chore(deps): bump dependencies #325
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # SPDX-FileCopyrightText: 2021-2024 The Refinery Authors | |
| # | |
| # SPDX-License-Identifier: EPL-2.0 | |
| name: Build | |
| on: | |
| push: | |
| branches: | |
| - '**' | |
| - '!gh-pages' | |
| pull_request: | |
| types: [opened, synchronize, reopened] | |
| jobs: | |
| build: | |
| name: Build | |
| permissions: | |
| contents: read | |
| strategy: | |
| matrix: | |
| os: | |
| - ubuntu-latest | |
| - ubuntu-20.04 | |
| - windows-latest | |
| - macos-13 # Intel | |
| - macos-14 # ARM | |
| runs-on: ${{ matrix.os }} | |
| steps: | |
| - name: Check for Sonar secret | |
| id: check-secret | |
| if: ${{ matrix.os == 'ubuntu-latest' }} | |
| env: | |
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
| run: | | |
| if [ "${SONAR_TOKEN}" != '' ]; then | |
| echo 'is_SONAR_TOKEN_set=true' >> $GITHUB_OUTPUT | |
| fi | |
| - name: Set up JDK 21 | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: 21 | |
| distribution: corretto | |
| - name: Cache Gradle packages | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/.gradle/caches | |
| key: ${{ matrix.os }}-gradle-${{ hashFiles('**/*.gradle', 'gradle.properties', 'gradle/libs.versions.toml', 'gradle/wrapper/gradle-wrapper.properties') }} | |
| restore-keys: ${{ matrix.os }}-gradle | |
| - name: Cache Sonar packages | |
| uses: actions/cache@v4 | |
| if: ${{ steps.check-secret.outputs.is_SONAR_TOKEN_set }} | |
| with: | |
| path: | | |
| ~/.sonar/cache | |
| key: ${{ matrix.os }}-sonar | |
| restore-keys: ${{ matrix.os }}-sonar | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: ${{ !steps.check-secret.outputs.is_SONAR_TOKEN_set && 1 || 0 }} # Shallow clones should be disabled for a better relevancy of SonarCloud analysis | |
| - name: Cache node distribution | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| **/.node | |
| key: ${{ matrix.os }}-node-${{ hashFiles('gradle.properties') }} | |
| restore-keys: ${{ matrix.os }}-node | |
| - name: Cache yarn packages | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| **/.yarn/cache | |
| key: ${{ matrix.os }}-yarn-${{ hashFiles('**/yarn.lock') }} | |
| restore-keys: ${{ matrix.os }}-yarn | |
| - name: Gradle build | |
| run: | | |
| ./gradlew build -Pci --info --stacktrace --max-workers 4 --no-daemon | |
| - name: Sonar analyze | |
| if: ${{ steps.check-secret.outputs.is_SONAR_TOKEN_set }} | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed by Sonar to get PR information, if any | |
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
| run: | | |
| ./gradlew sonar -Pci --info --stacktrace --max-workers 4 --no-daemon | |
| - name: Build signed Maven repository | |
| if: ${{ matrix.os == 'ubuntu-latest' && github.event_name == 'push' && github.repository_owner == 'graphs4value' }} | |
| env: | |
| PGP_KEY: ${{ secrets.PGP_KEY }} | |
| PGP_KEY_ID: ${{ secrets.PGP_KEY_ID }} | |
| PGP_PASSWORD: ${{ secrets.PGP_PASSWORD }} | |
| run: | | |
| ./gradlew mavenRepositoryTar -Pci -PforceSign --info --stacktrace --max-workers 4 --no-daemon | |
| - name: Build unsigned Maven repository | |
| if: ${{ matrix.os == 'ubuntu-latest' && (github.event_name != 'push' || github.repository_owner != 'graphs4value') }} | |
| run: | | |
| ./gradlew mavenRepositoryTar -Pci --info --stacktrace --max-workers 4 --no-daemon | |
| - name: Upload Maven repository artifact | |
| if: ${{ matrix.os == 'ubuntu-latest' }} | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: maven-repository-tar | |
| path: build/refinery-maven-repository.tar | |
| compression-level: 0 | |
| - name: Upload application artifacts | |
| if: ${{ matrix.os == 'ubuntu-latest' }} | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: distributions-tar | |
| path: subprojects/**/build/distributions/*.tar | |
| compression-level: 0 | |
| retention-days: 5 # No need to preserve for long, since they are uploaded to GHCR | |
| - name: Upload site artifact | |
| if: ${{ matrix.os == 'ubuntu-latest' }} | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: site-zip | |
| path: subprojects/docs/build/refinery-docs.zip | |
| compression-level: 0 | |
| reuse-check: | |
| name: REUSE Compliance Check | |
| permissions: | |
| contents: read | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: REUSE Compliance Check | |
| uses: fsfe/reuse-action@a46482ca367aef4454a87620aa37c2be4b2f8106 | |
| with: | |
| args: --include-meson-subprojects lint | |
| publish-site: | |
| name: Publish to GitHub Pages | |
| if: ${{ github.event_name == 'push' && github.ref_name == 'main' && github.repository == 'graphs4value/refinery' }} | |
| needs: build | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Download site artifact | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: site-zip | |
| path: site-zip | |
| - name: Download Maven repository artifact | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: maven-repository-tar | |
| path: maven-repository-tar | |
| - name: Import GPG key | |
| uses: crazy-max/ghaction-import-gpg@ea88154188003ca5aeb616063b2d0dd6a9cf86e2 | |
| with: | |
| gpg_private_key: ${{ secrets.PGP_KEY }} | |
| fingerprint: ${{ secrets.PGP_FINGERPRINT }} | |
| passphrase: ${{ secrets.PGP_PASSWORD }} | |
| git_config_global: true | |
| git_user_signingkey: true | |
| git_commit_gpgsign: true | |
| - name: Create empty git repository | |
| run: | | |
| mkdir graphs4value.github.io | |
| cd graphs4value.github.io | |
| git config --global init.defaultBranch main | |
| git config --global user.name "Graphs4Value bot" | |
| git config --global user.email "[email protected]" | |
| git init | |
| - name: Extract site artifact | |
| working-directory: ./graphs4value.github.io | |
| run: | | |
| unzip ../site-zip/refinery-docs.zip | |
| - name: Extract Maven repository artifact | |
| working-directory: ./graphs4value.github.io | |
| run: | | |
| mkdir -p maven/snapshots | |
| cd maven/snapshots | |
| tar -xvf ../../../maven-repository-tar/refinery-maven-repository.tar | |
| - name: Commit and push to graphs4value.github.io | |
| working-directory: ./graphs4value.github.io | |
| env: | |
| GH_PAGES_TOKEN: ${{ secrets.GH_PAGES_TOKEN }} | |
| GITHUB_REPOSITORY: ${{ github.repository }} | |
| GITHUB_SHA: ${{ github.sha }} | |
| run: | | |
| git remote add origin "https://x-access-token:${GH_PAGES_TOKEN}@github.com/graphs4value/graphs4value.github.io.git" | |
| git add . | |
| git commit -S -m "Update from https://github.com/${GITHUB_REPOSITORY}/commit/${GITHUB_SHA}" | |
| git push --force origin main | |
| docker-build: | |
| name: Build Docker images | |
| needs: build | |
| permissions: | |
| packages: write | |
| contents: read | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 | |
| with: | |
| platforms: arm64 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb | |
| with: | |
| platforms: linux/amd64,linux/arm64 | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Download application artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: distributions-tar | |
| path: subprojects | |
| - name: Extract application artifacts | |
| working-directory: ./docker | |
| run: | | |
| ./prepare_context.sh | |
| - name: Bake images | |
| working-directory: ./docker | |
| run: | | |
| ./bake.sh false --set '*.cache-from=gha' --set '*.cache-to=type=gha,mode=max' | |
| - name: Log in to GitHub Container registry | |
| if: ${{ github.event_name == 'push' && github.ref_name == 'main' && github.repository == 'graphs4value/refinery' }} | |
| uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Upload images to GitHub Container registry | |
| if: ${{ github.event_name == 'push' && github.ref_name == 'main' && github.repository == 'graphs4value/refinery' }} | |
| working-directory: ./docker | |
| run: | | |
| ./bake.sh true --set '*.cache-from=gha' --set '*.cache-to=type=gha,mode=max' | |
| - name: Delete application artifacts | |
| uses: geekyeggo/delete-artifact@24928e75e6e6590170563b8ddae9fac674508aa1 | |
| with: | |
| name: distributions-tar |