build: automate GitHub pages deployment #276
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # SPDX-FileCopyrightText: 2021-2024 The Refinery Authors | |
| # | |
| # SPDX-License-Identifier: EPL-2.0 | |
| name: Build | |
| on: | |
| push: | |
| branches: | |
| - '**' | |
| - '!gh-pages' | |
| pull_request: | |
| types: [opened, synchronize, reopened] | |
| jobs: | |
| build: | |
| name: Build | |
| strategy: | |
| matrix: | |
| os: | |
| - ubuntu-latest | |
| - ubuntu-20.04 | |
| - windows-latest | |
| - macos-13 # Intel | |
| - macos-14 # ARM | |
| runs-on: ${{ matrix.os }} | |
| steps: | |
| - name: Check for Sonar secret | |
| id: check-secret | |
| if: ${{ matrix.os == 'ubuntu-latest' }} | |
| env: | |
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
| run: | | |
| if [ "${SONAR_TOKEN}" != '' ]; then | |
| echo 'is_SONAR_TOKEN_set=true' >> $GITHUB_OUTPUT | |
| fi | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: ${{ !steps.check-secret.outputs.is_SONAR_TOKEN_set && 1 || 0 }} # Shallow clones should be disabled for a better relevancy of SonarCloud analysis | |
| - name: Set up JDK 21 | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: 21 | |
| distribution: corretto | |
| - name: Cache Gradle packages | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/.gradle/caches | |
| key: ${{ matrix.os }}-gradle-${{ hashFiles('**/*.gradle', 'gradle.properties', 'gradle/libs.versions.toml', 'gradle/wrapper/gradle-wrapper.properties') }} | |
| restore-keys: ${{ matrix.os }}-gradle | |
| - name: Cache Sonar packages | |
| uses: actions/cache@v4 | |
| if: ${{ steps.check-secret.outputs.is_SONAR_TOKEN_set }} | |
| with: | |
| path: | | |
| ~/.sonar/cache | |
| key: ${{ matrix.os }}-sonar | |
| restore-keys: ${{ matrix.os }}-sonar | |
| - name: Cache node distribution | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| **/.node | |
| key: ${{ matrix.os }}-node-${{ hashFiles('gradle.properties') }} | |
| restore-keys: ${{ matrix.os }}-node | |
| - name: Cache yarn packages | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| **/.yarn/cache | |
| key: ${{ matrix.os }}-yarn-${{ hashFiles('**/yarn.lock') }} | |
| restore-keys: ${{ matrix.os }}-yarn | |
| - name: Gradle build | |
| run: | | |
| ./gradlew build -Pci --info --stacktrace --max-workers 4 --no-daemon | |
| - name: Sonar analyze | |
| if: ${{ steps.check-secret.outputs.is_SONAR_TOKEN_set }} | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed by Sonar to get PR information, if any | |
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
| run: | | |
| ./gradlew sonar -Pci --info --stacktrace --max-workers 4 --no-daemon | |
| - name: Upload site artifact | |
| if: ${{ matrix.os == 'ubuntu-latest' }} | |
| uses: actions/upload-artifact@4 | |
| with: | |
| name: site-zip | |
| path: subprojects/docs/build/refinery-docs.zip | |
| reuse-check: | |
| name: REUSE Compliance Check | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: REUSE Compliance Check | |
| uses: fsfe/reuse-action@a46482ca367aef4454a87620aa37c2be4b2f8106 | |
| with: | |
| args: --include-meson-subprojects lint | |
| publish-site: | |
| name: Publish to GitHub Pages | |
| if: ${{ github.even_name == 'push' && github.ref_name == 'main' && github.repository == 'graphs4value/refinery' }} | |
| needs: build | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Diwonload site artifact | |
| uses: actions/download-artifact@4 | |
| with: | |
| name: site-zip | |
| path: refinery-docs.zip | |
| - name: Import GPG key | |
| uses: crazy-max/ghaction-import-gpg@01dd5d3ca463c7f10f7f4f7b4f177225ac661ee4 | |
| with: | |
| gpg_private_key: ${{ secrets.PGP_KEY }} | |
| passphrase: ${{ secrets.PGP_PASSWORD }} | |
| - name: Commit and push to graphs4value.github.io | |
| env: | |
| PGP_KEY_ID: ${{ secrets.PGP_KEY_ID }} | |
| GH_PAGES_TOKEN: ${{ secrets.GH_PAGES_TOKEN }} | |
| GITHUB_REPOSITORY: ${{ github.sha }} | |
| GITHUB_SHA: ${{ github.sha }} | |
| run: | | |
| mkdir graphs4value.github.io | |
| cd graphs4value.github.io | |
| git init | |
| git config user.name "Graphs4Value bot" | |
| git config user.email "refinery@refinery.tools" | |
| git config user.signingKey "${PGP_KEY_ID}" | |
| git remote add origin "https://x-access-token:${GH_PAGES_TOKEN}@github.com/graphs4value/graphs4value.github.io.git" | |
| unzip ../refinery-docs.zip | |
| git add . | |
| git commit -S -m "Update from https://github.com/${GITHUB_REPOSITORY}/commit/${GITHUB_SHA}" | |
| git push --force origin main |