Skip to content

Merge pull request #208 from debricked/0-fix-java-zip-fingerprinting #79

Merge pull request #208 from debricked/0-fix-java-zip-fingerprinting

Merge pull request #208 from debricked/0-fix-java-zip-fingerprinting #79

Workflow file for this run

name: Release
on:
push:
tags:
- '*'
permissions:
contents: write
jobs:
soot-wrapper:
runs-on: ubuntu-latest
strategy:
matrix:
java-version: [ 11, 17, 21 ]
steps:
- uses: actions/checkout@v4
with:
repository: 'debricked/soot-wrapper'
- name: Calculate checksum
id: calc-checksum
run: |
TAG=$(curl -s https://api.github.com/repos/${{ github.repository }}/releases/latest | jq -r '.tag_name')
curl -LJO https://github.com/${{ github.repository }}/releases/download/${TAG}/soot-wrapper-rev-hash.txt
echo "release_tag=$TAG" >> $GITHUB_OUTPUT
echo "hash=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT
if [ ! -f soot-wrapper-rev-hash.txt ]; then
touch soot-wrapper-rev-hash.txt
fi
echo "prev_hash=$(cat soot-wrapper-rev-hash.txt)" >> $GITHUB_OUTPUT
- name: Pull JAR from previous release if already built
if: steps.calc-checksum.outputs.hash == steps.calc-checksum.outputs.prev_hash
run: |
curl -LJO https://github.com/${{ github.repository }}/releases/download/${{ steps.calc-checksum.outputs.release_tag }}/soot-wrapper-${{ matrix.java-version }}.zip
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Set up JDK ${{ matrix.java-version }}
if: steps.calc-checksum.outputs.hash != steps.calc-checksum.outputs.prev_hash
uses: actions/setup-java@v4
with:
java-version: ${{ matrix.java-version }}
distribution: 'adopt'
- name: Build with Maven
if: steps.calc-checksum.outputs.hash != steps.calc-checksum.outputs.prev_hash
run: |
cd java/common/
mvn clean package -X -DskipTests
- name: Create archive with generated JARs
if: steps.calc-checksum.outputs.hash != steps.calc-checksum.outputs.prev_hash
run: |
cd java/common/target/
zip -r soot-wrapper-${{ matrix.java-version }}.zip *.jar
mv soot-wrapper-${{ matrix.java-version }}.zip ../../../soot-wrapper-${{ matrix.java-version }}.zip
- name: Store soot-wrapper revision hash
if: steps.calc-checksum.outputs.hash != steps.calc-checksum.outputs.prev_hash
run: |
echo ${{ steps.calc-checksum.outputs.hash }} > soot-wrapper-rev-hash.txt
- name: Upload file containing soot-wrapper revision hash
if: steps.calc-checksum.outputs.hash != steps.calc-checksum.outputs.prev_hash
uses: actions/upload-artifact@v4
with:
name: soot-wrapper-rev-hash.txt
path: soot-wrapper-rev-hash.txt
overwrite: 'true'
- name: Upload the archive
uses: actions/upload-artifact@v4
with:
name: soot-wrapper-${{ matrix.java-version }}.zip
path: soot-wrapper-${{ matrix.java-version }}.zip
overwrite: 'true'
goreleaser:
runs-on: ubuntu-latest
needs: soot-wrapper
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- run: git fetch --force --tags
- uses: actions/setup-go@v5
with:
go-version: '>=1.20'
cache: true
- name: Import GPG signing key
id: import_gpg
uses: crazy-max/ghaction-import-gpg@v6
with:
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
passphrase: ${{ secrets.GPG_PASSPHRASE }}
- name: Pull Supported Formats
run: |
cd cmd/debricked
go generate -v -x
- uses: goreleaser/goreleaser-action@v5
with:
distribution: goreleaser
version: latest
args: release --clean
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}
- name: Download JAR archives
uses: actions/download-artifact@v4
- name: Add archives with JARs to release
uses: softprops/action-gh-release@v1
if: startsWith(github.ref, 'refs/tags/')
with:
tag_name: ${{ github.ref_name }}
files: |
soot-wrapper-rev-hash.txt/soot-wrapper-rev-hash.txt
soot-wrapper-11.zip/soot-wrapper-11.zip
soot-wrapper-17.zip/soot-wrapper-17.zip
soot-wrapper-21.zip/soot-wrapper-21.zip
aur:
runs-on: ubuntu-latest
needs: goreleaser
container:
image: archlinux/archlinux:base-devel
steps:
- name: Prepare Arch Linux container
run: |
pacman -Syu --noconfirm git go openssh pacman-contrib
useradd -m aur
# Setup SSH access to aur.archlinux.org
- uses: webfactory/[email protected]
with:
ssh-private-key: ${{ secrets.AUR_SSH_PRIVATE_KEY }}
# Now actually clone AUR repo, and update to new version
- name: Build package and update AUR
run: |
export NEW_VERSION="${GITHUB_REF_NAME#v}"
sudo -u aur sh -c "mkdir -p /home/aur/.ssh && chmod 700 /home/aur/.ssh && touch /home/aur/.ssh/known_hosts && chmod 600 /home/aur/.ssh/known_hosts"
sudo -u aur sh -c "echo 'aur.archlinux.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEuBKrPzbawxA/k2g6NcyV5jmqwJ2s+zpgZGZ7tpLIcN' >> /home/aur/.ssh/known_hosts"
mkdir -p /root/.ssh && chmod 700 /root/.ssh && cp /home/aur/.ssh/known_hosts /root/.ssh/known_hosts && chown root: /root/.ssh/known_hosts
# clone repo
git clone [email protected]:debricked.git debricked
chown -R aur debricked/
cd debricked/
sudo -u aur NEW_VERSION="${NEW_VERSION}" make update_version
sudo -u aur make package
sudo -u aur git diff
sudo -u aur git config user.email [email protected]
sudo -u aur git config user.name "Debricked build bot"
git config --global --add safe.directory "$PWD"
make push