-
Notifications
You must be signed in to change notification settings - Fork 4
125 lines (119 loc) · 3.86 KB
/
build.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
name: Build
on:
workflow_dispatch:
inputs: {}
push:
branches: [ "develop" ]
tags: [ "v**" ]
pull_request:
branches: [ "develop" ]
jobs:
checksecret:
runs-on: ubuntu-latest
outputs:
HAVE_SECRETS: ${{ steps.checksecret_job.outputs.HAVE_SECRETS }}
steps:
- id: checksecret_job
env:
TOKEN_BITWARDEN_SM: ${{ secrets.TOKEN_BITWARDEN_SM }}
run: |
echo "HAVE_SECRETS=${{ env.TOKEN_BITWARDEN_SM != '' }}" >> $GITHUB_OUTPUT
build:
runs-on: ubuntu-latest
needs: [ 'checksecret' ]
strategy:
fail-fast: false
matrix:
scala: [ '2.12', '2.13', '3' ]
steps:
- uses: 7mind/github-env@minimal
- name: Build and Test
env:
SCALA_VERSION: ${{ matrix.scala }}
run: ./build.sh nix gen coverage
- uses: bitwarden/sm-action@v2
if: needs.checksecret.outputs.HAVE_SECRETS == 'true'
with:
access_token: ${{ secrets.TOKEN_BITWARDEN_SM }}
secrets: |
5e21669e-48b4-49ce-82f0-b193010a2ded > TOKEN_CODECOV
- uses: codecov/codecov-action@v4
if: needs.checksecret.outputs.HAVE_SECRETS == 'true'
with:
token: ${{ env.TOKEN_CODECOV }}
verbose: true # optional (default = false)
fail_ci_if_error: true
files: "**/cobertura.xml"
# TODO: do we need scoverage.xml? If so files: may be just omitted
# files: cobertura.xml,scoverage.xml
# flags: unittests
publish-npm:
runs-on: ubuntu-latest
needs: [ 'checksecret' ]
if: needs.checksecret.outputs.HAVE_SECRETS == 'true'
steps:
- uses: 7mind/github-env@minimal
with:
cache-scala: false
- uses: bitwarden/sm-action@v2
with:
access_token: ${{ secrets.TOKEN_BITWARDEN_SM }}
secrets: |
aa0a790c-4030-4126-bc77-b193010a0f04 > TOKEN_NPM
- name: Publish NPM artifacts
run: ./build.sh nix publish-npm
publish-nuget:
runs-on: ubuntu-latest
needs: [ 'checksecret' ]
if: needs.checksecret.outputs.HAVE_SECRETS == 'true'
steps:
- uses: 7mind/github-env@minimal
with:
cache-scala: false
- uses: bitwarden/sm-action@v2
with:
access_token: ${{ secrets.TOKEN_BITWARDEN_SM }}
secrets: |
637c5cad-a680-4ea3-ac8b-b193010bee40 > TOKEN_NUGET
- name: Publish Nuget artifacts
run: ./build.sh nix publish-nuget
publish-scala:
runs-on: ubuntu-latest
needs: [ 'build', 'checksecret' ]
if: needs.checksecret.outputs.HAVE_SECRETS == 'true'
strategy:
fail-fast: false
matrix:
scala: [ '2.12', '2.13', '3' ]
steps:
- uses: 7mind/github-env@minimal
- uses: bitwarden/sm-action@v2
with:
access_token: ${{ secrets.TOKEN_BITWARDEN_SM }}
secrets: |
994f97a2-97a4-4fe1-806a-b1930104435f > SONATYPE_CREDENTIALS_FILE
749f4227-9f11-4ceb-9121-b1930110c3a9 > OPENSSL_KEY
a2fe5b5b-5f3f-47f8-961c-b1930110cea7 > OPENSSL_IV
- name: Build and Publish to Sonatype
env:
SONATYPE_SECRET: .secrets/credentials.sonatype-nexus.properties
SCALA_VERSION: ${{ matrix.scala }}
run: |
set -x
set -e
if [[ "$CI_PULL_REQUEST" == "false" ]] ; then
mkdir .secrets
echo "$SONATYPE_CREDENTIALS_FILE" > "$SONATYPE_SECRET"
openssl aes-256-cbc -K ${OPENSSL_KEY} -iv ${OPENSSL_IV} -in secrets.tar.enc -out secrets.tar -d
tar xvf secrets.tar
fi
./build.sh nix gen publish-scala
all-good:
if: always()
runs-on: ubuntu-latest
needs: [ 'build' ]
steps:
- name: Decide whether the needed jobs succeeded or failed
uses: re-actors/alls-green@release/v1
with:
jobs: ${{ toJSON(needs) }}