ci: trigger release build #945
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# SPDX-FileCopyrightText: © Vegard IT GmbH (https://vegardit.com) | |
# SPDX-FileContributor: Sebastian Thomschke (Vegard IT GmbH) | |
# SPDX-License-Identifier: Apache-2.0 | |
# SPDX-ArtifactOfProjectHomePage: https://github.com/vegardit/vegardit-maven-parent | |
# | |
# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions | |
name: Build | |
on: | |
push: | |
branches-ignore: # build all branches except: | |
- 'dependabot/**' # prevent GHA triggered twice (once for commit to the branch and once for opening/syncing the PR) | |
tags-ignore: # don't build tags | |
- '**' | |
paths-ignore: | |
- '**/*.adoc' | |
- '**/*.md' | |
- '.editorconfig' | |
- '.git*' | |
- '.github/*.yml' | |
- '.github/workflows/stale.yml' | |
pull_request: | |
paths-ignore: | |
- '**/*.adoc' | |
- '**/*.md' | |
- '.editorconfig' | |
- '.git*' | |
- '.github/*.yml' | |
workflow_dispatch: | |
# https://github.blog/changelog/2020-07-06-github-actions-manual-triggers-with-workflow_dispatch/ | |
inputs: | |
additional_maven_args: | |
description: 'Additional Maven Args' | |
required: false | |
default: '' | |
debug-with-ssh: | |
description: "Start an SSH session for debugging purposes at the end of the build:" | |
default: never | |
type: choice | |
options: [ always, on_failure, on_failure_or_cancelled, never ] | |
debug-with-ssh-only-for-actor: | |
description: "Limit access to the SSH session to the GitHub user that triggered the job." | |
default: true | |
type: boolean | |
debug-with-ssh-only-jobs-matching: | |
description: "Only start an SSH session for jobs matching this regex pattern:" | |
default: ".*" | |
type: string | |
defaults: | |
run: | |
shell: bash | |
jobs: | |
########################################################### | |
maven-build: | |
########################################################### | |
runs-on: ubuntu-latest | |
continue-on-error: ${{ matrix.experimental }} | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- maven_version: mvnw # as defined in .mvn/wrapper/maven-wrapper.properties | |
may_create_release: ${{ github.ref_name == 'main' }} | |
experimental: false | |
- maven_version: 3.6.3 # oldest supported Maven version | |
may_create_release: false | |
experimental: false | |
# https://docs.github.com/en/actions/using-jobs/using-concurrency | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }}-${{ matrix.maven_version }} | |
cancel-in-progress: false | |
steps: | |
- name: "Show: GitHub context" | |
env: | |
GITHUB_CONTEXT: ${{ toJSON(github) }} | |
run: echo $GITHUB_CONTEXT | |
- name: "Show: environment variables" | |
run: env | sort | |
- name: Git Checkout | |
uses: actions/checkout@v4 # https://github.com/actions/checkout | |
- name: "Install: JDK 21 ☕" # to run example unit tests | |
uses: actions/setup-java@v4 # https://github.com/actions/setup-java | |
id: setup-java-21 | |
with: | |
distribution: temurin | |
java-version: 21 | |
- name: "Install: JDK 17 ☕" # to run Maven and plugins and compile test project | |
uses: actions/setup-java@v4 # https://github.com/actions/setup-java | |
id: setup-java-17 | |
with: | |
distribution: temurin | |
java-version: 17 | |
- name: Set JAVA_HOME env vars | |
run: | | |
echo "JAVA17_HOME=${{ steps.setup-java-17.outputs.path }}" >> $GITHUB_ENV | |
echo "JAVA21_HOME=${{ steps.setup-java-21.outputs.path }}" >> $GITHUB_ENV | |
- name: "Cache: Maven Binary" | |
uses: actions/cache@v4 # https://github.com/actions/cache/blob/main/restore/README.md | |
with: | |
path: | | |
~/.m2/wrapper | |
key: ${{ runner.os }}-${{ runner.arch }}-mvn-binary-${{ matrix.maven_version }}-${{ hashFiles('.mvn/wrapper/maven-wrapper.properties') }} | |
- name: "Cache: Restore" | |
id: cache-restore | |
uses: actions/cache/restore@v4 # https://github.com/actions/cache/blob/main/restore/README.md | |
with: | |
# IMPORTANT: path must have exactly the same value as in the cache save step otherwise restore will fail with cache key not found | |
path: | | |
~/.m2/bin | |
~/.m2/repository | |
!~/.m2/repository/.cache | |
!~/.m2/repository/.meta | |
!~/.m2/repository/com/vegardit/maven | |
!~/.m2/repository/*SNAPSHOT* | |
key: ${{ runner.os }}-${{ runner.arch }}-mvn-repo-${{ hashFiles('**/pom.xml') }} | |
restore-keys: | | |
${{ runner.os }}-${{ runner.arch }}-mvn-repo- | |
- name: "Move Restored Repo" | |
if: ${{ steps.cache-restore.outputs.cache-hit }} | |
run: | | |
RESTORED_REPO_PATH=$HOME/.m2/repository-restored | |
mv -v ~/.m2/repository $RESTORED_REPO_PATH | |
echo "RESTORED_REPO_PATH=$RESTORED_REPO_PATH" >> $GITHUB_ENV | |
- name: Set Maven version [${{ matrix.maven_version }}] | |
run: | | |
if [[ "${{ matrix.maven_version }}" != "mvnw" ]]; then | |
chmod u+x mvnw | |
./mvnw -ntp wrapper:wrapper -Dmaven=${{ matrix.maven_version }} | |
fi | |
- name: "Test with Maven 🔨" | |
if: ${{ !matrix.may_create_release || env.ACT }} | |
env: | |
GITHUB_USER: ${{ github.actor }} | |
GITHUB_API_KEY: ${{ github.token }} | |
MAY_CREATE_RELEASE: false | |
run: | | |
bash .ci/build.sh ${{ github.event.inputs.additional_maven_args }} | |
- name: "Build with Maven 🔨" | |
if: ${{ matrix.may_create_release && !env.ACT }} | |
env: | |
DEPLOY_SNAPSHOTS_TO_GITHUB_BRANCH: true | |
GITHUB_USER: ${{ github.actor }} | |
GITHUB_API_KEY: ${{ secrets.GH_API_TOKEN }} | |
MAY_CREATE_RELEASE: true | |
SIGN_KEY: ${{ secrets.GPG_SIGN_KEY }} | |
SIGN_KEY_PASS: ${{ secrets.GPG_SIGN_KEY_PWD }} | |
SONATYPE_CENTRAL_USER: ${{ vars.SONATYPE_CENTRAL_USER }} | |
SONATYPE_CENTRAL_TOKEN: ${{ secrets.SONATYPE_CENTRAL_TOKEN }} | |
run: | | |
set -eu | |
# https://github.community/t/github-actions-bot-email-address/17204 | |
git config --global user.name "github-actions[bot]" | |
git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com" | |
bash .ci/build.sh ${{ github.event.inputs.additional_maven_args }} | |
################################################## | |
# Cache Update | |
# See https://github.com/actions/cache/issues/342#issuecomment-1399442670 | |
################################################## | |
- name: "Cache: Delete Previous" | |
if: ${{ steps.cache-restore.outputs.cache-hit && !env.ACT }} | |
env: | |
GH_TOKEN: ${{ github.token }} | |
run: | | |
gh extension install actions/gh-actions-cache | |
# "|| true" is to avoid "Error: Resource not accessible by integration" from failing the job | |
gh actions-cache delete ${{ steps.cache-restore.outputs.cache-primary-key }} --confirm || true | |
- name: "Cache: Update" | |
uses: actions/cache/save@v4 # https://github.com/actions/cache/blob/main/save/README.md | |
with: | |
path: | | |
~/.m2/bin | |
~/.m2/repository | |
!~/.m2/repository/.cache | |
!~/.m2/repository/.meta | |
!~/.m2/repository/com/vegardit/maven | |
!~/.m2/repository/*SNAPSHOT* | |
key: ${{ steps.cache-restore.outputs.cache-primary-key }} | |
################################################## | |
# Setup SSH debug session | |
################################################## | |
- name: "SSH session for debugging: check" | |
id: DEBUG_SSH_SESSSION_CHECK | |
if: always() | |
run: | | |
set -eu | |
job_filter_pattern="${{ inputs.debug-with-ssh-only-jobs-matching }}" | |
echo "job_filter: $job_filter_pattern" | |
job_info=$(echo "$GITHUB_JOB ${{ runner.os }} java-${{ matrix.java }}" | tr -d '\n') | |
echo "job_info: $job_info" | |
when="${{ inputs.debug-with-ssh }}" | |
if [[ $when == "always" ]] || [[ "$job_info" =~ .*$job_filter_pattern.* ]] && case "${{ job.status }}" in | |
success) [[ $when == "always" ]] ;; | |
cancelled) [[ $when == "on_failure_or_cancelled" ]] ;; | |
failure) [[ $when == "on_failure"* ]] ;; | |
esac; then | |
echo "start_ssh_session=true" | tee -a "$GITHUB_OUTPUT" | |
fi | |
- name: "SSH session for debugging: start" | |
uses: mxschmitt/action-tmate@v3 # https://github.com/mxschmitt/action-tmate | |
if: always() && steps.DEBUG_SSH_SESSSION_CHECK.outputs.start_ssh_session | |
with: | |
limit-access-to-actor: ${{ inputs.debug-with-ssh-only-for-actor }} | |
########################################################### | |
dependabot-pr-auto-merge: | |
########################################################### | |
needs: maven-build | |
if: ${{ github.event_name == 'pull_request' && github.actor == 'dependabot[bot]' }} | |
runs-on: ubuntu-latest | |
concurrency: dependabot-pr-auto-merge | |
permissions: | |
contents: write | |
pull-requests: write | |
steps: | |
- name: Dependabot metadata | |
id: metadata | |
uses: dependabot/fetch-metadata@v2 # https://github.com/dependabot/fetch-metadata/ | |
with: | |
github-token: "${{ secrets.GITHUB_TOKEN }}" | |
- name: Enable auto-merge for Dependabot PRs | |
if: | | |
${{ | |
( | |
steps.dependabot-metadata.outputs.package-ecosystem == 'github-actions' && | |
steps.metadata.outputs.update-type == 'version-update:semver-major' | |
) || ( | |
steps.dependabot-metadata.outputs.package-ecosystem == 'maven' && | |
steps.metadata.outputs.update-type == 'version-update:semver-minor' | |
) | |
}} | |
run: | | |
gh pr merge --auto --rebase "$PR_URL" | |
env: | |
PR_URL: ${{github.event.pull_request.html_url}} | |
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} |