-
Notifications
You must be signed in to change notification settings - Fork 0
183 lines (160 loc) · 6.81 KB
/
post-merge.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
name: Post-merge workflow
on:
pull_request:
types:
- closed
branches:
- main
jobs:
post_merge:
if: github.event.pull_request.merged == true
runs-on: ubuntu-latest
environment: dev-cd
permissions:
id-token: write
packages: write
contents: write
steps:
#
# Checkout the source code.
#
- name: Checkout the source code
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab
with:
token: ${{ secrets.GIT_PAT }}
fetch-depth: 0
#
# Calculation of the new version (again) with tagging + releasing + etc.
#
- name: Calculation of the new version (w/o dry_run) and put tag
uses: cycjimmy/semantic-release-action@8e58d20d0f6c8773181f43eb74d6a05e3099571d
id: semantic
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
semantic_version: 19
branch: main
extra_plugins: |
@semantic-release/[email protected]
@semantic-release/[email protected]
dry_run: false
#
# Cache JDK.
#
- name: Cache JDK
if: steps.semantic.outputs.new_release_published == 'true'
uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8
id: cache-jdk
with:
key: OpenJDK21U-jdk_x64_linux_hotspot_21.0.2_13.tar.gz
path: |
${{ runner.temp }}/jdk_setup.tar.gz
${{ runner.temp }}/jdk_setup.sha256
#
# Download JDK and verify its hash.
#
- name: Download JDK and verify its hash
if: steps.semantic.outputs.new_release_published == 'true' && steps.cache-jdk.outputs.cache-hit != 'true'
run: |
echo "454bebb2c9fe48d981341461ffb6bf1017c7b7c6e15c6b0c29b959194ba3aaa5 ${{ runner.temp }}/jdk_setup.tar.gz" >> ${{ runner.temp }}/jdk_setup.sha256
curl -L "https://github.com/adoptium/temurin21-binaries/releases/download/jdk-21.0.2%2B13/OpenJDK21U-jdk_x64_linux_hotspot_21.0.2_13.tar.gz" -o "${{ runner.temp }}/jdk_setup.tar.gz"
sha256sum --check --status "${{ runner.temp }}/jdk_setup.sha256"
#
# Setup JDK.
#
- name: Setup JDK
if: steps.semantic.outputs.new_release_published == 'true'
uses: actions/setup-java@5ffc13f4174014e2d4d4572b3d74c3fa61aeb2c2
with:
distribution: "jdkfile"
jdkFile: "${{ runner.temp }}/jdk_setup.tar.gz"
java-version: "21"
cache: maven
#
# Cache Maven.
#
- name: Cache Maven
if: steps.semantic.outputs.new_release_published == 'true'
uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8
id: cache-maven
with:
key: apache-maven-3.9.6-bin.tar.gz
path: |
${{ runner.temp }}/maven_setup.tar.gz
${{ runner.temp }}/maven_setup.sha256
#
# Download Maven and verify its hash.
#
- name: Download Maven and verify its hash
if: steps.semantic.outputs.new_release_published == 'true' && steps.cache-maven.outputs.cache-hit != 'true'
run: |
echo "6eedd2cae3626d6ad3a5c9ee324bd265853d64297f07f033430755bd0e0c3a4b ${{ runner.temp }}/maven_setup.tar.gz" >> ${{ runner.temp }}/maven_setup.sha256
curl -L "https://archive.apache.org/dist/maven/maven-3/3.9.6/binaries/apache-maven-3.9.6-bin.tar.gz" -o "${{ runner.temp }}/maven_setup.tar.gz"
sha256sum --check --status "${{ runner.temp }}/maven_setup.sha256"
#
# Setup Maven.
#
- name: Setup Maven
if: steps.semantic.outputs.new_release_published == 'true'
run: |
mkdir ${{ runner.temp }}/maven
tar -xvf ${{ runner.temp }}/maven_setup.tar.gz -C ${{ runner.temp }}/maven --strip-components=1
echo "<settings><servers><server><id>github</id><username>${{ secrets.GIT_USER }}</username><password>${{ secrets.GIT_PAT }}</password></server></servers></settings>" >> ${{ runner.temp }}/settings.xml
#
# STABLE - Update of pom.xml with the new version.
#
- name: STABLE - Update of pom.xml with the new version
if: steps.semantic.outputs.new_release_published == 'true'
run: |
${{ runner.temp }}/maven/bin/mvn versions:set -DnewVersion=${{ steps.semantic.outputs.new_release_version }} -s ${{ runner.temp }}/settings.xml --no-transfer-progress
git config user.name "GitHub Workflow"
git config user.email "<>"
git add pom.xml
git commit -m "pom.xml updated with new version ${{ steps.semantic.outputs.new_release_version }}"
git push origin main
#
# RELEASE CANDIDATE - Execute unit-test + Calculate test coverage + SCA with Sonar.
#
- name: RELEASE CANDIDATE - Execute unit-test + Calculate test coverage + SCA with Sonar
if: steps.semantic.outputs.new_release_published == 'true'
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
run: ${{ runner.temp }}/maven/bin/mvn verify -Pvalidate -s ${{ runner.temp }}/settings.xml --no-transfer-progress
#
# STABLE - Build native executable.
#
- name: STABLE - Build native executable
if: steps.semantic.outputs.new_release_published == 'true'
run: |
${{ runner.temp }}/maven/bin/mvn clean package \
-Pnative \
-Dmaven.test.skip=true \
-Dquarkus.native.container-build=true \
-Dquarkus.native.builder-image=quay.io/quarkus/ubi-quarkus-mandrel-builder-image@sha256:ce70e1a8016471ff0fc9c8f048cd9e37afddacd3de37ed0bca74201d102e45f5 \
-s ${{ runner.temp }}/settings.xml \
--no-transfer-progress
#
# STABLE - Build Docker image.
#
- name: STABLE - Build Docker image
if: steps.semantic.outputs.new_release_published == 'true'
run: |
docker build \
-f src/main/docker/Dockerfile.native-micro \
-t ghcr.io/${{ github.repository }}:latest \
-t ghcr.io/${{ github.repository }}:${{ steps.semantic.outputs.new_release_version }} \
.
#
# STABLE - Push Docker image.
#
- name: STABLE - Push Docker image
if: steps.semantic.outputs.new_release_published == 'true'
run: |
echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
docker push -a ghcr.io/${{ github.repository }}
#
# STABLE - Get Docker image with sha256.
#
- name: STABLE - Get Docker image with sha256
if: steps.semantic.outputs.new_release_published == 'true'
run: echo "image_sha256=$(docker image inspect -f '{{index .RepoDigests 0}}' ghcr.io/${{ github.repository }}:${{ steps.semantic.outputs.new_release_version }})" >> "$GITHUB_ENV"