Reusable GitHub Actions workflows for building, testing, and publishing Horizon platform components.
| Workflow | Purpose |
|---|---|
gradle-build.yml |
Build + test Java/Gradle projects with JaCoCo coverage |
go-test.yml |
Build + test Go projects with DinD services |
golangci-lint.yml |
Go static analysis (shared .golangci.yml auto-fetched if not present locally) |
docker-publish.yml |
Build Docker image + push to Artifactory |
reuse-compliance.yml |
REUSE/SPDX license header check |
name: CI
on:
push:
jobs:
build:
permissions:
contents: read
pull-requests: write
uses: telekom/pubsub-horizon-ci/.github/workflows/gradle-build.yml@main
with:
java-version: "21"
reuse:
uses: telekom/pubsub-horizon-ci/.github/workflows/reuse-compliance.yml@main
publish:
needs: [build]
uses: telekom/pubsub-horizon-ci/.github/workflows/docker-publish.yml@main
with:
component: starlight
language: java
build-args: "DOCKER_BASE_IMAGE=artifactory.devops.telekom.de/tardis-oci-local/infra/build/pandora-java-21:1.0.0"
secrets:
REGISTRY_USERNAME: ${{ secrets.ARTIFACTORY_O28M_PUSH_USER }}
REGISTRY_PASSWORD: ${{ secrets.ARTIFACTORY_O28M_PUSH_TOKEN }}name: CI
on:
push:
jobs:
build:
uses: telekom/pubsub-horizon-ci/.github/workflows/go-test.yml@main
with:
test-tags: "testing"
test-flags: "-v -p 1"
lint:
uses: telekom/pubsub-horizon-ci/.github/workflows/golangci-lint.yml@main
reuse:
uses: telekom/pubsub-horizon-ci/.github/workflows/reuse-compliance.yml@main
publish:
needs: [build]
uses: telekom/pubsub-horizon-ci/.github/workflows/docker-publish.yml@main
with:
component: golaris
language: go
secrets:
REGISTRY_USERNAME: ${{ secrets.ARTIFACTORY_O28M_PUSH_USER }}
REGISTRY_PASSWORD: ${{ secrets.ARTIFACTORY_O28M_PUSH_TOKEN }}Images are pushed to JFrog Artifactory:
artifactory.devops.telekom.de/tardis-oci-local/components/horizon/<component>:<tag>
| Git ref | Image tag |
|---|---|
Tag 3.1.0 |
3.1.0 |
Branch main |
latest |
Branch feat/xyz |
feat-xyz |
Tag format matches GitLab's CI_COMMIT_REF_SLUG (lowercase, / and . → -, max 63 chars).
From company intranet (no auth needed):
trusted.artifactory.devops.telekom.de/tardis-oci-local/components/horizon/<component>:<tag>
From external / GitHub runners (auth required):
artifactory.devops.telekom.de/tardis-oci-local/components/horizon/<component>:<tag>
These are org-level GitHub secrets (already configured on all Horizon repos):
| Secret | Value |
|---|---|
ARTIFACTORY_O28M_PUSH_USER |
Artifactory service account username |
ARTIFACTORY_O28M_PUSH_TOKEN |
Artifactory service account token |
Callers that need JaCoCo PR coverage comments must grant:
permissions:
contents: read
pull-requests: writeReusable workflows cannot escalate permissions — the caller must provide them.
| Component | Language | Repo |
|---|---|---|
| Starlight | Java | pubsub-horizon-starlight |
| Comet | Java | pubsub-horizon-comet |
| Galaxy | Java | pubsub-horizon-galaxy |
| Pulsar | Java | pubsub-horizon-pulsar |
| Golaris | Go | pubsub-horizon-golaris |
| Vortex | Go | pubsub-horizon-vortex |
| Quasar | Go | pubsub-horizon-quasar |
Java components use a custom base image with gcompat and DT CA certificates:
artifactory.devops.telekom.de/tardis-oci-local/infra/build/pandora-java-21:1.0.0