1
0
mirror of https://github.com/octoleo/plantuml.git synced 2024-11-16 18:25:11 +00:00
plantuml/.github/workflows/ci-gradle.yml
soloturn 18e6c41bfb use gradle in-memory asci-armored keys to sign artifacts
on the commadn line this allows as before:
  gradle -q signMavenPublication signPdfJar -Psigning.gnupg.keyName=... - -Psigning.gnupg.passphrase=...

on github this allows to put the key and password into environment variables:
  ORG_GRADLE_PROJECT_signingKey: ${{ secrets.ARTIFACT_SIGNING_KEY }}
  ORG_GRADLE_PROJECT_signingPassword: ${{ secrets.ARTIFACT_SIGNING_PASSPHRASE }}
  gradle -q signMavenPublication signPdfJar
2022-02-14 13:46:59 +01:00

151 lines
5.0 KiB
YAML

name: CI gradle
on:
create:
pull_request:
types: [ opened, synchronize, reopened ]
paths-ignore:
- '*.md'
- 'docs/**'
push:
branches:
- master
paths-ignore:
- '*.md'
- 'docs/**'
workflow_dispatch:
defaults:
run:
shell: bash
jobs:
workflow_config:
runs-on: ubuntu-latest
outputs:
do_release: ${{ steps.config.outputs.do_release }}
do_snapshot_release: ${{ steps.config.outputs.do_snapshot_release }}
pom_version: ${{ steps.config.outputs.pom_version }}
steps:
- name: Configure workflow
id: config
env:
ACTOR: ${{ github.actor }}
EVENT_ACTION: ${{ github.event.action }}
REF_TYPE: ${{ github.event.ref_type }}
REF: ${{ github.event.ref }}
run: |
cat <<-EOF
::group::Debug Info
GITHUB_EVENT_NAME : '${GITHUB_EVENT_NAME}'
EVENT_ACTION : '${EVENT_ACTION}'
REF_TYPE : '${REF_TYPE}'
REF : '${REF}'
ACTOR : '${ACTOR}'
GITHUB_REPOSITORY_OWNER : '${GITHUB_REPOSITORY_OWNER}'
::endgroup::
EOF
# Do a release when a git tag starting with 'v' has been created by a suitable user.
# (We match against github.repository_owner as a kludge so that forked repos can release themselves when testing the workflow)
if [[ "${GITHUB_EVENT_NAME}" == "create" && "${REF_TYPE}" == "tag" && "${REF}" == v* && \
( "${ACTOR}" == "arnaudroques" || "${ACTOR}" == "${GITHUB_REPOSITORY_OWNER}" ) \
]]; then
echo "::notice title=::This run will release '${REF}'"
echo "::set-output name=do_release::true"
echo "::set-output name=pom_version::${REF#v}" # pom_version is the tag without the 'v' prefix
elif [[ "${GITHUB_EVENT_NAME}" =~ push|workflow_dispatch && "${REF}" == "refs/heads/master" ]]; then
echo "::notice title=::This run will release a snapshot"
echo "::set-output name=do_snapshot_release::true"
else
echo "This run will NOT make a release"
fi
# We run the tests on many OS / Java combinations but also the Compile step because some users build
# their own jars from source, so it is good for CI to check that is working on all combinations.
test:
needs: workflow_config
strategy:
fail-fast: false
matrix:
java_version: [ 8, 11, 17 ]
os: [ macos-10.15, macos-11, ubuntu-18.04, ubuntu-20.04, windows-2019, windows-2022 ]
runs-on: ${{ matrix.os }}
steps:
- name: Checkout the repository
uses: actions/checkout@v2
- name: Set up java
uses: actions/setup-java@v2.5.0
with:
java-version: ${{ matrix.java_version }}
distribution: temurin
cache: gradle
# Compile / Test / Package are separate steps so the reason for any failure is more obvious in GitHub UI
- name: Compile
run: gradle -q compileJava --no-daemon
- name: Test
run: gradle -q test --no-daemon
upload:
needs: [ workflow_config, test ]
runs-on: ubuntu-latest
steps:
- name: Checkout the repository
uses: actions/checkout@v2
- name: Set up java
uses: actions/setup-java@v2.5.0
with:
java-version: 17
distribution: temurin
cache: gradle
- name: Set version from tag
if: env.POM_VERSION
env:
POM_VERSION: ${{ needs.workflow_config.outputs.pom_version }}
run: sed -i "s/version = .*/version = $POM_VERSION/" gradle.properties
- name: Build artifacts
run: |
gradle -q clean build \
pdfJar \
generateMetadataFileForMavenPublication generatePomFileForMavenPublication \
-x test
- name: Sign artifacts
if: env.ORG_GRADLE_PROJECT_signingKey
env:
ORG_GRADLE_PROJECT_signingKey: ${{ secrets.ARTIFACT_SIGNING_KEY }}
ORG_GRADLE_PROJECT_signingPassword: ${{ secrets.ARTIFACT_SIGNING_PASSPHRASE }}
run: |
gradle -q signMavenPublication signPdfJar
- name: Upload artifacts
uses: actions/upload-artifact@v2
with:
# Using github.run_number here to reduce confusion when downloading & comparing artifacts from several builds
name: ${{ github.run_number }}-artifacts
path: |
build/libs/*
build/publications/maven/*
- name: Create snapshot release
if: needs.workflow_config.outputs.do_snapshot_release == 'true'
env:
GITHUB_TOKEN: ${{ github.token }}
run: .github/scripts/release-gradle-snapshot.sh
- name: Create release in GitHub
if: needs.workflow_config.outputs.do_release == 'true'
env:
GITHUB_TOKEN: ${{ github.token }}
TAG: ${{ github.event.ref }}
run: .github/scripts/release-gradle.sh