-
Notifications
You must be signed in to change notification settings - Fork 1.3k
157 lines (150 loc) · 6.16 KB
/
ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
name: CI
on:
pull_request: # all pull requests
push:
branches:
- master
env:
MVN_CMD: ./mvnw --no-transfer-progress -B
jobs:
oracle:
strategy:
matrix:
java: [ '17' ]
runs-on: 'ubuntu-latest'
name: jdk-${{ matrix.java }}-oracle
steps:
- uses: actions/checkout@v4
- name: Set up JDK
uses: oracle-actions/setup-java@v1
with:
release: ${{ matrix.java }}
- name: Install softhsm2
run: sudo apt-get install -y softhsm2
- name: Install opensc
run: sudo apt-get install -y opensc
- name: Ensure SoftHSM user configuration
run: impl/src/test/scripts/softhsm configure
- name: Populate SoftHSM with JJWT test keys
run: impl/src/test/scripts/softhsm import
- name: Build
# run a full build, just as we would for a release (i.e. the `ossrh` profile), but don't use gpg
# to sign artifacts, since we don't want to mess with storing signing credentials in CI:
run: ${{env.MVN_CMD}} verify -Possrh -Dgpg.skip=true
temurin:
strategy:
matrix:
java: [ '8', '11', '17', '18' ]
runs-on: 'ubuntu-latest'
name: jdk-${{ matrix.java }}-temurin
steps:
- uses: actions/checkout@v4
- name: Set up JDK
uses: actions/setup-java@v4
with:
java-version: ${{ matrix.java }}
distribution: 'temurin'
cache: 'maven'
check-latest: true
- name: Install softhsm2
run: sudo apt-get install -y softhsm2
- name: Install opensc
run: sudo apt-get install -y opensc
- name: Ensure SoftHSM user configuration
run: impl/src/test/scripts/softhsm configure
- name: Populate SoftHSM with JJWT test keys
run: impl/src/test/scripts/softhsm import
- name: Build
# run a full build, just as we would for a release (i.e. the `ossrh` profile), but don't use gpg
# to sign artifacts, since we don't want to mess with storing signing credentials in CI:
run: ${{env.MVN_CMD}} verify -Possrh -Dgpg.skip=true
zulu:
strategy:
matrix:
java: [ '7', '8', '9', '11', '12', '13', '14', '15', '16', '17', '18', '21' ]
runs-on: 'ubuntu-latest'
env:
JDK_MAJOR_VERSION: ${{ matrix.java }}
name: jdk-${{ matrix.java }}-zulu
steps:
- uses: actions/checkout@v4
- name: Set up JDK
uses: actions/setup-java@v4
with:
java-version: ${{ matrix.java }}
distribution: 'zulu'
cache: 'maven'
check-latest: true
- name: Install softhsm2
run: sudo apt-get install -y softhsm2
- name: Install opensc
run: sudo apt-get install -y opensc
- name: Ensure SoftHSM user configuration
run: impl/src/test/scripts/softhsm configure
- name: Populate SoftHSM with JJWT test keys
run: impl/src/test/scripts/softhsm import
- name: Build
# run a full build, just as we would for a release (i.e. the `ossrh` profile), but don't use gpg
# to sign artifacts, since we don't want to mess with storing signing credentials in CI:
run: |
if [ "$JDK_MAJOR_VERSION" == "7" ]; then export MAVEN_OPTS="-Xmx512m -XX:MaxPermSize=128m"; fi
${{env.MVN_CMD}} verify -Possrh -Dgpg.skip=true
# ensure all of our files have the correct/updated license header
license-check:
runs-on: 'ubuntu-latest'
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0 # avoid license plugin history warnings (plus it needs full history)
- name: Set up JDK
uses: actions/setup-java@v4
with:
distribution: 'zulu'
java-version: '8'
cache: 'maven'
check-latest: true
- name: License Check
# This adds about 1 minute to any build, which is why we don't want to do it on every other build:
run: |
${{env.MVN_CMD}} license:check
code-coverage:
# (commented out for now - see the comments in 'Wait to start' below for why. Keeping this here as a placeholder
# as it may be better to use instead of an artificial delay once we no longer need to build on JDK 7):
#needs: zulu # wait until others finish so a coverage failure doesn't cancel others accidentally
runs-on: 'ubuntu-latest'
steps:
- uses: actions/checkout@v4
- name: Set up JDK
uses: actions/setup-java@v4
with:
distribution: 'zulu'
java-version: '8'
cache: 'maven'
check-latest: true
- name: Install softhsm2
run: sudo apt-get install -y softhsm2
- name: Install opensc
run: sudo apt-get install -y opensc
- name: Ensure SoftHSM user configuration
run: impl/src/test/scripts/softhsm configure
- name: Populate SoftHSM with JJWT test keys
run: impl/src/test/scripts/softhsm import
- name: Wait to start
# wait a little to start: code coverage usually only takes about 1 1/2 minutes. If coverage fails, it will
# cancel the other running builds, and we don't want that (because we want to see if jobs fail due to
# build issues, not due to the code-coverage job causing the others to cancel). We could have used the
# 'need' property (commented out above), and that would wait until all the other jobs have finished before
# starting this one, but that introduces unnecessary (sometimes 2 1/2 minute) delay, whereas delaying the
# start of the code coverage checks a bit should allow everything to finish around the same time without having
# much of an adverse effect on the other jobs above.
run: sleep 90s
shell: bash
- name: Code Coverage
# run a full build, just as we would for a release (i.e. the `ossrh` profile), but don't use gpg
# to sign artifacts, since we don't want to mess with storing signing credentials in CI:
run: |
${{env.MVN_CMD}} clover:setup test && \
${{env.MVN_CMD}} -pl . clover:clover clover:check coveralls:report \
-DrepoToken="${{ secrets.GITHUB_TOKEN }}" \
-DserviceName=github \
-DserviceBuildNumber="${{ env.GITHUB_RUN_ID }}"