remove branch trigger, move TAG_VERSION #69

Workflow file for this run

	name: CI

	on:
	push:
	branches:
	- main
	tags:
	- 'v?[0-9]+.[0-9]+.[0-9]+**' # Matches release tags of the form major.minor.patch, e.g. v1.2.1
	pull_request:
	branches:
	- main

	jobs:
	validate:
	runs-on: ubuntu-22.04
	env:
	TAG_VERSION: "${{ inputs.tag }}"
	steps:
	- name: Pre-process Release Tag
	id: validate_release_tag
	run: \|
	# strip all whitespace
	TAG_VERSION="${CI_TAG_VERSION//[[:space:]]/}"
	if [[ "$TAG_VERSION" =~ ^[0-9]+\.[0-9]+(\.[0-9]+)?(-.*)?$ ]]; then
	echo "tag_version=$TAG_VERSION" >> $GITHUB_OUTPUT # Set as output using the new syntax
	fi
	outputs:
	tag_version: ${{ steps.validate_release_tag.outputs.tag_version }}


	assemble:
	# 4 cpu, 16G ram
	runs-on: ubuntu-24.04
	env:
	GRADLE_OPTS: -Dorg.gradle.daemon=false -Dorg.gradle.parallel=true -Dorg.gradle.workers.max=2
	TAG_VERSION: ${{ needs.validate_release_tag.outputs.tag_version }} # Use the output from the validate_release_tag step

	outputs:
	publish-version: ${{ steps.project-version.outputs.publish-version }}
	steps:
	- name: Checkout
	uses: actions/checkout@v4
	with:
	fetch-depth: 0
	fetch-tags: true

	- name: Setup Java and Gradle
	id: setup-java-gradle
	uses: ConsenSys/github-actions/java-setup-gradle@main
	with:
	DISTRIBUTION: 'adopt'

	- name: Determine Shomei version
	id: project-version
	uses: ConsenSys/github-actions/java-get-project-version@main

	- name: Assemble
	run: ./gradlew --no-daemon clean compileJava compileTestJava assemble

	- name: Upload workspace
	uses: actions/upload-artifact@v4
	with:
	name: workspace
	retention-days: 1
	path: \|
	./
	!./.git/**

	unitTests:
	needs: assemble
	# 4 cpu, 16G ram
	runs-on: ubuntu-24.04
	env:
	architecture: amd64
	GRADLE_OPTS: -Dorg.gradle.daemon=false -Dorg.gradle.parallel=true -Dorg.gradle.workers.max=2
	steps:
	- name: Checkout
	uses: actions/checkout@v4
	with:
	fetch-depth: 0
	fetch-tags: true

	- name: Setup Java and Gradle
	id: setup-java-gradle
	uses: ConsenSys/github-actions/java-setup-gradle@main
	with:
	DISTRIBUTION: 'adopt'

	- name: Download workspace
	uses: actions/download-artifact@v4
	with:
	name: workspace

	- name: Build
	run: ./gradlew --no-daemon build

	- name: Store distribution artifacts
	uses: actions/upload-artifact@v4
	with:
	name: distribution
	path: build/distributions/
	retention-days: 3
	if-no-files-found: error

	publishMavenCentral:
	if: startsWith(github.ref, 'refs/tags/')
	needs:
	- assemble
	- unitTests
	# 4 cpu, 16G ram
	runs-on: ubuntu-24.04
	permissions:
	contents: write
	id-token: write
	packages: write
	steps:
	- name: Checkout repository
	uses: actions/checkout@v4

	- name: Setup Java and Gradle
	id: setup-java-gradle
	uses: ConsenSys/github-actions/java-setup-gradle@main
	with:
	DISTRIBUTION: 'adopt'

	- name: Publish on maven central
	env:
	JRELEASER_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	JRELEASER_GITHUB_USERNAME: ${{ github.actor }}
	JRELEASER_GITHUB_EMAIL: ${{ github.actor }}@users.noreply.github.com
	JRELEASER_GPG_PASSPHRASE : ${{ secrets.JRELEASER_GPG_PASSPHRASE }}
	JRELEASER_GPG_SECRET_KEY : ${{ secrets.JRELEASER_GPG_SECRET_KEY }}
	JRELEASER_GPG_PUBLIC_KEY : ${{ secrets.JRELEASER_GPG_PUBLIC_KEY }}
	JRELEASER_MAVENCENTRAL_USERNAME : ${{ secrets.JRELEASER_MAVENCENTRAL_USERNAME }}
	JRELEASER_MAVENCENTRAL_PASSWORD : ${{ secrets.JRELEASER_MAVENCENTRAL_PASSWORD }}
	JRELEASER_NEXUS2_USERNAME : ${{ secrets.JRELEASER_MAVENCENTRAL_USERNAME }}
	JRELEASER_NEXUS2_PASSWORD : ${{ secrets.JRELEASER_MAVENCENTRAL_PASSWORD }}
	BUILD_RELEASE: true
	TAG_VERSION: ${{ needs.assemble.outputs.publish-version }}
	run: \|
	./gradlew clean build assemble publish jreleaserFullRelease

	dockerTests:
	needs:
	- assemble
	- unitTests
	# 4 cpu, 16G ram
	runs-on: ubuntu-24.04
	environment: docker
	steps:
	- name: Checkout
	uses: actions/checkout@v4
	with:
	fetch-depth: 0
	fetch-tags: true

	- name: Set up QEMU
	uses: docker/setup-qemu-action@v3

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3

	- uses: actions/download-artifact@v4
	with:
	name: distribution
	path: build/distributions/

	- name: Docker Metadata
	id: docker-metadata
	uses: ConsenSys/github-actions/java-docker-metadata@main
	with:
	publish-version: ${{ needs.assemble.outputs.publish-version }}
	docker-repo: "consensys/linea-shomei"

	- name: Build and export to docker
	uses: docker/build-push-action@v6
	env:
	DOCKER_BUILD_SUMMARY: false
	with:
	file: docker/openjdk-21/Dockerfile
	context: .
	build-args: \|
	TAR_FILE=./build/distributions/shomei-${{ needs.assemble.outputs.publish-version }}.tar.gz
	BUILD_DATE=${{ steps.docker-metadata.outputs.build-date }}
	VCS_REF=${{ steps.docker-metadata.outputs.vcs-ref }}
	VERSION=${{ needs.build.outputs.publish-version }}
	no-cache: true
	load: true
	tags: consensys/linea-shomei:test

	- name: Get absolute path of reports directory
	id: get-reports-dir
	run: echo "path=$(realpath ./build/reports)" >> $GITHUB_OUTPUT

	- name: Run Docker tests
	run: ./docker/test.sh 'consensys/linea-shomei:test'

	- name: Test Summary
	if: always()
	run: \|
	SUMMARY_CONTENT="<h2>Docker Test Summary</h2>\n"
	SUMMARY_CONTENT+="<details><summary><strong>Details</strong></summary>\n"
	SUMMARY_CONTENT+="<pre><code>\n"
	SUMMARY_CONTENT+=$(cat ./docker/reports/*.xml)
	SUMMARY_CONTENT+="\n</code></pre></details>\n"
	echo -e "$SUMMARY_CONTENT" >> $GITHUB_STEP_SUMMARY

	- name: Run Trivy vulnerability scanner
	uses: aquasecurity/[email protected]
	with:
	image-ref: 'consensys/linea-shomei:test'
	format: 'sarif'
	output: 'trivy-results.sarif'
	vuln-type: 'os,library'
	severity: 'CRITICAL,HIGH'

	- name: Upload Trivy scan results to GitHub Security tab
	uses: github/codeql-action/upload-sarif@v3
	if: always()
	with:
	sarif_file: 'trivy-results.sarif'

	dockerPublish:
	if: startsWith(github.ref, 'refs/tags/')
	needs:
	- assemble
	- unitTests
	- dockerTests
	# 4 cpu, 16G ram
	runs-on: ubuntu-24.04
	environment: docker
	steps:
	- name: Checkout
	uses: actions/checkout@v4
	with:
	fetch-depth: 0
	fetch-tags: true

	- name: Set up QEMU
	uses: docker/setup-qemu-action@v3

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3

	- uses: actions/download-artifact@v4
	with:
	name: distribution
	path: build/distributions/

	- name: Docker Metadata
	id: docker-metadata
	uses: ConsenSys/github-actions/java-docker-metadata@main
	with:
	publish-version: ${{ needs.assemble.outputs.publish-version }}
	docker-repo: "consensys/linea-shomei"

	- name: Login to Docker Hub
	uses: docker/login-action@v3
	if: steps.docker-metadata.outputs.push == 'true'
	with:
	username: ${{ secrets.DOCKER_USER_RW }}
	password: ${{ secrets.DOCKER_PAT_RW }}

	- name: Build and push to registry
	uses: docker/build-push-action@v6
	if: steps.docker-metadata.outputs.push == 'true'
	with:
	platforms: linux/amd64,linux/arm64
	file: docker/openjdk-21/Dockerfile
	context: .
	build-args: \|
	TAR_FILE=./build/distributions/shomei-${{ needs.assemble.outputs.publish-version }}.tar.gz
	BUILD_DATE=${{ steps.docker-metadata.outputs.build-date }}
	VCS_REF=${{ steps.docker-metadata.outputs.vcs-ref }}
	VERSION=${{ needs.build.outputs.publish-version }}
	push: ${{ steps.docker-metadata.outputs.push }}
	tags: ${{ steps.docker-metadata.outputs.tags }}

	release:
	if: startsWith(github.ref, 'refs/tags/')
	needs:
	- assemble
	- unitTests
	- publishMavenCentral
	- dockerTests
	- dockerPublish
	environment: release
	permissions:
	contents: write
	runs-on: ubuntu-24.04
	steps:
	- uses: actions/download-artifact@v4
	with:
	name: distribution
	path: build/distributions/

	- name: Generate Checksum
	working-directory: ./build/distributions
	run: \|
	shasum -a 256 "shomei-${{ needs.assemble.outputs.publish-version }}.tar.gz" > "shomei-${{ needs.assemble.outputs.publish-version }}.tar.gz.sha256"
	shasum -a 256 "shomei-${{ needs.assemble.outputs.publish-version }}.zip" > "shomei-${{ needs.assemble.outputs.publish-version }}.zip.sha256"

	- name: Determine Prerelease
	id: determine-prerelease
	run: \|
	if [[ "${{ needs.build.outputs.publish-version }}" == -RC ]]; then
	echo "prerelease=true" >> $GITHUB_OUTPUT
	else
	echo "prerelease=false" >> $GITHUB_OUTPUT
	fi

	# Create release tag and attach the distribution
	- name: Shomei Release
	id: release
	uses: softprops/[email protected]
	with:
	files: \|
	build/distributions/shomei-${{ needs.assemble.outputs.publish-version }}.tar.gz
	build/distributions/shomei-${{ needs.assemble.outputs.publish-version }}.tar.gz.sha256
	build/distributions/shomei-${{ needs.assemble.outputs.publish-version }}.zip
	build/distributions/shomei-${{ needs.assemble.outputs.publish-version }}.zip.sha256

	tag_name: ${{ needs.build.outputs.publish-version }}
	body: \|
	# Shomei Release
	### Additions and Improvements
	### Bug Fixes
	draft: true
	prerelease: ${{ steps.determine-prerelease.outputs.prerelease }}
	preserve_order: true

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

remove branch trigger, move TAG_VERSION #69

Workflow file

remove branch trigger, move TAG_VERSION #69

Uh oh!

Jobs

Run details

Workflow file for this run