# SPDX-FileCopyrightText: 2021-2024 The Refinery Authors # # SPDX-License-Identifier: EPL-2.0 name: Build on: push: branches: - '**' - '!gh-pages' pull_request: types: [opened, synchronize, reopened] jobs: build: name: Build permissions: contents: read strategy: matrix: os: - ubuntu-latest - ubuntu-20.04 - windows-latest - macos-13 # Intel - macos-14 # ARM runs-on: ${{ matrix.os }} steps: - name: Check for Sonar secret id: check-secret if: ${{ matrix.os == 'ubuntu-latest' }} env: SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} run: | if [ "${SONAR_TOKEN}" != '' ]; then echo 'is_SONAR_TOKEN_set=true' >> $GITHUB_OUTPUT fi - name: Set up JDK 21 uses: actions/setup-java@v4 with: java-version: 21 distribution: corretto - name: Cache Gradle packages uses: actions/cache@v4 with: path: | ~/.gradle/caches key: ${{ matrix.os }}-gradle-${{ hashFiles('**/*.gradle', 'gradle.properties', 'gradle/libs.versions.toml', 'gradle/wrapper/gradle-wrapper.properties') }} restore-keys: ${{ matrix.os }}-gradle - name: Cache Sonar packages uses: actions/cache@v4 if: ${{ steps.check-secret.outputs.is_SONAR_TOKEN_set }} with: path: | ~/.sonar/cache key: ${{ matrix.os }}-sonar restore-keys: ${{ matrix.os }}-sonar - name: Checkout code uses: actions/checkout@v4 with: fetch-depth: ${{ !steps.check-secret.outputs.is_SONAR_TOKEN_set && 1 || 0 }} # Shallow clones should be disabled for a better relevancy of SonarCloud analysis - name: Cache node distribution uses: actions/cache@v4 with: path: | **/.node key: ${{ matrix.os }}-node-${{ hashFiles('gradle.properties') }} restore-keys: ${{ matrix.os }}-node - name: Cache yarn packages uses: actions/cache@v4 with: path: | **/.yarn/cache key: ${{ matrix.os }}-yarn-${{ hashFiles('**/yarn.lock') }} restore-keys: ${{ matrix.os }}-yarn - name: Gradle build run: | ./gradlew build -Pci --info --stacktrace --max-workers 4 --no-daemon - name: Sonar analyze if: ${{ steps.check-secret.outputs.is_SONAR_TOKEN_set }} env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed by Sonar to get PR information, if any SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} run: | ./gradlew sonar -Pci --info --stacktrace --max-workers 4 --no-daemon - name: Build signed Maven repository if: ${{ matrix.os == 'ubuntu-latest' && github.event_name == 'push' && github.repository_owner == 'graphs4value' }} env: PGP_KEY: ${{ secrets.PGP_KEY }} PGP_KEY_ID: ${{ secrets.PGP_KEY_ID }} PGP_PASSWORD: ${{ secrets.PGP_PASSWORD }} run: | ./gradlew mavenRepositoryTar -Pci -PforceSign --info --stacktrace --max-workers 4 --no-daemon - name: Build unsigned Maven repository if: ${{ matrix.os == 'ubuntu-latest' && (github.event_name != 'push' || github.repository_owner != 'graphs4value') }} run: | ./gradlew mavenRepositoryTar -Pci --info --stacktrace --max-workers 4 --no-daemon - name: Upload Maven repository artifact if: ${{ matrix.os == 'ubuntu-latest' }} uses: actions/upload-artifact@v4 with: name: maven-repository-tar path: build/refinery-maven-repository.tar compression-level: 0 - name: Upload application artifacts if: ${{ matrix.os == 'ubuntu-latest' }} uses: actions/upload-artifact@v4 with: name: distributions-tar path: subprojects/**/build/distributions/*.tar compression-level: 0 retention-days: 5 # No need to preserve for long, since they are uploaded to GHCR - name: Upload site artifact if: ${{ matrix.os == 'ubuntu-latest' }} uses: actions/upload-artifact@v4 with: name: site-zip path: subprojects/docs/build/refinery-docs.zip compression-level: 0 reuse-check: name: REUSE Compliance Check permissions: contents: read runs-on: ubuntu-latest steps: - name: Checkout code uses: actions/checkout@v4 - name: REUSE Compliance Check uses: fsfe/reuse-action@a46482ca367aef4454a87620aa37c2be4b2f8106 with: args: --include-meson-subprojects lint publish-site: name: Publish to GitHub Pages if: ${{ github.event_name == 'push' && github.ref_name == 'main' && github.repository == 'graphs4value/refinery' }} needs: build runs-on: ubuntu-latest steps: - name: Download site artifact uses: actions/download-artifact@v4 with: name: site-zip path: site-zip - name: Download Maven repository artifact uses: actions/download-artifact@v4 with: name: maven-repository-tar path: maven-repository-tar - name: Import GPG key uses: crazy-max/ghaction-import-gpg@ea88154188003ca5aeb616063b2d0dd6a9cf86e2 with: gpg_private_key: ${{ secrets.PGP_KEY }} fingerprint: ${{ secrets.PGP_FINGERPRINT }} passphrase: ${{ secrets.PGP_PASSWORD }} git_config_global: true git_user_signingkey: true git_commit_gpgsign: true - name: Create empty git repository run: | mkdir graphs4value.github.io cd graphs4value.github.io git config --global init.defaultBranch main git config --global user.name "Graphs4Value bot" git config --global user.email "refinery@refinery.tools" git init - name: Extract site artifact working-directory: ./graphs4value.github.io run: | unzip ../site-zip/refinery-docs.zip - name: Extract Maven repository artifact working-directory: ./graphs4value.github.io run: | mkdir -p maven/snapshots cd maven/snapshots tar -xvf ../../../maven-repository-tar/refinery-maven-repository.tar - name: Commit and push to graphs4value.github.io working-directory: ./graphs4value.github.io env: GH_PAGES_TOKEN: ${{ secrets.GH_PAGES_TOKEN }} GITHUB_REPOSITORY: ${{ github.repository }} GITHUB_SHA: ${{ github.sha }} run: | git remote add origin "https://x-access-token:${GH_PAGES_TOKEN}@github.com/graphs4value/graphs4value.github.io.git" git add . git commit -S -m "Update from https://github.com/${GITHUB_REPOSITORY}/commit/${GITHUB_SHA}" git push --force origin main docker-build: name: Build Docker images needs: build permissions: packages: write contents: read runs-on: ubuntu-latest steps: - name: Set up QEMU uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 with: platforms: arm64 - name: Set up Docker Buildx uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb with: platforms: linux/amd64,linux/arm64 - name: Checkout code uses: actions/checkout@v4 - name: Download application artifacts uses: actions/download-artifact@v4 with: name: distributions-tar path: subprojects - name: Extract application artifacts working-directory: ./docker run: | ./prepare_context.sh - name: Bake images working-directory: ./docker run: | ./bake.sh false --set '*.cache-from=gha' --set '*.cache-to=type=gha,mode=max' - name: Log in to GitHub Container registry if: ${{ github.event_name == 'push' && github.ref_name == 'main' && github.repository == 'graphs4value/refinery' }} uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Upload images to GitHub Container registry if: ${{ github.event_name == 'push' && github.ref_name == 'main' && github.repository == 'graphs4value/refinery' }} working-directory: ./docker run: | ./bake.sh true --set '*.cache-from=gha' --set '*.cache-to=type=gha,mode=max' - name: Delete application artifacts uses: geekyeggo/delete-artifact@24928e75e6e6590170563b8ddae9fac674508aa1 with: name: distributions-tar