-
Notifications
You must be signed in to change notification settings - Fork 21
231 lines (230 loc) · 8.64 KB
/
build.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
# SPDX-FileCopyrightText: 2021-2024 The Refinery Authors
#
# SPDX-License-Identifier: EPL-2.0
name: Build
on:
push:
branches:
- '**'
- '!gh-pages'
pull_request:
types: [opened, synchronize, reopened]
jobs:
build:
name: Build
permissions:
contents: read
strategy:
matrix:
os:
- ubuntu-latest
- ubuntu-20.04
- windows-latest
- macos-13 # Intel
- macos-14 # ARM
runs-on: ${{ matrix.os }}
steps:
- name: Check for Sonar secret
id: check-secret
if: ${{ matrix.os == 'ubuntu-latest' }}
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
run: |
if [ "${SONAR_TOKEN}" != '' ]; then
echo 'is_SONAR_TOKEN_set=true' >> $GITHUB_OUTPUT
fi
- name: Set up JDK 21
uses: actions/setup-java@v4
with:
java-version: 21
distribution: corretto
- name: Cache Gradle packages
uses: actions/cache@v4
with:
path: |
~/.gradle/caches
key: ${{ matrix.os }}-gradle-${{ hashFiles('**/*.gradle', 'gradle.properties', 'gradle/libs.versions.toml', 'gradle/wrapper/gradle-wrapper.properties') }}
restore-keys: ${{ matrix.os }}-gradle
- name: Cache Sonar packages
uses: actions/cache@v4
if: ${{ steps.check-secret.outputs.is_SONAR_TOKEN_set }}
with:
path: |
~/.sonar/cache
key: ${{ matrix.os }}-sonar
restore-keys: ${{ matrix.os }}-sonar
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: ${{ !steps.check-secret.outputs.is_SONAR_TOKEN_set && 1 || 0 }} # Shallow clones should be disabled for a better relevancy of SonarCloud analysis
- name: Cache node distribution
uses: actions/cache@v4
with:
path: |
**/.node
key: ${{ matrix.os }}-node-${{ hashFiles('gradle.properties') }}
restore-keys: ${{ matrix.os }}-node
- name: Cache yarn packages
uses: actions/cache@v4
with:
path: |
**/.yarn/cache
key: ${{ matrix.os }}-yarn-${{ hashFiles('**/yarn.lock') }}
restore-keys: ${{ matrix.os }}-yarn
- name: Gradle build
run: |
./gradlew build -Pci --info --stacktrace --max-workers 4 --no-daemon
- name: Sonar analyze
if: ${{ steps.check-secret.outputs.is_SONAR_TOKEN_set }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed by Sonar to get PR information, if any
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
run: |
./gradlew sonar -Pci --info --stacktrace --max-workers 4 --no-daemon
- name: Build signed Maven repository
if: ${{ matrix.os == 'ubuntu-latest' && github.event_name == 'push' && github.repository_owner == 'graphs4value' }}
env:
PGP_KEY: ${{ secrets.PGP_KEY }}
PGP_KEY_ID: ${{ secrets.PGP_KEY_ID }}
PGP_PASSWORD: ${{ secrets.PGP_PASSWORD }}
run: |
./gradlew mavenRepositoryTar -Pci -PforceSign --info --stacktrace --max-workers 4 --no-daemon
- name: Build unsigned Maven repository
if: ${{ matrix.os == 'ubuntu-latest' && (github.event_name != 'push' || github.repository_owner != 'graphs4value') }}
run: |
./gradlew mavenRepositoryTar -Pci --info --stacktrace --max-workers 4 --no-daemon
- name: Upload Maven repository artifact
if: ${{ matrix.os == 'ubuntu-latest' }}
uses: actions/upload-artifact@v4
with:
name: maven-repository-tar
path: build/refinery-maven-repository.tar
compression-level: 0
- name: Upload application artifacts
if: ${{ matrix.os == 'ubuntu-latest' }}
uses: actions/upload-artifact@v4
with:
name: distributions-tar
path: subprojects/**/build/distributions/*.tar
compression-level: 0
retention-days: 5 # No need to preserve for long, since they are uploaded to GHCR
- name: Upload site artifact
if: ${{ matrix.os == 'ubuntu-latest' }}
uses: actions/upload-artifact@v4
with:
name: site-zip
path: subprojects/docs/build/refinery-docs.zip
compression-level: 0
reuse-check:
name: REUSE Compliance Check
permissions:
contents: read
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: REUSE Compliance Check
uses: fsfe/reuse-action@3ae3c6bdf1257ab19397fab11fd3312144692083
with:
args: --include-meson-subprojects lint
publish-site:
name: Publish to GitHub Pages
if: ${{ github.event_name == 'push' && github.ref_name == 'main' && github.repository == 'graphs4value/refinery' }}
needs: build
runs-on: ubuntu-latest
steps:
- name: Download site artifact
uses: actions/download-artifact@v4
with:
name: site-zip
path: site-zip
- name: Download Maven repository artifact
uses: actions/download-artifact@v4
with:
name: maven-repository-tar
path: maven-repository-tar
- name: Import GPG key
uses: crazy-max/ghaction-import-gpg@ea88154188003ca5aeb616063b2d0dd6a9cf86e2
with:
gpg_private_key: ${{ secrets.PGP_KEY }}
fingerprint: ${{ secrets.PGP_FINGERPRINT }}
passphrase: ${{ secrets.PGP_PASSWORD }}
git_config_global: true
git_user_signingkey: true
git_commit_gpgsign: true
- name: Create empty git repository
run: |
mkdir graphs4value.github.io
cd graphs4value.github.io
git config --global init.defaultBranch main
git config --global user.name "Graphs4Value bot"
git config --global user.email "refinery@refinery.tools"
git init
- name: Extract site artifact
working-directory: ./graphs4value.github.io
run: |
unzip ../site-zip/refinery-docs.zip
- name: Extract Maven repository artifact
working-directory: ./graphs4value.github.io
run: |
mkdir -p maven/snapshots
cd maven/snapshots
tar -xvf ../../../maven-repository-tar/refinery-maven-repository.tar
- name: Commit and push to graphs4value.github.io
working-directory: ./graphs4value.github.io
env:
GH_PAGES_TOKEN: ${{ secrets.GH_PAGES_TOKEN }}
GITHUB_REPOSITORY: ${{ github.repository }}
GITHUB_SHA: ${{ github.sha }}
run: |
git remote add origin "https://x-access-token:${GH_PAGES_TOKEN}@github.com/graphs4value/graphs4value.github.io.git"
git add .
git commit -S -m "Update from https://github.com/${GITHUB_REPOSITORY}/commit/${GITHUB_SHA}"
git push --force origin main
docker-build:
name: Build Docker images
needs: build
permissions:
packages: write
contents: read
runs-on: ubuntu-latest
steps:
- name: Set up QEMU
uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3
with:
platforms: arm64
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb
with:
platforms: linux/amd64,linux/arm64
- name: Checkout code
uses: actions/checkout@v4
- name: Download application artifacts
uses: actions/download-artifact@v4
with:
name: distributions-tar
path: subprojects
- name: Extract application artifacts
working-directory: ./docker
run: |
./prepare_context.sh
- name: Bake images
working-directory: ./docker
run: |
./bake.sh false --set '*.cache-from=gha' --set '*.cache-to=type=gha,mode=max'
- name: Log in to GitHub Container registry
if: ${{ github.event_name == 'push' && github.ref_name == 'main' && github.repository == 'graphs4value/refinery' }}
uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Upload images to GitHub Container registry
if: ${{ github.event_name == 'push' && github.ref_name == 'main' && github.repository == 'graphs4value/refinery' }}
working-directory: ./docker
run: |
./bake.sh true --set '*.cache-from=gha' --set '*.cache-to=type=gha,mode=max'
- name: Delete application artifacts
uses: geekyeggo/delete-artifact@24928e75e6e6590170563b8ddae9fac674508aa1
with:
name: distributions-tar