Bump crazy-max/ghaction-import-gpg from 3 to 6 #243

Workflow file for this run

.github/workflows/build-release-vpnmanager.yml at 2f98f9a

	name: build-vpnmanager

	on:
	push:
	branches: [ main ]
	tags: [ 'v*' ]
	paths-ignore:
	- '.github/ISSUE_TEMPLATE/**'
	- '.github/*.yml'
	- '.github/workflows/build-release-vpnc.yml'
	- '.github/workflows/build-release-vpnc-deployer.yml'
	- '.github/workflows/build-release-vpnddns.yml'
	- '*.md'
	- 'cli/**'
	pull_request:
	types: [ opened, synchronize, reopened, closed ]
	branches: [ main ]
	paths-ignore:
	- '.github/ISSUE_TEMPLATE/**'
	- '.github/*.yml'
	- '.github/workflows/build-release-vpnc.yml'
	- '.github/workflows/build-release-vpnc-deployer.yml'
	- '.github/workflows/build-release-vpnddns.yml'
	- '*.md'
	- 'cli/**'

	env:
	APP_CODE: vpnmanager
	APP_IMAGE: playio-vpnmanager
	DOCKER_USERNAME: beeio
	DOCKER_IMAGE: playio/vpnmanager
	GHCR_IMAGE: ghcr.io/play-iot/vpnmanager
	TAG_PREFIX: vpnmanager/v
	BRAND_VERSION: v2
	BRAND_REPO: play-iot/brand
	ENABLE_TEST: true
	ENABLE_GH_MAVEN: false

	jobs:
	context:
	runs-on: ubuntu-latest
	outputs:
	branch: ${{ steps.context.outputs.branch }}
	shouldBuild: ${{ steps.context.outputs.decision_build }}
	shouldPublish: ${{ steps.context.outputs.decision_publish }}
	isRelease: ${{ steps.context.outputs.isTag }}
	version: ${{ steps.context.outputs.version }}
	semanticVersion: ${{ steps.semantic.outputs.semanticVersion }}

	steps:
	- uses: actions/checkout@v2
	with:
	token: ${{ secrets.BEEIO_CI_TOKEN }}

	- name: Import GPG key
	uses: crazy-max/ghaction-import-gpg@v6
	with:
	git-user-signingkey: true
	git-commit-gpgsign: true
	git-tag-gpgsign: true
	git-push-gpgsign: false
	gpg-private-key: ${{ secrets.OSS_GPG_PRIVATE_KEY }}
	passphrase: ${{ secrets.OSS_GPG_PASSPHARSE }}

	- name: Project context
	id: context
	uses: zero88/gh-project-context@v1.1
	with:
	mustSign: true
	nextVerMode: PATCH
	tagPrefix: ${{ env.TAG_PREFIX }}
	releaseBranchPrefix: release/${{ env.APP_CODE }}/
	mergedReleaseMsgRegex: "^Merge pull request #[0-9]+ from .+/release/${{ env.APP_CODE }}/.+$"

	- name: Find semantic version
	id: semantic
	shell: bash
	run: \|
	[[ "${{ steps.context.outputs.isTag }}" == "true" ]] && sv="" \|\| sv=$(grep semanticVersion gradle.properties \| cut -d'=' -f2)

	build:
	runs-on: ubuntu-latest
	needs: context
	if: needs.context.outputs.shouldBuild == 'true'
	steps:
	- uses: actions/checkout@v2

	- name: Import GPG key
	id: import_gpg
	uses: crazy-max/ghaction-import-gpg@v6
	if: needs.context.outputs.shouldPublish == 'true'
	with:
	git-user-signingkey: true
	gpg-private-key: ${{ secrets.OSS_GPG_PRIVATE_KEY }}
	passphrase: ${{ secrets.OSS_GPG_PASSPHARSE }}

	- name: Set up JDK 1.8
	uses: actions/setup-java@v1
	with:
	java-version: 1.8

	- name: Cache Gradle packages
	uses: actions/cache@v2.1.4
	with:
	path: ~/.gradle/caches
	key: ${{ runner.os }}-gradle-build-${{ hashFiles('*/.gradle.kts') }}
	restore-keys: ${{ runner.os }}-gradle-build

	- name: Build
	run: \|
	./gradlew clean build -x test \
	-Pversion=${{ needs.context.outputs.version }} \
	-PsemanticVersion=${{needs.context.outputs.semanticVersion }} \
	-PbuildBy="GitHub Action" -PbuildHash=${{ github.sha }}

	- name: Publish GitHub Package
	if: needs.context.outputs.isRelease == 'true' && env.ENABLE_GH_MAVEN == 'true'
	run: \|
	args=( -Psigning.gnupg.homeDir=/home/runner/.gnupg \
	-Psigning.gnupg.keyName=${{ steps.import_gpg.outputs.keyid }} \
	-Psigning.gnupg.passphrase=${{ secrets.OSS_GPG_PASSPHARSE }} \
	-Pnexus.username=${{ github.repository_owner }} \
	-Pnexus.password=${{ secrets.OSS_GITHUB_TOKEN }} )
	args+=( -Pgithub )
	[[ "${{ needs.context.outputs.isRelease }}" == 'true' ]] && args+=( -Prelease )
	./gradlew publish "${args[@]}"

	- name: Publish Sonatype OSSRH
	if: needs.context.outputs.shouldPublish == 'true'
	run: \|
	args=( -Psigning.gnupg.homeDir=/home/runner/.gnupg \
	-Psigning.gnupg.keyName=${{ steps.import_gpg.outputs.keyid }} \
	-Psigning.gnupg.passphrase=${{ secrets.OSS_GPG_PASSPHARSE }} \
	-Pnexus.username=${{ secrets.OSS_NEXUS_USER }} \
	-Pnexus.password=${{ secrets.OSS_NEXUS_TOKEN }} )
	[[ "${{ needs.context.outputs.isRelease }}" == 'true' ]] && args+=( -Prelease )
	./gradlew publish "${args[@]}"

	analysis:
	runs-on: ubuntu-latest
	needs: context
	if: needs.context.outputs.shouldBuild == 'true'
	steps:
	- uses: actions/checkout@v2
	with:
	fetch-depth: 0

	- name: Set up JDK 11
	uses: actions/setup-java@v1
	with:
	java-version: 11

	- name: Cache SonarCloud packages
	uses: actions/cache@v2.1.4
	with:
	path: ~/.sonar/cache
	key: ${{ runner.os }}-sonar
	restore-keys: ${{ runner.os }}-sonar

	- name: Cache Gradle packages
	uses: actions/cache@v2.1.4
	with:
	path: ~/.gradle/caches
	key: ${{ runner.os }}-gradle-test-${{ hashFiles('*/.gradle.kts') }}
	restore-keys: ${{ runner.os }}-gradle-test

	- name: Test
	if: env.ENABLE_TEST == 'true'
	run: ./gradlew jacocoRootReport

	- name: SonarQube
	run: ./gradlew sonarqube -x jacocoRootReport -Dsonar.login=${{ secrets.OSS_SONARQUBE_TOKEN }} -Dsonar.branch.name=${{ needs.context.outputs.branch }}
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

	release:
	runs-on: ubuntu-latest
	needs: [ build, context ]
	if: needs.context.outputs.isRelease == 'true'
	steps:
	- name: Create GitHub Release
	uses: actions/create-release@v1
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	with:
	tag_name: ${{ needs.context.outputs.branch }}
	release_name: Release ${{ needs.context.outputs.branch }}
	draft: false
	prerelease: false

	promote:
	name: Promote Sonatype OSSRH
	runs-on: ubuntu-latest
	needs: [ build, context ]
	if: needs.context.outputs.isRelease == 'true'
	steps:
	- uses: actions/checkout@v2
	- run: \|
	./gradlew closeAndReleaseRepository \
	-Pnexus.username=${{ secrets.OSS_NEXUS_USER }} \
	-Pnexus.password=${{ secrets.OSS_NEXUS_TOKEN }} \|\| echo 'Need to promote manually'

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump crazy-max/ghaction-import-gpg from 3 to 6 #243

Workflow file

Bump crazy-max/ghaction-import-gpg from 3 to 6 #243

Jobs

Run details

Workflow file for this run