARED_WORKFLOW_REF="main"
+          fi
+
+          echo "Resolved shared workflow ref: ${SHARED_WORKFLOW_REF}"
+          echo "SHARED_WORKFLOW_REF=${SHARED_WORKFLOW_REF}" >> "$GITHUB_ENV"
+
+      - name: Checkout shared workflow scripts
+        uses: actions/checkout@v4
+        with:
+          repository: HSLdevcom/transitdata-shared-workflows
+          ref: ${{ env.SHARED_WORKFLOW_REF }}
+          path: .shared-workflows
+
       - name: Setup JDK
         uses: actions/setup-java@v4
         with:
           distribution: 'temurin'
           java-version: '11'
           cache: 'gradle'
 
+      - name: Validate Java version consistency
+        env:
+          JAVA_TOOL_OPTIONS: ""
+        run: python3 "${GITHUB_WORKSPACE}/.shared-workflows/scripts/validate_java_version_consistency.py"
+
       - name: Check code format and lint
         run: ./gradlew spotlessCheck
         env:
           GITHUB_ACTOR: ${{ github.actor }}
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Run tests
+      - name: Run unit tests inside Docker
+        if: ${{ inputs.runTestsInsideDocker }}
         env:
-          GITHUB_ACTOR: ${{ github.actor }}
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_ACTOR_ARG: ${{ github.actor }}
+          DOCKER_BUILDKIT: "1"
         run: |
-            ./gradlew test jacocoTestReport --stacktrace
+          cat > /tmp/Dockerfile.test << DOCKERFILE
+          # syntax=docker/dockerfile:1
+          # check=error=true
+          FROM ${TEST_BASE_IMAGE}
+          WORKDIR /usr/app
+          ARG GITHUB_ACTOR=github-actions
+          COPY . .
+          RUN --mount=type=secret,id=github_token \
+              export GITHUB_TOKEN="\$(cat /run/secrets/github_token)" && \
+              export GITHUB_ACTOR="\$GITHUB_ACTOR" && \
+              ./gradlew test --stacktrace --no-daemon
+          DOCKERFILE
+          docker build \
+            --secret id=github_token,env=GITHUB_TOKEN \
+            --build-arg "GITHUB_ACTOR=${GITHUB_ACTOR_ARG}" \
+            -f /tmp/Dockerfile.test \
+            .
+
+      - name: Run unit tests
+        if: ${{ inputs.hasIntegrationTests == false }}
+        env:
+          GITHUB_ACTOR: ${{ github.actor }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: ./gradlew test jacocoTestReport --stacktrace
+
+      - name: Run unit tests and integration tests
+        if: ${{ inputs.hasIntegrationTests }}
+        env:
+          GITHUB_ACTOR: ${{ github.actor }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: ./gradlew test integrationTest jacocoTestReport --stacktrace
 
       - name: Upload coverage reports to Codecov
         uses: codecov/codecov-action@v5

scripts/test_validate_java_version_consistency.py

@@ -4,6 +4,7 @@
     extract_java_version_from_docker_tag,
     normalize_java_version,
     parse_docker_java_version,
+    parse_docker_jdk_image,
     parse_gradle_java_version,
     resolve_args,
 )
@@ -219,6 +220,84 @@ def test_unrecognizable_java_version_in_tag_raises(self, tmp_path):
             parse_docker_java_version(str(dockerfile))
 
 
+# ---------------------------------------------------------------------------
+# parse_docker_jdk_image  (uses tmp_path fixture)
+# ---------------------------------------------------------------------------
+
+class TestParseDockerJdkImage:
+    def test_standard_multistage_returns_first_real_from(self, tmp_path):
+        dockerfile = tmp_path / "Dockerfile"
+        dockerfile.write_text(
+            "FROM hsldevcom/infodevops-docker-base-images:1.0.2-25-java-jdk AS base\n"
+            "FROM base AS test\n"
+            "FROM base AS build\n"
+            "FROM hsldevcom/infodevops-docker-base-images:1.0.2-25-java-jre\n"
+        )
+        image = parse_docker_jdk_image(str(dockerfile))
+        assert image == "hsldevcom/infodevops-docker-base-images:1.0.2-25-java-jdk"
+
+    def test_arg_substitution(self, tmp_path):
+        dockerfile = tmp_path / "Dockerfile"
+        dockerfile.write_text(
+            "ARG BASE_TAG=1.0.2-25-java-jdk\n"
+            "FROM hsldevcom/infodevops-docker-base-images:${BASE_TAG} AS base\n"
+            "FROM hsldevcom/infodevops-docker-base-images:1.0.2-25-java-jre\n"
+        )
+        image = parse_docker_jdk_image(str(dockerfile))
+        assert "1.0.2-25-java-jdk" in image
+
+    def test_single_stage_returns_only_image(self, tmp_path):
+        dockerfile = tmp_path / "Dockerfile"
+        dockerfile.write_text(
+            "FROM hsldevcom/infodevops-docker-base-images:1.0.2-25-java-jdk\n"
+        )
+        image = parse_docker_jdk_image(str(dockerfile))
+        assert image == "hsldevcom/infodevops-docker-base-images:1.0.2-25-java-jdk"
+
+    def test_skips_scratch(self, tmp_path):
+        dockerfile = tmp_path / "Dockerfile"
+        dockerfile.write_text(
+            "FROM scratch\n"
+            "FROM hsldevcom/infodevops-docker-base-images:1.0.2-25-java-jdk AS base\n"
+        )
+        image = parse_docker_jdk_image(str(dockerfile))
+        assert "java-jdk" in image
+
+    def test_skips_stage_aliases(self, tmp_path):
+        dockerfile = tmp_path / "Dockerfile"
+        dockerfile.write_text(
+            "FROM hsldevcom/infodevops-docker-base-images:1.0.2-25-java-jdk AS base\n"
+            "FROM base AS test\n"
+        )
+        image = parse_docker_jdk_image(str(dockerfile))
+        assert image == "hsldevcom/infodevops-docker-base-images:1.0.2-25-java-jdk"
+
+    def test_comments_are_ignored(self, tmp_path):
+        dockerfile = tmp_path / "Dockerfile"
+        dockerfile.write_text(
+            "# syntax=docker/dockerfile:1\n"
+            "# check=error=true\n"
+            "FROM hsldevcom/infodevops-docker-base-images:1.0.2-25-java-jdk AS base\n"
+        )
+        image = parse_docker_jdk_image(str(dockerfile))
+        assert "java-jdk" in image
+
+    def test_no_real_from_raises(self, tmp_path):
+        dockerfile = tmp_path / "Dockerfile"
+        dockerfile.write_text("FROM scratch\n")
+        with pytest.raises(RuntimeError, match="Could not find a JDK base image"):
+            parse_docker_jdk_image(str(dockerfile))
+
+    def test_only_aliases_raises(self, tmp_path):
+        dockerfile = tmp_path / "Dockerfile"
+        dockerfile.write_text(
+            "FROM base AS test\n"
+            "FROM build AS final\n"
+        )
+        with pytest.raises(RuntimeError, match="Could not find a JDK base image"):
+            parse_docker_jdk_image(str(dockerfile))
+
+
 # ---------------------------------------------------------------------------
 # parse_gradle_java_version  (uses tmp_path fixture)
 # ---------------------------------------------------------------------------

scripts/validate_java_version_consistency.py

@@ -50,6 +50,39 @@ def replace(match):
     return re.sub(r'\$\{([^}]+)\}|\$(\w+)', replace, value)
 
 
+def _is_stage_alias(image):
+    """Return True if the image string is a multi-stage alias (e.g. 'base', 'build'), not a registry reference."""
+    return ':' not in image and '/' not in image
+
+
+def parse_docker_jdk_image(dockerfile_path):
+    """Return the image ref of the first real (non-scratch, non-alias) FROM stage.
+
+    In the standard 4-stage Java Dockerfile pattern the first real FROM is the JDK
+    build/test image, e.g. hsldevcom/infodevops-docker-base-images:1.0.2-25-java-jdk.
+    """
+    args = {}
+
+    with open(dockerfile_path, encoding='utf-8') as dockerfile:
+        for raw_line in dockerfile:
+            line = raw_line.split('#', 1)[0].strip()
+            if not line:
+                continue
+
+            arg_match = re.match(r'^ARG\s+([A-Za-z_][A-Za-z0-9_]*)=(.+)$', line, re.IGNORECASE)
+            if arg_match:
+                args[arg_match.group(1)] = arg_match.group(2).strip()
+                continue
+
+            from_match = re.match(r'^FROM\s+([^\s]+)', line, re.IGNORECASE)
+            if from_match:
+                image = resolve_args(from_match.group(1).strip(), args)
+                if image.lower() != 'scratch' and not _is_stage_alias(image):
+                    return image
+
+    raise RuntimeError('Could not find a JDK base image in Dockerfile.')
+
+
 def parse_docker_java_version(dockerfile_path):
     args = {}
     images = []
@@ -158,11 +191,24 @@ def parse_gradle_java_version(gradle_path):
     )
 
 
+def _write_github_file(env_var_name, content):
+    """Append key=value to a GitHub Actions environment file if the path is set."""
+    path = os.getenv(env_var_name)
+    if path:
+        with open(path, 'a') as f:
+            f.write(f'{content}\n')
+
+
 def main():
     dockerfile_path = os.path.join(os.getcwd(), 'Dockerfile')
     if not os.path.exists(dockerfile_path):
         raise RuntimeError(f'Dockerfile not found at {dockerfile_path}.')
 
+    jdk_image = parse_docker_jdk_image(dockerfile_path)
+    print(f'JDK base image: {jdk_image}')
+    _write_github_file('GITHUB_OUTPUT', f'TEST_BASE_IMAGE={jdk_image}')
+    _write_github_file('GITHUB_ENV', f'TEST_BASE_IMAGE={jdk_image}')
+
     docker_version, docker_image = parse_docker_java_version(dockerfile_path)
 
     pom_path = os.path.join(os.getcwd(), 'pom.xml')