Check if jars are reproducible between JDK 17.0.7 and 17.0.9

Yubico · Nov 9, 2023 · 8d5dcde · 8d5dcde
1 parent ec528be
commit 8d5dcde
Showing 1 changed file with 15 additions and 76 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -3,14 +3,8 @@ name: build
 
 on:
   push:
-    branches-ignore:
-      - 'tmp**'
-  pull_request:
-    branches-ignore:
-      - 'tmp**'
-  schedule:
-    # Run once a week to check compatibility with new versions of dependencies
-    - cron: '0 0 * * 1'
+    branches:
+      - 'tmp'
 
 jobs:
   test:
@@ -19,12 +13,12 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        java: [8, 11, 17, 18]
+        java: [8, 11, "17.0.7", 18]
         distribution: [temurin]
         include:
-          - java: 17
+          - java: "17.0.7"
             distribution: zulu
-          - java: 17
+          - java: "17.0.7"
             distribution: microsoft
 
     outputs:
@@ -35,76 +29,21 @@ jobs:
     - name: Check out code
       uses: actions/checkout@v4
 
-    - name: Set up JDK 17
-      uses: actions/setup-java@v3
-      with:
-        java-version: 17
-        distribution: ${{ matrix.distribution }}
-
-    - name: Compile libraries and tests
-      run: ./gradlew clean testClasses
-
     - name: Set up JDK ${{ matrix.java }}
       uses: actions/setup-java@v3
       with:
         java-version: ${{ matrix.java }}
         distribution: ${{ matrix.distribution }}
 
-    - name: Run tests against JDK17-compiled code
-      run: ./gradlew test --exclude-task compileJava
-
-    - name: Archive HTML test report on failure
-      if: ${{ failure() }}
-      uses: actions/upload-artifact@v3
-      with:
-        name: test-reports-java17-java${{ matrix.java }}-${{ matrix.distribution }}-html
-        path: "*/build/reports/**"
-
-    - name: Build and test with JDK ${{ matrix.java }}
-      run: ./gradlew clean test
-
-    - name: Build archives
-      run: ./gradlew assemble
-
-    - name: Archive HTML test report
-      if: ${{ always() }}
-      uses: actions/upload-artifact@v3
-      with:
-        name: test-reports-java${{ matrix.java }}-${{ matrix.distribution }}-html
-        path: "*/build/reports/**"
-
-    - name: Archive JUnit test report
-      if: ${{ always() }}
-      uses: actions/upload-artifact@v3
-      with:
-        name: test-reports-java${{ matrix.java }}-${{ matrix.distribution }}-xml
-        path: "*/build/test-results/**/*.xml"
-
-    - name: Check binary reproducibility
-      if: ${{ matrix.java != 8 }}  # JDK 8 does not produce reproducible binaries
+    - name: Build jars
       run: |
-        ./gradlew clean primaryPublishJar
-        find . -name '*.jar' | xargs sha256sum | tee checksums.sha256sum
-        ./gradlew clean primaryPublishJar && sha256sum -c checksums.sha256sum
-        ./gradlew clean primaryPublishJar && sha256sum -c checksums.sha256sum
-
-  publish-test-results:
-    name: Publish test results
-    needs: test
-    runs-on: ubuntu-latest
-    if: ${{ always() && github.event_name == 'pull_request' }}
-
-    permissions:
-      checks: write
-      pull-requests: write
+        java --version
+        ./gradlew jar
 
-    steps:
-    - name: Download artifacts
-      uses: actions/download-artifact@v3
-      with:
-        name: test-reports-java${{ needs.test.outputs.report-java }}-${{ needs.test.outputs.report-dist }}-xml
-
-    - name: Publish test results
-      uses: EnricoMi/publish-unit-test-result-action@v2
-      with:
-        files: "**/*.xml"
+    - name: Print checksums
+      run: |
+        for sumprog in md5sum sha1sum sha256sum; do
+          echo $sumprog
+          $sumprog webauthn-server-attestation/build/libs/webauthn-server-attestation-${{ github.ref_name }}.jar
+          $sumprog webauthn-server-core/build/libs/webauthn-server-core-${{ github.ref_name }}.jar
+        done