Skip to content

chore(deps): update actions/create-github-app-token action to v1.9.3 #71

chore(deps): update actions/create-github-app-token action to v1.9.3

chore(deps): update actions/create-github-app-token action to v1.9.3 #71

name: Publish resources present in the repository
#
# Note: Does not download and update because changes should be manually reviewed,
# for example to be able to detect when a download mechanism breaks and yields
# the wrong results.
#
on:
push:
branches:
- master
workflow_dispatch: {}
concurrency:
# only run one publishing at a time to avoid conflicts in artifactory
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
publish:
# Only on main repository (don't publish on forks)
if: github.repository_owner == 'wetransform'
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3
- uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1
with:
distribution: temurin
java-version: 17
- name: Setup Gradle
uses: gradle/actions/setup-gradle@750cdda3edd6d51b7fdfc069d2e2818cf3c44f4c # v3.3.1
- name: Build jars and test
run: |
./gradlew jars haleResourceBundles publishJarsToMavenLocal :test:test
env:
ORG_GRADLE_PROJECT_wetfArtifactoryUser: ${{ secrets.WETF_ARTIFACTORY_USER }}
ORG_GRADLE_PROJECT_wetfArtifactoryPassword: ${{ secrets.WETF_ARTIFACTORY_PASSWORD }}
- name: Publish Test Report
uses: mikepenz/action-junit-report@9379f0ccddcab154835d4e2487555ee79614fe95 # v4.2.1
if: always() # always run even if the previous step fails
with:
report_paths: "test/build/test-results/**/*.xml"
require_tests: true
# Workaround for check that is additionally created being associated
# to the wrong workflow/run. Instead no additional check is created.
# See https://github.com/mikepenz/action-junit-report/issues/40
annotate_only: true
detailed_summary: true
fail_on_failure: true
- name: Publish artifacts
run: ./gradlew publishJars
env:
ORG_GRADLE_PROJECT_wetfArtifactoryUser: ${{ secrets.WETF_ARTIFACTORY_USER }}
ORG_GRADLE_PROJECT_wetfArtifactoryPassword: ${{ secrets.WETF_ARTIFACTORY_PASSWORD }}
- name: Install AWS CLI
uses: unfor19/install-aws-cli-action@e8b481e524a99f37fbd39fdc1dcb3341ab091367 # v1.0.7
with:
version: 1
- name: Download current update site
env:
AWS_ACCESS_KEY_ID: ${{ secrets.BUILD_ARCHIVE_ACCESS_KEY }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.BUILD_ARCHIVE_SECRET_KEY }}
run: |
rm -r updatesite/p2 || true
mkdir updatesite/p2
aws s3 sync s3://build-artifacts.wetransform.to/p2/offline-resources/site updatesite/p2 --region eu-central-1
rm updatesite/p2/*_version.json || true # delete old version files that had wrong file name
shell: bash
- name: Verify that update site was downloaded
run: |
folder=updatesite/p2
if [ -z "$(ls -A "$folder")" ]; then
echo "Error: The folder $folder is empty. No existing update site was downloaded"
exit 1
else
echo "The folder $folder is not empty."
fi
shell: bash
- name: Create update site and append to existing one
env:
# CI marker
CI: 'true'
run: ./gradlew updateSite # Note: requires jars and publishJarsToMavenLocal to have run before
- name: Publish combined update site
env:
AWS_ACCESS_KEY_ID: ${{ secrets.BUILD_ARCHIVE_ACCESS_KEY }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.BUILD_ARCHIVE_SECRET_KEY }}
run: |
aws s3 sync updatesite/p2 s3://build-artifacts.wetransform.to/p2/offline-resources/site --acl public-read --delete --region eu-central-1
shell: bash
- name: Notify slack on failure
# https://github.com/marketplace/actions/slack-notify-build
uses: voxmedia/github-action-slack-notify-build@3665186a8c1a022b28a1dbe0954e73aa9081ea9e # v1.6.0
if: failure()
env:
SLACK_BOT_TOKEN: ${{ secrets.SLACK_NOTIFICATIONS_BOT_TOKEN }}
with:
channel: build-failures
status: FAILED
color: danger