Bump crazy-max/ghaction-import-gpg from 3 to 5 #244
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: build-vpnmanager | |
| on: | |
| push: | |
| branches: [ main ] | |
| tags: [ 'v*' ] | |
| paths-ignore: | |
| - '.github/ISSUE_TEMPLATE/**' | |
| - '.github/*.yml' | |
| - '.github/workflows/build-release-vpnc.yml' | |
| - '.github/workflows/build-release-vpnc-deployer.yml' | |
| - '.github/workflows/build-release-vpnddns.yml' | |
| - '*.md' | |
| - 'cli/**' | |
| pull_request: | |
| types: [ opened, synchronize, reopened, closed ] | |
| branches: [ main ] | |
| paths-ignore: | |
| - '.github/ISSUE_TEMPLATE/**' | |
| - '.github/*.yml' | |
| - '.github/workflows/build-release-vpnc.yml' | |
| - '.github/workflows/build-release-vpnc-deployer.yml' | |
| - '.github/workflows/build-release-vpnddns.yml' | |
| - '*.md' | |
| - 'cli/**' | |
| env: | |
| APP_CODE: vpnmanager | |
| APP_IMAGE: playio-vpnmanager | |
| DOCKER_USERNAME: beeio | |
| DOCKER_IMAGE: playio/vpnmanager | |
| GHCR_IMAGE: ghcr.io/play-iot/vpnmanager | |
| TAG_PREFIX: vpnmanager/v | |
| BRAND_VERSION: v2 | |
| BRAND_REPO: play-iot/brand | |
| ENABLE_TEST: true | |
| ENABLE_GH_MAVEN: false | |
| jobs: | |
| context: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| branch: ${{ steps.context.outputs.branch }} | |
| shouldBuild: ${{ steps.context.outputs.decision_build }} | |
| shouldPublish: ${{ steps.context.outputs.decision_publish }} | |
| isRelease: ${{ steps.context.outputs.isTag }} | |
| version: ${{ steps.context.outputs.version }} | |
| semanticVersion: ${{ steps.semantic.outputs.semanticVersion }} | |
| steps: | |
| - uses: actions/checkout@v2 | |
| with: | |
| token: ${{ secrets.BEEIO_CI_TOKEN }} | |
| - name: Import GPG key | |
| uses: crazy-max/ghaction-import-gpg@v5 | |
| with: | |
| git-user-signingkey: true | |
| git-commit-gpgsign: true | |
| git-tag-gpgsign: true | |
| git-push-gpgsign: false | |
| gpg-private-key: ${{ secrets.OSS_GPG_PRIVATE_KEY }} | |
| passphrase: ${{ secrets.OSS_GPG_PASSPHARSE }} | |
| - name: Project context | |
| id: context | |
| uses: zero88/gh-project-context@v1.1 | |
| with: | |
| mustSign: true | |
| nextVerMode: PATCH | |
| tagPrefix: ${{ env.TAG_PREFIX }} | |
| releaseBranchPrefix: release/${{ env.APP_CODE }}/ | |
| mergedReleaseMsgRegex: "^Merge pull request #[0-9]+ from .+/release/${{ env.APP_CODE }}/.+$" | |
| - name: Find semantic version | |
| id: semantic | |
| shell: bash | |
| run: | | |
| [[ "${{ steps.context.outputs.isTag }}" == "true" ]] && sv="" || sv=$(grep semanticVersion gradle.properties | cut -d'=' -f2) | |
| build: | |
| runs-on: ubuntu-latest | |
| needs: context | |
| if: needs.context.outputs.shouldBuild == 'true' | |
| steps: | |
| - uses: actions/checkout@v2 | |
| - name: Import GPG key | |
| id: import_gpg | |
| uses: crazy-max/ghaction-import-gpg@v5 | |
| if: needs.context.outputs.shouldPublish == 'true' | |
| with: | |
| git-user-signingkey: true | |
| gpg-private-key: ${{ secrets.OSS_GPG_PRIVATE_KEY }} | |
| passphrase: ${{ secrets.OSS_GPG_PASSPHARSE }} | |
| - name: Set up JDK 1.8 | |
| uses: actions/setup-java@v1 | |
| with: | |
| java-version: 1.8 | |
| - name: Cache Gradle packages | |
| uses: actions/cache@v2.1.4 | |
| with: | |
| path: ~/.gradle/caches | |
| key: ${{ runner.os }}-gradle-build-${{ hashFiles('**/*.gradle.kts') }} | |
| restore-keys: ${{ runner.os }}-gradle-build | |
| - name: Build | |
| run: | | |
| ./gradlew clean build -x test \ | |
| -Pversion=${{ needs.context.outputs.version }} \ | |
| -PsemanticVersion=${{needs.context.outputs.semanticVersion }} \ | |
| -PbuildBy="GitHub Action" -PbuildHash=${{ github.sha }} | |
| - name: Publish GitHub Package | |
| if: needs.context.outputs.isRelease == 'true' && env.ENABLE_GH_MAVEN == 'true' | |
| run: | | |
| args=( -Psigning.gnupg.homeDir=/home/runner/.gnupg \ | |
| -Psigning.gnupg.keyName=${{ steps.import_gpg.outputs.keyid }} \ | |
| -Psigning.gnupg.passphrase=${{ secrets.OSS_GPG_PASSPHARSE }} \ | |
| -Pnexus.username=${{ github.repository_owner }} \ | |
| -Pnexus.password=${{ secrets.OSS_GITHUB_TOKEN }} ) | |
| args+=( -Pgithub ) | |
| [[ "${{ needs.context.outputs.isRelease }}" == 'true' ]] && args+=( -Prelease ) | |
| ./gradlew publish "${args[@]}" | |
| - name: Publish Sonatype OSSRH | |
| if: needs.context.outputs.shouldPublish == 'true' | |
| run: | | |
| args=( -Psigning.gnupg.homeDir=/home/runner/.gnupg \ | |
| -Psigning.gnupg.keyName=${{ steps.import_gpg.outputs.keyid }} \ | |
| -Psigning.gnupg.passphrase=${{ secrets.OSS_GPG_PASSPHARSE }} \ | |
| -Pnexus.username=${{ secrets.OSS_NEXUS_USER }} \ | |
| -Pnexus.password=${{ secrets.OSS_NEXUS_TOKEN }} ) | |
| [[ "${{ needs.context.outputs.isRelease }}" == 'true' ]] && args+=( -Prelease ) | |
| ./gradlew publish "${args[@]}" | |
| analysis: | |
| runs-on: ubuntu-latest | |
| needs: context | |
| if: needs.context.outputs.shouldBuild == 'true' | |
| steps: | |
| - uses: actions/checkout@v2 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up JDK 11 | |
| uses: actions/setup-java@v1 | |
| with: | |
| java-version: 11 | |
| - name: Cache SonarCloud packages | |
| uses: actions/cache@v2.1.4 | |
| with: | |
| path: ~/.sonar/cache | |
| key: ${{ runner.os }}-sonar | |
| restore-keys: ${{ runner.os }}-sonar | |
| - name: Cache Gradle packages | |
| uses: actions/cache@v2.1.4 | |
| with: | |
| path: ~/.gradle/caches | |
| key: ${{ runner.os }}-gradle-test-${{ hashFiles('**/*.gradle.kts') }} | |
| restore-keys: ${{ runner.os }}-gradle-test | |
| - name: Test | |
| if: env.ENABLE_TEST == 'true' | |
| run: ./gradlew jacocoRootReport | |
| - name: SonarQube | |
| run: ./gradlew sonarqube -x jacocoRootReport -Dsonar.login=${{ secrets.OSS_SONARQUBE_TOKEN }} -Dsonar.branch.name=${{ needs.context.outputs.branch }} | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| release: | |
| runs-on: ubuntu-latest | |
| needs: [ build, context ] | |
| if: needs.context.outputs.isRelease == 'true' | |
| steps: | |
| - name: Create GitHub Release | |
| uses: actions/create-release@v1 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| tag_name: ${{ needs.context.outputs.branch }} | |
| release_name: Release ${{ needs.context.outputs.branch }} | |
| draft: false | |
| prerelease: false | |
| promote: | |
| name: Promote Sonatype OSSRH | |
| runs-on: ubuntu-latest | |
| needs: [ build, context ] | |
| if: needs.context.outputs.isRelease == 'true' | |
| steps: | |
| - uses: actions/checkout@v2 | |
| - run: | | |
| ./gradlew closeAndReleaseRepository \ | |
| -Pnexus.username=${{ secrets.OSS_NEXUS_USER }} \ | |
| -Pnexus.password=${{ secrets.OSS_NEXUS_TOKEN }} || echo 'Need to promote manually' |