Skip to content

wip: nixify

wip: nixify #1398

Workflow file for this run

name: Build
on:
workflow_dispatch:
inputs: {}
push:
branches: [ "develop", "wip/*" ]
tags: [ "v**" ]
pull_request:
branches: [ "develop" ]
jobs:
# checksecret:
# runs-on: ubuntu-latest
# outputs:
# HAVE_SECRETS: ${{ steps.checksecret_job.outputs.HAVE_SECRETS }}
# steps:
# - id: checksecret_job
# env:
# TOKEN_BITWARDEN_SM: ${{ secrets.TOKEN_BITWARDEN_SM }}
# run: |
# echo "HAVE_SECRETS=${{ env.TOKEN_BITWARDEN_SM != '' }}" >> $GITHUB_OUTPUT
wtf:
runs-on: self-hosted
steps:
- uses: 7mind/github-env@minimal
- run: |
env
id -u
whoami
groups
ls -la /run/user/77777/
docker run hello-world
# build-jvm:
# runs-on: ubuntu-latest
# needs: [ 'checksecret' ]
# strategy:
# fail-fast: false
# matrix:
# java: [ '11', '17', '22' ]
# scala: [ '2.12', '2.13', '3' ]
# steps:
# - uses: 7mind/github-env@minimal
# - name: Build and Test with Coverage
# env:
# SCALA_VERSION: ${{ matrix.scala }}
# JAVA_VERSION: ${{ matrix.java }}
# if: matrix.scala != '3'
# run: ./build.sh nix gen coverage
# - name: Build and Test without Coverage # coverage leads to verification errors on scala3
# env:
# SCALA_VERSION: ${{ matrix.scala }}
# JAVA_VERSION: ${{ matrix.java }}
# if: matrix.scala == '3'
# run: ./build.sh nix gen test
# - uses: dorny/test-reporter@v1
# if: (needs.checksecret.outputs.HAVE_SECRETS == 'true') && (success() || failure())
# with:
# name: Test reports (JDK ${{ matrix.java }}, Scala ${{ matrix.scala }}, JVM)
# path: '**/target/test-reports/TEST-*.xml'
# reporter: java-junit
# - uses: bitwarden/sm-action@v2
# if: (needs.checksecret.outputs.HAVE_SECRETS == 'true') && (success() || failure())
# with:
# access_token: ${{ secrets.TOKEN_BITWARDEN_SM }}
# secrets: |
# 5e21669e-48b4-49ce-82f0-b193010a2ded > TOKEN_CODECOV
# - uses: codecov/codecov-action@v4
# if: needs.checksecret.outputs.HAVE_SECRETS == 'true'
# continue-on-error: true
# with:
# token: ${{ env.TOKEN_CODECOV }}
# verbose: true
# files: "**/cobertura.xml"
# # fail_ci_if_error: ${{ matrix.scala != '3' }}
# # TODO: do we need scoverage.xml? If so files: may be just omitted
# # files: cobertura.xml,scoverage.xml
# # flags: unittests
# - name: Upload dependency graph
# uses: scalacenter/sbt-dependency-submission@v2
#
# build-js:
# runs-on: ubuntu-latest
# needs: [ 'checksecret' ]
# strategy:
# fail-fast: false
# matrix:
# java: [ '11', '17', '22' ]
# scala: [ '2.12', '2.13', '3' ]
# steps:
# - uses: 7mind/github-env@minimal
# - name: Build and Test with Coverage
# env:
# SCALA_VERSION: ${{ matrix.scala }}
# JAVA_VERSION: ${{ matrix.java }}
# if: matrix.scala != '3'
# run: ./build.sh nix gen-jsonly coverage
# - name: Build and Test without Coverage # coverage leads to verification errors on scala3
# env:
# SCALA_VERSION: ${{ matrix.scala }}
# JAVA_VERSION: ${{ matrix.java }}
# if: matrix.scala == '3'
# run: ./build.sh nix gen-jsonly test
# - uses: dorny/test-reporter@v1
# if: (needs.checksecret.outputs.HAVE_SECRETS == 'true') && (success() || failure())
# with:
# name: Test reports (JDK ${{ matrix.java }}, Scala ${{ matrix.scala }}, JS)
# path: '**/target/test-reports/TEST-*.xml'
# reporter: java-junit
#
# test-site:
# runs-on: ubuntu-latest
# strategy:
# matrix:
# java: [ '22' ]
# scala: [ '2.13']
# steps:
# - uses: 7mind/github-env@minimal
# - name: Build Microsite
# env:
# SCALA_VERSION: ${{ matrix.scala }}
# JAVA_VERSION: ${{ matrix.java }}
# run: ./build.sh nix gen-js site-test
#
# publish-site:
# runs-on: ubuntu-latest
# strategy:
# matrix:
# java: [ '22' ]
# scala: [ '2.13']
# needs: [ 'build-jvm', 'build-js', 'test-site', 'checksecret' ]
# if: needs.checksecret.outputs.HAVE_SECRETS == 'true'
# steps:
# - uses: 7mind/github-env@minimal
# - uses: bitwarden/sm-action@v2
# with:
# access_token: ${{ secrets.TOKEN_BITWARDEN_SM }}
# secrets: |
# 4aeac969-5880-4e36-97a8-b193010ca904 > IZUMI_MICROSITE_KEY
# - uses: shimataro/ssh-key-action@v2
# with:
# key: ${{ env.IZUMI_MICROSITE_KEY }}
# known_hosts: 'unnecessary' # github.com is already there
# - name: Publish Microsite
# env:
# SCALA_VERSION: ${{ matrix.scala }}
# JAVA_VERSION: ${{ matrix.java }}
# run: ./build.sh nix gen-js site-publish
#
# publish-artifacts:
# runs-on: ubuntu-latest
# needs: [ 'build-jvm', 'build-js', 'checksecret' ]
# if: needs.checksecret.outputs.HAVE_SECRETS == 'true'
# strategy:
# fail-fast: false
# matrix:
# java: [ '11' ]
# scala: [ '2.12', '2.13', '3']
# steps:
# - uses: 7mind/github-env@minimal
# - uses: bitwarden/sm-action@v2
# with:
# access_token: ${{ secrets.TOKEN_BITWARDEN_SM }}
# secrets: |
# 994f97a2-97a4-4fe1-806a-b1930104435f > SONATYPE_CREDENTIALS_FILE
# 749f4227-9f11-4ceb-9121-b1930110c3a9 > OPENSSL_KEY
# a2fe5b5b-5f3f-47f8-961c-b1930110cea7 > OPENSSL_IV
# - name: Build and Publish to Sonatype
# env:
# SCALA_VERSION: ${{ matrix.scala }}
# JAVA_VERSION: ${{ matrix.java }}
# SONATYPE_SECRET: .secrets/credentials.sonatype-nexus.properties
# run: |
# mkdir .secrets
# echo "$SONATYPE_CREDENTIALS_FILE" > "$SONATYPE_SECRET"
# openssl aes-256-cbc -K ${OPENSSL_KEY} -iv ${OPENSSL_IV} -in secrets.tar.enc -out secrets.tar -d
# tar xvf secrets.tar
#
# ./build.sh nix gen-js publish-scala
#
# all-good:
# if: always()
# runs-on: ubuntu-latest
# needs: [ 'build-jvm', 'build-js', 'test-site' ]
# steps:
# - name: Decide whether the needed jobs succeeded or failed
# uses: re-actors/alls-green@release/v1
# with:
# jobs: ${{ toJSON(needs) }}