GitHub Actions: Switch to new Build + SonarCloud workflows

Based on craftaro/GH-Commons These new workflows bring a lot of nice things - For example: * signed jars * Auto-Deploy to Maven Repo * Using songoda.sprax.dev/repo/ as proxy for most repos/dependencies * ...
2025-02-19 21:11:46 +01:00 · 2023-05-18 11:55:12 +02:00 · 2023-05-18 11:55:12 +02:00 · 70741c3f7e
commit 70741c3f7e
parent d312c6c578
4 changed files with 120 additions and 101 deletions
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@ -0,0 +1,77 @@
+name: Build
+
+on:
+  push:
+    branches: [ master, development ]
+    tags:
+      - 'v*'
+  pull_request:
+    types: [ opened, synchronize, reopened ]
+
+permissions: read-all
+
+env:
+  DEPLOYMENT_POM_PATH: ./dependency-reduced-pom.xml
+  DEPLOYMENT_ARTIFACT_DIR: ./target
+  DEPLOYMENT_ARTIFACT_SELECTOR: EpicAnchors-*.jar
+
+jobs:
+  Build:
+    name: Build + Deploy
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v3
+      - name: Prepare Workspace
+        uses: craftaro/GH-Commons/.github/actions/setup_workspace@master
+        with:
+          maven_username: ${{ secrets.MAVEN_REPO_USERNAME }}
+          maven_password: ${{ secrets.MAVEN_REPO_PASSWORD }}
+
+      - name: Set project version
+        uses: craftaro/GH-Commons/.github/actions/maven_set_project_version@master
+        with:
+          append_snapshot: ${{ github.ref_type == 'tag' && 'false' || 'true' }}
+          version: ${{ github.ref_type == 'tag' && github.ref_name || '' }}
+          increment_version: ${{ github.ref_type == 'tag' && '' || 'patch' }}
+
+      - name: Build with Maven
+        run: mvn -B -Duser.name="GitHub Actions on $GITHUB_REPOSITORY (id=$GITHUB_RUN_ID)" -DskipTests clean package
+
+      - name: Sign jar archives
+        uses: craftaro/GH-Commons/.github/actions/sign_jars@master
+        with:
+          jar_file_selector: ${{ env.DEPLOYMENT_ARTIFACT_DIR }}/${{ env.DEPLOYMENT_ARTIFACT_SELECTOR }}
+          keystore_gpg_encrypted: ${{ secrets.JARSIGNER_KEYSTORE_ENCRYPTED }}
+          keystore_gpg_password: ${{ secrets.JARSIGNER_KEYSTORE_ENCRYPTED_PASSWORD }}
+          keystore_password: ${{ secrets.JARSIGNER_KEYSTORE_PASSWORD }}
+
+      - name: Upload Build Artifacts
+        uses: actions/upload-artifact@v3
+        with:
+          name: ${{ github.event.repository.name }}
+          path: ${{ env.DEPLOYMENT_ARTIFACT_DIR }}/${{ env.DEPLOYMENT_ARTIFACT_SELECTOR }}
+
+      - name: Deploy to Maven repo
+        if: ${{ github.event_name == 'push' }}
+        uses: craftaro/GH-Commons/.github/actions/maven_deploy@master
+        with:
+          repository_url: ${{ secrets.MAVEN_REPO_URL_RELEASES }}
+          repository_url_snapshots: ${{ secrets.MAVEN_REPO_URL_SNAPSHOTS }}
+          maven_pom_path: ${{ env.DEPLOYMENT_POM_PATH }}
+          maven_out_dir: ${{ env.DEPLOYMENT_ARTIFACT_DIR }}
+
+  discord_webhook:
+    name: Send Discord Webhook
+    runs-on: ubuntu-latest
+
+    needs: [ Build ]
+    if: ${{ always() && (github.ref == 'refs/heads/master' || github.ref == 'refs/heads/development' || github.ref_type == 'tag') }}
+
+    steps:
+      - uses: actions/checkout@v3
+      - name: Notify Webhook
+        uses: craftaro/GH-Commons/.github/actions/discord_send_job_results@master
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          webhook_url: ${{ secrets.DISCORD_BUILD_STATUS_WEBHOOK }}
--- a/.github/workflows/maven.yml
+++ b/.github/workflows/maven.yml
@ -1,96 +0,0 @@
-name: 'Build & Test'
-
-on:
-  push:
-    branches: [ master, development ]
-  pull_request:
-    types: [ opened, synchronize, reopened ]
-
-jobs:
-  build:
-    name: Build
-    runs-on: ubuntu-latest
-    steps:
-      # Setup Java
-      - uses: actions/setup-java@v3
-        with:
-          java-version: 16
-          distribution: adopt
-
-      # Checkout project files
-      - uses: actions/checkout@v3
-
-      # Caches
-      - name: 'Cache: Maven'
-        uses: actions/cache@v3
-        with:
-          path: ~/.m2/repository
-          key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
-          restore-keys: ${{ runner.os }}-maven-
-
-      # Build project
-      - name: Build with Maven
-        run: 'mvn -B -Duser.name="GitHub Runner on $GITHUB_REPOSITORY (id=$GITHUB_RUN_ID)" clean package'
-
-      # Upload build artifacts
-      - name: 'Upload Build Artifact: EpicAnchors-*.jar'
-        uses: actions/upload-artifact@v3
-        with:
-          name: EpicAnchors-artifacts
-          path: ./target/EpicAnchors-*.jar
-
-      ##
-      # Discord Webhook
-      # TODO: Extract into external Action for better re-usability (and readability) [Copied SongodaCore]
-      ##
-      - name: 'Discord Webhook (Success)'
-        if: ${{ success() && (github.ref == 'refs/heads/master' || github.ref == 'refs/heads/development') }}
-        continue-on-error: true
-        run: |
-          curl -X POST --data "{\"content\":null,\"embeds\":[{\"title\":\"Build succeeded!\",\"description\":\"The build with the ID #$GITHUB_RUN_NUMBER has succeeded!\",\"url\":\"$GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID\",\"color\":5490477,\"fields\":[{\"name\":\"Branch\",\"value\":\"$GITHUB_REF\",\"inline\":true}],\"author\":{\"name\":\"$GITHUB_REPOSITORY\",\"url\":\"$GITHUB_SERVER_URL/$GITHUB_REPOSITORY\",\"icon_url\":\"$GITHUB_SERVER_URL/songoda.png\"},\"footer\":{\"text\":\"Initiated by $GITHUB_ACTOR\",\"icon_url\":\"$GITHUB_SERVER_URL/$GITHUB_ACTOR.png\"}}],\"username\":\"OctoAgent\",\"avatar_url\":\"https://github.githubassets.com/images/modules/logos_page/Octocat.png\"}" --header 'Content-Type: application/json' $DISCORD_WEBHOOK
-        env:
-          DISCORD_WEBHOOK: ${{ secrets.DISCORD_BUILD_STATUS_WEBHOOK }}
-      - name: 'Discord Webhook (Failure)'
-        if: ${{ failure() && (github.ref == 'refs/heads/master' || github.ref == 'refs/heads/development') }}
-        continue-on-error: true
-        run: |
-          curl -X POST --data "{\"content\":null,\"embeds\":[{\"title\":\"Build failed!\",\"description\":\"The build with the ID #$GITHUB_RUN_NUMBER has failed!\",\"url\":\"$GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID\",\"color\":15611419,\"fields\":[{\"name\":\"Branch\",\"value\":\"$GITHUB_REF\",\"inline\":true}],\"author\":{\"name\":\"$GITHUB_REPOSITORY\",\"url\":\"$GITHUB_SERVER_URL/$GITHUB_REPOSITORY\",\"icon_url\":\"$GITHUB_SERVER_URL/songoda.png\"},\"footer\":{\"text\":\"Initiated by $GITHUB_ACTOR\",\"icon_url\":\"$GITHUB_SERVER_URL/$GITHUB_ACTOR.png\"}}],\"username\":\"OctoAgent\",\"avatar_url\":\"https://github.githubassets.com/images/modules/logos_page/Octocat.png\"}" --header "Content-Type:application/json" $DISCORD_WEBHOOK
-        env:
-          DISCORD_WEBHOOK: ${{ secrets.DISCORD_BUILD_STATUS_WEBHOOK }}
-
-
-  sonarcloud:
-    name: SonarCloud
-    runs-on: ubuntu-latest
-    steps:
-      # Setup Java
-      - uses: actions/setup-java@v3
-        with:
-          java-version: 11
-          distribution: adopt
-
-      # Checkout project files
-      - uses: actions/checkout@v3
-        with:
-          fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
-
-      # Caches
-      - name: 'Cache: Maven'
-        uses: actions/cache@v3
-        with:
-          path: ~/.m2/repository
-          key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
-          restore-keys: ${{ runner.os }}-maven-
-      - name: 'Cache: SonarCloud'
-        uses: actions/cache@v3
-        with:
-          path: ~/.sonar/cache
-          key: ${{ runner.os }}-sonar
-          restore-keys: ${{ runner.os }}-sonar
-
-      # SonarCloud static analysis
-      - name: SonarCloud
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}  # Needed to get PR information, if any
-          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-        run: mvn -B verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar
--- a/.github/workflows/sonarcloud.yml
+++ b/.github/workflows/sonarcloud.yml
@ -0,0 +1,42 @@
+name: SonarCloud
+
+on:
+  push:
+    branches: [ master, development ]
+  workflow_dispatch:
+
+permissions: read-all
+
+env:
+  SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+  SONAR_ORGANIZATION: craftaro
+  SONAR_PROJECT_KEY: craftaro_EpicAnchors
+
+jobs:
+  Analyze:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: Prepare Workspace
+        uses: craftaro/GH-Commons/.github/actions/setup_workspace@master
+
+      - name: 'Cache: SonarCloud'
+        uses: actions/cache@v3
+        with:
+          path: ~/.sonar/cache
+          key: ${{ runner.os }}-sonar
+
+      - name: Analyze project
+        run: >
+          mvn -B \
+            verify \
+            org.sonarsource.scanner.maven:sonar-maven-plugin:sonar \
+            -Dsonar.host.url=https://sonarcloud.io \
+            "-Dsonar.organization=$SONAR_ORGANIZATION" \
+            "-Dsonar.projectKey=$SONAR_PROJECT_KEY"
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
--- a/pom.xml
+++ b/pom.xml
@ -18,8 +18,6 @@

        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>

-        <sonar.projectKey>songoda_EpicAnchors</sonar.projectKey>
-        <sonar.organization>songoda</sonar.organization>
        <sonar.host.url>https://sonarcloud.io</sonar.host.url>
        <sonar.moduleKey>${project.groupId}:${project.artifactId}</sonar.moduleKey>
    </properties>
@ -64,8 +62,6 @@

                        <configuration>
                            <finalName>${project.name}-${project.version}</finalName>
-
-                            <createDependencyReducedPom>false</createDependencyReducedPom>
                            <minimizeJar>true</minimizeJar>

                            <relocations>
@ -121,7 +117,7 @@

    <repositories>
        <repository>
-            <id>spigotmc-repo</id>
+            <id>SpigotMC</id>
            <url>https://hub.spigotmc.org/nexus/content/repositories/snapshots/</url>
        </repository>