Ensure we restore the capability to publish Snapshot versions #64
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "CI/CD" | |
on: | |
pull_request: | |
push: | |
branches: [main] | |
tags: | |
- "v*.*.*" | |
release: | |
types: | |
- published | |
workflow_dispatch: | |
env: | |
JDK_JAVA_OPTIONS: -XX:+PrintCommandLineFlags -Xss10M # JDK_JAVA_OPTIONS is _the_ env. variable to use for modern Java | |
JVM_OPTS: -XX:+PrintCommandLineFlags -Xss10M # for Java 8 only (sadly, it is not modern enough for JDK_JAVA_OPTIONS) | |
scala_212_version: "2.12.20" | |
scala_213_version: "2.13.15" | |
scala_3_version: "3.3.4" | |
SonatypeUrl: "https://finos.sonatype.app/platform/" | |
SonatypeAppId: morphir-jvm | |
SonatypeStage: "build" | |
SonatypeScanTarget: "." # depCache/coursier/v1/https/repo1.maven.org/maven2/ | |
ExcludeDirectory: " -D fileExcludes='*.class, **/website/, **/docs/, **/.*, **/*mill*.jar' " | |
# Build support Test: 002 | |
# cancel older runs of a pull request; | |
# this will not cancel anything for normal git pushes | |
concurrency: | |
group: cancel-old-pr-runs-${{ github.workflow }}-${{ github.head_ref || github.run_id }} | |
cancel-in-progress: true | |
jobs: | |
test-jvm: | |
runs-on: ubuntu-latest | |
timeout-minutes: 30 | |
strategy: | |
fail-fast: false | |
matrix: | |
java: ["11", "17"] | |
scala: ["2.12.20", "2.13.15", "3.3.4"] | |
steps: | |
- name: Checkout current branch | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Setup Scala and Java | |
uses: actions/setup-java@v4 | |
with: | |
distribution: "temurin" | |
java-version: ${{ matrix.java }} | |
- name: Cache scala dependencies | |
uses: coursier/cache-action@v6 | |
- name: Run JVM tests | |
run: | | |
./mill -i -k -j 0 "morphir[${{matrix.scala}}].__.jvm.__.compile" + "morphir[${{matrix.scala}}].__.jvm.publishArtifacts" + "morphir[${{matrix.scala}}].__.jvm.__.test" | |
- name: Lint Scala (JVM) | |
run: ./mill -i -k -j 0 "morphir[${{matrix.scala}}].__.jvm.__.checkFormat" | |
- name: Cache JVM build output | |
# when in master repo: all commits to main branch and all additional tags | |
if: github.ref == 'refs/heads/main' || (github.ref != 'refs/heads/main' && startsWith( github.ref, 'refs/tags/') ) | |
uses: actions/cache/save@v4 | |
with: | |
path: | | |
out/morphir/${{matrix.scala}}/**/jvm/ | |
out/morphir/build/ | |
key: ${{ runner.os }}-mill-jvm-${{matrix.java}}-${{ matrix.scala }}-${{ github.sha }}-${{ hashFiles('out') }} | |
test-js: | |
runs-on: ubuntu-latest | |
timeout-minutes: 30 | |
strategy: | |
fail-fast: false | |
matrix: | |
java: ["17"] # Note there is no need ro actually run this for multiple JVM versions for JS | |
scala: ["2.12.20", "2.13.15", "3.3.4"] | |
steps: | |
- name: Checkout current branch | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Setup Scala and Java | |
uses: actions/setup-java@v4 | |
with: | |
distribution: "temurin" | |
java-version: ${{ matrix.java }} | |
- name: Cache scala dependencies | |
uses: coursier/cache-action@v6 | |
- name: Run JS tests | |
run: | | |
./mill -i -k -j 0 "morphir[${{matrix.scala}}].__.js.__.compile" + "morphir[${{matrix.scala}}].__.js.publishArtifacts" + "morphir[${{matrix.scala}}].__.js.__.test" | |
- name: Lint ScalaJS | |
run: ./mill -i -k -j 0 "morphir[${{matrix.scala}}].__.js.__.checkFormat" | |
- name: Cache JS build output | |
# when in master repo: all commits to main branch and all additional tags | |
if: github.ref == 'refs/heads/main' || (github.ref != 'refs/heads/main' && startsWith( github.ref, 'refs/tags/') ) | |
uses: actions/cache/save@v4 | |
with: | |
path: | | |
out/morphir/${{matrix.scala}}/**/js/ | |
key: ${{ runner.os }}-mill-js-${{matrix.java}}-${{ matrix.scala }}-${{ github.sha}}-${{ hashFiles('out') }} | |
test-native: | |
runs-on: ubuntu-latest | |
timeout-minutes: 30 | |
strategy: | |
fail-fast: false | |
matrix: | |
java: ["11"] # Note there is no need ro actually run this for multiple JVM versions for native | |
scala: ["2.12.20", "2.13.15", "3.3.4"] | |
steps: | |
- name: Checkout current branch | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Install libuv | |
run: sudo apt-get update && sudo apt-get install -y libuv1-dev | |
- name: Set up Clang | |
uses: egor-tensin/setup-clang@v1 | |
with: | |
version: latest | |
platform: x64 | |
- name: Setup Scala and Java | |
uses: actions/setup-java@v4 | |
with: | |
distribution: "temurin" | |
java-version: ${{ matrix.java }} | |
- name: Run Native tests | |
run: | | |
./mill -i -k -j 0 "morphir[${{matrix.scala}}].__.native.__.compile" + "morphir[${{matrix.scala}}].__.native.publishArtifacts" + "morphir[${{matrix.scala}}].__.native.__.test" | |
- name: Lint ScalaNative | |
run: ./mill -i -k -j 0 "morphir[${{matrix.scala}}].__.native.__.checkFormat" | |
- name: Cache Native build output | |
# when in master repo: all commits to main branch and all additional tags | |
if: github.ref == 'refs/heads/main' || (github.ref != 'refs/heads/main' && startsWith( github.ref, 'refs/tags/') ) | |
uses: actions/cache/save@v4 | |
with: | |
path: | | |
out/morphir/${{matrix.scala}}/**/native/ | |
key: ${{ runner.os }}-mill-native-${{matrix.java}}-${{ matrix.scala }}-${{ github.sha }}-${{ hashFiles('out') }} | |
############### SONATYPE SCAN ############### | |
sonatype-scan: | |
if: github.repository_owner == 'finos' | |
needs: [ci] | |
runs-on: ubuntu-latest | |
steps: | |
- name: Cache scala dependencies | |
uses: coursier/cache-action@v6 | |
- name: Get OUT cache | |
uses: actions/cache/restore@v4 | |
with: | |
path: out/ | |
key: ${{ runner.os }}-* | |
- name: Copy Cache for SCA Scan | |
run: | | |
mkdir depCache/ #Create local copy of cache for Sonatype Scanner | |
cp -r /home/runner/.cache/coursier/ depCache/ | |
# - name: Save resolvedIvyDeps.json | |
# run: ./mill show __.resolvedIvyDeps > depCache/resolvedIvyDeps.json | |
# - name: Upload Dependency Cache (optional) | |
# uses: actions/upload-artifact@v4 | |
# with: | |
# name: Dependency Cache | |
# path: depCache/ | |
- name: Sonatype Lifecycle SCA Scan | |
uses: sonatype-nexus-community/iq-github-action@main | |
with: | |
username: ${{ secrets.SONATYPE_SCANNER_USERNAME }} | |
password: ${{ secrets.SONATYPE_SCANNER_PASSWORD }} | |
serverUrl: ${{ env.SonatypeUrl }} | |
applicationId: ${{ env.SonatypeAppId }} | |
stage: ${{ env.SonatypeStage }} | |
target: ${{ env.SonatypeScanTarget }} ${{ env.ExcludeDirectory }} | |
- name: Retrieve Sonatype SBOM (SPDX) | |
if: always() | |
run: | | |
mkdir reports/ | |
iqCredentials="${{ secrets.SONATYPE_SCANNER_USERNAME }}:${{ secrets.SONATYPE_SCANNER_PASSWORD }}" | |
echo 'Get internal app ID for public ID: '$SonatypeAppId | |
res=$(curl -u $iqCredentials --location $SonatypeUrl'api/v2/applications?publicId='$SonatypeAppId) | |
IFS='"' read -a array <<< "$res" | |
echo 'Internal app ID: '${array[5]} | |
internalID=${array[5]} | |
curl -u $iqCredentials --location $SonatypeUrl'api/v2/spdx/'$internalID'/stages/'$SonatypeStage -H 'Accept: application/xml' > reports/$SonatypeAppId.spdx.json | |
echo 'Sonatype SBOM (SPDX): ' | |
cat reports/$SonatypeAppId.spdx.json | |
- name: Upload Sonatype SBOM (SPDX) | |
if: always() | |
uses: actions/upload-artifact@v4 | |
with: | |
name: ${{ env.SonatypeAppId }} Sonatype SBOM (SPDX) | |
path: reports/ | |
############################################# | |
cd: | |
needs: [sonatype-scan, ci] | |
runs-on: ubuntu-latest | |
# when in primary repo: all commits to main branch and all additional tags | |
if: github.repository == 'finos/morphir-jvm' && ( github.ref == 'refs/heads/main' || (github.ref != 'refs/heads/main' && startsWith( github.ref, 'refs/tags/') ) ) | |
# only run one publish job for the same sha at the same time | |
# e.g. when a main-branch push is also tagged | |
concurrency: | |
group: ${{ github.workflow}}-publish-${{ github.sha }} | |
env: | |
MILL_PGP_PASSPHRASE: ${{ secrets.PGP_PASSPHRASE }} | |
MILL_PGP_SECRET_BASE64: ${{ secrets.PGP_SECRET_BASE64 }} | |
MILL_SONATYPE_PASSWORD: ${{ secrets.SONATYPE_PASSWORD }} | |
MILL_SONATYPE_USERNAME: ${{ secrets.SONATYPE_USERNAME }} | |
PUBLISH_AS_SNAPSHOT: ${{ github.event_name != 'release' && !startsWith(github.ref, 'refs/tags/') }} | |
LANG: "en_US.UTF-8" | |
LC_MESSAGES: "en_US.UTF-8" | |
LC_ALL: "en_US.UTF-8" | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- uses: actions/setup-java@v4 | |
with: | |
java-version: "11" | |
distribution: temurin | |
- name: Cache scala dependencies | |
uses: coursier/cache-action@v6 | |
- name: Install libuv | |
run: sudo apt-get update && sudo apt-get install -y libuv1-dev | |
- name: Restore Scala 2.12 JVM Build Output From Cache | |
uses: actions/cache/restore@v4 | |
with: | |
path: | | |
out/morphir/2.12.20/**/jvm/ | |
out/morphir/build/ | |
key: ${{ runner.os }}-mill-jvm-11-2.12.20-${{ github.sha }}-${{ hashFiles('out') }} | |
restore-keys: ${{ runner.os }}-mill-jvm-11-2.12.20-${{ github.sha }}- | |
- name: Restore Scala 2.13 JVM Build Output From Cache | |
uses: actions/cache/restore@v4 | |
with: | |
path: | | |
out/morphir/2.13.15/**/jvm/ | |
out/morphir/build/ | |
key: ${{ runner.os }}-mill-jvm-11-2.13.15-${{ github.sha }}-${{ hashFiles('out') }} | |
restore-keys: ${{ runner.os }}-mill-jvm-11-2.13.15-${{ github.sha }}- | |
- name: Restore Scala 3.3 JVM Build Output From Cache | |
uses: actions/cache/restore@v4 | |
with: | |
path: | | |
out/morphir/3.3.4/**/jvm/ | |
key: ${{ runner.os }}-mill-jvm-11-3.3.4-${{ github.sha }}-${{ hashFiles('out') }} | |
restore-keys: ${{ runner.os }}-mill-jvm-11-3.3.4-${{ github.sha }}- | |
- name: Restore Scala 2.12 JS Build Output From Cache | |
uses: actions/cache/restore@v4 | |
with: | |
path: | | |
out/morphir/2.12.20/**/js/ | |
key: ${{ runner.os }}-mill-js-11-2.12.20-${{ github.sha }}-${{ hashFiles('out') }} | |
restore-keys: ${{ runner.os }}-mill-js-11-2.12.20-${{ github.sha }}- | |
- name: Restore Scala 2.13 JS Build Output From Cache | |
uses: actions/cache/restore@v4 | |
with: | |
path: | | |
out/morphir/2.13.15/**/js/ | |
key: ${{ runner.os }}-mill-js-11-2.13.15-${{ github.sha }}-${{ hashFiles('out') }} | |
restore-keys: ${{ runner.os }}-mill-js-11-2.13.15-${{ github.sha }}- | |
- name: Restore Scala 3.3 JS Build Output From Cache | |
uses: actions/cache/restore@v4 | |
with: | |
path: | | |
out/morphir/3.3.4/**/js/ | |
key: ${{ runner.os }}-mill-js-11-3.3.4-${{ github.sha }}-${{ hashFiles('out') }} | |
restore-keys: ${{ runner.os }}-mill-js-11-3.3.4-${{ github.sha }}- | |
- name: Restore Scala 2.12 Native Build Output From Cache | |
uses: actions/cache/restore@v4 | |
with: | |
path: | | |
out/morphir/2.12.20/**/native/ | |
key: ${{ runner.os }}-mill-native-11-2.12.20-${{ github.sha }}-${{ hashFiles('out') }} | |
restore-keys: ${{ runner.os }}-mill-native-11-2.12.20-${{ github.sha }}- | |
- name: Restore Scala 2.13 Native Build Output From Cache | |
uses: actions/cache/restore@v4 | |
with: | |
path: | | |
out/morphir/2.13.15/**/native/ | |
key: ${{ runner.os }}-mill-native-11-2.13.15-${{ github.sha }}-${{ hashFiles('out') }} | |
restore-keys: ${{ runner.os }}-mill-native-11-2.13.15-${{ github.sha }}- | |
- name: Restore Scala 3.3 Native Build Output From Cache | |
uses: actions/cache/restore@v4 | |
with: | |
path: | | |
out/morphir/3.3.4/**/native/ | |
key: ${{ runner.os }}-mill-native-11-3.3.4-${{ github.sha }}-${{ hashFiles('out') }} | |
restore-keys: ${{ runner.os }}-mill-native-11-3.3.4-${{ github.sha }}- | |
- name: Publish artifacts to Sonatype | |
run: ./mill -i -j 0 mill.scalalib.PublishModule/ | |
ci: | |
runs-on: ubuntu-latest | |
needs: [test-jvm, test-js, test-native] | |
steps: | |
- name: Aggregate of lint, and all tests | |
run: echo "ci passed" |