feat: Workload Identity support. #17
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Post-merge workflow | |
on: | |
pull_request: | |
types: | |
- closed | |
branches: | |
- main | |
jobs: | |
post_merge: | |
if: github.event.pull_request.merged == true | |
runs-on: ubuntu-latest | |
steps: | |
# | |
# Checkout the source code. | |
# | |
- name: Checkout the source code | |
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab | |
with: | |
token: ${{ secrets.GIT_PAT }} | |
fetch-depth: 0 | |
# | |
# Calculate of the new version (dry-run). | |
# | |
- name: Calculate of the new version (dry-run) | |
uses: cycjimmy/semantic-release-action@8e58d20d0f6c8773181f43eb74d6a05e3099571d | |
id: semantic | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
semantic_version: 19 | |
branch: main | |
extra_plugins: | | |
@semantic-release/release-notes-generator@10.0.3 | |
@semantic-release/git@10.0.1 | |
dry_run: true | |
# | |
# Cache JDK. | |
# | |
- name: Cache JDK | |
uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 | |
id: cache-jdk | |
with: | |
key: OpenJDK21U-jdk_x64_linux_hotspot_21.0.2_13.tar.gz | |
path: | | |
${{ runner.temp }}/jdk_setup.tar.gz | |
${{ runner.temp }}/jdk_setup.sha256 | |
# | |
# Download JDK and verify its hash. | |
# | |
- name: Download JDK and verify its hash | |
if: steps.cache-jdk.outputs.cache-hit != 'true' | |
run: | | |
echo "454bebb2c9fe48d981341461ffb6bf1017c7b7c6e15c6b0c29b959194ba3aaa5 ${{ runner.temp }}/jdk_setup.tar.gz" >> ${{ runner.temp }}/jdk_setup.sha256 | |
curl -L "https://github.com/adoptium/temurin21-binaries/releases/download/jdk-21.0.2%2B13/OpenJDK21U-jdk_x64_linux_hotspot_21.0.2_13.tar.gz" -o "${{ runner.temp }}/jdk_setup.tar.gz" | |
sha256sum --check --status "${{ runner.temp }}/jdk_setup.sha256" | |
# | |
# Setup JDK. | |
# | |
- name: Setup JDK | |
uses: actions/setup-java@5ffc13f4174014e2d4d4572b3d74c3fa61aeb2c2 | |
with: | |
distribution: "jdkfile" | |
jdkFile: "${{ runner.temp }}/jdk_setup.tar.gz" | |
java-version: "21" | |
cache: maven | |
# | |
# Cache Maven. | |
# | |
- name: Cache Maven | |
uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 | |
id: cache-maven | |
with: | |
key: apache-maven-3.9.6-bin.tar.gz | |
path: | | |
${{ runner.temp }}/maven_setup.tar.gz | |
${{ runner.temp }}/maven_setup.sha256 | |
# | |
# Download Maven and verify its hash. | |
# | |
- name: Download Maven and verify its hash | |
if: steps.cache-maven.outputs.cache-hit != 'true' | |
run: | | |
echo "6eedd2cae3626d6ad3a5c9ee324bd265853d64297f07f033430755bd0e0c3a4b ${{ runner.temp }}/maven_setup.tar.gz" >> ${{ runner.temp }}/maven_setup.sha256 | |
curl -L "https://archive.apache.org/dist/maven/maven-3/3.9.6/binaries/apache-maven-3.9.6-bin.tar.gz" -o "${{ runner.temp }}/maven_setup.tar.gz" | |
sha256sum --check --status "${{ runner.temp }}/maven_setup.sha256" | |
# | |
# Setup Maven. | |
# | |
- name: Setup Maven | |
run: | | |
mkdir ${{ runner.temp }}/maven | |
tar -xvf ${{ runner.temp }}/maven_setup.tar.gz -C ${{ runner.temp }}/maven --strip-components=1 | |
echo "<settings><servers><server><id>github</id><username>${{ secrets.GIT_USER }}</username><password>${{ secrets.GIT_PAT }}</password></server></servers></settings>" >> ${{ runner.temp }}/settings.xml | |
# | |
# Update of pom.xml with the new version + Git add + commit + push of the updated pom.xml. | |
# | |
- name: Update of pom.xml with the new version + Git add + commit + push of the updated pom.xml | |
if: steps.semantic.outputs.new_release_published == 'true' | |
run: | | |
${{ runner.temp }}/maven/bin/mvn versions:set -DnewVersion=${{ steps.semantic.outputs.new_release_version }} -s ${{ runner.temp }}/settings.xml --no-transfer-progress | |
git config user.name "GitHub Workflow" | |
git config user.email "<>" | |
git add pom.xml | |
git commit -m "pom.xml updated with new version ${{ steps.semantic.outputs.new_release_version }}" | |
git push origin main | |
# | |
# Calculation of the new version (again) with tagging + releasing + etc. | |
# | |
- name: Calculation of the new version (again) with tagging + releasing + etc | |
if: steps.semantic.outputs.new_release_published == 'true' | |
uses: cycjimmy/semantic-release-action@8e58d20d0f6c8773181f43eb74d6a05e3099571d | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
semantic_version: 19 | |
branch: main | |
extra_plugins: | | |
@semantic-release/release-notes-generator@10.0.3 | |
@semantic-release/git@10.0.1 | |
dry_run: false | |
# | |
# Build and deploy. | |
# | |
- name: Build and deploy | |
if: steps.semantic.outputs.new_release_published == 'true' | |
env: | |
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
run: ${{ runner.temp }}/maven/bin/mvn --batch-mode deploy -Pvalidate -s ${{ runner.temp }}/settings.xml --no-transfer-progress | |
# | |
# Build and deploy site. | |
# | |
- name: Build and deploy site | |
run: ${{ runner.temp }}/maven/bin/mvn --batch-mode site -s ${{ runner.temp }}/settings.xml --no-transfer-progress |