Version worker test #464
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deployment | |
| on: | |
| workflow_dispatch: | |
| push: | |
| branches: | |
| - main | |
| - main-release | |
| paths-ignore: | |
| - 'docs/**' | |
| - 'src/test/**' | |
| - 'README.md' | |
| tags: | |
| - '*' | |
| pull_request: | |
| paths-ignore: | |
| - 'docs/**' | |
| - 'src/test/**' | |
| - 'README.md' | |
| env: | |
| SpringerNatureAPIKey: ${{ secrets.SpringerNatureAPIKey }} | |
| AstrophysicsDataSystemAPIKey: ${{ secrets.AstrophysicsDataSystemAPIKey }} | |
| IEEEAPIKey: ${{ secrets.IEEEAPIKey }} | |
| BiodiversityHeritageApiKey: ${{ secrets.BiodiversityHeritageApiKey}} | |
| OSXCERT: ${{ secrets.OSX_SIGNING_CERT }} | |
| GRADLE_OPTS: -Xmx4g -Dorg.gradle.daemon=false -Dorg.gradle.vfs.watch=false | |
| JAVA_OPTS: -Xmx4g | |
| concurrency: | |
| group: ${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| build: | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: [ubuntu-latest, windows-latest, macOS-latest] | |
| include: | |
| - os: ubuntu-latest | |
| displayName: linux | |
| archivePortable: tar -c -C build/distribution JabRef | pigz --rsyncable > build/distribution/JabRef-portable_linux.tar.gz && rm -R build/distribution/JabRef | |
| - os: windows-latest | |
| displayName: windows | |
| archivePortable: 7z a -r build/distribution/JabRef-portable_windows.zip ./build/distribution/JabRef && rm -R build/distribution/JabRef | |
| - os: macOS-latest | |
| displayName: macOS | |
| archivePortable: brew install pigz && tar -c -C build/distribution JabRef.app | pigz --rsyncable > build/distribution/JabRef-portable_macos.tar.gz && rm -R build/distribution/JabRef.app | |
| runs-on: ${{ matrix.os }} | |
| name: Create installer and portable version for ${{ matrix.displayName }} | |
| steps: | |
| - name: Fetch all history for all tags and branches | |
| uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 0 | |
| - name: Install GitVersion | |
| uses: gittools/actions/gitversion/[email protected] | |
| with: | |
| versionSpec: "5.x" | |
| - name: Run GitVersion | |
| id: gitversion | |
| uses: gittools/actions/gitversion/[email protected] | |
| - name: Set up JDK | |
| uses: actions/setup-java@v3 | |
| with: | |
| java-version: 18 | |
| distribution: 'temurin' | |
| cache: 'gradle' | |
| - name: Setup OSX key chain on OSX | |
| if: matrix.os == 'macos-latest' | |
| uses: apple-actions/import-codesign-certs@v1 | |
| with: | |
| p12-file-base64: ${{ secrets.OSX_SIGNING_CERT }} | |
| p12-password: ${{ secrets.OSX_CERT_PWD }} | |
| keychain-password: jabref | |
| - name: Setup OSX key chain on OSX for app id cert | |
| if: matrix.os == 'macos-latest' | |
| uses: apple-actions/import-codesign-certs@v1 | |
| with: | |
| p12-file-base64: ${{ secrets.OSX_SIGNING_CERT_APPLICATION }} | |
| p12-password: ${{ secrets.OSX_CERT_PWD }} | |
| create-keychain: false | |
| keychain-password: jabref | |
| - name: Build runtime image | |
| run: ./gradlew -i -PprojVersion="${{ steps.gitversion.outputs.AssemblySemVer }}" -PprojVersionInfo="${{ steps.gitversion.outputs.InformationalVersion }}" jlinkZip | |
| - name: Build installer | |
| run: ./gradlew -i -PprojVersion="${{ steps.gitversion.outputs.AssemblySemVer }}" -PprojVersionInfo="${{ steps.gitversion.outputs.InformationalVersion }}" jpackage | |
| shell: bash | |
| - name: Resign app image for OSX and build dmg | |
| if: matrix.os == 'macos-latest' | |
| shell: bash | |
| run: | | |
| codesign --entitlements buildres/mac/jabref.entitlements --options runtime -vvv -f --sign "Developer ID Application: JabRef e.V. (6792V39SK3)" build/distribution/JabRef.app/Contents/runtime/Contents/MacOS/libjli.dylib | |
| codesign --entitlements buildres/mac/jabref.entitlements --options runtime -vvv -f --sign "Developer ID Application: JabRef e.V. (6792V39SK3)" build/distribution/JabRef.app/Contents/MacOS/JabRef | |
| codesign --entitlements buildres/mac/jabref.entitlements --options runtime -vvv -f --sign "Developer ID Application: JabRef e.V. (6792V39SK3)" build/distribution/JabRef.app | |
| jpackage --type pkg --dest build/distribution --name JabRef --app-version "${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}" --app-image build/distribution/JabRef.app --verbose --type dmg --vendor JabRef --app-version "${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}" --file-associations buildres/mac/bibtexAssociations.properties --resource-dir buildres/mac | |
| codesign -s "Developer ID Application: JabRef e.V. (6792V39SK3)" --options runtime --entitlements buildres/mac/jabref.entitlements -vvvv --deep "build/distribution/JabRef-${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}.dmg" | |
| jpackage --type pkg --dest build/distribution --name JabRef --mac-package-identifier JabRef --app-version "${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}" --app-image build/distribution/JabRef.app --verbose --type pkg --vendor JabRef --app-version "${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}" --file-associations buildres/mac/bibtexAssociations.properties --resource-dir buildres/mac | |
| productsign --sign "Developer ID Installer: JabRef e.V. (6792V39SK3)" "build/distribution/JabRef-${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}.pkg" "build/distribution/JabRef-${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}-signed.pkg" | |
| - name: Notarize dmg and pkg installer | |
| if: matrix.os == 'macos-latest' && startsWith(github.ref, 'refs/tags/') | |
| shell: bash | |
| run: | | |
| REQUEST_UUID_DMG=$(xcrun altool --verbose --notarize-app --primary-bundle-id "org.jabref" --username ${{ secrets.OSX_NOTARIZATION_APP_USERNAME }} --password ${{ secrets.OSX_NOTARIZATION_APP_PWD }} --asc-provider "6792V39SK3" --file "build/distribution/JabRef-${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}.dmg" | grep RequestUUID | awk '{print $3}') | |
| while xcrun altool --notarization-info "$REQUEST_UUID_DMG" -u ${{ secrets.OSX_NOTARIZATION_APP_USERNAME }} -p ${{ secrets.OSX_NOTARIZATION_APP_PWD }} | grep "Status: in progress" > /dev/null; do | |
| echo "Verification in progress..." | |
| sleep 30 | |
| done | |
| xcrun stapler staple "build/distribution/JabRef-${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}.dmg" | |
| spctl -vvv --assess --type exec build/distribution/JabRef.app | |
| codesign -vvv --deep --strict "build/distribution/JabRef-${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}.dmg" | |
| codesign -dvv "build/distribution/JabRef-${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}.dmg" | |
| REQUEST_UUID_PKG=$(xcrun altool --verbose --notarize-app --primary-bundle-id "org.jabref" --username ${{ secrets.OSX_NOTARIZATION_APP_USERNAME }} --password ${{ secrets.OSX_NOTARIZATION_APP_PWD }} --asc-provider "6792V39SK3" --file "build/distribution/JabRef-${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}-signed.pkg" | grep RequestUUID | awk '{print $3}') | |
| while xcrun altool --notarization-info "$REQUEST_UUID_PKG" -u ${{ secrets.OSX_NOTARIZATION_APP_USERNAME }} -p ${{ secrets.OSX_NOTARIZATION_APP_PWD }} | grep "Status: in progress" > /dev/null; do | |
| echo "Verification in progress..." | |
| sleep 30 | |
| done | |
| xcrun stapler staple "build/distribution/JabRef-${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}-signed.pkg" | |
| rm "build/distribution/JabRef-${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}.pkg" | |
| mv "build/distribution/JabRef-${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}-signed.pkg" "build/distribution/JabRef-${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}.pkg" | |
| - name: Package application image | |
| shell: bash | |
| run: ${{ matrix.archivePortable }} | |
| - name: Rename files | |
| shell: pwsh | |
| run: | | |
| get-childitem -Path build/distribution/* | |
| get-childitem -Path build/distribution/* | rename-item -NewName {$_.name -replace "${{ steps.gitversion.outputs.AssemblySemVer }}","${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}"} | |
| get-childitem -Path build/distribution/* | rename-item -NewName {$_.name -replace "portable","${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}-portable"} | |
| - name: Upload to GitHub workflow artifacts store | |
| uses: actions/upload-artifact@master | |
| with: | |
| name: JabRef-${{ matrix.displayName }} | |
| path: build/distribution | |
| deploy: | |
| strategy: | |
| fail-fast: false | |
| name: Deploy binaries on builds.jabref.org | |
| runs-on: ubuntu-latest | |
| needs: [build] | |
| steps: | |
| - name: Check secrets presence | |
| id: checksecrets | |
| shell: bash | |
| run: | | |
| if [ "$BUILDJABREFPRIVATEKEY" == "" ]; then | |
| echo ::set-output name=secretspresent::false | |
| else | |
| echo ::set-output name=secretspresent::true | |
| fi | |
| env: | |
| BUILDJABREFPRIVATEKEY: ${{ secrets.buildJabRefPrivateKey }} | |
| - name: Checkout source | |
| uses: actions/checkout@v3 | |
| - name: Fetch all history for all tags and branches | |
| run: git fetch --prune --unshallow | |
| - name: Install GitVersion | |
| uses: gittools/actions/gitversion/[email protected] | |
| with: | |
| versionSpec: '5.x' | |
| - name: Run GitVersion | |
| id: gitversion | |
| uses: gittools/actions/gitversion/[email protected] | |
| - name: Get linux binaries | |
| uses: actions/download-artifact@master | |
| with: | |
| name: JabRef-linux | |
| path: build/distribution | |
| - name: Get windows binaries | |
| uses: actions/download-artifact@master | |
| with: | |
| name: JabRef-windows | |
| path: build/distribution | |
| - name: Get macOS binaries | |
| uses: actions/download-artifact@master | |
| with: | |
| name: JabRef-macOS | |
| path: build/distribution/ | |
| - name: Deploy to builds.jabref.org | |
| id: deploy | |
| if: ${{ steps.checksecrets.outputs.secretspresent }} | |
| uses: Pendect/[email protected] | |
| env: | |
| DEPLOY_KEY: ${{ secrets.buildJabRefPrivateKey }} | |
| BRANCH: ${{ steps.gitversion.outputs.branchName }} | |
| with: | |
| flags: -vaz --itemize-changes --stats --partial-dir=/tmp/partial --rsync-path="mkdir -p /var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }} && rsync" | |
| options: '' | |
| ssh_options: '-p 9922' | |
| src: 'build/distribution/' | |
| dest: [email protected]:/var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }}/ |