-
Notifications
You must be signed in to change notification settings - Fork 21
185 lines (184 loc) · 6.69 KB
/
build.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
# SPDX-FileCopyrightText: 2021-2024 The Refinery Authors
#
# SPDX-License-Identifier: EPL-2.0
name: Build
on:
push:
branches:
- '**'
- '!gh-pages'
pull_request:
types: [opened, synchronize, reopened]
jobs:
build:
name: Build
permissions:
contents: read
strategy:
matrix:
os:
- ubuntu-24.04
- ubuntu-22.04
- ubuntu-20.04
- windows-2022
- macos-13 # Intel
- macos-14 # ARM
runs-on: ${{ matrix.os }}
steps:
- name: Check for Sonar secret
id: check-secret
if: ${{ matrix.os == 'ubuntu-20.04' }}
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
run: |
if [ "${SONAR_TOKEN}" != '' ]; then
echo 'is_SONAR_TOKEN_set=true' >> $GITHUB_OUTPUT
fi
- name: Set up JDK 21
uses: actions/setup-java@v4
with:
java-version: 21
distribution: corretto
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: ${{ !steps.check-secret.outputs.is_SONAR_TOKEN_set && 1 || 0 }} # Shallow clones should be disabled for a better relevancy of SonarCloud analysis
- name: Cache Gradle packages
uses: actions/cache@v4
with:
path: |
~/.gradle/caches
key: ${{ matrix.os }}-gradle-${{ hashFiles('**/*.gradle.kts', 'gradle.properties', 'gradle/libs.versions.toml', 'gradle/pluginLibs.versions.toml', 'gradle/wrapper/gradle-wrapper.properties') }}
- name: Cache Sonar packages
uses: actions/cache@v4
if: ${{ steps.check-secret.outputs.is_SONAR_TOKEN_set }}
with:
path: |
~/.sonar/cache
key: ${{ matrix.os }}-sonar-${{ hashFiles('gradle/pluginLibs.versions.toml') }}
- name: Cache node distribution
uses: actions/cache@v4
with:
path: |
.node
key: ${{ matrix.os }}-node-${{ hashFiles('gradle.properties') }}
- name: Cache yarn packages
uses: actions/cache@v4
with:
path: |
.yarn/cache
key: ${{ matrix.os }}-yarn-${{ hashFiles('yarn.lock') }}
- name: Gradle build
run: |
./gradlew build -Pci --info --stacktrace --max-workers 4 --no-daemon
- name: Sonar analyze
if: ${{ steps.check-secret.outputs.is_SONAR_TOKEN_set }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed by Sonar to get PR information, if any
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
run: |
./gradlew sonar -Pci --info --stacktrace --max-workers 4 --no-daemon
- name: Upload application artifacts
if: ${{ matrix.os == 'ubuntu-20.04' }}
uses: actions/upload-artifact@v4
with:
name: distributions
path: subprojects/**/build/distributions/*.tar
compression-level: 0
retention-days: 5 # No need to preserve for long, since they are uploaded to GHCR
- name: Build signed Maven repository
if: ${{ matrix.os == 'ubuntu-20.04' && github.event_name == 'push' && github.repository_owner == 'graphs4value' }}
env:
PGP_KEY: ${{ secrets.PGP_KEY }}
PGP_KEY_ID: ${{ secrets.PGP_KEY_ID }}
PGP_PASSWORD: ${{ secrets.PGP_PASSWORD }}
run: |
./gradlew mavenRepository -Pci -PforceSign --info --stacktrace --max-workers 4 --no-daemon
- name: Build unsigned Maven repository
if: ${{ matrix.os == 'ubuntu-20.04' && (github.event_name != 'push' || github.repository_owner != 'graphs4value') }}
run: |
./gradlew mavenRepository -Pci --info --stacktrace --max-workers 4 --no-daemon
- name: Merge Maven repository with site
if: ${{ matrix.os == 'ubuntu-20.04' }}
run: |
mv build/repo subprojects/docs/build/docusaurus/maven
- name: Upload GithHub Pages artifact
if: ${{ matrix.os == 'ubuntu-20.04' }}
uses: actions/upload-pages-artifact@v3
with:
path: subprojects/docs/build/docusaurus/
retention-days: 90
reuse-check:
name: REUSE Compliance Check
permissions:
contents: read
runs-on: ubuntu-20.04
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: REUSE Compliance Check
uses: fsfe/reuse-action@3ae3c6bdf1257ab19397fab11fd3312144692083
with:
args: --include-meson-subprojects lint
publish-site:
name: Publish to GitHub Pages
if: ${{ github.event_name == 'push' && github.ref_name == 'main' && github.repository == 'graphs4value/refinery' }}
needs: build
permissions:
pages: write
id-token: write
runs-on: ubuntu-20.04
environment:
name: github-pages
url: ${{steps.deployment.outputs.page_url}}
steps:
- name: Deploy to GitHub Pages
id: deployment
uses: actions/deploy-pages@v4
docker-build:
name: Build Docker images
needs: build
permissions:
packages: write
contents: read
runs-on: ubuntu-20.04
steps:
- name: Set up QEMU
uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3
with:
platforms: arm64
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb
with:
platforms: linux/amd64,linux/arm64
- name: Checkout code
uses: actions/checkout@v4
- name: Download application artifacts
uses: actions/download-artifact@v4
with:
name: distributions
path: subprojects
- name: Extract application artifacts
working-directory: ./docker
run: |
./prepare_context.sh
- name: Bake images
working-directory: ./docker
run: |
./bake.sh false --set '*.cache-from=gha' --set '*.cache-to=type=gha,mode=max'
- name: Log in to GitHub Container registry
if: ${{ github.event_name == 'push' && github.ref_name == 'main' && github.repository == 'graphs4value/refinery' }}
uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Upload images to GitHub Container registry
if: ${{ github.event_name == 'push' && github.ref_name == 'main' && github.repository == 'graphs4value/refinery' }}
working-directory: ./docker
run: |
./bake.sh true --set '*.cache-from=gha' --set '*.cache-to=type=gha,mode=max'
- name: Delete application artifacts
uses: geekyeggo/delete-artifact@24928e75e6e6590170563b8ddae9fac674508aa1
with:
name: distributions