-
Notifications
You must be signed in to change notification settings - Fork 385
145 lines (128 loc) · 4.98 KB
/
verify-and-release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
name: Verify and Release
# trigger on push to branches and PR
on:
push:
branches:
- '**' # matches every branch
tags:
- 'v[0-9]+'
- 'v[0-9]+.[0-9]+'
- 'v[0-9]+.[0-9]+.[0-9]+'
- 'v[0-9]+.[0-9]+.[0-9]+-*'
pull_request:
env:
# restore to default url to download maven
MVNW_REPOURL: https://repo.maven.apache.org/maven2
jobs:
lint_shellcheck:
name: shellcheck
runs-on: ubuntu-latest
# execute on any push or pull request from forked repo
if: github.event_name == 'push' || ( github.event_name == 'pull_request' && github.event.pull_request.head.repo.fork )
env:
SHELLCHECK_VERSION: '0.10.0'
steps:
- uses: actions/checkout@v4
- name: download shellcheck
run: |
curl --silent --fail --show-error --retry 2 --retry-delay 1 --connect-timeout 5 --location --url "https://github.com/koalaman/shellcheck/releases/download/v${SHELLCHECK_VERSION}/shellcheck-v${SHELLCHECK_VERSION}.linux.x86_64.tar.xz" -o shellcheck-v${SHELLCHECK_VERSION}.tar.xz
tar xvf "shellcheck-v${SHELLCHECK_VERSION}.tar.xz"
rm -f "shellcheck-v${SHELLCHECK_VERSION}.tar.xz"
chmod +x "$GITHUB_WORKSPACE/shellcheck-v${SHELLCHECK_VERSION}/shellcheck"
- name: check
run: |
echo "$GITHUB_WORKSPACE/shellcheck-v${SHELLCHECK_VERSION}" >> $GITHUB_PATH
shellcheck core/bin/hbox-* core/sbin/start-history-server.sh core/libexec/hbox-common-env.sh
find tests -name '*.sh' | xargs shellcheck
lint_maven:
name: lint pom.xml and maven plugins
runs-on: ubuntu-latest
# execute on any push or pull request from forked repo
if: github.event_name == 'push' || ( github.event_name == 'pull_request' && github.event.pull_request.head.repo.fork )
steps:
- uses: actions/checkout@v4
- name: Set up JDK
uses: actions/setup-java@v4
with:
java-version: 11
distribution: 'temurin'
cache: maven
- name: Lint Maven Pom Format
run: ./mvnw -V -B -ntp -Dmirror.of.proxy= sortpom:verify -Dsort.verifyFail=STOP
- name: Lint Check Maven Plugins
run: ./mvnw -B -ntp -Dmirror.of.proxy= artifact:check-buildplan
verify:
name: 'Verify with JDK ${{ matrix.jdk }}'
strategy:
fail-fast: false
matrix:
jdk: [ 8, 11, 17 ]
runs-on: ubuntu-latest
# execute on any push or pull request from forked repo
if: github.event_name == 'push' || ( github.event_name == 'pull_request' && github.event.pull_request.head.repo.fork )
needs: [ lint_shellcheck, lint_maven ]
steps:
- uses: actions/checkout@v4
- name: Set up JDK
uses: actions/setup-java@v4
with:
java-version: '${{ matrix.jdk }}'
distribution: 'temurin'
cache: maven
- name: Maven verify
run: ./mvnw -V -B -ntp -e -Dmirror.of.proxy= verify
reproducible:
name: 'Build and check reproducible'
runs-on: ubuntu-latest
if: startsWith(github.ref, 'refs/tags/v')
needs: [ verify ]
steps:
- uses: actions/checkout@v4
- name: Set up JDK
uses: actions/setup-java@v4
with:
java-version: 11
distribution: 'temurin'
cache: maven
- name: Build reproducible artifacts
shell: bash
run: |
set -ux
./mvnw -V -B -ntp -e -Dmirror.of.proxy= install -Dmaven.test.skip=true -DskipTests -Dinvoker.skip -Dbuildinfo.detect.skip=false
./mvnw -B -ntp -e -Dmirror.of.proxy= clean
mkdir -p target
true artifact:compare should not contain warning or error
trap 'cat target/build.log' ERR
./mvnw -B -ntp -e -Dmirror.of.proxy= -l target/build.log package artifact:compare -Dmaven.test.skip=true -DskipTests -Dinvoker.skip -Dbuildinfo.detect.skip=false
test 0 = "$(sed -n '/^\\[INFO\\] --- maven-artifact-plugin:[^:][^:]*:compare/,/^\\[INFO\\] ---/ p' target/build.log | grep -c '^\\[\\(WARNING\\|ERROR\\)\\]')"
true all files should be ok
trap 'find . -name "*.buildcompare" -print0 | xargs -0 cat' ERR
find . -name '*.buildcompare' -print0 | xargs -0 grep -q '^ko=0$'
trap '' ERR
find . -name "*.buildcompare" -print0 | xargs -0 cat
- name: Store artifacts
uses: actions/upload-artifact@v4
with:
path: core/target/hbox-*-dist.tar.gz
retention-days: 7
create_a_draft_release:
name: Create a draft release
runs-on: ubuntu-latest
if: github.repository == 'Qihoo360/hbox' && startsWith(github.ref, 'refs/tags/v')
needs: [ reproducible ]
permissions:
contents: write
steps:
- name: Download artifacts
uses: actions/download-artifact@v4
with:
merge-multiple: true
path: core/target/
- name: Publish artifacts
uses: softprops/action-gh-release@v2
with:
draft: true
prerelease: ${{ contains(github.ref, '-alpha') || contains(github.ref, '-beta') || contains(github.ref, '-rc') }}
fail_on_unmatched_files: true
files: core/target/hbox-*-dist.tar.gz
generate_release_notes: true