Merge pull request #5371 from eXist-db/dependabot/maven/org.owasp-dep… #28
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Deploy | |
on: [push, pull_request] | |
jobs: | |
build: | |
name: Build and Test Images | |
runs-on: ubuntu-latest | |
# NOTE (DP): Publish on develop and master, test on PRs against these | |
if: github.ref == 'refs/heads/develop' || github.ref == 'refs/heads/master' || github.base_ref == 'develop' || github.base_ref == 'master' | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 1 | |
- name: Set up JDK 17 | |
uses: actions/setup-java@v4 | |
with: | |
distribution: temurin | |
java-version: '17' | |
- name: Make buildkit default | |
uses: docker/setup-buildx-action@v3 | |
id: buildx | |
with: | |
install: true | |
- name: Cache Maven packages | |
uses: actions/cache@v4 | |
with: | |
path: ~/.m2 | |
key: deploy-${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} | |
restore-keys: deploy-${{ runner.os }}-maven | |
- name: Install bats | |
run: sudo apt-get install bats | |
- name: Build images | |
run: mvn -V -B -q -Pdocker -DskipTests -Ddependency-check.skip=true -P !mac-dmg-on-unix,!installer,!concurrency-stress-tests,!micro-benchmarks,skip-build-dist-archives clean package | |
- name: Check local images | |
run: docker image ls | |
- name: Check license headers | |
run: mvn license:check | |
working-directory: exist-docker | |
- name: Start exist-ci container | |
run: | | |
docker run -dit -p 8080:8080 --name exist-ci --rm existdb/existdb:latest | |
sleep 35s | |
- name: Run tests | |
run: bats --tap exist-docker/src/test/bats/*.bats | |
# NOTE (DP): When on master push release, when on develop push latest: Version is included automatically | |
# TODO (DP): Confirm that releases triggered from maven publish images with the non SNAPSHOT version | |
- name: Publish latest images | |
if: github.ref == 'refs/heads/develop' | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} | |
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} | |
run: mvn -q -Ddocker.tag=latest -Ddocker.username=$DOCKER_USERNAME -Ddocker.password=$DOCKER_PASSWORD docker:build docker:push | |
working-directory: ./exist-docker | |
- name: Publish release images | |
if: github.ref == 'refs/heads/master' | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} | |
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} | |
run: mvn -q -Ddocker.tag=release -Ddocker.username=$DOCKER_USERNAME -Ddocker.password=$DOCKER_PASSWORD docker:build docker:push | |
working-directory: ./exist-docker | |
# NOTE (DP): This is for debugging, publishes an experimental image from inside PRs against develop | |
# - name: Publish experimental images | |
# if: github.base_ref == 'develop' | |
# env: | |
# GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
# DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} | |
# DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} | |
# run: mvn -q -Ddocker.tag=experimental -Ddocker.username=$DOCKER_USERNAME -Ddocker.password=$DOCKER_PASSWORD docker:build docker:push | |
# working-directory: ./exist-docker | |