|
4 | 4 | push: |
5 | 5 | tags: |
6 | 6 | - "*" |
| 7 | + workflow_dispatch: |
7 | 8 |
|
8 | 9 | jobs: |
9 | 10 | deployment: |
| 11 | + permissions: |
| 12 | + packages: write |
10 | 13 | environment: deploy |
11 | 14 | runs-on: ubuntu-latest |
12 | 15 |
|
13 | 16 | steps: |
14 | | - - uses: actions/checkout@v2 |
15 | | - - name: Set up JDK 11 |
16 | | - uses: actions/setup-java@v1 |
17 | | - with: |
18 | | - java-version: 11 |
19 | | - server-id: openconext-releases |
20 | | - server-username: MAVEN_USERNAME |
21 | | - server-password: MAVEN_PASSWORD |
22 | | - - name: Set up cache |
23 | | - uses: actions/cache@v1 |
24 | | - with: |
25 | | - path: ~/.m2/repository |
26 | | - key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} |
27 | | - restore-keys: | |
28 | | - ${{ runner.os }}-maven- |
29 | | - - name: Deploy with Maven |
30 | | - run: mvn --batch-mode deploy -DskipTests |
31 | | - env: |
32 | | - MAVEN_USERNAME: ${{ secrets.BUILD_USERNAME }} |
33 | | - MAVEN_PASSWORD: ${{ secrets.BUILD_PASSWORD }} |
| 17 | + - uses: actions/checkout@v4 |
| 18 | + |
| 19 | + - uses: actions/setup-node@v4 |
| 20 | + with: |
| 21 | + node-version: "16" |
| 22 | + |
| 23 | + - uses: actions/setup-java@v4 |
| 24 | + with: |
| 25 | + java-version: 11 |
| 26 | + distribution: "temurin" |
| 27 | + server-id: openconext-releases |
| 28 | + server-username: MAVEN_USERNAME |
| 29 | + server-password: MAVEN_PASSWORD |
| 30 | + |
| 31 | + - uses: actions/cache@v4 |
| 32 | + with: |
| 33 | + path: ~/.m2/repository |
| 34 | + key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} |
| 35 | + restore-keys: | |
| 36 | + ${{ runner.os }}-maven- |
| 37 | +
|
| 38 | + - name: Determine the version |
| 39 | + run: echo "version=$(mvn -q -Dexec.executable=echo -Dexec.args='${project.version}' --non-recursive exec:exec)" >> $GITHUB_OUTPUT |
| 40 | + id: versioncheck |
| 41 | + |
| 42 | + - name: Exit when workflow_dispatch is triggered, and the version does not contain SNAPSHOT in it's name |
| 43 | + run: | |
| 44 | + echo "Only SNAPSHOT releases can be triggered with the workflow_dispatch" |
| 45 | + exit 1 |
| 46 | + if: github.event_name == 'workflow_dispatch' && ( !endsWith(steps.versioncheck.outputs.version, '-SNAPSHOT')) |
| 47 | + |
| 48 | + - name: Exit when a production build is triggered, and the github tag is not the same as the version in pom.xml |
| 49 | + run: | |
| 50 | + echo "Project version ${{ steps.versioncheck.outputs.version }} does not match git tag ${{ github.ref_name }}" |
| 51 | + exit 1 |
| 52 | + if: github.event_name != 'workflow_dispatch' && steps.versioncheck.outputs.version != github.ref_name |
| 53 | + |
| 54 | + - name: Set up JDK 11 for snapshots |
| 55 | + uses: actions/setup-java@v4 |
| 56 | + with: |
| 57 | + java-version: "11" |
| 58 | + distribution: "temurin" |
| 59 | + cache: "maven" |
| 60 | + server-id: openconext-snapshots |
| 61 | + server-username: MAVEN_USERNAME |
| 62 | + server-password: MAVEN_PASSWORD |
| 63 | + if: ( endsWith(steps.versioncheck.outputs.version, '-SNAPSHOT')) |
| 64 | + |
| 65 | + - name: Set up JDK 11 for releases |
| 66 | + uses: actions/setup-java@v4 |
| 67 | + with: |
| 68 | + java-version: "11" |
| 69 | + distribution: "temurin" |
| 70 | + cache: "maven" |
| 71 | + server-id: openconext-releases |
| 72 | + server-username: MAVEN_USERNAME |
| 73 | + server-password: MAVEN_PASSWORD |
| 74 | + if: ${{!( endsWith(steps.versioncheck.outputs.version, '-SNAPSHOT')) }} |
| 75 | + |
| 76 | + - name: Deploy with Maven |
| 77 | + run: mvn --batch-mode deploy -DskipTests |
| 78 | + env: |
| 79 | + MAVEN_USERNAME: ${{ secrets.BUILD_USERNAME }} |
| 80 | + MAVEN_PASSWORD: ${{ secrets.BUILD_PASSWORD }} |
| 81 | + |
| 82 | + - name: Set up Docker Buildx |
| 83 | + uses: docker/setup-buildx-action@v3 |
| 84 | + |
| 85 | + - name: Login to GitHub Container Registry |
| 86 | + uses: docker/login-action@v3 |
| 87 | + with: |
| 88 | + registry: ghcr.io |
| 89 | + username: ${{ github.repository_owner }} |
| 90 | + password: ${{ secrets.GITHUB_TOKEN }} |
| 91 | + |
| 92 | + - name: Extract metadata (tags, labels) for Docker IDP |
| 93 | + id: meta_idp |
| 94 | + uses: docker/metadata-action@v5 |
| 95 | + with: |
| 96 | + images: ghcr.io/openconext/mujina/mujina-idp |
| 97 | + flavor: | |
| 98 | + latest=false |
| 99 | + tags: | |
| 100 | + type=ref,event=tag |
| 101 | + type=semver,pattern={{version}},value=${{ steps.versioncheck.outputs.version }} |
| 102 | + type=sha |
| 103 | +
|
| 104 | + - name: Extract metadata (tags, labels) for Docker SP |
| 105 | + id: meta_sp |
| 106 | + uses: docker/metadata-action@v5 |
| 107 | + with: |
| 108 | + images: ghcr.io/openconext/mujina/mujina-sp |
| 109 | + flavor: | |
| 110 | + latest=false |
| 111 | + tags: | |
| 112 | + type=ref,event=tag |
| 113 | + type=semver,pattern={{version}},value=${{ steps.versioncheck.outputs.version }} |
| 114 | + type=sha |
| 115 | + type=raw,event=tag,value=latest |
| 116 | + type=raw,event=workflow_dispatch,value=snapshot |
| 117 | +
|
| 118 | + - name: Build and push the mujina idp image |
| 119 | + uses: docker/build-push-action@v5 |
| 120 | + with: |
| 121 | + context: mujina-idp |
| 122 | + file: mujina-idp/docker/Dockerfile |
| 123 | + platforms: linux/amd64 |
| 124 | + push: true |
| 125 | + tags: ${{ steps.meta_idp.outputs.tags }} |
| 126 | + labels: ${{ steps.meta_idp.outputs.labels }} |
| 127 | + |
| 128 | + - name: Build and push the mujina sp image |
| 129 | + uses: docker/build-push-action@v5 |
| 130 | + with: |
| 131 | + context: mujina-sp |
| 132 | + file: mujina-sp/docker/Dockerfile |
| 133 | + platforms: linux/amd64 |
| 134 | + push: true |
| 135 | + tags: ${{ steps.meta_sp.outputs.tags }} |
| 136 | + labels: ${{ steps.meta_sp.outputs.labels }} |
0 commit comments