generated from NASA-PDS/template-repo-java
-
Notifications
You must be signed in to change notification settings - Fork 5
115 lines (104 loc) · 4.28 KB
/
stable-cicd.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
# 🏃♀️ Continuous Integration and Delivery: Stable
# ===============================================
#
# Note: for this workflow to succeed, the following secrets must be installed
# in the repository:
#
# ``ADMIN_GITHUB_TOKEN``
# A personal access token of a user with collaborator or better access to
# the project repository. You can generate this by visiting GitHub →
# Settings → Developer settings → Personal access tokens → Generate new
# token. Give the token scopes on ``repo``, ``write:packages``,
# ``delete:packages``, ``workflow``, and ``read:gpg_key``.
# ``CODE_SIGNING_KEY``
# A *private* key with which we can sign artifacts.
# ``OSSRH_USERNAME``
# Username for the Central Repository.
# ``OSSRH_USERNAME``
# Password for the Central Repository.
#
---
name: 😌 Stable integration & delivery
# Driving Event
# -------------
#
# What event starts this workflow: a push of a release tag. Note: according to
# https://git.io/JJZQt we have been doing our tag matching wrong. It's not
# regexp, it's not glob…it's more like…glob++ 😮
on:
push:
tags:
- 'release/*'
concurrency: roundup
# What to Do
# ----------
#
# Round up, yee-haw!
jobs:
stable-assembly:
name: 🐴 Stable Assembly
runs-on: ubuntu-latest
steps:
-
name: 💳 Checkout
uses: actions/checkout@v3
with:
lfs: true
token: ${{secrets.ADMIN_GITHUB_TOKEN}}
fetch-depth: 0
-
name: 💵 Maven Cache
uses: actions/cache@v3
with:
path: ~/.m2/repository
# The "key" used to indicate a set of cached files is the operating system runner
# plus "mvn" for Maven-specific builds, plus a hash of the `pom.xml` files, which
# should uniquely identify the dependent jars; plus "pds" because we pds-prefix
# everything with "pds" in PDS—even when the context is obvious! 😅
key: pds-${{runner.os}}-mvn-${{hashFiles('**/pom.xml')}}
# To restore a set of files, we only need to match a prefix of the saved key.
restore-keys: pds-${{runner.os}}-mvn-
-
name: 🤠 Roundup
uses: NASA-PDS/roundup-action@stable
with:
assembly: stable
maven-doc-phases: package
# TODO: Remove
maven-stable-artifact-phases: clean,install,deploy
packages: openjdk11-jdk
env:
ossrh_username: ${{secrets.OSSRH_USERNAME}}
ossrh_password: ${{secrets.OSSRH_PASSWORD}}
CODE_SIGNING_KEY: ${{secrets.CODE_SIGNING_KEY}}
ADMIN_GITHUB_TOKEN: ${{secrets.ADMIN_GITHUB_TOKEN}}
-
name: 🫙 Jar and Tag Determination
id: jartag
run: |
echo "jar_file==$(ls ./service/target/*.jar)" >> $GITHUB_OUTPUT
echo "image_tag=$(echo ${{github.ref}} | awk -F/ '{print $NF}')" >> $GITHUB_OUTPUT
-
name: 💳 Docker Hub Identification
uses: docker/login-action@v2
with:
username: ${{secrets.DOCKERHUB_USERNAME}}
password: ${{secrets.DOCKERHUB_TOKEN}}
-
name: 🎰 QEMU Multiple Machine Emulation
uses: docker/setup-qemu-action@v2
-
name: 🚢 Docker Buildx
uses: docker/setup-buildx-action@v2
-
name: 🧱 Image Construction and Publication
uses: docker/build-push-action@v3
with:
context: ./
file: ./service/docker/Dockerfile
build-args: api_jar=${{steps.jartag.outputs.jar_file}}
platforms: linux/amd64,linux/arm64
push: true
tags: ${{secrets.DOCKERHUB_USERNAME}}/registry-api-service:${{steps.jartag.outputs.image_tag}}
...
# -*- mode: yaml; indent: 4; fill-column: 120; coding: utf-8 -*-