✨ handle application approved/declined #278
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build | |
on: | |
workflow_dispatch: | |
push: | |
branches: | |
- "main" | |
paths-ignore: | |
- '.gitignore' | |
- 'CODEOWNERS' | |
- 'LICENSE' | |
- '*.md' | |
pull_request: | |
paths-ignore: | |
- '.gitignore' | |
- 'CODEOWNERS' | |
- 'LICENSE' | |
- '*.md' | |
env: | |
JAVA_VERSION: 21 | |
JAVA_DISTRO: temurin | |
GH_BOT_EMAIL: "41898282+github-actions[bot]@users.noreply.github.com" | |
GH_BOT_NAME: "GitHub Action" | |
GRAALVM_DIST: graalvm-community | |
REGISTRY: ghcr.io | |
IMAGE_NAME: ${{ github.repository }} | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
permissions: | |
contents: write | |
packages: write | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Set up JDK 21 | |
uses: actions/setup-java@v4 | |
with: | |
java-version: 21 | |
distribution: 'temurin' | |
cache: maven | |
- name: Generate cache key | |
id: image-cache-key | |
run: | | |
echo "cache_key=build-image-cache-$(/bin/date -u "+%Y-%U")" >> $GITHUB_OUTPUT | |
- name: Restore cached build image | |
id: cache-restore | |
uses: actions/cache/restore@v4 | |
with: | |
path: build-image/mandrel.tar | |
key: ${{ steps.image-cache-key.outputs.cache_key }} | |
- name: Download build image | |
if: steps.cache-restore.outputs.cache-hit != 'true' | |
run: | | |
mkdir -p build-image | |
docker pull quay.io/quarkus/ubi-quarkus-mandrel-builder-image:jdk-21 | |
docker save quay.io/quarkus/ubi-quarkus-mandrel-builder-image:jdk-21 -o build-image/mandrel.tar | |
- uses: actions/cache/save@v4 | |
id: cache-save | |
if: always() | |
with: | |
path: build-image/mandrel.tar | |
key: ${{ steps.image-cache-key.outputs.cache_key }} | |
- name: Load build image | |
id: load-build-image | |
run: | | |
docker load -i build-image/mandrel.tar | |
- name: Project metadata | |
id: metadata | |
run: | | |
SNAPSHOT=$(yq '.release.snapshot-version' .github/project.yml) | |
echo "snapshot=${SNAPSHOT}" >> $GITHUB_OUTPUT | |
- name: Build with Maven | |
run: | | |
./mvnw -B -ntp formatter:validate verify | |
- name: Build and run in native mode | |
id: mvn-native-build | |
env: | |
MAVEN_OPTS: "-Xmx1g" | |
run: | | |
./mvnw -B -ntp verify -DskipTests -DskipFormat \ | |
-Dnative \ | |
-Dquarkus.native.container-build=true \ | |
-Dquarkus.container-image.build=true | |
- name: Update release with snapshot artifact | |
if: ${{ github.event_name == 'push' && github.repository == 'commonhaus/automation' }} | |
id: mvn-release-snapshot | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
SNAPSHOT: ${{ steps.metadata.outputs.snapshot }} | |
run: | | |
git config user.name ${{ env.GH_BOT_NAME }} | |
git config user.email ${{ env.GH_BOT_EMAIL }} | |
CB=commonhaus-bot-${SNAPSHOT}-runner | |
ls -al ./commonhaus-bot/target | |
gh release upload "${SNAPSHOT}" --clobber ./commonhaus-bot/target/${CB}.jar#${CB}.jar | |
gh release upload "${SNAPSHOT}" --clobber ./commonhaus-bot/target/${CB}#${CB} | |
CB=cf-admin-bot-${SNAPSHOT}-runner | |
ls -al ./cf-admin-bot/target | |
gh release upload "${SNAPSHOT}" --clobber ./cf-admin-bot/target/${CB}.jar#${CB}.jar | |
gh release upload "${SNAPSHOT}" --clobber ./cf-admin-bot/target/${CB}#${CB} | |
echo "Update tag for $SNAPSHOT" | |
git push origin :refs/tags/$SNAPSHOT | |
git tag -f $SNAPSHOT | |
git push --tags | |
echo "Update $SNAPSHOT release" | |
gh release edit "${SNAPSHOT}" -t "${SNAPSHOT}" --prerelease | |
- name: Log in to the Container registry | |
if: ${{ github.event_name == 'push' && github.repository == 'commonhaus/automation' }} | |
uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 | |
with: | |
registry: ${{ env.REGISTRY }} | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Publish OCI (native) | |
if: ${{ github.event_name == 'push' && github.repository == 'commonhaus/automation' }} | |
id: publish-oci | |
env: | |
SNAPSHOT: ${{ steps.metadata.outputs.snapshot }} | |
run: | | |
image="commonhaus/commonhaus-bot:${SNAPSHOT}" | |
docker tag "${image}" "ghcr.io/${image}" | |
docker push "ghcr.io/${image}" | |
image="commonhaus/cf-admin-bot:${SNAPSHOT}" | |
docker tag "${image}" "ghcr.io/${image}" | |
docker push "ghcr.io/${image}" | |
- name: Mark snapshot release as non-draft | |
if: ${{ github.event_name == 'push' && github.repository == 'commonhaus/automation' }} | |
id: update-snapshot-release | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
SNAPSHOT: ${{ steps.metadata.outputs.snapshot }} | |
run: | | |
gh release edit "${SNAPSHOT}" --draft=false | |
gh release view "${SNAPSHOT}" | |
- name: Delete snapshots artifacts from cache | |
run: find ~/.m2 -name \*-SNAPSHOT -type d -exec rm -rf {} + | |
deploy: | |
if: ${{ github.event_name == 'push' && github.repository == 'commonhaus/automation' }} | |
needs: build | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
concurrency: | |
group: "deploy" | |
steps: | |
- name: Set up SSH | |
run: | | |
mkdir -p ~/.ssh/ | |
echo "$SSH_KNOWN_HOSTS" > ~/.ssh/known_hosts | |
echo "$SSH_PRIVATE_KEY" > ~/.ssh/id_rsa | |
sudo chmod 600 ~/.ssh/id_rsa | |
shell: bash | |
env: | |
SSH_PRIVATE_KEY: ${{secrets.SSH_PRIVATE_KEY}} | |
SSH_KNOWN_HOSTS: ${{secrets.SSH_KNOWN_HOSTS}} | |
- name: Update CF Bot | |
run: | | |
ssh $SSH_PORT $SSH_USER_HOST "$SSH_BOT_UPDATE" | |
shell: bash | |
env: | |
SSH_USER_HOST: ${{secrets.SSH_USER_HOST}} | |
SSH_PORT: ${{secrets.SSH_PORT}} | |
SSH_BOT_UPDATE: ${{secrets.SSH_BOT_UPDATE}} | |
- name: Cleanup | |
run: | | |
rm ~/.ssh/id_rsa | |
rm ~/.ssh/known_hosts | |
shell: bash |