# This workflow will build a Java project with Maven # For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-maven name: build on: push: branches: - '**' tags: - '**' pull_request: branches: [master, development] jobs: maven-build-reporting: runs-on: ubuntu-latest steps: - name: Checkout repository uses: actions/checkout@v2 - name: Set up JDK 8 uses: actions/setup-java@v2 with: java-version: '8' distribution: 'adopt' - name: Cache Maven packages uses: actions/cache@v2 with: path: ~/.m2 key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} restore-keys: ${{ runner.os }}-m2 - name: Build with Maven run: mvn clean install -e -P let_reporting - name: Reporting uses: codecov/codecov-action@v1 with: flags: unittests name: SEB Server Build fail_ci_if_error: false verbose: false maven-build-docker: needs: maven-build-reporting # Run only on tagging if: github.event_name == 'push' && contains(github.ref, 'refs/tags/') runs-on: ubuntu-latest steps: - name: Get short SHA uses: benjlevesque/short-sha@v1.2 id: short-sha - name: Store short SHA as environment variable run: echo $SHA env: SHA: ${{ steps.short-sha.outputs.sha }} - name: Set env run: echo "TAG_NAME=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV - name: Test tag name run: | echo $TAG_NAME echo ${{ env.TAG_NAME }} - name: Checkout repository uses: actions/checkout@v2 - name: Set up JDK 11 uses: actions/setup-java@v2 with: java-version: '11' distribution: 'adopt' - name: Cache Maven packages uses: actions/cache@v2 with: path: ~/.m2 key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} restore-keys: ${{ runner.os }}-m2 - name: Build with Maven run: mvn clean install -Dmaven.test.skip=true -Dsebserver-version="${{ env.TAG_NAME }}-${{ env.SHA }}" env: sebserver-version: ${{ env.TAG_NAME }}-${{ env.SHA }} - name: Simplify package name run: mv target/seb-server-${{ env.TAG_NAME }}-${{ env.SHA }}.jar target/seb-server.jar - uses: actions/upload-artifact@v2 with: name: Package path: target/seb-server.jar docker-build: needs: maven-build-docker # Run only on tagging if: github.event_name == 'push' && contains(github.ref, 'refs/tags/') runs-on: ubuntu-latest needs: pytest permissions: contents: read packages: write # This is used to complete the identity challenge # with sigstore/fulcio when running outside of PRs. id-token: write steps: - name: Set env run: echo "TAG_NAME=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV - name: Test run: | echo $TAG_NAME echo ${{ env.TAG_NAME }} - name: Set up QEMU uses: docker/setup-qemu-action@v1 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v1 - name: Login to DockerHub uses: docker/login-action@v1 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Checkout repository uses: actions/checkout@v2 # Install the cosign tool except on PR # https://github.com/sigstore/cosign-installer - name: Install cosign if: github.event_name != 'pull_request' uses: sigstore/cosign-installer@main - name: Download a single artifact uses: actions/download-artifact@v2 with: name: Package - name: Build and push id: docker_build uses: docker/build-push-action@v2 with: context: . file: ./docker/Dockerfile push: true tags: | anhefti/seb-server:${{ env.TAG_NAME }} # Sign the resulting Docker image digest except on PRs. # This will only write to the public Rekor transparency log when the Docker # repository is public to avoid leaking data. If you would like to publish # transparency data even for private images, pass --force to cosign below. # https://github.com/sigstore/cosign - name: Sign the published Docker image if: ${{ github.event_name != 'pull_request' }} # This step uses the identity token to provision an ephemeral certificate # against the sigstore community Fulcio instance. run: cosign sign ${TAGS} env: COSIGN_EXPERIMENTAL: true TAGS: ${{ env.TAG_NAME }}