-
Notifications
You must be signed in to change notification settings - Fork 0
96 lines (88 loc) · 4.1 KB
/
maven.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
name: maven-cicd
on:
# for regular master build (after the merge)
push:
branches:
- main
# for PRs from forked repos and non forked repos
# in order to write status info to the PR we require write repository token (https://github.blog/2020-08-03-github-actions-improvements-for-fork-and-pull-request-workflows/)
pull_request_target:
branches:
- main
types: [opened, synchronize, reopened]
# restrict privileges except for setting commit status, adding PR comments and writing statuses
permissions:
actions: read
checks: write
contents: read
deployments: read
issues: read
packages: read
pull-requests: write
repository-projects: read
security-events: read
statuses: write
jobs:
build:
strategy:
matrix:
os: [ubuntu-latest, macos-latest, windows-latest]
jdk: [11, 17, 21]
include:
# lengthy build steps should only be performed on linux with Java 17 (Sonarcloud analysis, deployment)
- os: ubuntu-latest
jdk: 17
isMainBuildEnv: true
namePrefix: 'Main '
fail-fast: false
name: ${{ matrix.namePrefix }} Maven build (${{ matrix.os }}, JDK ${{ matrix.jdk }})
runs-on: ${{ matrix.os }}
steps:
- name: Checkout
uses: actions/checkout@v4
# always act on the modified source code (even for event pull_request_target)
# is considered potentially unsafe (https://securitylab.github.com/research/github-actions-preventing-pwn-requests/) but actions are only executed after approval from committers
with:
ref: ${{ github.event.pull_request.head.sha }}
# no additional git operations after checkout triggered in workflow, no need to store credentials
persist-credentials: false
- name: Set up JDK
uses: actions/setup-java@v3
with:
cache: 'maven'
distribution: 'temurin'
java-version: ${{ matrix.jdk }}
# generate settings.xml with the correct values
server-id: ossrh # Value of the distributionManagement/repository/id field of the pom.xml
server-username: MAVEN_USERNAME # env variable for username in deploy
server-password: MAVEN_PASSWORD # env variable for token in deploy
# sets environment variables to be used in subsequent steps: https://docs.github.com/en/actions/reference/workflow-commands-for-github-actions#setting-an-environment-variable
- name: Set environment variables
shell: bash
run: |
if [ "${{ matrix.isMainBuildEnv }}" = "true" ]; then
echo "MVN_ADDITIONAL_OPTS=-Dsonar.projectKey=Netcentric_aem-replication-metadata-validator -Dsonar.organization=netcentric -Dsonar.host.url=https://sonarcloud.io -Pjacoco-report" >> $GITHUB_ENV
if [ "${{github.ref}}" = "refs/heads/main" ] && [ "${{github.event_name}}" = "push" ]; then
echo "MAVEN_USERNAME=${{ secrets.OSSRH_TOKEN_USER }}" >> $GITHUB_ENV
echo "MAVEN_PASSWORD=${{ secrets.OSSRH_TOKEN_PASSWORD }}" >> $GITHUB_ENV
echo "MVN_GOAL=clean deploy org.sonarsource.scanner.maven:sonar-maven-plugin:sonar" >> $GITHUB_ENV
echo "STEP_NAME_SUFFIX=(Deploys to OSSRH)" >> $GITHUB_ENV
else
echo "MVN_GOAL=clean verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar" >> $GITHUB_ENV
fi
else
echo "MVN_ADDITIONAL_OPTS=" >> $GITHUB_ENV
echo "MVN_GOAL=clean verify" >> $GITHUB_ENV
fi
- name: ${{ matrix.namePrefix }} Build with Maven ${{ env.STEP_NAME_SUFFIX }}
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: mvn -e -B -V ${{ env.MVN_GOAL }} ${{ env.MVN_ADDITIONAL_OPTS }}
- name: Publish Test Report
if: ${{ always() }} # make sure to run even if previous Maven execution failed (due to failed test)
uses: EnricoMi/publish-unit-test-result-action/composite@v2
with:
files: |
target/invoker-reports/TEST-*.xml
check_name: Test report (${{ matrix.os }}, JDK ${{ matrix.jdk }})