.github/workflows/ci-build.yml

# This file was generated by Project Keeper.
name: CI Build
on:
  push:
    branches: [
      main
    ]
    
  pull_request: null
  workflow_dispatch: null
jobs:
  build:
    runs-on: ubuntu-latest
    defaults:
      run: {
        shell: bash
      }
    permissions: {
      contents: read,
      issues: read
    }
    concurrency: {
      group: '${{ github.workflow }}-${{ github.ref }}',
      cancel-in-progress: true
    }
    outputs: {
      release-required: '${{ steps.check-release.outputs.release-required }}'
    }
    steps:
      - name: Free Disk Space
        id: free-disk-space
        if: ${{ false }}
        run: |
          sudo rm -rf /usr/local/lib/android
          sudo rm -rf /usr/share/dotnet
      - name: Checkout the repository
        id: checkout
        uses: actions/checkout@v4
        with: {
          fetch-depth: 0
        }
      - name: Set up JDKs
        id: setup-java
        uses: actions/setup-java@v4
        with:
          distribution: temurin
          java-version: |
            11
            17
          cache: maven
      - id: setup-node
        uses: actions/setup-node@v4
        with: {
          node-version: '22',
          cache: npm,
          cache-dependency-path: javascript-test/package-lock.json
        }
      - name: Run JavaScript tests
        id: run-javascript-tests
        run: |
          cd javascript-test
          npm ci
          npm run test
      - {
        name: Build connectors,
        id: build-connectors,
        run: ./tools/package_connector.sh
      }
      - name: Retrieve code signing certificate
        id: retrieve-code-signing-certificate
        run: echo $CODE_SIGNING_CERTIFICATE_BASE64 | base64 --decode > target/cert.p12
        env: {
          CODE_SIGNING_CERTIFICATE_BASE64: '${{ secrets.CODE_SIGNING_CERTIFICATE_BASE64 }}'
        }
      - name: Retrieve code signing certificate chain
        id: retrieve-code-signing-certificate-chain
        run: echo $CODE_SIGNING_CERTIFICATE_CHAIN_BASE64 | base64 --decode > target/cert_chain.p7b
        env: {
          CODE_SIGNING_CERTIFICATE_CHAIN_BASE64: '${{ secrets.CODE_SIGNING_CERTIFICATE_CHAIN_BASE64 }}'
        }
      - name: Sign connectors
        id: sign-connectors
        run: ./tools/sign_connector.sh target/cert.p12 target/cert_chain.p7b
        env: {
          CODE_SIGNING_CERTIFICATE_PASSWORD: '${{ secrets.CODE_SIGNING_CERTIFICATE_PASSWORD }}'
        }
      - name: Cache SonarCloud packages
        id: cache-sonar
        uses: actions/cache@v4
        with: {
          path: ~/.sonar/cache,
          key: '${{ runner.os }}-sonar',
          restore-keys: '${{ runner.os }}-sonar'
        }
      - {
        name: Enable testcontainer reuse,
        id: enable-testcontainer-reuse,
        run: echo 'testcontainers.reuse.enable=true' > "$HOME/.testcontainers.properties"
      }
      - {
        name: Project Keeper Verify,
        id: build-pk-verify,
        run: 'mvn --batch-mode -DtrimStackTrace=false --projects . test com.exasol:project-keeper-maven-plugin:verify'
      }
      - {
        name: Generate dummy error code report,
        id: generate-dummy-error-code-report,
        run: 'echo ''{"$schema":"https://schemas.exasol.com/error_code_report-1.0.0.json","errorCodes":[]}'' > target/error_code_report.json'
      }
      - name: Sonar analysis
        id: sonar-analysis
        if: ${{ env.SONAR_TOKEN != null }}
        run: |
          mvn --batch-mode org.sonarsource.scanner.maven:sonar-maven-plugin:sonar \
              -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn \
              -DtrimStackTrace=false \
              -Dsonar.token=$SONAR_TOKEN
        env: {
          GITHUB_TOKEN: '${{ secrets.GITHUB_TOKEN }}',
          SONAR_TOKEN: '${{ secrets.SONAR_TOKEN }}'
        }
      - name: Verify Release Artifacts
        id: verify-release-artifacts
        run: "print_message() {\n    local -r message=$1\n    echo \"$message\"\n    echo \"$message\" >> \"$GITHUB_STEP_SUMMARY\"\n}\n\nprint_message \"### Release Artifacts\"\n\nIFS=$'\\n' artifacts_array=($ARTIFACTS)\nmissing_files=()\nfor file in \"${artifacts_array[@]}\";\ndo  \n    echo \"Checking if file $file exists...\"\n    if ! [[ -f \"$file\" ]]; then\n        print_message \"* ⚠️ \\`$file\\` does not exist ⚠️\"\n        echo \"Content of directory $(dirname \"$file\"):\"\n        ls \"$(dirname \"$file\")\"\n        missing_files+=(\"$file\")\n    else\n        print_message \"* \\`$file\\` ✅\" \n    fi\ndone\nprint_message \"\"\nnumber_of_missing_files=${#missing_files[@]}\nif [[ $number_of_missing_files -gt 0 ]]; then\n    print_message \"⚠️ $number_of_missing_files release artifact(s) missing ⚠️\"\n    exit 1\nfi\n"
        env: {
          ARTIFACTS: '${{ steps.build-pk-verify.outputs.release-artifacts }}'
        }
      - name: Upload artifacts
        id: upload-artifacts
        uses: actions/upload-artifact@v4
        with: {
          name: artifacts,
          path: '${{ steps.build-pk-verify.outputs.release-artifacts }}',
          retention-days: 5
        }
      - name: Check if release is needed
        id: check-release
        if: ${{ github.ref == 'refs/heads/main' }}
        run: |
          if mvn --batch-mode com.exasol:project-keeper-maven-plugin:verify-release --projects .; then
              echo "### ✅ Release preconditions met, start release" >> "$GITHUB_STEP_SUMMARY"
              echo "release-required=true" >> "$GITHUB_OUTPUT"
          else
              echo "### 🛑 Release precondition not met, skipping release" >> "$GITHUB_STEP_SUMMARY"
              echo "See log output for details." >> "$GITHUB_STEP_SUMMARY"
              echo "release-required=false" >> "$GITHUB_OUTPUT"
          fi
        env: {
          GITHUB_TOKEN: '${{ secrets.GITHUB_TOKEN }}'
        }
  start_release:
    needs: build
    if: ${{ github.ref == 'refs/heads/main' && needs.build.outputs.release-required == 'true' }}
    concurrency: {
      cancel-in-progress: false,
      group: release
    }
    secrets: inherit
    permissions: {
      contents: write,
      actions: read,
      issues: read
    }
    uses: ./.github/workflows/release.yml
    with: {
      started-from-ci: true
    }