-
Notifications
You must be signed in to change notification settings - Fork 7
130 lines (114 loc) · 5.49 KB
/
ci-build.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
# Continuous Integration Build via GitHub Actions
name: CI Build
# Run this Build for all pushes and PRs
on: [push, pull_request]
jobs:
ci-build:
runs-on: ubuntu-latest
env:
# Specify memory for Maven
MAVEN_OPTS: "-Xmx256M"
steps:
# Output current build environment
- run: echo "This is a CI build of branch ${{ github.ref }} in repository ${{ github.repository }}"
- run: echo "This job was triggered by a ${{ github.event_name }} event and is running on a ${{ runner.os }} server"
# https://github.com/actions/checkout
- name: Checkout codebase
uses: actions/checkout@v2
# https://github.com/actions/setup-java
- name: Install JDK 17
uses: actions/setup-java@v2
with:
java-version: 17
distribution: adopt
# https://github.com/actions/cache
- name: Cache Maven dependencies
uses: actions/cache@v2
with:
# Cache entire ~/.m2/repository
path: ~/.m2/repository
# Cache key is hash of all pom.xml files. Therefore any changes to POMs will invalidate cache
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
restore-keys: ${{ runner.os }}-maven-
# Run build and execute tests
- name: Build and Run unit tests
run: mvn clean install -DskipIntTests -DskipDeploy --batch-mode
# https://github.com/actions/setup-java
# Sets up Java again, preparing the settings.xml to deploy to Sonatype (Maven)
# ONLY on push to develop branch (using Sonatype snapshots repo)
- name: Set up for deploy to Sonatype
uses: actions/setup-java@v2
if: github.ref == 'refs/heads/develop' && github.event_name == 'push'
with:
java-version: 17
distribution: adopt
server-id: sonatype-snapshots # Value of the distributionManagement/repository/id field of the pom.xml
server-username: SONATYPE_USERNAME # env variable for sonatype username
server-password: SONATYPE_PASSWORD # env variable for sonatype password
gpg-private-key: ${{ secrets.CODESIGN_GPG_KEY }} # Value of the GPG private key to import
gpg-passphrase: CODESIGN_GPG_PASSPHRASE # env variable for GPG private key passphrase
# ONLY on push to main branch (using Sonatype releases repo)
- name: Set up for deploy to Sonatype
uses: actions/setup-java@v2
if: github.ref == 'refs/heads/main' && github.event_name == 'push'
with:
java-version: 17
distribution: adopt
server-id: sonatype-releases # Value of the distributionManagement/repository/id field of the pom.xml
server-username: SONATYPE_USERNAME # env variable for sonatype username
server-password: SONATYPE_PASSWORD # env variable for sonatype password
gpg-private-key: ${{ secrets.CODESIGN_GPG_KEY }} # Value of the GPG private key to import
gpg-passphrase: CODESIGN_GPG_PASSPHRASE # env variable for GPG private key passphrase
# Execute deployment to sonatype (only on push to develop or main branches)
- name: Publish to Sonatype
if: github.event_name == 'push' && (github.ref == 'refs/heads/develop' || github.ref == 'refs/heads/main')
run: mvn deploy -DreleaseBuild -DskipTests -DskipDeploy --batch-mode
env:
SONATYPE_USERNAME: ${{ secrets.SONATYPE_USERNAME }}
SONATYPE_PASSWORD: ${{ secrets.SONATYPE_PASSWORD }}
CODESIGN_GPG_PASSPHRASE: ${{ secrets.CODESIGN_GPG_PASSPHRASE }}
- name: Login to GHCR.IO
uses: docker/login-action@v1
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.CONTAINER_REGISTRY_TOKEN }}
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v1
- name: Cache Docker layers
uses: actions/cache@v2
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ github.sha }}
restore-keys: |
${{ runner.os }}-buildx-
- name: Extract Maven project version
run: echo ::set-output name=version::$(mvn -q -Dexec.executable=echo -Dexec.args='${project.version}' --non-recursive exec:exec)
id: project_version
- name: Set docker tags (PR)
if: ${{ github.event_name == 'pull_request' }}
shell: bash
run: |
echo "DOCKER_TAGS=ghcr.io/${{ github.repository }}:${{ steps.project_version.outputs.version }}-PR-${{github.event.number}}-${{github.event.pull_request.head.sha}}" >> ${GITHUB_ENV}
- name: Set docker tags (Push)
if: ${{ github.event_name == 'push' }}
shell: bash
run: |
echo "DOCKER_TAGS=ghcr.io/${{ github.repository }}:latest,ghcr.io/${{ github.repository }}:${{ steps.project_version.outputs.version }}" >> ${GITHUB_ENV}
- name: Build and push
id: docker_build
uses: docker/build-push-action@v2
if: github.event_name == 'pull_request' || (github.event_name == 'push' && (github.ref == 'refs/heads/develop' || github.ref == 'refs/heads/main'))
with:
context: ./
file: ./docker/Dockerfile
builder: ${{ steps.buildx.outputs.name }}
platforms: linux/amd64
push: true
build-args: VERSION=${{ steps.project_version.outputs.version }}
tags: ${ DOCKER_TAGS }
cache-from: type=local,src=/tmp/.buildx-cache
cache-to: type=local,dest=/tmp/.buildx-cache
- name: Image digest
run: echo ${{ steps.docker_build.outputs.digest }}