Merge pull request #208 from debricked/0-fix-java-zip-fingerprinting #79
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Release | |
on: | |
push: | |
tags: | |
- '*' | |
permissions: | |
contents: write | |
jobs: | |
soot-wrapper: | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
java-version: [ 11, 17, 21 ] | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
repository: 'debricked/soot-wrapper' | |
- name: Calculate checksum | |
id: calc-checksum | |
run: | | |
TAG=$(curl -s https://api.github.com/repos/${{ github.repository }}/releases/latest | jq -r '.tag_name') | |
curl -LJO https://github.com/${{ github.repository }}/releases/download/${TAG}/soot-wrapper-rev-hash.txt | |
echo "release_tag=$TAG" >> $GITHUB_OUTPUT | |
echo "hash=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT | |
if [ ! -f soot-wrapper-rev-hash.txt ]; then | |
touch soot-wrapper-rev-hash.txt | |
fi | |
echo "prev_hash=$(cat soot-wrapper-rev-hash.txt)" >> $GITHUB_OUTPUT | |
- name: Pull JAR from previous release if already built | |
if: steps.calc-checksum.outputs.hash == steps.calc-checksum.outputs.prev_hash | |
run: | | |
curl -LJO https://github.com/${{ github.repository }}/releases/download/${{ steps.calc-checksum.outputs.release_tag }}/soot-wrapper-${{ matrix.java-version }}.zip | |
env: | |
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Set up JDK ${{ matrix.java-version }} | |
if: steps.calc-checksum.outputs.hash != steps.calc-checksum.outputs.prev_hash | |
uses: actions/setup-java@v4 | |
with: | |
java-version: ${{ matrix.java-version }} | |
distribution: 'adopt' | |
- name: Build with Maven | |
if: steps.calc-checksum.outputs.hash != steps.calc-checksum.outputs.prev_hash | |
run: | | |
cd java/common/ | |
mvn clean package -X -DskipTests | |
- name: Create archive with generated JARs | |
if: steps.calc-checksum.outputs.hash != steps.calc-checksum.outputs.prev_hash | |
run: | | |
cd java/common/target/ | |
zip -r soot-wrapper-${{ matrix.java-version }}.zip *.jar | |
mv soot-wrapper-${{ matrix.java-version }}.zip ../../../soot-wrapper-${{ matrix.java-version }}.zip | |
- name: Store soot-wrapper revision hash | |
if: steps.calc-checksum.outputs.hash != steps.calc-checksum.outputs.prev_hash | |
run: | | |
echo ${{ steps.calc-checksum.outputs.hash }} > soot-wrapper-rev-hash.txt | |
- name: Upload file containing soot-wrapper revision hash | |
if: steps.calc-checksum.outputs.hash != steps.calc-checksum.outputs.prev_hash | |
uses: actions/upload-artifact@v4 | |
with: | |
name: soot-wrapper-rev-hash.txt | |
path: soot-wrapper-rev-hash.txt | |
overwrite: 'true' | |
- name: Upload the archive | |
uses: actions/upload-artifact@v4 | |
with: | |
name: soot-wrapper-${{ matrix.java-version }}.zip | |
path: soot-wrapper-${{ matrix.java-version }}.zip | |
overwrite: 'true' | |
goreleaser: | |
runs-on: ubuntu-latest | |
needs: soot-wrapper | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- run: git fetch --force --tags | |
- uses: actions/setup-go@v5 | |
with: | |
go-version: '>=1.20' | |
cache: true | |
- name: Import GPG signing key | |
id: import_gpg | |
uses: crazy-max/ghaction-import-gpg@v6 | |
with: | |
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} | |
passphrase: ${{ secrets.GPG_PASSPHRASE }} | |
- name: Pull Supported Formats | |
run: | | |
cd cmd/debricked | |
go generate -v -x | |
- uses: goreleaser/goreleaser-action@v5 | |
with: | |
distribution: goreleaser | |
version: latest | |
args: release --clean | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }} | |
- name: Download JAR archives | |
uses: actions/download-artifact@v4 | |
- name: Add archives with JARs to release | |
uses: softprops/action-gh-release@v1 | |
if: startsWith(github.ref, 'refs/tags/') | |
with: | |
tag_name: ${{ github.ref_name }} | |
files: | | |
soot-wrapper-rev-hash.txt/soot-wrapper-rev-hash.txt | |
soot-wrapper-11.zip/soot-wrapper-11.zip | |
soot-wrapper-17.zip/soot-wrapper-17.zip | |
soot-wrapper-21.zip/soot-wrapper-21.zip | |
aur: | |
runs-on: ubuntu-latest | |
needs: goreleaser | |
container: | |
image: archlinux/archlinux:base-devel | |
steps: | |
- name: Prepare Arch Linux container | |
run: | | |
pacman -Syu --noconfirm git go openssh pacman-contrib | |
useradd -m aur | |
# Setup SSH access to aur.archlinux.org | |
- uses: webfactory/[email protected] | |
with: | |
ssh-private-key: ${{ secrets.AUR_SSH_PRIVATE_KEY }} | |
# Now actually clone AUR repo, and update to new version | |
- name: Build package and update AUR | |
run: | | |
export NEW_VERSION="${GITHUB_REF_NAME#v}" | |
sudo -u aur sh -c "mkdir -p /home/aur/.ssh && chmod 700 /home/aur/.ssh && touch /home/aur/.ssh/known_hosts && chmod 600 /home/aur/.ssh/known_hosts" | |
sudo -u aur sh -c "echo 'aur.archlinux.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEuBKrPzbawxA/k2g6NcyV5jmqwJ2s+zpgZGZ7tpLIcN' >> /home/aur/.ssh/known_hosts" | |
mkdir -p /root/.ssh && chmod 700 /root/.ssh && cp /home/aur/.ssh/known_hosts /root/.ssh/known_hosts && chown root: /root/.ssh/known_hosts | |
# clone repo | |
git clone [email protected]:debricked.git debricked | |
chown -R aur debricked/ | |
cd debricked/ | |
sudo -u aur NEW_VERSION="${NEW_VERSION}" make update_version | |
sudo -u aur make package | |
sudo -u aur git diff | |
sudo -u aur git config user.email [email protected] | |
sudo -u aur git config user.name "Debricked build bot" | |
git config --global --add safe.directory "$PWD" | |
make push |