-
Notifications
You must be signed in to change notification settings - Fork 23
164 lines (147 loc) · 6.55 KB
/
build.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
name: Build and test
on:
# Build PRs
pull_request_target:
types: [ opened, synchronize, reopened ]
paths-ignore:
- 'docs/**'
- '*.md'
- '**/*.md'
- '.github/workflows/bump*.yaml'
- '.github/workflows/docs.yaml'
- '.github/workflows/codeql*.yaml'
- '.github/workflows/command-*.yaml'
- '.github/workflows/clear-cache.yaml'
- '.github/workflows/deploy-tag.yaml'
- '.github/workflows/prepare-release.yaml'
# On push event
push:
# Build only changes pushed into the `master` branch -- avoids double builds when you push in a branch which has a PR.
branches:
- master
- pipeline
# Ignore documentation changes (Netlify will handle this)
paths-ignore:
- 'docs/**'
- '*.md'
- '**/*.md'
- '.github/workflows/bump*.yaml'
- '.github/workflows/docs.yaml'
- '.github/workflows/codeql*.yaml'
- '.github/workflows/command-*.yaml'
- '.github/workflows/clear-cache.yaml'
- '.github/workflows/deploy-tag.yaml'
- '.github/workflows/prepare-release.yaml'
workflow_dispatch:
# Currently you cannot use ${{ env.IS_FORK }} for some reason, which is why you might need to copy-paste some of these.
env:
REPOSITORY: ${{ github.repository }}
IS_FORK: ${{ github.event.pull_request.head.repo.full_name != vars.CURRENT_REPO || github.repository != vars.CURRENT_REPO }}
IS_PR: ${{ github.event_name == 'pull_request' }}
EVENT_NAME: ${{ toJSON(github.event_name) }}
# format: username:branch
PR_HEAD_LABEL: ${{ toJSON(github.event.pull_request.head.label) }}
PR_NUMBER: ${{ github.event.number }}
jobs:
build-and-test:
environment: ${{ github.event_name == 'pull_request_target' && github.event.pull_request.head.repo.full_name != vars.CURRENT_REPO && 'external-collaborators' || '' }}
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
os: [ ubuntu-latest, windows-latest, macos-latest ]
java: [ 11, 17 ]
#os: [ ubuntu-latest ]
#java: [ 11 ]
steps:
- name: Show GitHub context
run: echo "$EVENT_NAME $REPOSITORY $PR_HEAD_LABEL $IS_PR $IS_FORK ${{ github.event.pull_request.head.sha || github.sha }}"
- name: Checkout
uses: actions/checkout@v3
with:
ref: ${{ github.event.pull_request.head.sha || github.sha }}
fetch-depth: '0' # 0 because of sonar needs git blame.
- name: Setup Java ${{ matrix.java }}
uses: actions/setup-java@v3
with:
java-version: ${{ matrix.java }}
distribution: "temurin"
- name: Setup Gradle
uses: gradle/gradle-build-action@v2
with:
# The Gradle wrapper's version (already the default, putting it here to clarity)
gradle-version: wrapper
# Removing unused files from Gradle User Home before saving to cache (i.e. older versions of gradle)
gradle-home-cache-cleanup: true
# Cache downloaded JDKs in addition to the default directories.
gradle-home-cache-includes: |
caches
notifications
jdks
- name: Check if code is eligible for deploying snapshot version
id: deploy_check
uses: actions/github-script@v6
with:
script: |
const fs = require('fs');
const manifest = JSON.parse(fs.readFileSync('.release-please-manifest.json'));
const data = {
"version": manifest["."],
"is_snapshot": manifest["."].toLowerCase().includes("snapshot"),
"matrix": "${{ matrix.os }}",
"jdk": "${{ matrix.java }}",
"is_fork": "${{ env.IS_FORK }}",
"branch" : "${{ github.head_ref || github.ref_name }}"
}
const is_deployable = data.matrix == "ubuntu-latest" && data.jdk == "11" && data.is_fork == "false" && data.branch == "master" && data.is_snapshot == true
console.log("Data: ", data);
console.log("Is deployable: " + is_deployable);
return {
version: data.version,
is_snapshot: '' + data.is_snapshot,
is_deployable: '' + is_deployable
}
- name: Setup key
uses: crazy-max/ghaction-import-gpg@v5
if: ${{ fromJSON(steps.deploy_check.outputs.result).is_deployable == 'true' }}
with:
fingerprint: ${{ vars.GPG_FINGERPRINT }}
gpg_private_key: ${{ secrets.GPG_KEY }}
passphrase: ${{ secrets.GPG_PASS }}
trust_level: 5
- name: Build and test
env:
S3FS_BUCKET_NAME: ${{ secrets.S3FS_BUCKET_NAME }}
S3FS_ACCESS_KEY: ${{ secrets.S3FS_ACCESS_KEY }}
S3FS_SECRET_KEY: ${{ secrets.S3FS_SECRET_KEY }}
S3FS_REGION: ${{ secrets.S3FS_REGION }}
S3FS_PROTOCOL: "https"
run: ./gradlew build jacocoTestReport -PwithSignature=${{ fromJSON(steps.deploy_check.outputs.result).is_deployable }} --warn --stacktrace
- name: Publish code analysis to Sonarcloud
# [WARNING] The version of Java (11.0.21) you have used to run this analysis is deprecated and we will stop accepting it soon. Please update to at least Java 17.
if: ${{ matrix.os == 'ubuntu-latest' && matrix.java == '17' }}
env:
GITHUB_TOKEN: ${{ secrets.GH_TOKEN }}
S3FS_PUBLISH_SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
S3FS_PUBLISH_SONAR_BRANCH: ${{ github.event_name == 'pull_request_target' && '' || github.head_ref || github.ref_name }}
S3FS_PUBLISH_SONAR_PR_NUMBER: ${{ env.PR_NUMBER }}
S3FS_PUBLISH_SONAR_PR_BRANCH: ${{ github.event.pull_request.head.ref }}
S3FS_PUBLISH_SONAR_PR_BASE: ${{ github.event.pull_request.base.ref }}
run: ./gradlew sonar
continue-on-error: true
- name: Check file signature
if: ${{ fromJSON(steps.deploy_check.outputs.result).is_deployable == 'true' }}
run: |
ls -al ./build/libs/
for f in ./build/libs/*.asc; do
echo "Verifying $f"
gpg --verify $f
done
# Publish snapshot only when on master branch, version is actually snapshot and from just one of the matrix jobs.
- name: Publish snapshot (only on master branch)
if: ${{ fromJSON(steps.deploy_check.outputs.result).is_deployable == 'true' }}
env:
S3FS_PUBLISH_SONATYPE_USER: "${{ secrets.S3FS_PUBLISH_SONATYPE_USER }}"
S3FS_PUBLISH_SONATYPE_PASS: "${{ secrets.S3FS_PUBLISH_SONATYPE_PASS }}"
run: |
./gradlew publish