Skip to content

wip: nixify

wip: nixify #1430

Workflow file for this run

name: Build
on:
workflow_dispatch:
inputs: {}
push:
branches: [ "develop" ]
tags: [ "v**" ]
pull_request:
branches: [ "develop" ]
jobs:
checksecret:
runs-on: ubuntu-latest
outputs:
HAVE_SECRETS: ${{ steps.checksecret_job.outputs.HAVE_SECRETS }}
steps:
- id: checksecret_job
env:
TOKEN_BITWARDEN_SM: ${{ secrets.TOKEN_BITWARDEN_SM }}
run: |
echo "HAVE_SECRETS=${{ env.TOKEN_BITWARDEN_SM != '' }}" >> $GITHUB_OUTPUT
# wtf:
# runs-on: self-hosted
# steps:
# - uses: 7mind/github-env@minimal
# - run: |
# set -x
# set -e
# pwd
# ls -la "$(pwd)"
# rm -rf "$(pwd)/test"
# #mount
# docker ps -a
# docker rm $(docker ps -aq) || true
# docker run -v "$(pwd):/test:z" --rm --entrypoint=/bin/bash -t ubuntu -c "rm -rf /test/test"
# docker run -v "$(pwd):/test:z" --rm --entrypoint=/bin/bash -t ubuntu -c "ls -la /test"
#
# test-selfhosted:
# runs-on: self-hosted
# strategy:
# fail-fast: false
# matrix:
# java: [ '22' ]
# scala: [ '2.13']
# steps:
# - uses: 7mind/github-env@minimal
# - name: Build and Test
# env:
# SCALA_VERSION: ${{ matrix.scala }}
# JAVA_VERSION: ${{ matrix.java }}
# run: ./build.sh nix gen test
build-jvm:
runs-on: ubuntu-latest
needs: [ 'checksecret' ]
strategy:
fail-fast: false
matrix:
java: [ '11', '17', '22' ]
scala: [ '2.12', '2.13', '3' ]
steps:
- uses: 7mind/github-env@minimal
- name: Build and Test with Coverage
env:
SCALA_VERSION: ${{ matrix.scala }}
JAVA_VERSION: ${{ matrix.java }}
if: matrix.scala != '3'
run: ./build.sh nix gen coverage
- name: Build and Test without Coverage # coverage leads to verification errors on scala3
env:
SCALA_VERSION: ${{ matrix.scala }}
JAVA_VERSION: ${{ matrix.java }}
if: matrix.scala == '3'
run: ./build.sh nix gen test
- uses: dorny/test-reporter@v1
if: (needs.checksecret.outputs.HAVE_SECRETS == 'true') && (success() || failure())
with:
name: Test reports (JDK ${{ matrix.java }}, Scala ${{ matrix.scala }}, JVM)
path: '**/target/test-reports/TEST-*.xml'
reporter: java-junit
- uses: bitwarden/sm-action@v2
if: (needs.checksecret.outputs.HAVE_SECRETS == 'true') && (success() || failure())
with:
access_token: ${{ secrets.TOKEN_BITWARDEN_SM }}
secrets: |
5e21669e-48b4-49ce-82f0-b193010a2ded > TOKEN_CODECOV
- uses: codecov/codecov-action@v4
if: needs.checksecret.outputs.HAVE_SECRETS == 'true'
continue-on-error: true
with:
token: ${{ env.TOKEN_CODECOV }}
verbose: true
files: "**/cobertura.xml"
# fail_ci_if_error: ${{ matrix.scala != '3' }}
# TODO: do we need scoverage.xml? If so files: may be just omitted
# files: cobertura.xml,scoverage.xml
# flags: unittests
- name: Upload dependency graph
uses: scalacenter/sbt-dependency-submission@v2
build-js:
runs-on: ubuntu-latest
needs: [ 'checksecret' ]
strategy:
fail-fast: false
matrix:
java: [ '11', '17', '22' ]
scala: [ '2.12', '2.13', '3' ]
steps:
- uses: 7mind/github-env@minimal
- name: Build and Test with Coverage
env:
SCALA_VERSION: ${{ matrix.scala }}
JAVA_VERSION: ${{ matrix.java }}
if: matrix.scala != '3'
run: ./build.sh nix gen-jsonly coverage
- name: Build and Test without Coverage # coverage leads to verification errors on scala3
env:
SCALA_VERSION: ${{ matrix.scala }}
JAVA_VERSION: ${{ matrix.java }}
if: matrix.scala == '3'
run: ./build.sh nix gen-jsonly test
- uses: dorny/test-reporter@v1
if: (needs.checksecret.outputs.HAVE_SECRETS == 'true') && (success() || failure())
with:
name: Test reports (JDK ${{ matrix.java }}, Scala ${{ matrix.scala }}, JS)
path: '**/target/test-reports/TEST-*.xml'
reporter: java-junit
test-site:
runs-on: ubuntu-latest
strategy:
matrix:
java: [ '22' ]
scala: [ '2.13']
steps:
- uses: 7mind/github-env@minimal
- name: Build Microsite
env:
SCALA_VERSION: ${{ matrix.scala }}
JAVA_VERSION: ${{ matrix.java }}
run: ./build.sh nix gen-js site-test
publish-site:
runs-on: ubuntu-latest
strategy:
matrix:
java: [ '22' ]
scala: [ '2.13']
needs: [ 'build-jvm', 'build-js', 'test-site', 'checksecret' ]
if: needs.checksecret.outputs.HAVE_SECRETS == 'true'
steps:
- uses: 7mind/github-env@minimal
- uses: bitwarden/sm-action@v2
with:
access_token: ${{ secrets.TOKEN_BITWARDEN_SM }}
secrets: |
4aeac969-5880-4e36-97a8-b193010ca904 > IZUMI_MICROSITE_KEY
- uses: shimataro/ssh-key-action@v2
with:
key: ${{ env.IZUMI_MICROSITE_KEY }}
known_hosts: 'unnecessary' # github.com is already there
- name: Publish Microsite
env:
SCALA_VERSION: ${{ matrix.scala }}
JAVA_VERSION: ${{ matrix.java }}
run: ./build.sh nix gen-js site-publish
publish-artifacts:
runs-on: ubuntu-latest
needs: [ 'build-jvm', 'build-js', 'checksecret' ]
if: needs.checksecret.outputs.HAVE_SECRETS == 'true'
strategy:
fail-fast: false
matrix:
java: [ '11' ]
scala: [ '2.12', '2.13', '3']
steps:
- uses: 7mind/github-env@minimal
- uses: bitwarden/sm-action@v2
with:
access_token: ${{ secrets.TOKEN_BITWARDEN_SM }}
secrets: |
994f97a2-97a4-4fe1-806a-b1930104435f > SONATYPE_CREDENTIALS_FILE
749f4227-9f11-4ceb-9121-b1930110c3a9 > OPENSSL_KEY
a2fe5b5b-5f3f-47f8-961c-b1930110cea7 > OPENSSL_IV
- name: Build and Publish to Sonatype
env:
SCALA_VERSION: ${{ matrix.scala }}
JAVA_VERSION: ${{ matrix.java }}
SONATYPE_SECRET: .secrets/credentials.sonatype-nexus.properties
run: |
mkdir .secrets
echo "$SONATYPE_CREDENTIALS_FILE" > "$SONATYPE_SECRET"
openssl aes-256-cbc -K ${OPENSSL_KEY} -iv ${OPENSSL_IV} -in secrets.tar.enc -out secrets.tar -d
tar xvf secrets.tar
./build.sh nix gen-js publish-scala
all-good:
if: always()
runs-on: ubuntu-latest
needs: [ 'build-jvm', 'build-js', 'test-site' ]
steps:
- name: Decide whether the needed jobs succeeded or failed
uses: re-actors/alls-green@release/v1
with:
jobs: ${{ toJSON(needs) }}