# This workflow will build a Java project with Maven
# For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-maven
name: build
on:
push:
branches:
- '**'
tags:
- '**'
pull_request:
branches: [master, development]
jobs:
maven-build-reporting:
runs-on: ubuntu-latest
steps:
-
name: Checkout repository
uses: actions/checkout@v2
-
name: Set up JDK 8
uses: actions/setup-java@v2
with:
java-version: '8'
distribution: 'adopt'
-
name: Cache Maven packages
uses: actions/cache@v2
with:
path: ~/.m2
key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
restore-keys: ${{ runner.os }}-m2
-
name: Build with Maven
run: mvn clean install -e -P let_reporting
-
name: Reporting
uses: codecov/codecov-action@v1
with:
flags: unittests
name: SEB Server Build
fail_ci_if_error: false
verbose: false
maven-build-docker:
needs: maven-build-reporting
# Run only on tagging
if: github.event_name == 'push' && contains(github.ref, 'refs/tags/')
runs-on: ubuntu-latest
steps:
-
name: Get short SHA
uses: benjlevesque/short-sha@v1.2
id: short-sha
-
name: Store short SHA as environment variable
run: echo $SHA
env:
SHA: ${{ steps.short-sha.outputs.sha }}
-
name: Set env
run: echo "TAG_NAME=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV
-
name: Test tag name
run: |
echo $TAG_NAME
echo ${{ env.TAG_NAME }}
-
name: Checkout repository
uses: actions/checkout@v2
-
name: Set up JDK 11
uses: actions/setup-java@v2
with:
java-version: '11'
distribution: 'adopt'
-
name: Cache Maven packages
uses: actions/cache@v2
with:
path: ~/.m2
key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
restore-keys: ${{ runner.os }}-m2
-
name: Build with Maven
run: mvn clean install -Dmaven.test.skip=true -Dsebserver-version="${{ env.TAG_NAME }}-${{ env.SHA }}"
env:
sebserver-version: ${{ env.TAG_NAME }}-${{ env.SHA }}
-
name: Simplify package name
run: mv target/seb-server-${{ env.TAG_NAME }}-${{ env.SHA }}.jar target/seb-server.jar
-
uses: actions/upload-artifact@v2
with:
name: Package
path: target/seb-server.jar
docker-build:
needs: maven-build-docker
# Run only on tagging
if: github.event_name == 'push' && contains(github.ref, 'refs/tags/')
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
# This is used to complete the identity challenge
# with sigstore/fulcio when running outside of PRs.
id-token: write
steps:
-
name: Set env
run: echo "TAG_NAME=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV
-
name: Test
run: |
echo $TAG_NAME
echo ${{ env.TAG_NAME }}
-
name: Set up QEMU
uses: docker/setup-qemu-action@v1
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
-
name: Login to DockerHub
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
-
name: Checkout repository
uses: actions/checkout@v2
# Install the cosign tool except on PR
# https://github.com/sigstore/cosign-installer
-
name: Install cosign
if: github.event_name != 'pull_request'
uses: sigstore/cosign-installer@main
-
name: Download a single artifact
uses: actions/download-artifact@v2
with:
name: Package
-
name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@v3
with:
images: anhefti/seb-server
tags: |
type=raw,${{ env.TAG_NAME }}
-
name: Build and push
id: docker_build
uses: docker/build-push-action@v2
with:
context: .
file: ./docker/Dockerfile
push: true
tags: |
anhefti/seb-server:${{ env.TAG_NAME }}
# Sign the resulting Docker image digest except on PRs.
# This will only write to the public Rekor transparency log when the Docker
# repository is public to avoid leaking data. If you would like to publish
# transparency data even for private images, pass --force to cosign below.
# https://github.com/sigstore/cosign
- name: Sign the published Docker image
if: ${{ github.event_name != 'pull_request' }}
# This step uses the identity token to provision an ephemeral certificate
# against the sigstore community Fulcio instance.
run: cosign sign ${TAGS}
env:
COSIGN_EXPERIMENTAL: true
TAGS: ${{ steps.meta.outputs.tags }}