generated from NASA-PDS/template-repo-java
-
Notifications
You must be signed in to change notification settings - Fork 5
109 lines (98 loc) · 3.94 KB
/
unstable-cicd.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
# 🏃♀️ Continuous Integration and Delivery: Unstable
# =================================================
#
# Note: for this workflow to succeed, the following secrets must be installed
# in the repository or inherited from the organization:
#
# ``ADMIN_GITHUB_TOKEN``
# A personal access token of a user with collaborator or better access to
# the project repository. You can generate this by visiting GitHub →
# Settings → Developer settings → Personal access tokens → Generate new
# token. Give the token scopes on ``repo``, ``write:packages``,
# ``delete:packages``, ``workflow``, and ``read:gpg_key``.
# ``CODE_SIGNING_KEY``
# A *private* key with which we can sign artifacts.
# ``OSSRH_USERNAME``
# Username for the Central Repository.
# ``OSSRH_USERNAME``
# Password for the Central Repository.
---
name: 🤪 Unstable integration & delivery
# Driving Event
# -------------
#
# What event starts this workflow: a push to ``main`` (or ``master`` in old
# parlance).
on:
push:
branches:
- main
concurrency: roundup
# What to Do
# ----------
#
# Round up, yee-haw!
jobs:
unstable-assembly:
name: 🧩 Unstable Assembly
runs-on: ubuntu-latest
if: github.actor != 'pdsen-ci'
steps:
-
name: 💳 Checkout
uses: actions/checkout@v3
with:
lfs: true
fetch-depth: 0
token: ${{secrets.ADMIN_GITHUB_TOKEN}}
-
name: 💵 Maven Cache
uses: actions/cache@v3
with:
path: ~/.m2/repository
# The "key" used to indicate a set of cached files is the operating system runner
# plus "mvn" for Maven-specific builds, plus a hash of the `pom.xml` files, which
# should uniquely identify the dependent jars; plus "pds" because we pds-prefix
# everything with "pds" in PDS—even when the context is obvious! 😅
key: pds-${{runner.os}}-mvn-${{hashFiles('**/pom.xml')}}
# To restore a set of files, we only need to match a prefix of the saved key.
restore-keys: pds-${{runner.os}}-mvn-
-
name: 🤠 Roundup
uses: NASA-PDS/roundup-action@stable
with:
assembly: unstable
packages: openjdk17-jdk
env:
ossrh_username: ${{secrets.OSSRH_USERNAME}}
ossrh_password: ${{secrets.OSSRH_PASSWORD}}
CODE_SIGNING_KEY: ${{secrets.CODE_SIGNING_KEY}}
ADMIN_GITHUB_TOKEN: ${{secrets.ADMIN_GITHUB_TOKEN}}
-
name: 🫙 Jar File Determination
id: jarrer
run: echo "::set-output name=jar_file::$(ls ./service/target/*.jar)"
-
name: 💳 Docker Hub Identification
uses: docker/login-action@v2
with:
username: ${{secrets.DOCKERHUB_USERNAME}}
password: ${{secrets.DOCKERHUB_TOKEN}}
-
name: 🎰 QEMU Multiple Machine Emulation
uses: docker/setup-qemu-action@v2
-
name: 🚢 Docker Buildx
uses: docker/setup-buildx-action@v2
-
name: 🧱 Image Construction and Publication
uses: docker/build-push-action@v3
with:
context: ./
file: ./service/docker/Dockerfile
build-args: api_jar=${{steps.jarrer.outputs.jar_file}}
platforms: linux/amd64,linux/arm64
push: true
tags: ${{secrets.DOCKERHUB_USERNAME}}/registry-api-service:latest
...
# -*- mode: yaml; indent: 4; fill-column: 120; coding: utf-8 -*-