Skip to content

chore: apply ci hardening (sgammon/guava#1) #19

chore: apply ci hardening (sgammon/guava#1)

chore: apply ci hardening (sgammon/guava#1) #19

Workflow file for this run

name: CI
on:
push:
branches:
- master
pull_request:
branches:
- master
permissions:
contents: read
jobs:
test:
permissions:
actions: write # for styfle/cancel-workflow-action to cancel/stop running workflows
contents: read # for actions/checkout to fetch code
name: "${{ matrix.root-pom }} on JDK ${{ matrix.java }} on ${{ matrix.os }}"
strategy:
matrix:
os: [ ubuntu-latest ]
java: [ 8, 11, 17 ]
root-pom: [ 'pom.xml', 'android/pom.xml' ]
include:
- os: windows-latest
java: 17
root-pom: pom.xml
runs-on: ${{ matrix.os }}
env:
ROOT_POM: ${{ matrix.root-pom }}
steps:
# Cancel any previous runs for the same branch that are still running.
- name: Harden Runner
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
with:
egress-policy: audit
- name: 'Cancel previous runs'
uses: styfle/cancel-workflow-action@85880fa0301c86cca9da44039ee3bb12d3bedbfa # 0.12.1
with:
access_token: ${{ github.token }}
- name: 'Check out repository'
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
persist-credentials: false
- name: 'Set up JDK ${{ matrix.java }}'
uses: actions/setup-java@9704b39bf258b59bc04b50fa2dd55e9ed76b47a8 # v4.1.0
with:
java-version: ${{ matrix.java }}
distribution: 'zulu'
cache: 'maven'
- name: 'Install'
shell: bash
run: ./mvnw -B -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn install -U -DskipTests=true -f $ROOT_POM
- name: 'Test'
shell: bash
run: ./mvnw -B -P!standard-with-extra-repos verify -U -Dmaven.javadoc.skip=true -f $ROOT_POM
- name: 'Print Surefire reports'
# Note: Normally a step won't run if the job has failed, but this causes it to
if: ${{ failure() }}
shell: bash
run: ./util/print_surefire_reports.sh
- name: 'Integration Test'
if: matrix.java == 11
shell: bash
run: util/gradle_integration_tests.sh
publish_snapshot:
name: 'Publish snapshot'
needs: test
if: github.event_name == 'push' && github.repository == 'google/guava'
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
with:
egress-policy: audit
- name: 'Check out repository'
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: 'Set up JDK 11'
uses: actions/setup-java@9704b39bf258b59bc04b50fa2dd55e9ed76b47a8 # v4.1.0
with:
java-version: 11
distribution: 'zulu'
server-id: sonatype-nexus-snapshots
server-username: CI_DEPLOY_USERNAME
server-password: CI_DEPLOY_PASSWORD
cache: 'maven'
- name: 'Publish'
env:
CI_DEPLOY_USERNAME: ${{ secrets.CI_DEPLOY_USERNAME }}
CI_DEPLOY_PASSWORD: ${{ secrets.CI_DEPLOY_PASSWORD }}
run: ./util/deploy_snapshot.sh
generate_docs:
permissions:
contents: write
name: 'Generate latest docs'
needs: test
if: github.event_name == 'push' && github.repository == 'google/guava'
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
with:
egress-policy: audit
- name: 'Check out repository'
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: 'Set up JDK 11'
uses: actions/setup-java@9704b39bf258b59bc04b50fa2dd55e9ed76b47a8 # v4.1.0
with:
java-version: 11
distribution: 'zulu'
cache: 'maven'
- name: 'Generate latest docs'
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: ./util/update_snapshot_docs.sh