1
0
mirror of https://github.com/octoleo/plantuml.git synced 2024-12-21 02:19:14 +00:00
plantuml/.github/workflows/ci.yml
Eric Vantillard 3c53361064 fix: missing signature in OSSRH publication (#1313)
Adding `signingKey` and `signingPassword`properties when calling gradle publication tasks from the CI workflow fix the bug.

Fixes: #1313
2023-03-08 22:40:21 +01:00

225 lines
8.2 KiB
YAML

name: CI
on:
create:
pull_request:
types: [ opened, synchronize, reopened ]
paths-ignore:
- '*.md'
- 'docs/**'
push:
branches:
- master
paths-ignore:
- '*.md'
- 'docs/**'
workflow_dispatch:
defaults:
run:
shell: bash
jobs:
workflow_config:
runs-on: ubuntu-latest
outputs:
do_release: ${{ steps.config.outputs.do_release }}
do_snapshot_release: ${{ steps.config.outputs.do_snapshot_release }}
pom_version: ${{ steps.config.outputs.pom_version }}
steps:
- name: Checkout the repository
uses: actions/checkout@v3
- name: Configure workflow
id: config
env:
ACTOR: ${{ github.actor }}
EVENT_ACTION: ${{ github.event.action }}
REF_TYPE: ${{ github.event.ref_type }}
REF: ${{ github.event.ref }}
run: |
cat <<-EOF
::group::Debug Info
GITHUB_EVENT_NAME : '${GITHUB_EVENT_NAME}'
EVENT_ACTION : '${EVENT_ACTION}'
REF_TYPE : '${REF_TYPE}'
REF : '${REF}'
ACTOR : '${ACTOR}'
GITHUB_REPOSITORY_OWNER : '${GITHUB_REPOSITORY_OWNER}'
::endgroup::
EOF
# Do a release when a git tag starting with 'v' has been created by a suitable user.
# (We match against github.repository_owner as a kludge so that forked repos can release themselves when testing the workflow)
if [[ "${GITHUB_EVENT_NAME}" == "create" && "${REF_TYPE}" == "tag" && "${REF}" == v* && \
( "${ACTOR}" == "arnaudroques" || "${ACTOR}" == "${GITHUB_REPOSITORY_OWNER}" ) \
]]; then
echo "::notice title=::This run will release '${REF}'"
echo "do_release=true" >> $GITHUB_OUTPUT
echo "pom_version=${REF#v}" >> $GITHUB_OUTPUT # pom_version is the tag without the 'v' prefix
elif [[ "${GITHUB_EVENT_NAME}" =~ push|workflow_dispatch && "${REF}" == "refs/heads/master" && "${ACTOR}" == "arnaudroques" ]]; then
echo "::notice title=::This run will release a snapshot"
echo "do_snapshot_release=true" >> $GITHUB_OUTPUT
V=$(perl -ne 'if (/return (\d{6,7});/) {$v=$1} if (/final int beta = (\d+);/) {$b=$1} END{print(substr($v, 0, 1),".", substr($v, 1, 4),"."); if ($b) {print(int(substr($v+1, 5)), "beta", $b);} else {print(int(substr($v, 5)))}}' src/net/sourceforge/plantuml/version/Version.java)
echo "pom_version=$V-SNAPSHOT" >> $GITHUB_OUTPUT # pom_version is taken from Version.java
else
echo "This run will NOT make a release"
fi
# We run the tests on many OS / Java combinations but also the Compile step because some users build
# their own jars from source, so it is good for CI to check that is working on all combinations.
test:
needs: workflow_config
strategy:
fail-fast: false
matrix:
java_version: [ 8, 11, 17 ]
os: [ ubuntu-20.04, ubuntu-22.04, windows-2019, windows-2022 ]
runs-on: ${{ matrix.os }}
steps:
- name: Checkout the repository
uses: actions/checkout@v3
- name: Set up java
uses: actions/setup-java@v3.10.0
with:
java-version: ${{ matrix.java_version }}
distribution: temurin
cache: gradle
# Compile / Test / Package are separate steps so the reason for any failure is more obvious in GitHub UI
- name: Compile
run: gradle -q compileJava --no-daemon
- name: Test
run: gradle test --no-daemon -i
- name: Upload test reports
uses: actions/upload-artifact@v3
if: ${{ always() }}
with:
# Using github.run_number here to reduce confusion when downloading & comparing from several builds
name: ${{ github.run_number }}-${{ matrix.os }}-java-${{ matrix.java_version }}-test-reports
path: build/reports/tests/
upload:
needs: [ workflow_config, test ]
runs-on: ubuntu-latest
steps:
- name: Checkout the repository
uses: actions/checkout@v2
- name: Set up java
uses: actions/setup-java@v3.5.0
with:
java-version: 17
distribution: temurin
cache: gradle
- name: Set version from tag
if: env.POM_VERSION
env:
POM_VERSION: ${{ needs.workflow_config.outputs.pom_version }}
run: sed -i "s/version = .*/version = $POM_VERSION/" gradle.properties
- name: Build artifacts
run: |
gradle -q clean build \
pdfJar \
generateMetadataFileForMavenPublication generatePomFileForMavenPublication \
-x test
- name: Sign artifacts
if: env.ORG_GRADLE_PROJECT_signingKey
env:
ORG_GRADLE_PROJECT_signingKey: ${{ secrets.ARTIFACT_SIGNING_KEY }}
ORG_GRADLE_PROJECT_signingPassword: ${{ secrets.ARTIFACT_SIGNING_PASSPHRASE }}
run: |
gradle -i signMavenPublication signPdfJar
- name: Upload artifacts
uses: actions/upload-artifact@v3
with:
# Using github.run_number here to reduce confusion when downloading & comparing artifacts from several builds
name: ${{ github.run_number }}-artifacts
path: |
build/libs/*
build/publications/maven/*
- name: Create snapshot release
if: needs.workflow_config.outputs.do_snapshot_release == 'true'
env:
GITHUB_TOKEN: ${{ github.token }}
OSSRH_USERNAME: ${{ secrets.OSSRH_USERNAME }}
OSSRH_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
#do not remove signing key and password or signatures will not be published
ORG_GRADLE_PROJECT_signingKey: ${{ secrets.ARTIFACT_SIGNING_KEY }}
ORG_GRADLE_PROJECT_signingPassword: ${{ secrets.ARTIFACT_SIGNING_PASSPHRASE }}
run: |
.github/scripts/release-snapshot.sh
gradle publish
- name: Create release in GitHub
if: needs.workflow_config.outputs.do_release == 'true'
env:
GITHUB_TOKEN: ${{ github.token }}
TAG: ${{ github.event.ref }}
OSSRH_USERNAME: ${{ secrets.OSSRH_USERNAME }}
OSSRH_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
#do not remove signing key and password or signatures will not be published
ORG_GRADLE_PROJECT_signingKey: ${{ secrets.ARTIFACT_SIGNING_KEY }}
ORG_GRADLE_PROJECT_signingPassword: ${{ secrets.ARTIFACT_SIGNING_PASSPHRASE }}
run: |
.github/scripts/release.sh
gradle publish
push_to_registry:
needs: [ workflow_config, test, upload ]
if: needs.workflow_config.outputs.do_release == 'true'
runs-on: ubuntu-latest
steps:
- name: Check out the repo
uses: actions/checkout@v3
- name: Set up QEMU
uses: docker/setup-qemu-action@v2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Docker meta
id: meta
uses: docker/metadata-action@v4
with:
# list of Docker images to use as base name for tags
images: |
${{ github.repository }}
ghcr.io/${{ github.repository }}
# generate Docker tags based on the following events/attributes
tags: |
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=semver,pattern={{major}}
type=sha
- name: Log into Docker Hub
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Log in to GitHub Docker Registry
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build/push container image
uses: docker/build-push-action@v4
with:
context: .
push: true
build-args: |
PLANTUML_VERSION=${{ github.event.ref }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
platforms: linux/amd64,linux/arm64