-
Notifications
You must be signed in to change notification settings - Fork 5
100 lines (95 loc) · 3.8 KB
/
gradle.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
# This workflow will build a Java project with Gradle
# For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-gradle
name: JavaCI
on:
push:
branches: [ main ]
paths-ignore:
- 'README.md'
- '**/README.md'
- 'CODE_OF_CONDUCT.md'
- 'CONTRIBUTING.md'
- 'pull_request_template.md'
- '.lift/.toml'
- '**/.lift/.toml'
- 'SECURITY.md'
- 'LICENSE'
- '.github/ISSUE_TEMPLATE/**'
- '.github/assets/**'
- '.github/workflows/**'
- '.github/pr-labeler.yml'
- 'renovate.json'
- '.whitesource'
- 'gradle/libs.versions.toml'
- 'gradle/verification-metadata.xml'
- 'gradle/verification-metadata-clean.xml'
- 'lowkey-vault-docker/src/docker/Dockerfile'
- 'gradle/wrapper/gradle-wrapper.properties'
- 'gradle/wrapper/gradle-wrapper.jar'
- 'gradlew'
- 'gradlew.bat'
- 'config/ossindex/exclusions.txt'
permissions: read-all
jobs:
build:
runs-on: ubuntu-latest
steps:
# Set up build environment
- name: Checkout
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
with:
fetch-depth: 0
token: ${{ secrets.PUBLISH_KEY }}
- name: Set up JDK 17
uses: actions/setup-java@b36c23c0d998641eff861008f374ee103c25ac73 # v4.4.0
with:
distribution: temurin
java-version: 17
- name: Setup Gradle
uses: gradle/actions/setup-gradle@d156388eb19639ec20ade50009f3d199ce1e2808 # v4.1.0
with:
gradle-home-cache-cleanup: true
- name: Build with Gradle
run: ./gradlew tagVersion build -PgithubUser=${{ secrets.PUBLISH_USER_NAME }} -PgithubToken=${{ secrets.PUBLISH_KEY }}
- name: Decode key
run: |
mkdir -p ${{ runner.temp }}/.gnupg/
echo -e "${{ secrets.OSSRH_GPG_SECRET_KEY }}" | base64 --decode > ${{ runner.temp }}/.gnupg/secring.gpg
- name: Docker Login
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Build with Gradle
run: >
./gradlew publish publishToSonatype closeAndReleaseSonatypeStagingRepository
-x test -x dockerClean -x dockerPrepare -x dockerRun -x dockerRunStatus -x dockerStop
-PgithubUser=${{ secrets.PUBLISH_USER_NAME }}
-PgithubToken=${{ secrets.PUBLISH_KEY }}
-PossrhUsername=${{ secrets.OSSRH_USER }}
-PossrhPassword=${{ secrets.OSSRH_PASS }}
-Psigning.keyId=${{ secrets.SIGNING_KEY_ID }}
-Psigning.password=${{ secrets.OSSRH_GPG_SECRET_KEY_PASSWORD }}
-Psigning.secretKeyRingFile=${{ runner.temp }}/.gnupg/secring.gpg
- name: Clean-up GPG key
if: always()
run: |
rm -rf ${{ runner.temp }}/.gnupg/
- name: Upload coverage to Codecov - App
uses: codecov/codecov-action@b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238 # v4.6.0
with:
token: ${{ secrets.CODECOV_TOKEN }}
file: ./lowkey-vault-app/build/reports/jacoco/report.xml
flags: app
- name: Upload coverage to Codecov - Client
uses: codecov/codecov-action@b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238 # v4.6.0
with:
token: ${{ secrets.CODECOV_TOKEN }}
file: ./lowkey-vault-client/build/reports/jacoco/report.xml
flags: client
- name: Upload coverage to Codecov - Testcontainers
uses: codecov/codecov-action@b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238 # v4.6.0
with:
token: ${{ secrets.CODECOV_TOKEN }}
file: ./lowkey-vault-testcontainers/build/reports/jacoco/report.xml
flags: testcontainers