Bump gradle/actions from 4.2.1 to 4.2.2 (#62) #205
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Java CI with Gradle | |
on: | |
push: | |
branches: [ "main" ] | |
pull_request: | |
branches: [ "main" ] | |
workflow_dispatch: | |
# Sets permissions of the GITHUB_TOKEN to allow deployment to GitHub Pages | |
permissions: | |
contents: read | |
pages: write | |
# This is required for requesting the JWT | |
id-token: write | |
# Push container images | |
packages: write | |
# Allow only one concurrent deployment, skipping runs queued between the run in-progress and latest queued. | |
# However, do NOT cancel in-progress runs as we want to allow these production deployments to complete. | |
concurrency: | |
group: "pages" | |
cancel-in-progress: false | |
jobs: | |
build: | |
runs-on: ubuntu-24.04 | |
permissions: | |
contents: read | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Set up JDK 21 | |
uses: actions/setup-java@v4 | |
with: | |
java-version: '21' | |
distribution: 'sapmachine' | |
# Configure Gradle for optimal use in GiHub Actions, including caching of downloaded dependencies. | |
# See: https://github.com/gradle/actions/blob/main/setup-gradle/README.md | |
- name: Setup Gradle | |
uses: gradle/actions/setup-gradle@0bdd871935719febd78681f197cd39af5b6e16a6 # v4 | |
- name: Build with Gradle Wrapper | |
run: ./gradlew --no-daemon build asciidoctor | |
- name: Upload artifact | |
uses: actions/upload-artifact@v4 | |
with: | |
name: build-artifacts | |
path: 'build' | |
container-image: | |
runs-on: ubuntu-24.04 | |
needs: | |
- build | |
env: | |
IMAGE_NAME: gardenlinux/glvd-api | |
IMAGE_TAG: latest | |
steps: | |
- name: Checkout repo | |
uses: actions/checkout@v4 | |
- run: mkdir -p build | |
- name: Download built jar | |
uses: actions/download-artifact@v4 | |
with: | |
name: build-artifacts | |
path: build | |
- name: Install qemu dependency for multi-arch build | |
run: | | |
sudo apt-get update | |
sudo apt-get install -y qemu-user-static | |
- name: Build Image | |
id: build_image | |
uses: redhat-actions/buildah-build@v2 | |
with: | |
image: ${{ env.IMAGE_NAME }} | |
tags: ${{ env.IMAGE_TAG }} | |
platforms: linux/amd64, linux/arm64 | |
containerfiles: | | |
./Containerfile | |
- name: Echo Outputs | |
run: | | |
echo "Image: ${{ steps.build_image.outputs.image }}" | |
echo "Tags: ${{ steps.build_image.outputs.tags }}" | |
echo "Tagged Image: ${{ steps.build_image.outputs.image-with-tag }}" | |
- name: Check images created | |
run: buildah images | grep '${{ env.IMAGE_NAME }}' | |
- name: Check manifest | |
run: | | |
set -x | |
buildah manifest inspect ${{ steps.build_image.outputs.image }}:${{ env.IMAGE_TAG }} | |
- name: Push To ghcr.io | |
id: push-to-ghcr | |
if: ${{ github.event_name != 'pull_request' }} | |
uses: redhat-actions/push-to-registry@v2 | |
with: | |
image: ${{ steps.build_image.outputs.image }} | |
tags: ${{ steps.build_image.outputs.tags }} | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Log in to ghcr.io | |
uses: redhat-actions/podman-login@v1 | |
with: | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
registry: ghcr.io | |
- name: Build bare images | |
run: | | |
./build_bare.sh | |
- name: Push bare images | |
if: ${{ github.event_name != 'pull_request' }} | |
id: bare | |
run: | | |
podman push --digestfile=bare-amd64-digest ghcr.io/gardenlinux/glvd-api:latest-linuxamd64_bare | |
podman push ghcr.io/gardenlinux/glvd-api:latest-linuxarm64_bare | |
echo "bare-amd64-digest=$(cat ./bare-amd64-digest)" >> $GITHUB_OUTPUT | |
- name: Print image url | |
if: ${{ github.event_name != 'pull_request' }} | |
run: echo "Image pushed to ${{ steps.push-to-ghcr.outputs.registry-paths }}" | |
- name: Print digest | |
if: ${{ github.event_name != 'pull_request' }} | |
run: echo "Image pushed to ${{ steps.push-to-ghcr.outputs.digest }}" | |
- name: Get OIDC token | |
if: ${{ github.event_name != 'pull_request' }} | |
id: get-token | |
run: | | |
IDTOKEN=$(curl -H "Authorization: bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" "$ACTIONS_ID_TOKEN_REQUEST_URL&audience=glvd" | jq -r '.value') | |
echo "idToken=${IDTOKEN}" >> $GITHUB_OUTPUT | |
- uses: azure/k8s-set-context@v4 | |
if: ${{ github.event_name != 'pull_request' }} | |
with: | |
method: kubeconfig | |
kubeconfig: "${{ secrets.KUBECONFIG }}" | |
- name: Deploy the image | |
if: ${{ github.event_name != 'pull_request' }} | |
run: kubectl --namespace default --token "${{ steps.get-token.outputs.idToken }}" set image deploy/glvd glvd-api=ghcr.io/gardenlinux/glvd-api:latest-linuxamd64_bare@${{ steps.bare.outputs.bare-amd64-digest }} | |
dependency-submission: | |
runs-on: ubuntu-24.04 | |
permissions: | |
contents: write | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Set up JDK 21 | |
uses: actions/setup-java@v4 | |
with: | |
java-version: '21' | |
distribution: 'sapmachine' | |
# Generates and submits a dependency graph, enabling Dependabot Alerts for all project dependencies. | |
# See: https://github.com/gradle/actions/blob/main/dependency-submission/README.md | |
- name: Generate and submit dependency graph | |
uses: gradle/actions/dependency-submission@0bdd871935719febd78681f197cd39af5b6e16a6 # v4 | |
deploy-pages: | |
environment: | |
name: github-pages | |
url: ${{ steps.deployment.outputs.page_url }} | |
runs-on: ubuntu-24.04 | |
needs: | |
- build | |
if: github.ref == 'refs/heads/main' | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Setup Pages | |
uses: actions/configure-pages@v5 | |
- uses: actions/download-artifact@v4 | |
with: | |
name: build-artifacts | |
- name: Upload artifact | |
uses: actions/upload-pages-artifact@v3 | |
with: | |
path: 'docs/asciidoc' | |
- name: Deploy to GitHub Pages | |
id: deployment | |
uses: actions/deploy-pages@v4 | |