From 656ccfba08cd94d1fd9c6bb852864d837c182af6 Mon Sep 17 00:00:00 2001 From: Mikko Kortelainen Date: Wed, 2 Oct 2024 17:22:55 +0300 Subject: [PATCH] update workflows to include update central workflow, add ci.yaml, remove coverity.yaml from project-archetype (#16) --- .github/workflows/ci.yaml | 51 ++++++++++++++++++++ .github/workflows/coverity.yml | 67 --------------------------- .github/workflows/upload_release.yaml | 37 +++++++++------ pom.xml | 12 +++++ 4 files changed, 85 insertions(+), 82 deletions(-) create mode 100644 .github/workflows/ci.yaml delete mode 100644 .github/workflows/coverity.yml diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml new file mode 100644 index 0000000..aae6f83 --- /dev/null +++ b/.github/workflows/ci.yaml @@ -0,0 +1,51 @@ +name: CI + +on: push + +jobs: + verify: + name: Verify Code + runs-on: ubuntu-latest + + env: + COVERITY: coverity_tool + + steps: + - uses: actions/checkout@v2 + + - name: Setup Maven Central + uses: actions/setup-java@v2 + with: + java-version: 8.0.292+10 + distribution: 'adopt' + + - name: Cache Local Maven Repository + uses: actions/cache@v2 + with: + path: ~/.m2/repository + key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} + + - name: Compile Test and Verify + run: mvn --batch-mode clean verify + + - name: Cache Coverity + id: cache_coverity + uses: actions/cache@v2 + with: + path: ${{ env.COVERITY }} + key: coverity + + - name: Download Coverity + if: steps.cache_coverity.outputs.cache-hit != 'true' + run: | + wget --quiet https://scan.coverity.com/download/linux64 --post-data "token=${{ secrets.COVERITY_TOKEN }}&project=${{ vars.COVERITY_PROJECT_URL_NAME }}" -O ${{ env.COVERITY }}.tgz + mkdir -p ${{ env.COVERITY }} + tar zxvf ${{ env.COVERITY }}.tgz -C ${{ env.COVERITY }} --strip-components 1 + + - name: Compile Coverity + run: | + ${{ env.COVERITY }}/bin/cov-build --dir cov-int mvn -DskipTests=true --batch-mode clean compile + tar czvf sources.tgz cov-int + + - name: Upload to Coverity + run: curl --silent --form token=${{ secrets.COVERITY_TOKEN }} --form email=${{ secrets.COVERITY_EMAIL }} --form file=@sources.tgz --form version="${GITHUB_REF##*/}" --form description="automated upload" https://scan.coverity.com/builds?project=${{ vars.COVERITY_PROJECT_URL_NAME }} diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml deleted file mode 100644 index 05c1355..0000000 --- a/.github/workflows/coverity.yml +++ /dev/null @@ -1,67 +0,0 @@ -name: Coverity Scan - -on: - pull_request_review: - types: [submitted] - secrets: - COVERITY_TOKEN: - required: true - COVERITY_EMAIL: - required: true - -jobs: - verify: - name: Verify Code - runs-on: ubuntu-latest - - env: - COVERITY: coverity_tool - - steps: - - uses: actions/checkout@v3 - with: - fetch-depth: 0 - - - name: Set up JDK 8 - uses: actions/setup-java@v3 - with: - java-version: '8' - distribution: 'temurin' - server-id: github - settings-path: ${{ github.workspace }} - - - name: Get version - run: echo "RELEASE_VERSION=$(git describe --tags)" >> $GITHUB_ENV - - - name: Test run - run: mvn -B -Drevision=${{ env.RELEASE_VERSION }} -Dsha1= -Dchangelist= verify -s ${{ github.workspace }}/settings.xml - env: - GITHUB_TOKEN: ${{ github.token }} - - - name: Cache Coverity - id: cache_coverity - uses: actions/cache@v2 - with: - path: ${{ env.COVERITY }} - key: coverity - - - name: Download Coverity - if: steps.cache_coverity.outputs.cache-hit != 'true' - run: | - wget --quiet https://scan.coverity.com/download/linux64 --post-data "token=${{ secrets.COVERITY_TOKEN }}&project=blf_01" -O ${{ env.COVERITY }}.tgz - mkdir -p ${{ env.COVERITY }} - tar zxvf ${{ env.COVERITY }}.tgz -C ${{ env.COVERITY }} --strip-components 1 - - - name: Compile Coverity - run: | - ${{ env.COVERITY }}/bin/cov-build --dir cov-int mvn -B -Drevision=${{ env.RELEASE_VERSION }} -Dsha1= -Dchangelist= clean compile -s ${{ github.workspace }}/settings.xml - tar czvf blf_01.tgz cov-int - - - name: Upload to Coverity - run: | - curl --silent --form token=${{ secrets.COVERITY_TOKEN }} \ - --form email=${{ secrets.COVERITY_EMAIL }} \ - --form file=@blf_01.tgz \ - --form version="${GITHUB_REF##*/}" \ - --form description="automated upload" \ - https://scan.coverity.com/builds?project=blf_01 diff --git a/.github/workflows/upload_release.yaml b/.github/workflows/upload_release.yaml index 44b8dc0..3eb4fcd 100644 --- a/.github/workflows/upload_release.yaml +++ b/.github/workflows/upload_release.yaml @@ -2,7 +2,7 @@ name: Upload Release on: release: - types: published + types: [published] jobs: upload: @@ -18,34 +18,41 @@ jobs: path: ~/.m2/repository key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} - - name: Setup Maven Central + - name: Setup Signing uses: actions/setup-java@v2 with: java-version: 8.0.292+10 distribution: 'adopt' - - server-id: ossrh - server-username: MAVEN_CENTRAL_USERNAME - server-password: MAVEN_CENTRAL_TOKEN - gpg-private-key: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }} gpg-passphrase: MAVEN_GPG_PASSPHRASE - - name: Publish to Maven Central - run: mvn --batch-mode -Drevision=${{ github.event.release.tag_name }} -Dsha1= -Dchangelist= clean deploy -Ppublish-maven-central - env: - MAVEN_CENTRAL_USERNAME: ${{ secrets.MAVEN_CENTRAL_USERNAME }} - MAVEN_CENTRAL_TOKEN: ${{ secrets.MAVEN_CENTRAL_TOKEN }} - - MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }} - - name: Setup GitHub Packages uses: actions/setup-java@v2 with: java-version: 8.0.292+10 distribution: 'adopt' + gpg-passphrase: MAVEN_GPG_PASSPHRASE - name: Publish to GitHub Packages run: mvn --batch-mode -Drevision=${{ github.event.release.tag_name }} -Dsha1= -Dchangelist= clean deploy -Ppublish-github-packages env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }} + + - name: Setup Maven Central + uses: actions/setup-java@v2 + with: + java-version: 8.0.292+10 + distribution: 'adopt' + + server-id: central-sonatype-org + server-username: CENTRAL_SONATYPE_ORG_USERNAME + server-password: CENTRAL_SONATYPE_ORG_PASSWORD + gpg-passphrase: MAVEN_GPG_PASSPHRASE + + - name: Publish to Maven Central + run: mvn --batch-mode -Drevision=${{ github.event.release.tag_name }} -Dsha1= -Dchangelist= clean deploy -Ppublish-maven-central + env: + CENTRAL_SONATYPE_ORG_USERNAME: ${{ secrets.CENTRAL_SONATYPE_ORG_USERNAME }} + CENTRAL_SONATYPE_ORG_PASSWORD: ${{ secrets.CENTRAL_SONATYPE_ORG_PASSWORD }} + MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }} \ No newline at end of file diff --git a/pom.xml b/pom.xml index 045a82e..bad12d7 100644 --- a/pom.xml +++ b/pom.xml @@ -224,6 +224,18 @@ publish-maven-central + + org.sonatype.central + central-publishing-maven-plugin + 0.5.0 + true + + central-sonatype-org + true + true + published + + org.apache.maven.plugins maven-gpg-plugin