This repository has been archived by the owner on Aug 3, 2024. It is now read-only.
add explicit permissions to workflow #587
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Main | |
on: | |
push: | |
schedule: | |
- cron: '45 22 4 * *' | |
env: | |
ARTIFACT: gitfx | |
JAVA_VERSION: 17 | |
jobs: | |
debug: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Dump GitHub context | |
env: | |
GITHUB_CONTEXT: ${{ toJSON(github) }} | |
run: echo "$GITHUB_CONTEXT" | |
- name: Dump job context | |
env: | |
JOB_CONTEXT: ${{ toJSON(job) }} | |
run: echo "$JOB_CONTEXT" | |
- name: Dump steps context | |
env: | |
STEPS_CONTEXT: ${{ toJSON(steps) }} | |
run: echo "$STEPS_CONTEXT" | |
- name: Dump runner context | |
env: | |
RUNNER_CONTEXT: ${{ toJSON(runner) }} | |
run: echo "$RUNNER_CONTEXT" | |
- name: Dump strategy context | |
env: | |
STRATEGY_CONTEXT: ${{ toJSON(strategy) }} | |
run: echo "$STRATEGY_CONTEXT" | |
- name: Dump matrix context | |
env: | |
MATRIX_CONTEXT: ${{ toJSON(matrix) }} | |
run: echo "$MATRIX_CONTEXT" | |
- name: Dump environment variables | |
run: set | |
version: | |
runs-on: ubuntu-latest | |
permissions: | |
contents: write | |
outputs: | |
new_version: ${{ steps.output.outputs.new_version }} | |
steps: | |
- uses: actions/[email protected] | |
with: | |
# fetch entire history to analyze commits since last tag | |
fetch-depth: 0 | |
- name: Bump version and push tag | |
id: tag | |
if: ${{ github.ref == 'refs/heads/master' || github.ref == 'refs/heads/main' }} | |
uses: mathieudutour/[email protected] | |
with: | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
release_branches: master,main | |
- id: output | |
env: | |
NEW_VERSION: ${{ steps.tag.outputs.new_version}} | |
run: | | |
echo "new_version=${NEW_VERSION:-$GITHUB_SHA}" >> $GITHUB_OUTPUT | |
- name: Make sure build did not change anything | |
run: git diff --exit-code | |
macos: | |
runs-on: macos-latest | |
needs: version | |
env: | |
REVISION: ${{ needs.version.outputs.new_version }} | |
steps: | |
- uses: actions/[email protected] | |
- uses: gluonhq/setup-graalvm@master | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- uses: actions/[email protected] | |
with: | |
path: ~/.m2/repository | |
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} | |
restore-keys: | | |
${{ runner.os }}-maven- | |
- name: Build with Maven | |
run: | | |
set -o xtrace | |
./mvnw \ | |
--batch-mode \ | |
-Dsha1="${GITHUB_SHA}" \ | |
-Drevision="${REVISION}" \ | |
verify gluonfx:build gluonfx:package | |
- name: Move artifacts | |
run: | | |
mkdir target/artifacts | |
cp "target/gluonfx/x86_64-darwin/${ARTIFACT}" "target/artifacts/${ARTIFACT}-darwin-${REVISION}" | |
mkdir -p "target/gluonfx/x86_64-darwin/${ARTIFACT}.app/Contents/Resources/bin" | |
cp "./src/main/packaging/macos/gitfx.sh" "target/gluonfx/x86_64-darwin/${ARTIFACT}.app/Contents/Resources/bin" | |
cp -r "target/gluonfx/x86_64-darwin/${ARTIFACT}.app" "target/artifacts/" | |
- uses: actions/[email protected] | |
with: | |
name: ${{ env.ARTIFACT }}-${{ github.job }}-${{ needs.version.outputs.new_version }} | |
path: target/artifacts | |
- name: Make sure build did not change anything | |
run: git diff --exit-code | |
linux: | |
runs-on: ubuntu-latest | |
needs: version | |
env: | |
REVISION: ${{ needs.version.outputs.new_version }} | |
steps: | |
- uses: actions/[email protected] | |
- uses: gluonhq/setup-graalvm@master | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- uses: actions/[email protected] | |
with: | |
path: ~/.m2/repository | |
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} | |
restore-keys: | | |
${{ runner.os }}-maven- | |
- name: Install libraries | |
run: sudo apt-get update && sudo apt-get install libasound2-dev libavcodec-dev libavformat-dev libavutil-dev libgl-dev libgtk-3-dev libpango1.0-dev libxtst-dev | |
- name: Build with Maven | |
run: | | |
set -o xtrace | |
./mvnw \ | |
--batch-mode \ | |
-Dsha1="${GITHUB_SHA}" \ | |
-Drevision="${REVISION}" \ | |
verify gluonfx:build gluonfx:package | |
- name: Move artifacts | |
run: | | |
mkdir target/artifacts | |
cp "target/gluonfx/x86_64-linux/${ARTIFACT}" "target/artifacts/${ARTIFACT}-linux-${REVISION}" | |
- uses: actions/[email protected] | |
with: | |
name: ${{ env.ARTIFACT }}-${{ github.job }}-${{ needs.version.outputs.new_version }} | |
path: target/artifacts | |
- name: Make sure build did not change anything | |
run: git diff --exit-code | |
windows: | |
runs-on: windows-latest | |
needs: version | |
env: | |
REVISION: ${{ needs.version.outputs.new_version }} | |
steps: | |
- uses: actions/[email protected] | |
- uses: gluonhq/setup-graalvm@master | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- uses: microsoft/[email protected] | |
- uses: egor-tensin/vs-shell@v1 | |
- uses: actions/[email protected] | |
with: | |
path: ~/.m2/repository | |
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} | |
restore-keys: | | |
${{ runner.os }}-maven- | |
- name: Build with Maven | |
run: | | |
.\mvnw --batch-mode -Dsha1="$env:GITHUB_SHA" -Drevision="$env:REVISION" verify gluonfx:build gluonfx:package | |
- name: Move artifacts | |
run: | | |
mkdir target/artifacts | |
copy "target\gluonfx\x86_64-windows\$env:ARTIFACT.exe" "target\artifacts\$env:ARTIFACT-windows-$env:REVISION.exe" | |
- uses: actions/[email protected] | |
with: | |
name: ${{ env.ARTIFACT }}-${{ github.job }}-${{ needs.version.outputs.new_version }} | |
path: target/artifacts | |
- name: Make sure build did not change anything | |
run: git diff --exit-code | |
release: | |
if: ${{ github.ref == 'refs/heads/master' || github.ref == 'refs/heads/main' }} | |
runs-on: ubuntu-latest | |
needs: [version, macos, linux, windows] | |
permissions: | |
contents: write | |
steps: | |
- uses: actions/[email protected] | |
- name: Download all workflow run artifacts | |
uses: actions/[email protected] | |
with: | |
path: ./target | |
- name: Build project | |
working-directory: target | |
run: | | |
chmod +x ${{ env.ARTIFACT }}-macos-${{ needs.version.outputs.new_version }}/${{ env.ARTIFACT }}.app/Contents/MacOS/${{ env.ARTIFACT }} | |
chmod +x ${{ env.ARTIFACT }}-macos-${{ needs.version.outputs.new_version }}/${{ env.ARTIFACT }}.app/Contents/Resources/bin/* | |
zip -r windows.zip ${{ env.ARTIFACT }}-windows-${{ needs.version.outputs.new_version }}/ | |
zip -r linux.zip ${{ env.ARTIFACT }}-linux-${{ needs.version.outputs.new_version }}/ | |
zip -r macos.zip ${{ env.ARTIFACT }}-macos-${{ needs.version.outputs.new_version }}/ | |
- name: Create Release | |
id: create_release | |
uses: ncipollo/[email protected] | |
with: | |
tag: v${{ needs.version.outputs.new_version }} | |
name: Release ${{ needs.version.outputs.new_version }} | |
body: ${{ needs.version.outputs.changelog }} | |
draft: true | |
- name: Upload Release Asset | |
uses: shogo82148/[email protected] | |
with: | |
upload_url: ${{ steps.create_release.outputs.upload_url }} | |
asset_path: ./target/linux.zip | |
asset_name: ${{ env.ARTIFACT }}-linux-${{ needs.version.outputs.new_version }}.zip | |
asset_content_type: application/zip | |
- name: Upload Release Asset | |
uses: shogo82148/[email protected] | |
with: | |
upload_url: ${{ steps.create_release.outputs.upload_url }} | |
asset_path: ./target/${{ env.ARTIFACT }}-linux-${{ needs.version.outputs.new_version }}/${{ env.ARTIFACT }}-linux-${{ needs.version.outputs.new_version }} | |
asset_name: ${{ env.ARTIFACT }}-linux | |
asset_content_type: application/x-executable | |
- name: Upload Release Asset | |
uses: shogo82148/[email protected] | |
with: | |
upload_url: ${{ steps.create_release.outputs.upload_url }} | |
asset_path: ./target/windows.zip | |
asset_name: ${{ env.ARTIFACT }}-windows-${{ needs.version.outputs.new_version }}.zip | |
asset_content_type: application/zip | |
- name: Upload Release Asset | |
uses: shogo82148/[email protected] | |
with: | |
upload_url: ${{ steps.create_release.outputs.upload_url }} | |
asset_path: ./target/${{ env.ARTIFACT }}-windows-${{ needs.version.outputs.new_version }}/${{ env.ARTIFACT }}-windows-${{ needs.version.outputs.new_version }}.exe | |
asset_name: ${{ env.ARTIFACT }}-windows.exe | |
asset_content_type: application/vnd.microsoft.portable-executable | |
- name: Upload Release Asset | |
uses: shogo82148/[email protected] | |
with: | |
upload_url: ${{ steps.create_release.outputs.upload_url }} | |
asset_path: ./target/macos.zip | |
asset_name: ${{ env.ARTIFACT }}-macos-${{ needs.version.outputs.new_version }}.zip | |
asset_content_type: application/zip | |
- name: Upload Release Asset | |
uses: shogo82148/[email protected] | |
with: | |
upload_url: ${{ steps.create_release.outputs.upload_url }} | |
asset_path: ./target/${{ env.ARTIFACT }}-macos-${{ needs.version.outputs.new_version }}/${{ env.ARTIFACT }}-darwin-${{ needs.version.outputs.new_version }} | |
asset_name: ${{ env.ARTIFACT }}-macos | |
asset_content_type: application/octet-stream | |
- uses: eregon/[email protected] | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
release_id: ${{ steps.create_release.outputs.id }} | |
- name: Make sure build did not change anything | |
run: git diff --exit-code | |
deploy: | |
needs: [version, macos, linux, windows] | |
if: ${{ github.event_name == 'push' && !startsWith(github.ref, 'refs/heads/dependabot/') }} | |
runs-on: ubuntu-latest | |
permissions: | |
packages: write | |
steps: | |
- uses: actions/[email protected] | |
- uses: actions/[email protected] | |
with: | |
java-version: ${{ env.JAVA_VERSION }} | |
distribution: temurin | |
cache: 'maven' | |
- name: Publish to GitHub Packages Apache Maven | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
REVISION: ${{ needs.version.outputs.new_version }} | |
run: | | |
./mvnw \ | |
--batch-mode \ | |
-Dsha1="${GITHUB_SHA}" \ | |
-Drevision="${REVISION}" \ | |
-DaltDeploymentRepository="github::default::https://maven.pkg.github.com/${GITHUB_REPOSITORY}" \ | |
deploy | |
- name: Make sure build did not change anything | |
run: git diff --exit-code |