Add version and optimised build flags for docker images as well (#286) #136
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Release | |
on: | |
push: | |
tags: | |
- 'v*' | |
permissions: | |
contents: write | |
jobs: | |
calculate-checksum: | |
runs-on: ubuntu-latest | |
outputs: | |
next_latest_tag: ${{ steps.next-latest-tag.outputs.next_latest_tag }} | |
prev_hash: ${{ steps.calc-checksum.outputs.prev_hash }} | |
hash: ${{ steps.calc-checksum.outputs.hash }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 30 | |
fetch-tags: true | |
ref: ${{ github.event.repository.default_branch }} | |
sparse-checkout: . | |
- name: Get next latest tag | |
id: next-latest-tag | |
run: | | |
CURRENT_TAG=$(curl -s https://api.github.com/repos/${{ github.repository }}/releases/latest | jq -r '.tag_name') | |
PREVIOUS_TAG=$(git describe --tags --abbrev=0 $CURRENT_TAG^ --exclude release*) | |
echo "next_latest_tag=$PREVIOUS_TAG" >> $GITHUB_OUTPUT | |
- uses: actions/checkout@v4 | |
with: | |
repository: 'debricked/soot-wrapper' | |
- name: Calculate checksum | |
id: calc-checksum | |
run: | | |
curl -LJO https://github.com/${{ github.repository }}/releases/download/${{ steps.next-latest-tag.outputs.next_latest_tag }}/soot-wrapper-rev-hash.txt | |
echo "hash=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT | |
if [ ! -f soot-wrapper-rev-hash.txt ]; then | |
touch soot-wrapper-rev-hash.txt | |
fi | |
echo "prev_hash=$(cat soot-wrapper-rev-hash.txt)" >> $GITHUB_OUTPUT | |
- name: Store soot-wrapper revision hash | |
run: | | |
echo ${{ steps.calc-checksum.outputs.hash }} > soot-wrapper-rev-hash.txt | |
- name: Upload file containing soot-wrapper revision hash | |
uses: actions/upload-artifact@v4 | |
with: | |
name: soot-wrapper-rev-hash.txt | |
path: soot-wrapper-rev-hash.txt | |
overwrite: 'true' | |
soot-wrapper: | |
needs: calculate-checksum | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
java-version: [ 11, 17, 21 ] | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
repository: 'debricked/soot-wrapper' | |
- name: Pull JAR from previous release if already built | |
if: needs.calculate-checksum.outputs.hash == needs.calculate-checksum.outputs.prev_hash | |
run: | | |
curl -LJO https://github.com/${{ github.repository }}/releases/download/${{ needs.calculate-checksum.outputs.next_latest_tag }}/soot-wrapper-${{ matrix.java-version }}.zip | |
env: | |
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Set up JDK ${{ matrix.java-version }} | |
if: needs.calculate-checksum.outputs.hash != needs.calculate-checksum.outputs.prev_hash | |
uses: actions/setup-java@v4 | |
with: | |
java-version: ${{ matrix.java-version }} | |
distribution: 'adopt' | |
- name: Build with Maven | |
if: needs.calculate-checksum.outputs.hash != needs.calculate-checksum.outputs.prev_hash | |
run: | | |
cd java/common/ | |
mvn clean package -X -DskipTests | |
- name: Create archive with generated JARs | |
if: needs.calculate-checksum.outputs.hash != needs.calculate-checksum.outputs.prev_hash | |
run: | | |
cd java/common/target/ | |
zip soot-wrapper-${{ matrix.java-version }}.zip SootWrapper.jar # Use only the jar which includes dependencies | |
mv soot-wrapper-${{ matrix.java-version }}.zip ../../../soot-wrapper-${{ matrix.java-version }}.zip | |
- name: Upload the archive | |
uses: actions/upload-artifact@v4 | |
with: | |
name: soot-wrapper-${{ matrix.java-version }}.zip | |
path: soot-wrapper-${{ matrix.java-version }}.zip | |
overwrite: 'true' | |
goreleaser: | |
runs-on: ubuntu-latest | |
needs: soot-wrapper | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- run: git fetch --force --tags | |
- name: Install UPX | |
uses: crazy-max/ghaction-upx@v3 | |
with: | |
install-only: true | |
- uses: actions/setup-go@v5 | |
with: | |
go-version: '>=1.20' | |
cache: true | |
- name: Import GPG signing key | |
id: import_gpg | |
uses: crazy-max/ghaction-import-gpg@v6 | |
with: | |
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} | |
passphrase: ${{ secrets.GPG_PASSPHRASE }} | |
- name: Pull Supported Formats | |
run: | | |
cd cmd/debricked | |
go generate -v -x | |
- uses: goreleaser/goreleaser-action@v6 | |
with: | |
distribution: goreleaser | |
version: latest | |
args: release --clean | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }} | |
- name: Download JAR archives | |
uses: actions/download-artifact@v4 | |
- name: Add archives with JARs to release | |
uses: softprops/action-gh-release@v2 | |
if: startsWith(github.ref, 'refs/tags/') | |
with: | |
tag_name: ${{ github.ref_name }} | |
files: | | |
soot-wrapper-rev-hash.txt/soot-wrapper-rev-hash.txt | |
soot-wrapper-11.zip/soot-wrapper-11.zip | |
soot-wrapper-17.zip/soot-wrapper-17.zip | |
soot-wrapper-21.zip/soot-wrapper-21.zip | |
major-release: | |
runs-on: ubuntu-latest | |
needs: goreleaser | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Update major release tag | |
id: major-tag | |
run: | | |
# returns v1, v2, etc, everything to the left of the leftmost dot. | |
MAJOR_VERSION="${GITHUB_REF_NAME%%.*}" | |
MAJOR_TAG="release-${MAJOR_VERSION}" | |
echo "MAJOR_VERSION=${MAJOR_VERSION}" >> "$GITHUB_OUTPUT" | |
echo "MAJOR_TAG=${MAJOR_TAG}" >> "$GITHUB_OUTPUT" | |
git tag -f "${MAJOR_TAG}" | |
git push -f origin "${MAJOR_TAG}" | |
- name: Fetch assets from actual release | |
env: | |
MAJOR_TAG: ${{ steps.major-tag.outputs.MAJOR_TAG }} | |
GH_TOKEN: ${{ github.token }} | |
run: | | |
gh release download --pattern="cli_*.tar.gz" "${GITHUB_REF_NAME}" | |
- name: Create or update release | |
uses: softprops/action-gh-release@v2 | |
with: | |
body: Latest release for the ${{ steps.major-tag.outputs.MAJOR_VERSION }} branch of the CLI | |
name: Latest ${{ steps.major-tag.outputs.MAJOR_VERSION }} CLI | |
tag_name: ${{ steps.major-tag.outputs.MAJOR_TAG }} | |
fail_on_unmatched_files: true | |
make_latest: false | |
files: "cli_*.tar.gz" | |
aur: | |
runs-on: ubuntu-latest | |
needs: goreleaser | |
container: | |
image: archlinux/archlinux:base-devel | |
steps: | |
- name: Prepare Arch Linux container | |
run: | | |
pacman -Syu --noconfirm git go openssh pacman-contrib | |
useradd -m aur | |
# Setup SSH access to aur.archlinux.org | |
- uses: webfactory/[email protected] | |
with: | |
ssh-private-key: ${{ secrets.AUR_SSH_PRIVATE_KEY }} | |
# Now actually clone AUR repo, and update to new version | |
- name: Build package and update AUR | |
run: | | |
export NEW_VERSION="${GITHUB_REF_NAME#v}" | |
sudo -u aur sh -c "mkdir -p /home/aur/.ssh && chmod 700 /home/aur/.ssh && touch /home/aur/.ssh/known_hosts && chmod 600 /home/aur/.ssh/known_hosts" | |
sudo -u aur sh -c "echo 'aur.archlinux.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEuBKrPzbawxA/k2g6NcyV5jmqwJ2s+zpgZGZ7tpLIcN' >> /home/aur/.ssh/known_hosts" | |
mkdir -p /root/.ssh && chmod 700 /root/.ssh && cp /home/aur/.ssh/known_hosts /root/.ssh/known_hosts && chown root: /root/.ssh/known_hosts | |
# clone repo | |
git clone [email protected]:debricked.git debricked | |
chown -R aur debricked/ | |
cd debricked/ | |
sudo -u aur NEW_VERSION="${NEW_VERSION}" make update_version | |
sudo -u aur make package | |
sudo -u aur git diff | |
sudo -u aur git config user.email [email protected] | |
sudo -u aur git config user.name "Debricked build bot" | |
git config --global --add safe.directory "$PWD" | |
make push |