Initial defaults work #2164
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
env: | |
JDK_JAVA_OPTIONS: -XX:+PrintCommandLineFlags -Xss10M # JDK_JAVA_OPTIONS is _the_ env. variable to use for modern Java | |
JVM_OPTS: -XX:+PrintCommandLineFlags -Xss10M # for Java 8 only (sadly, it is not modern enough for JDK_JAVA_OPTIONS) | |
SonatypeUrl: "https://finos.sonatype.app/platform/" | |
SonatypeAppId: morphir-scala | |
SonatypeStage: "build" | |
SonatypeScanTarget: "." # depCache/coursier/v1/https/repo1.maven.org/maven2/ | |
ExcludeDirectory: " -D fileExcludes='*.class, **/website/, **/docs/, **/.*' " | |
on: | |
pull_request: | |
push: | |
branches: ["main", "0.4.x"] | |
release: | |
types: | |
- published | |
workflow_dispatch: | |
# cancel older runs of a pull request; | |
# this will not cancel anything for normal git pushes | |
concurrency: | |
group: cancel-old-pr-runs-${{ github.workflow }}-${{ github.head_ref || github.run_id }} | |
cancel-in-progress: true | |
jobs: | |
lint: | |
runs-on: ubuntu-latest | |
timeout-minutes: 30 | |
steps: | |
- name: Checkout current branch | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Setup Scala and Java | |
uses: actions/setup-java@v4 | |
with: | |
distribution: "temurin" | |
java-version: "17" | |
- name: Cache scala dependencies | |
uses: coursier/cache-action@v6 | |
- name: Setup proto and moon toolchains | |
uses: moonrepo/setup-toolchain@v0.3.1 | |
with: | |
auto-install: true | |
- name: Install tooling | |
run: | | |
./build.sh install | |
- name: Lint code | |
run: ./build.sh lint | |
test-js: | |
runs-on: ubuntu-latest | |
timeout-minutes: 30 | |
strategy: | |
fail-fast: false | |
matrix: | |
java: ["11"] # Note there is no need ro actually run this for multiple JVM versions for JS | |
scala: ["3.3.3"] | |
steps: | |
- name: Checkout current branch | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Setup Node.js | |
uses: actions/setup-node@v4 | |
with: | |
node-version-file: ".nvmrc" | |
- name: Install morphir-elm | |
run: | | |
npm install -g morphir-elm | |
- name: Setup Scala and Java | |
uses: actions/setup-java@v4 | |
with: | |
distribution: "temurin" | |
java-version: ${{ matrix.java }} | |
- name: Cache scala dependencies | |
uses: coursier/cache-action@v6 | |
- name: Run JS tests | |
run: | | |
./mill -i -k -j 0 "morphir[${{matrix.scala}}].__.js.__.compile" + "morphir[${{matrix.scala}}].__.js.publishArtifacts" + "morphir[${{matrix.scala}}].__.js.__.test" | |
- name: Cache JS build output | |
# when in master repo: all commits to main branch and all additional tags | |
if: (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/0.4.x') || ((github.ref != 'refs/heads/main' && github.ref != 'refs/heads/0.4.x') && startsWith( github.ref, 'refs/tags/') ) | |
uses: actions/cache/save@v4 | |
with: | |
path: | | |
out/morphir/${{matrix.scala}}/**/js/ | |
key: ${{ runner.os }}-mill-js-${{matrix.java}}-${{ matrix.scala }}-${{ github.sha}}-${{ hashFiles('out') }} | |
test-jvm: | |
runs-on: ubuntu-latest | |
timeout-minutes: 30 | |
strategy: | |
fail-fast: false | |
matrix: | |
java: ["11", "17"] | |
scala: ["3.3.3"] | |
steps: | |
- name: Checkout current branch | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Setup Node.js | |
uses: actions/setup-node@v4 | |
with: | |
node-version-file: ".nvmrc" | |
- name: Install morphir-elm | |
run: | | |
npm install -g morphir-elm | |
- name: Setup Scala and Java | |
uses: actions/setup-java@v4 | |
with: | |
distribution: "temurin" | |
java-version: ${{ matrix.java }} | |
- name: Cache scala dependencies | |
uses: coursier/cache-action@v6 | |
- name: Setup proto and moon toolchains | |
uses: moonrepo/setup-toolchain@v0.3.1 | |
with: | |
auto-install: true | |
- name: Install tooling | |
run: | | |
./build.sh install | |
- name: Make Morphir IR | |
run: | | |
./build.sh run :morphir-elm-build | |
- name: Run JVM tests | |
run: | | |
./build.sh --scala-version ${{matrix.scala}} test-jvm | |
- name: Cache JVM build output | |
# when in master repo: all commits to main branch and all additional tags | |
if: (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/0.4.x') || ((github.ref != 'refs/heads/main' && github.ref != 'refs/heads/0.4.x') && startsWith( github.ref, 'refs/tags/') ) | |
uses: actions/cache/save@v4 | |
with: | |
path: | | |
out/morphir/${{matrix.scala}}/**/jvm/ | |
out/morphir/build/ | |
key: ${{ runner.os }}-mill-jvm-${{matrix.java}}-${{ matrix.scala }}-${{ github.sha }}-${{ hashFiles('out') }} | |
############### SONATYPE SCAN ############### | |
sonatype-scan: | |
if: github.repository_owner == 'finos' | |
needs: [ci] | |
runs-on: ubuntu-latest | |
steps: | |
- name: Cache scala dependencies | |
uses: coursier/cache-action@v6 | |
- name: Get OUT cache | |
uses: actions/cache/restore@v4 | |
with: | |
path: out/ | |
key: ${{ runner.os }}-* | |
- name: Copy Cache for SCA Scan | |
run: | | |
mkdir depCache/ #Create local copy of cache for Sonatype Scanner | |
cp -r /home/runner/.cache/coursier/ depCache/ | |
# - name: Save resolvedIvyDeps.json | |
# run: ./mill show __.resolvedIvyDeps > depCache/resolvedIvyDeps.json | |
# - name: Upload Dependency Cache (optional) | |
# uses: actions/upload-artifact@v4 | |
# with: | |
# name: Dependency Cache | |
# path: depCache/ | |
- name: Sonatype Lifecycle SCA Scan | |
uses: sonatype-nexus-community/iq-github-action@main | |
with: | |
username: ${{ secrets.SONATYPE_USER }} | |
password: ${{ secrets.SONATYPE_PASSWORD }} | |
serverUrl: ${{ env.SonatypeUrl }} | |
applicationId: ${{ env.SonatypeAppId }} | |
stage: ${{ env.SonatypeStage }} | |
target: ${{ env.SonatypeScanTarget }} ${{ env.ExcludeDirectory }} | |
- name: Retrieve Sonatype SBOM (SPDX) | |
if: always() | |
run: | | |
mkdir reports/ | |
iqCredentials="${{ secrets.SONATYPE_USER }}:${{ secrets.SONATYPE_PASSWORD }}" | |
echo 'Get internal app ID for public ID: '$SonatypeAppId | |
res=$(curl -u $iqCredentials --location $SonatypeUrl'api/v2/applications?publicId='$SonatypeAppId) | |
IFS='"' read -a array <<< "$res" | |
echo 'Internal app ID: '${array[5]} | |
internalID=${array[5]} | |
curl -u $iqCredentials --location $SonatypeUrl'api/v2/spdx/'$internalID'/stages/'$SonatypeStage -H 'Accept: application/xml' > reports/$SonatypeAppId.spdx.json | |
echo 'Sonatype SBOM (SPDX): ' | |
cat reports/$SonatypeAppId.spdx.json | |
- name: Upload Sonatype SBOM (SPDX) | |
if: always() | |
uses: actions/upload-artifact@v4 | |
with: | |
name: ${{ env.SonatypeAppId }} Sonatype SBOM (SPDX) | |
path: reports/ | |
############################################# | |
publish: | |
# when in master repo: all commits to main branch and all additional tags | |
if: github.repository == 'finos/morphir-scala' && ( github.ref == 'refs/heads/main' || github.ref == 'refs/head/0.4.x' || (github.ref != 'refs/heads/main' && github.ref != 'refs/heads/0.4.x' && startsWith( github.ref, 'refs/tags/') ) ) | |
needs: [ci] | |
runs-on: ubuntu-latest | |
# only run one publish job for the same sha at the same time | |
# e.g. when a main-branch push is also tagged | |
concurrency: publish-sonatype-${{ github.sha }} | |
env: | |
PGP_PASSPHRASE: ${{ secrets.PGP_PASSPHRASE }} | |
PGP_SECRET: ${{ secrets.PGP_SECRET_BASE64 }} | |
SONATYPE_PASSWORD: ${{ secrets.ORG_MORPHIR_MAVEN_DEPLOY_PASSWORD }} | |
SONATYPE_USERNAME: ${{ secrets.ORG_MORPHIR_MAVEN_DEPLOY_USERNAME }} | |
PUBLISH_AS_SNAPSHOT: true | |
LANG: "en_US.UTF-8" | |
LC_MESSAGES: "en_US.UTF-8" | |
LC_ALL: "en_US.UTF-8" | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Setup Node.js | |
uses: actions/setup-node@v4 | |
with: | |
node-version-file: ".nvmrc" | |
- name: Install morphir-elm | |
run: | | |
npm install -g morphir-elm | |
- uses: actions/setup-java@v4 | |
with: | |
java-version: "11" | |
distribution: temurin | |
- name: Cache scala dependencies | |
uses: coursier/cache-action@v6 | |
- name: Install libuv | |
run: sudo apt-get update && sudo apt-get install -y libuv1-dev | |
- name: Restore Scala 3.3 JVM Build Output From Cache | |
uses: actions/cache/restore@v4 | |
with: | |
path: | | |
out/morphir/3.3.3/**/jvm/ | |
key: ${{ runner.os }}-mill-jvm-11-3.3.3-${{ github.sha }}-${{ hashFiles('out') }} | |
restore-keys: ${{ runner.os }}-mill-jvm-11-3.3.3-${{ github.sha }}- | |
- name: Restore Scala 3.3 JS Build Output From Cache | |
uses: actions/cache/restore@v4 | |
with: | |
path: | | |
out/morphir/3.3.3/**/js/ | |
key: ${{ runner.os }}-mill-js-11-3.3.3-${{ github.sha }}-${{ hashFiles('out') }} | |
restore-keys: ${{ runner.os }}-mill-js-11-3.3.3-${{ github.sha }}- | |
- name: Setup GPG | |
run: .github/scripts/gpg-setup.sh | |
- name: Wrap GPG binary | |
run: .github/scripts/wrap-gpg.sh | |
- name: Release | |
run: ./mill -i ci.publishSonatype __.publishArtifacts | |
ci: | |
runs-on: ubuntu-latest | |
needs: [lint, test-js, test-jvm] | |
steps: | |
- name: Aggregate of lint, and all tests | |
run: echo "ci passed" |