-
Notifications
You must be signed in to change notification settings - Fork 6
102 lines (101 loc) · 4.12 KB
/
Copy pathpush.yml
File metadata and controls
102 lines (101 loc) · 4.12 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
name: Build and push
on:
push:
branches:
- master
- 3.x
env:
JFROG_USER: ${{ secrets.ARTIFACTORY_AUTH_USER }}
JFROG_PASS: ${{ secrets.ARTIFACTORY_AUTH_TOKEN }}
SONATYPE_GPG_KEY_BASE64: ${{ secrets.SONATYPE_GPG_KEY_BASE64 }}
SONATYPE_USERNAME: ${{ secrets.SONATYPE_USERNAME }}
SONATYPE_PASSWORD: ${{ secrets.SONATYPE_PASSWORD }}
SONATYPE_GPG_KEY_PASSWORD: ${{ secrets.SONATYPE_GPG_KEY_PASSWORD }}
NVD_API_KEY: ${{ secrets.NVD_API_KEY }}
jobs:
maven-package:
if: "!contains(github.event.head_commit.message, 'ci skip')"
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v7
with:
fetch-depth: 0
- name: Copy maven settings
run: |
wget https://raw.githubusercontent.com/entur/ror-maven-settings/master/.m2/settings_release_maven_central.xml -O .github/workflows/settings.xml
- uses: actions/setup-java@v5
with:
java-version: 17.0.13
distribution: liberica
- name: Cache Maven dependencies
uses: actions/cache@v5
with:
path: ~/.m2/repository
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
restore-keys: |
${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
${{ runner.os }}-maven-
${{ runner.os }}-
- name: Run maven build
run: mvn package -s .github/workflows/settings.xml -PprettierCheck -Dprettier.nodePath=node -Dprettier.npmPath=npm
- name: Sonar Scan
env:
SONAR_TOKEN: ${{ secrets.ENTUR_SONAR_PASSWORD }}
SONAR_PROJECT_NAME: ${{ github.event.repository.name }}
SONAR_PROJECT_KEY: entur_${{ github.event.repository.name }}
run: |
mvn -Psonar -s .github/workflows/settings.xml \
org.jacoco:jacoco-maven-plugin:prepare-agent verify \
org.jacoco:jacoco-maven-plugin:report sonar:sonar \
-Dmaven.main.skip \
-DskipTests \
-Dsonar.projectKey=${SONAR_PROJECT_KEY} \
-Dsonar.organization=enturas-github \
-Dsonar.projectName=${SONAR_PROJECT_NAME} \
-Dsonar.host.url=https://sonarcloud.io \
-Dsonar.token=${SONAR_TOKEN}
- name: Upload artifact
uses: actions/upload-artifact@v7.0.0
with:
path: target/*.jar
publish-release:
if: github.repository_owner == 'entur' && github.event_name == 'push'
name: Publish release to maven central
uses: entur/gha-maven-central/.github/workflows/maven-publish.yml@v1
secrets: inherit
with:
push_to_repo: true
snapshot: false
tag-release:
needs: publish-release
if: github.repository_owner == 'entur' && github.event_name == 'push'
name: Tag release on GitHub
runs-on: ubuntu-24.04
permissions:
contents: write
steps:
- uses: actions/checkout@v7
with:
fetch-depth: 0
- name: Create and push release tag
run: |
set -euo pipefail
# publish-release has already pushed the release + next-SNAPSHOT bump
# commits to master, so fetch the latest tip rather than tagging the
# commit that triggered this run.
git fetch --quiet origin master
line=$(git log FETCH_HEAD --grep='Bump current version to' --format='%H %s' \
| grep -v -- '-SNAPSHOT' | head -1 || true)
[ -n "$line" ] || { echo "::error::no release bump commit found"; exit 1; }
sha=${line%% *}
version=$(printf '%s\n' "$line" | sed -E 's/.*Bump current version to ([0-9]+\.[0-9]+\.[0-9]+).*/\1/')
tag="v${version}"
if git ls-remote --exit-code --tags origin "refs/tags/${tag}" >/dev/null 2>&1; then
echo "Tag ${tag} already exists; nothing to do."
exit 0
fi
git config user.name "github-actions[bot]"
git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
git tag -a "${tag}" -m "Release ${tag}" "${sha}"
git push origin "${tag}"
echo "Tagged ${tag} at ${sha}" >> "$GITHUB_STEP_SUMMARY"