Skip to content

Bump actions/checkout from 3.6.0 to 4.0.0 #109

Bump actions/checkout from 3.6.0 to 4.0.0

Bump actions/checkout from 3.6.0 to 4.0.0 #109

Workflow file for this run

#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to you under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
name: build
on:
push:
# Avoid workflow run for _merged_ `dependabot` PRs.
# They were (hopefully!) already tested in PR-triggered workflow.
branches-ignore: "dependabot/**"
pull_request:
paths-ignore:
- "**.adoc"
- "**.md"
- "**.txt"
permissions: read-all
jobs:
build:
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ macos-latest, ubuntu-latest, windows-latest ]
steps:
- name: Checkout repository
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # 4.0.0
- name: Setup JDK 8 and 17
uses: actions/setup-java@5ffc13f4174014e2d4d4572b3d74c3fa61aeb2c2 # 3.7.0
with:
distribution: temurin
java-version: |
8
17
java-package: jdk
architecture: x64
cache: maven
# We could have used `verify`, but `clean install` is required while generating the build reproducibility report, which is performed in the next step.
# For details, see: https://maven.apache.org/guides/mini/guide-reproducible-builds.html#how-to-test-my-maven-build-reproducibility
- name: Build
shell: bash
run: |
./mvnw \
--show-version --batch-mode --errors --no-transfer-progress \
-DtrimStackTrace=false \
-DinstallAtEnd=true \
-Pjava8-tests \
clean install
# `clean verify artifact:compare` is required to generate the build reproducibility report.
# For details, see: https://maven.apache.org/guides/mini/guide-reproducible-builds.html#how-to-test-my-maven-build-reproducibility
- name: Report build reproducibility
id: report-reproducible
timeout-minutes: 10
shell: bash
run: |
./mvnw \
--show-version --batch-mode --errors --no-transfer-progress \
-DskipTests=true \
clean verify artifact:compare
- name: Upload reproducibility failure context artifacts
if: failure()
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # 3.1.2
with:
name: reproducibility-failure-context-${{matrix.os}}
path: |
**/target/*.buildcompare
**/target/*.jar
**/target/reference/*.jar
merge:
runs-on: ubuntu-latest
if: github.event_name == 'pull_request' && github.actor == 'dependabot[bot]'
needs: build
permissions:
contents: write
pull-requests: write
steps:
- name: "[dependabot] Auto-merge the PR"
run: gh pr merge --auto --squash "$PR_URL"
env:
PR_URL: ${{ github.event.pull_request.html_url }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
deploy:
runs-on: ubuntu-latest
needs: build
if: github.repository == 'apache/logging-log4j-transform' && (github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/heads/release/'))
permissions:
contents: write
steps:
- name: Checkout repository
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # 4.0.0
- name: Set up Java & GPG
uses: actions/setup-java@5ffc13f4174014e2d4d4572b3d74c3fa61aeb2c2 # 3.7.0
with:
distribution: temurin
java-version: 17
java-package: jdk
architecture: x64
cache: maven
server-id: ${{ github.ref == 'refs/heads/main' && 'apache.snapshots.https' || 'apache.releases.https' }}
server-username: NEXUS_USERNAME
server-password: NEXUS_PASSWORD
# We won't use `maven-gpg-plugin`, but this is convenient to import the GPG secret key
gpg-private-key: ${{ secrets.GPG_SECRET_KEY }}
- name: Export artifact version
run: |
export PROJECT_VERSION=$(./mvnw \
--quiet --batch-mode -DforceStdout=true \
-Dexpression=project.version \
help:evaluate \
| tail -n 1)
echo "PROJECT_VERSION=$PROJECT_VERSION" >> $GITHUB_ENV
- name: Check version (SNAPSHOT)
if: github.ref == 'refs/heads/main'
run: |
[[ "$PROJECT_VERSION" =~ ^[0-9]+\.[0-9]+\.[0-9]+-SNAPSHOT$ ]] || {
echo "was expecting a snapshot version, found: \"$PROJECT_VERSION\"" 1>&2
exit 1
}
- name: Check version (RELEASE)
if: startsWith(github.ref, 'refs/heads/release/')
run: |
[[ "${GITHUB_REF/refs\/heads\/release\//}" == "$PROJECT_VERSION" ]] || {
echo "git ref \"$GITHUB_REF\" mismatches with the version: \"$PROJECT_VERSION\"" 1>&2
exit 1
}
[[ "$PROJECT_VERSION" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]] || {
echo "was expecting a release version, found: \"$PROJECT_VERSION\"" 1>&2
exit 1
}
export CHANGELOG_VERSION=$(grep "^= " CHANGELOG.adoc | head -n 1 | sed -r 's/^= (.+) \(.+\)$/\1/')
[[ "$PROJECT_VERSION" == "$CHANGELOG_VERSION" ]] || {
echo "version \"$PROJECT_VERSION\" doesn't match the one in changelog: \"$CHANGELOG_VERSION\"" 1>&2
exit 1
}
export EXPECTED_DATE=$(date --date="now + 3 days" +%Y-%m-%d)
export CHANGELOG_DATE=$(grep "^= " CHANGELOG.adoc | head -n 1 | sed -r 's/^= .+ \((.+)\)$/\1/')
[[ "$EXPECTED_DATE" == "$CHANGELOG_DATE" ]] || {
echo "expected release date \"$EXPECTED_DATE\" doesn't match the one in the changelog: \"$CHANGELOG_DATE\"" 1>&2
exit 1
}
- name: Deploy
run: |
gpg --list-secret-keys
./mvnw \
--show-version --batch-mode --errors --no-transfer-progress \
-P release
env:
# `NEXUS_USERNAME` and `NEXUS_PASSWORD` are used in `~/.m2/settings.xml` created by `setup-java` action
NEXUS_USERNAME: ${{ github.ref == 'refs/heads/main' && secrets.NEXUS_USER || secrets.LOGGING_STAGE_DEPLOYER_USER }}
NEXUS_PASSWORD: ${{ github.ref == 'refs/heads/main' && secrets.NEXUS_PW || secrets.LOGGING_STAGE_DEPLOYER_PW }}
# `SIGN_KEY` is used by `sign-maven-plugin`
SIGN_KEY: ${{ secrets.GPG_SECRET_KEY }}
- name: Sign artifacts (RELEASE)
if: startsWith(github.ref, 'refs/heads/release/')
run: |
gpg --armor --detach-sign --yes --pinentry-mode error "target/apache-log4j-transform-${PROJECT_VERSION}-src.zip"
- name: Upload artifacts (RELEASE)
if: startsWith(github.ref, 'refs/heads/release/')
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # 3.1.2
with:
name: Sources
path: target/apache-log4j-transform-*-src.zip*
if-no-file-found: error
- name: Tag version (RELEASE)
if: startsWith(github.ref, 'refs/heads/release/')
run: |
export RCN=$[ $(git tag -l "rel/$PROJECT_VERSION[-.]rc*" | wc -l) + 1 ]
export TAG="rel/$PROJECT_VERSION-rc$RCN"
git config user.name github-actions
git config user.email [email protected]
git tag "$TAG" -m ""
git push origin "$TAG"