Skip to content

Display vulnerabilities for returned dependencies #259

Display vulnerabilities for returned dependencies

Display vulnerabilities for returned dependencies #259

Workflow file for this run

# Inspired by & copied from JReleaser sample:
# https://github.com/jreleaser/jreleaser/blob/main/.github/workflows/trigger-early-access.yml
name: Publish Early Access builds
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
jobs:
# Build native executable per runner
build:
if: contains(github.event.head_commit.message, 'Releasing version') != true && contains(github.event.head_commit.message, 'Prepare next version') != true
name: build-${{ matrix.os }}
strategy:
fail-fast: true
matrix:
os: [ ubuntu-latest, macOS-latest, macOS-arm64-latest, windows-latest ]
gu-binary: [ gu, gu.cmd ]
exclude:
- os: ubuntu-latest
gu-binary: gu.cmd
- os: macos-latest
gu-binary: gu.cmd
- os: macos-arm64-latest
gu-binary: gu.cmd
- os: windows-latest
gu-binary: gu
runs-on: ${{ matrix.os }}
steps:
- name: Download all build artifacts
uses: actions/download-artifact@v3
- name: Check out repository
uses: actions/checkout@v3
with:
ref: ${{ steps.head.outputs.content }}
# This action supports Windows; it does nothing on Linux and macOS.
- name: Add Developer Command Prompt for Microsoft Visual C++
uses: ilammy/[email protected]
- name: Setup GraalVM
uses: graalvm/setup-graalvm@v1
with:
distribution: 'graalvm'
java-version: 17
components: 'native-image'
github-token: ${{ secrets.GITHUB_TOKEN }}
- name: Get musl toolchain and compile libz against it
id: prepare-musl
run: |
TMP_DIR=$(mktemp -d)
pushd $TMP_DIR
curl -LOJ http://more.musl.cc/10/x86_64-linux-musl/x86_64-linux-musl-native.tgz
tar -xvf x86_64-linux-musl-native.tgz
curl -LOJ https://zlib.net/zlib-1.2.13.tar.gz
tar -xzf zlib-1.2.13.tar.gz
cd zlib-1.2.13
TOOLCHAIN_DIR=$TMP_DIR/x86_64-linux-musl-native
CC=$TOOLCHAIN_DIR/bin/gcc
./configure --prefix=$TOOLCHAIN_DIR --static
make
make install
echo "TOOLCHAIN_DIR=$TOOLCHAIN_DIR" >> $GITHUB_OUTPUT
if: matrix.os == 'ubuntu-latest'
- name: Cache Maven packages
uses: actions/cache@v3
with:
path: ~/.m2
key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
restore-keys: ${{ runner.os }}-m2
- name: Build static native image for Linux
run: |
PATH=${TOOLCHAIN_DIR}/bin:$PATH; mvn -B -Pnative package
env:
TOOLCHAIN_DIR: ${{ steps.prepare-musl.outputs.TOOLCHAIN_DIR }}
if: matrix.os == 'ubuntu-latest'
- name: Build static native image for Windows / macOS
run: |
mvn -B -Pnative package
if: matrix.os != 'ubuntu-latest'
- name: Create distribution
run: mvn -B -Pdist package -DskipTests
- name: Upload build artifacts
uses: actions/upload-artifact@v3
with:
name: artifacts
path: |
target/distributions/*.zip
target/distributions/*.tar.gz
# Collect all executables and release
release:
needs: [ build ]
runs-on: ubuntu-latest
permissions: write-all
if: github.event_name != 'pull_request'
steps:
- name: Check out repository
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Check out correct Git ref
run: git checkout ${{ steps.head.outputs.content }}
- name: Download all build artifacts
uses: actions/download-artifact@v3
- name: Cache Maven packages
uses: actions/cache@v3
with:
path: ~/.m2
key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
restore-keys: ${{ runner.os }}-m2
- name: Release with JReleaser
run: mvn -B -Prelease -DartifactsDir=artifacts jreleaser:full-release
env:
JRELEASER_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Capture JReleaser output
if: always()
uses: actions/upload-artifact@v3
with:
name: jreleaser-release-output
retention-days: 7
path: |
target/jreleaser/trace.log
target/jreleaser/output.properties