From 070620c4243e6a27f3da6878b5cf89b1dc6eda17 Mon Sep 17 00:00:00 2001
From: ndr_brt <andrea.bertagnolli@gmail.com>
Date: Mon, 14 Oct 2024 09:50:41 +0200
Subject: [PATCH] ci: add publish dependencies flow

---
 .github/workflows/publish-dependencies.yml | 59 ++++++++++++++++++++++
 1 file changed, 59 insertions(+)
 create mode 100644 .github/workflows/publish-dependencies.yml

diff --git a/.github/workflows/publish-dependencies.yml b/.github/workflows/publish-dependencies.yml
new file mode 100644
index 0000000..bc978c4
--- /dev/null
+++ b/.github/workflows/publish-dependencies.yml
@@ -0,0 +1,59 @@
+name: publish dependencies
+
+on:
+  workflow_call:
+
+jobs:
+  publish-dependencies:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: eclipse-edc/.github/.github/actions/setup-build@main
+      - name: Download latest Eclipse Dash
+        run: |
+          curl -L https://repo.eclipse.org/service/local/artifact/maven/redirect\?r\=dash-licenses\&g\=org.eclipse.dash\&a\=org.eclipse.dash.licenses\&v\=LATEST --output dash.jar
+      - name: Generate DEPENDENCIES
+        run: |
+          
+          # dash returns a nonzero exit code if there are libs that need review. the "|| true" avoids that
+          ./gradlew allDependencies | grep -Poh "(?<=\s)[\w.-]+:[\w.-]+:[^:\s\[\]]+" | sort | uniq | java -jar dash.jar - -summary DEPENDENCIES || true
+          
+          # error if DEPENDENCIES is empty
+          grep -E 'maven' DEPENDENCIES | if test $(wc -l) -lt 1; then
+            echo "::error file=DEPENDENCIES,title=Dependencies file is corrupted, please run the workflow again"
+            exit 1
+          fi
+          
+          # log warning if restricted deps are found
+          grep -E 'restricted' DEPENDENCIES | if test $(wc -l) -gt 0; then
+            echo "::warning file=DEPENDENCIES,title=Restricted Dependencies found::Some dependencies are marked 'restricted' - please review them"
+          fi
+          
+          # log error and fail job if rejected deps are found
+          grep -E 'rejected' DEPENDENCIES | if test $(wc -l) -gt 0; then
+            echo "::error file=DEPENDENCIES,title=Rejected Dependencies found::Some dependencies are marked 'rejected', they cannot be used"
+            exit 1
+          fi
+          
+          mkdir public
+          cd public
+          mv DEPENDENCIES public
+
+      - name: Deploy to GitHub Pages
+        uses: peaceiris/actions-gh-pages@v4
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          publish_dir: public
+          keep_files: true
+
+  Post-To-Discord:
+    needs: [ publish-dependencies ]
+    if: "failure()"
+    runs-on: ubuntu-latest
+    steps:
+      - uses: sarisia/actions-status-discord@v1
+        with:
+          webhook: ${{ secrets.DISCORD_GITHUB_CI_WEBHOOK }}
+          status: ${{ needs.publish-dependencies.result }}
+          title: "Generate ${{ github.repository }} dependencies"
+          username: GitHub Actions