-
Notifications
You must be signed in to change notification settings - Fork 2
124 lines (108 loc) · 4.86 KB
/
ci.yml
File metadata and controls
124 lines (108 loc) · 4.86 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
name: Continuous Integration
on:
push:
branches: ['**']
tags: ['v*.*.*']
pull_request:
branches: [main, 'release/**']
schedule:
- cron: '30 5 * * *'
permissions:
contents: read
jobs:
workflow-tests:
name: Workflow scripts
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- name: Setup mise
uses: jdx/mise-action@be3be2260bc02bc3fbf94c5e2fed8b7964baf074 # v3.4.0
with:
install: true
install_args: actionlint bats jq shellcheck
- name: Check workflow syntax
run: mise exec -- actionlint
- name: Check shell scripts
run: mise exec -- shellcheck -x .github/scripts/*.sh
- name: Test release scripts
run: mise exec -- bats --print-output-on-failure .github/tests/release-scripts.bats
build:
name: Build and test
runs-on: ubuntu-latest
timeout-minutes: 30
strategy:
matrix:
java: [17, 21, 25]
steps:
- name: Checkout (with history)
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
fetch-depth: 0
fetch-tags: true
persist-credentials: false
- name: Set up JDK ${{ matrix.java }}
uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0
with:
distribution: 'zulu'
java-version: ${{ matrix.java }}
- name: Setup Gradle
uses: gradle/actions/setup-gradle@50e97c2cd7a37755bbfafc9c5b7cafaece252f6e # v6.1.0
with:
dependency-graph: disabled
validate-wrappers: true
- name: Configure Docker mirror
run: |
echo '{"registry-mirrors": ["https://mirror.gcr.io"]}' | sudo tee /etc/docker/daemon.json
sudo systemctl restart docker
- name: Build with Gradle
run: ./gradlew build koverXmlReport --info -PjdkVersion=${{ matrix.java }}
- name: Read project version
id: project-version
if: matrix.java == '17'
run: |
version="$(sed -n 's/^version=//p' gradle.properties)"
echo "version=${version}" >> "${GITHUB_OUTPUT}"
- name: Verify release tag
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v') && matrix.java == '17'
run: |
test "$(git cat-file -t "${GITHUB_REF_NAME}")" = "tag"
git fetch origin \
"+refs/heads/main:refs/remotes/origin/main" \
"+refs/heads/release/*:refs/remotes/origin/release/*"
tag_commit="$(git rev-list -n 1 "${GITHUB_REF_NAME}")"
git branch -r --contains "${tag_commit}" | grep -E 'origin/(main|release/[0-9]+\.[0-9]+)$'
- name: Upload snapshot to Sonatype
if: >
github.event_name == 'push' &&
matrix.java == '17' &&
endsWith(steps.project-version.outputs.version, '-SNAPSHOT') &&
(github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/heads/release/'))
run: |
./gradlew publishToMavenCentral --no-configuration-cache -PmavenCentralUsername="${ORG_GRADLE_PROJECT_mavenCentralUsername}" -PmavenCentralPassword="${ORG_GRADLE_PROJECT_mavenCentralPassword}"
env:
ORG_GRADLE_PROJECT_signingInMemoryKey: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }}
ORG_GRADLE_PROJECT_signingInMemoryKeyId: ${{ secrets.MAVEN_GPG_KEYID }}
ORG_GRADLE_PROJECT_signingInMemoryKeyPassword: ${{ secrets.MAVEN_GPG_PASSPHRASE }}
ORG_GRADLE_PROJECT_mavenCentralUsername: ${{ secrets.SONATYPE_USERNAME }}
ORG_GRADLE_PROJECT_mavenCentralPassword: ${{ secrets.SONATYPE_PASSWORD }}
- name: Upload release to Sonatype
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v') && matrix.java == '17'
run: |
./gradlew publishToMavenCentral --no-configuration-cache -PmavenCentralUsername="${ORG_GRADLE_PROJECT_mavenCentralUsername}" -PmavenCentralPassword="${ORG_GRADLE_PROJECT_mavenCentralPassword}"
env:
ORG_GRADLE_PROJECT_signingInMemoryKey: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }}
ORG_GRADLE_PROJECT_signingInMemoryKeyId: ${{ secrets.MAVEN_GPG_KEYID }}
ORG_GRADLE_PROJECT_signingInMemoryKeyPassword: ${{ secrets.MAVEN_GPG_PASSPHRASE }}
ORG_GRADLE_PROJECT_mavenCentralUsername: ${{ secrets.SONATYPE_USERNAME }}
ORG_GRADLE_PROJECT_mavenCentralPassword: ${{ secrets.SONATYPE_PASSWORD }}
- name: Run SonarCloud analysis
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
if: "${{ matrix.java == '25' && env.SONAR_TOKEN != '' }}"
run: ./gradlew sonar -Dsonar.projectVersion=${{ github.sha }}