Skip to content

Ensure we restore the capability to publish Snapshot versions #64

Ensure we restore the capability to publish Snapshot versions

Ensure we restore the capability to publish Snapshot versions #64

Workflow file for this run

name: "CI/CD"
on:
pull_request:
push:
branches: [main]
tags:
- "v*.*.*"
release:
types:
- published
workflow_dispatch:
env:
JDK_JAVA_OPTIONS: -XX:+PrintCommandLineFlags -Xss10M # JDK_JAVA_OPTIONS is _the_ env. variable to use for modern Java
JVM_OPTS: -XX:+PrintCommandLineFlags -Xss10M # for Java 8 only (sadly, it is not modern enough for JDK_JAVA_OPTIONS)
scala_212_version: "2.12.20"
scala_213_version: "2.13.15"
scala_3_version: "3.3.4"
SonatypeUrl: "https://finos.sonatype.app/platform/"
SonatypeAppId: morphir-jvm
SonatypeStage: "build"
SonatypeScanTarget: "." # depCache/coursier/v1/https/repo1.maven.org/maven2/
ExcludeDirectory: " -D fileExcludes='*.class, **/website/, **/docs/, **/.*, **/*mill*.jar' "
# Build support Test: 002
# cancel older runs of a pull request;
# this will not cancel anything for normal git pushes
concurrency:
group: cancel-old-pr-runs-${{ github.workflow }}-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
jobs:
test-jvm:
runs-on: ubuntu-latest
timeout-minutes: 30
strategy:
fail-fast: false
matrix:
java: ["11", "17"]
scala: ["2.12.20", "2.13.15", "3.3.4"]
steps:
- name: Checkout current branch
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Setup Scala and Java
uses: actions/setup-java@v4
with:
distribution: "temurin"
java-version: ${{ matrix.java }}
- name: Cache scala dependencies
uses: coursier/cache-action@v6
- name: Run JVM tests
run: |
./mill -i -k -j 0 "morphir[${{matrix.scala}}].__.jvm.__.compile" + "morphir[${{matrix.scala}}].__.jvm.publishArtifacts" + "morphir[${{matrix.scala}}].__.jvm.__.test"
- name: Lint Scala (JVM)
run: ./mill -i -k -j 0 "morphir[${{matrix.scala}}].__.jvm.__.checkFormat"
- name: Cache JVM build output
# when in master repo: all commits to main branch and all additional tags
if: github.ref == 'refs/heads/main' || (github.ref != 'refs/heads/main' && startsWith( github.ref, 'refs/tags/') )
uses: actions/cache/save@v4
with:
path: |
out/morphir/${{matrix.scala}}/**/jvm/
out/morphir/build/
key: ${{ runner.os }}-mill-jvm-${{matrix.java}}-${{ matrix.scala }}-${{ github.sha }}-${{ hashFiles('out') }}
test-js:
runs-on: ubuntu-latest
timeout-minutes: 30
strategy:
fail-fast: false
matrix:
java: ["17"] # Note there is no need ro actually run this for multiple JVM versions for JS
scala: ["2.12.20", "2.13.15", "3.3.4"]
steps:
- name: Checkout current branch
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Setup Scala and Java
uses: actions/setup-java@v4
with:
distribution: "temurin"
java-version: ${{ matrix.java }}
- name: Cache scala dependencies
uses: coursier/cache-action@v6
- name: Run JS tests
run: |
./mill -i -k -j 0 "morphir[${{matrix.scala}}].__.js.__.compile" + "morphir[${{matrix.scala}}].__.js.publishArtifacts" + "morphir[${{matrix.scala}}].__.js.__.test"
- name: Lint ScalaJS
run: ./mill -i -k -j 0 "morphir[${{matrix.scala}}].__.js.__.checkFormat"
- name: Cache JS build output
# when in master repo: all commits to main branch and all additional tags
if: github.ref == 'refs/heads/main' || (github.ref != 'refs/heads/main' && startsWith( github.ref, 'refs/tags/') )
uses: actions/cache/save@v4
with:
path: |
out/morphir/${{matrix.scala}}/**/js/
key: ${{ runner.os }}-mill-js-${{matrix.java}}-${{ matrix.scala }}-${{ github.sha}}-${{ hashFiles('out') }}
test-native:
runs-on: ubuntu-latest
timeout-minutes: 30
strategy:
fail-fast: false
matrix:
java: ["11"] # Note there is no need ro actually run this for multiple JVM versions for native
scala: ["2.12.20", "2.13.15", "3.3.4"]
steps:
- name: Checkout current branch
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Install libuv
run: sudo apt-get update && sudo apt-get install -y libuv1-dev
- name: Set up Clang
uses: egor-tensin/setup-clang@v1
with:
version: latest
platform: x64
- name: Setup Scala and Java
uses: actions/setup-java@v4
with:
distribution: "temurin"
java-version: ${{ matrix.java }}
- name: Run Native tests
run: |
./mill -i -k -j 0 "morphir[${{matrix.scala}}].__.native.__.compile" + "morphir[${{matrix.scala}}].__.native.publishArtifacts" + "morphir[${{matrix.scala}}].__.native.__.test"
- name: Lint ScalaNative
run: ./mill -i -k -j 0 "morphir[${{matrix.scala}}].__.native.__.checkFormat"
- name: Cache Native build output
# when in master repo: all commits to main branch and all additional tags
if: github.ref == 'refs/heads/main' || (github.ref != 'refs/heads/main' && startsWith( github.ref, 'refs/tags/') )
uses: actions/cache/save@v4
with:
path: |
out/morphir/${{matrix.scala}}/**/native/
key: ${{ runner.os }}-mill-native-${{matrix.java}}-${{ matrix.scala }}-${{ github.sha }}-${{ hashFiles('out') }}
############### SONATYPE SCAN ###############
sonatype-scan:
if: github.repository_owner == 'finos'
needs: [ci]
runs-on: ubuntu-latest
steps:
- name: Cache scala dependencies
uses: coursier/cache-action@v6
- name: Get OUT cache
uses: actions/cache/restore@v4
with:
path: out/
key: ${{ runner.os }}-*
- name: Copy Cache for SCA Scan
run: |
mkdir depCache/ #Create local copy of cache for Sonatype Scanner
cp -r /home/runner/.cache/coursier/ depCache/
# - name: Save resolvedIvyDeps.json
# run: ./mill show __.resolvedIvyDeps > depCache/resolvedIvyDeps.json
# - name: Upload Dependency Cache (optional)
# uses: actions/upload-artifact@v4
# with:
# name: Dependency Cache
# path: depCache/
- name: Sonatype Lifecycle SCA Scan
uses: sonatype-nexus-community/iq-github-action@main
with:
username: ${{ secrets.SONATYPE_SCANNER_USERNAME }}
password: ${{ secrets.SONATYPE_SCANNER_PASSWORD }}
serverUrl: ${{ env.SonatypeUrl }}
applicationId: ${{ env.SonatypeAppId }}
stage: ${{ env.SonatypeStage }}
target: ${{ env.SonatypeScanTarget }} ${{ env.ExcludeDirectory }}
- name: Retrieve Sonatype SBOM (SPDX)
if: always()
run: |
mkdir reports/
iqCredentials="${{ secrets.SONATYPE_SCANNER_USERNAME }}:${{ secrets.SONATYPE_SCANNER_PASSWORD }}"
echo 'Get internal app ID for public ID: '$SonatypeAppId
res=$(curl -u $iqCredentials --location $SonatypeUrl'api/v2/applications?publicId='$SonatypeAppId)
IFS='"' read -a array <<< "$res"
echo 'Internal app ID: '${array[5]}
internalID=${array[5]}
curl -u $iqCredentials --location $SonatypeUrl'api/v2/spdx/'$internalID'/stages/'$SonatypeStage -H 'Accept: application/xml' > reports/$SonatypeAppId.spdx.json
echo 'Sonatype SBOM (SPDX): '
cat reports/$SonatypeAppId.spdx.json
- name: Upload Sonatype SBOM (SPDX)
if: always()
uses: actions/upload-artifact@v4
with:
name: ${{ env.SonatypeAppId }} Sonatype SBOM (SPDX)
path: reports/
#############################################
cd:
needs: [sonatype-scan, ci]
runs-on: ubuntu-latest
# when in primary repo: all commits to main branch and all additional tags
if: github.repository == 'finos/morphir-jvm' && ( github.ref == 'refs/heads/main' || (github.ref != 'refs/heads/main' && startsWith( github.ref, 'refs/tags/') ) )
# only run one publish job for the same sha at the same time
# e.g. when a main-branch push is also tagged
concurrency:
group: ${{ github.workflow}}-publish-${{ github.sha }}
env:
MILL_PGP_PASSPHRASE: ${{ secrets.PGP_PASSPHRASE }}
MILL_PGP_SECRET_BASE64: ${{ secrets.PGP_SECRET_BASE64 }}
MILL_SONATYPE_PASSWORD: ${{ secrets.SONATYPE_PASSWORD }}
MILL_SONATYPE_USERNAME: ${{ secrets.SONATYPE_USERNAME }}
PUBLISH_AS_SNAPSHOT: ${{ github.event_name != 'release' && !startsWith(github.ref, 'refs/tags/') }}
LANG: "en_US.UTF-8"
LC_MESSAGES: "en_US.UTF-8"
LC_ALL: "en_US.UTF-8"
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: actions/setup-java@v4
with:
java-version: "11"
distribution: temurin
- name: Cache scala dependencies
uses: coursier/cache-action@v6
- name: Install libuv
run: sudo apt-get update && sudo apt-get install -y libuv1-dev
- name: Restore Scala 2.12 JVM Build Output From Cache
uses: actions/cache/restore@v4
with:
path: |
out/morphir/2.12.20/**/jvm/
out/morphir/build/
key: ${{ runner.os }}-mill-jvm-11-2.12.20-${{ github.sha }}-${{ hashFiles('out') }}
restore-keys: ${{ runner.os }}-mill-jvm-11-2.12.20-${{ github.sha }}-
- name: Restore Scala 2.13 JVM Build Output From Cache
uses: actions/cache/restore@v4
with:
path: |
out/morphir/2.13.15/**/jvm/
out/morphir/build/
key: ${{ runner.os }}-mill-jvm-11-2.13.15-${{ github.sha }}-${{ hashFiles('out') }}
restore-keys: ${{ runner.os }}-mill-jvm-11-2.13.15-${{ github.sha }}-
- name: Restore Scala 3.3 JVM Build Output From Cache
uses: actions/cache/restore@v4
with:
path: |
out/morphir/3.3.4/**/jvm/
key: ${{ runner.os }}-mill-jvm-11-3.3.4-${{ github.sha }}-${{ hashFiles('out') }}
restore-keys: ${{ runner.os }}-mill-jvm-11-3.3.4-${{ github.sha }}-
- name: Restore Scala 2.12 JS Build Output From Cache
uses: actions/cache/restore@v4
with:
path: |
out/morphir/2.12.20/**/js/
key: ${{ runner.os }}-mill-js-11-2.12.20-${{ github.sha }}-${{ hashFiles('out') }}
restore-keys: ${{ runner.os }}-mill-js-11-2.12.20-${{ github.sha }}-
- name: Restore Scala 2.13 JS Build Output From Cache
uses: actions/cache/restore@v4
with:
path: |
out/morphir/2.13.15/**/js/
key: ${{ runner.os }}-mill-js-11-2.13.15-${{ github.sha }}-${{ hashFiles('out') }}
restore-keys: ${{ runner.os }}-mill-js-11-2.13.15-${{ github.sha }}-
- name: Restore Scala 3.3 JS Build Output From Cache
uses: actions/cache/restore@v4
with:
path: |
out/morphir/3.3.4/**/js/
key: ${{ runner.os }}-mill-js-11-3.3.4-${{ github.sha }}-${{ hashFiles('out') }}
restore-keys: ${{ runner.os }}-mill-js-11-3.3.4-${{ github.sha }}-
- name: Restore Scala 2.12 Native Build Output From Cache
uses: actions/cache/restore@v4
with:
path: |
out/morphir/2.12.20/**/native/
key: ${{ runner.os }}-mill-native-11-2.12.20-${{ github.sha }}-${{ hashFiles('out') }}
restore-keys: ${{ runner.os }}-mill-native-11-2.12.20-${{ github.sha }}-
- name: Restore Scala 2.13 Native Build Output From Cache
uses: actions/cache/restore@v4
with:
path: |
out/morphir/2.13.15/**/native/
key: ${{ runner.os }}-mill-native-11-2.13.15-${{ github.sha }}-${{ hashFiles('out') }}
restore-keys: ${{ runner.os }}-mill-native-11-2.13.15-${{ github.sha }}-
- name: Restore Scala 3.3 Native Build Output From Cache
uses: actions/cache/restore@v4
with:
path: |
out/morphir/3.3.4/**/native/
key: ${{ runner.os }}-mill-native-11-3.3.4-${{ github.sha }}-${{ hashFiles('out') }}
restore-keys: ${{ runner.os }}-mill-native-11-3.3.4-${{ github.sha }}-
- name: Publish artifacts to Sonatype
run: ./mill -i -j 0 mill.scalalib.PublishModule/
ci:
runs-on: ubuntu-latest
needs: [test-jvm, test-js, test-native]
steps:
- name: Aggregate of lint, and all tests
run: echo "ci passed"