Skip to content

refactor: improve propagation rule diagnostics #307

refactor: improve propagation rule diagnostics

refactor: improve propagation rule diagnostics #307

Workflow file for this run

# SPDX-FileCopyrightText: 2021-2024 The Refinery Authors
#
# SPDX-License-Identifier: EPL-2.0
name: Build
on:
push:
branches:
- '**'
- '!gh-pages'
pull_request:
types: [opened, synchronize, reopened]
jobs:
build:
name: Build
permissions:
contents: read
strategy:
matrix:
os:
- ubuntu-latest
- ubuntu-20.04
- windows-latest
- macos-13 # Intel
- macos-14 # ARM
runs-on: ${{ matrix.os }}
steps:
- name: Check for Sonar secret
id: check-secret
if: ${{ matrix.os == 'ubuntu-latest' }}
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
run: |
if [ "${SONAR_TOKEN}" != '' ]; then
echo 'is_SONAR_TOKEN_set=true' >> $GITHUB_OUTPUT
fi
- name: Set up JDK 21
uses: actions/setup-java@v4
with:
java-version: 21
distribution: corretto
- name: Cache Gradle packages
uses: actions/cache@v4
with:
path: |
~/.gradle/caches
key: ${{ matrix.os }}-gradle-${{ hashFiles('**/*.gradle', 'gradle.properties', 'gradle/libs.versions.toml', 'gradle/wrapper/gradle-wrapper.properties') }}
restore-keys: ${{ matrix.os }}-gradle
- name: Cache Sonar packages
uses: actions/cache@v4
if: ${{ steps.check-secret.outputs.is_SONAR_TOKEN_set }}
with:
path: |
~/.sonar/cache
key: ${{ matrix.os }}-sonar
restore-keys: ${{ matrix.os }}-sonar
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: ${{ !steps.check-secret.outputs.is_SONAR_TOKEN_set && 1 || 0 }} # Shallow clones should be disabled for a better relevancy of SonarCloud analysis
- name: Cache node distribution
uses: actions/cache@v4
with:
path: |
**/.node
key: ${{ matrix.os }}-node-${{ hashFiles('gradle.properties') }}
restore-keys: ${{ matrix.os }}-node
- name: Cache yarn packages
uses: actions/cache@v4
with:
path: |
**/.yarn/cache
key: ${{ matrix.os }}-yarn-${{ hashFiles('**/yarn.lock') }}
restore-keys: ${{ matrix.os }}-yarn
- name: Gradle build
run: |
./gradlew build -Pci --info --stacktrace --max-workers 4 --no-daemon
- name: Sonar analyze
if: ${{ steps.check-secret.outputs.is_SONAR_TOKEN_set }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed by Sonar to get PR information, if any
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
run: |
./gradlew sonar -Pci --info --stacktrace --max-workers 4 --no-daemon
- name: Build signed Maven repository
if: ${{ matrix.os == 'ubuntu-latest' && github.event_name == 'push' && github.repository_owner == 'graphs4value' }}
env:
PGP_KEY: ${{ secrets.PGP_KEY }}
PGP_KEY_ID: ${{ secrets.PGP_KEY_ID }}
PGP_PASSWORD: ${{ secrets.PGP_PASSWORD }}
run: |
./gradlew mavenRepositoryTar -Pci -PforceSign --info --stacktrace --max-workers 4 --no-daemon
- name: Build unsigned Maven repository
if: ${{ matrix.os == 'ubuntu-latest' && (github.event_name != 'push' || github.repository_owner != 'graphs4value') }}
run: |
./gradlew mavenRepositoryTar -Pci --info --stacktrace --max-workers 4 --no-daemon
- name: Upload Maven repository artifact
if: ${{ matrix.os == 'ubuntu-latest' }}
uses: actions/upload-artifact@v4
with:
name: maven-repository-tar
path: build/refinery-maven-repository.tar
compression-level: 0
- name: Upload application artifacts
if: ${{ matrix.os == 'ubuntu-latest' }}
uses: actions/upload-artifact@v4
with:
name: distributions-tar
path: subprojects/**/build/distributions/*.tar
compression-level: 0
retention-days: 5 # No need to preserve for long, since they are uploaded to GHCR
- name: Upload site artifact
if: ${{ matrix.os == 'ubuntu-latest' }}
uses: actions/upload-artifact@v4
with:
name: site-zip
path: subprojects/docs/build/refinery-docs.zip
compression-level: 0
reuse-check:
name: REUSE Compliance Check
permissions:
contents: read
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: REUSE Compliance Check
uses: fsfe/reuse-action@a46482ca367aef4454a87620aa37c2be4b2f8106
with:
args: --include-meson-subprojects lint
publish-site:
name: Publish to GitHub Pages
if: ${{ github.event_name == 'push' && github.ref_name == 'main' && github.repository == 'graphs4value/refinery' }}
needs: build
runs-on: ubuntu-latest
steps:
- name: Download site artifact
uses: actions/download-artifact@v4
with:
name: site-zip
path: site-zip
- name: Download Maven repository artifact
uses: actions/download-artifact@v4
with:
name: maven-repository-tar
path: maven-repository-tar
- name: Import GPG key
uses: crazy-max/ghaction-import-gpg@ea88154188003ca5aeb616063b2d0dd6a9cf86e2
with:
gpg_private_key: ${{ secrets.PGP_KEY }}
fingerprint: ${{ secrets.PGP_FINGERPRINT }}
passphrase: ${{ secrets.PGP_PASSWORD }}
git_config_global: true
git_user_signingkey: true
git_commit_gpgsign: true
- name: Create empty git repository
run: |
mkdir graphs4value.github.io
cd graphs4value.github.io
git config --global init.defaultBranch main
git config --global user.name "Graphs4Value bot"
git config --global user.email "[email protected]"
git init
- name: Extract site artifact
working-directory: ./graphs4value.github.io
run: |
unzip ../site-zip/refinery-docs.zip
- name: Extract Maven repository artifact
working-directory: ./graphs4value.github.io
run: |
mkdir -p maven/snapshots
cd maven/snapshots
tar -xvf ../../../maven-repository-tar/refinery-maven-repository.tar
- name: Commit and push to graphs4value.github.io
working-directory: ./graphs4value.github.io
env:
GH_PAGES_TOKEN: ${{ secrets.GH_PAGES_TOKEN }}
GITHUB_REPOSITORY: ${{ github.repository }}
GITHUB_SHA: ${{ github.sha }}
run: |
git remote add origin "https://x-access-token:${GH_PAGES_TOKEN}@github.com/graphs4value/graphs4value.github.io.git"
git add .
git commit -S -m "Update from https://github.com/${GITHUB_REPOSITORY}/commit/${GITHUB_SHA}"
git push --force origin main
docker-build:
name: Build Docker images
needs: build
permissions:
packages: write
contents: read
runs-on: ubuntu-latest
steps:
- name: Set up QEMU
uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3
with:
platforms: arm64
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb
with:
platforms: linux/amd64,linux/arm64
- name: Checkout code
uses: actions/checkout@v4
- name: Download application artifacts
uses: actions/download-artifact@v4
with:
name: distributions-tar
path: subprojects
- name: Extract application artifacts
working-directory: ./docker
run: |
./prepare_context.sh
- name: Bake images
working-directory: ./docker
run: |
./bake.sh false --set '*.cache-from=gha' --set '*.cache-to=type=gha,mode=max'
- name: Log in to GitHub Container registry
if: ${{ github.event_name == 'push' && github.ref_name == 'main' && github.repository == 'graphs4value/refinery' }}
uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Upload images to GitHub Container registry
if: ${{ github.event_name == 'push' && github.ref_name == 'main' && github.repository == 'graphs4value/refinery' }}
working-directory: ./docker
run: |
./bake.sh true --set '*.cache-from=gha' --set '*.cache-to=type=gha,mode=max'
- name: Delete application artifacts
uses: geekyeggo/delete-artifact@24928e75e6e6590170563b8ddae9fac674508aa1
with:
name: distributions-tar