Deployment (JDK early access builds) #3
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This workflow is a clone of "deployment.yml" | |
# The difference is that this workflow uses JDK early access builds (jdk-ea) to check the build of JabRef | |
# We separated this from the main workflow as we do not want to check on each PR if the JDK build, but only on main | |
name: Deployment (JDK early access builds) | |
on: | |
schedule: | |
- cron: "0 5 * * 2" | |
pull_request: | |
paths: | |
- .github/workflows/deployment-jdk-ea.yml | |
workflow_dispatch: | |
inputs: | |
notarization: | |
type: boolean | |
required: false | |
default: false | |
env: | |
SpringerNatureAPIKey: ${{ secrets.SpringerNatureAPIKey }} | |
AstrophysicsDataSystemAPIKey: ${{ secrets.AstrophysicsDataSystemAPIKey }} | |
IEEEAPIKey: ${{ secrets.IEEEAPIKey }} | |
BiodiversityHeritageApiKey: ${{ secrets.BiodiversityHeritageApiKey}} | |
OSXCERT: ${{ secrets.OSX_SIGNING_CERT }} | |
GRADLE_OPTS: -Xmx4g -Dorg.gradle.vfs.watch=false | |
JAVA_OPTS: -Xmx4g | |
concurrency: | |
group: "${{ github.workflow }}-${{ github.head_ref || github.ref }}" | |
cancel-in-progress: true | |
jobs: | |
setup-matrix: | |
runs-on: ubuntu-latest | |
outputs: | |
matrix: ${{ steps.javafx_versions.outputs.matrix }} | |
steps: | |
- id: javafx_versions | |
run: | | |
curl -s "https://search.maven.org/solrsearch/select?q=g:org.openjfx+AND+a:javafx&rows=5&core=gav" > /tmp/versions.json | |
jq '[.response.docs[] | select(.v | test(".*-ea\\+.*")) | select(.v | test("^17") | not) | {version: .v}] | group_by(.version | capture("^(?<major>\\d+).*").major) | map(max_by(.version))' < /tmp/versions.json > /tmp/versions-latest.json | |
versions_json=$(jq -r '[.[].version]' /tmp/versions-latest.json | jq -r tostring) | |
include_json=$(jq -n '[ | |
{"os": "ubuntu-latest", "displayName": "linux", "archivePortable": "tar -c -C build/distribution JabRef | pigz --rsyncable > build/distribution/JabRef-portable_linux.tar.gz && rm -R build/distribution/JabRef"}, | |
{"os": "buildjet-4vcpu-ubuntu-2204-arm", "displayName": "linux-arm", "archivePortable": "tar -c -C build/distribution JabRef | pigz --rsyncable > build/distribution/JabRef-portable_linux-arm64.tar.gz && rm -R build/distribution/JabRef"}, | |
{"os": "windows-latest", "displayName": "windows", "archivePortable": "7z a -r build/distribution/JabRef-portable_windows.zip ./build/distribution/JabRef && rm -R build/distribution/JabRef"}, | |
{"os": "macos-latest", "displayName": "macOS", "archivePortable": "brew install pigz && tar -c -C build/distribution JabRef.app | pigz --rsyncable > build/distribution/JabRef-portable_macos.tar.gz && rm -R build/distribution/JabRef.app"} | |
]') | |
matrix=$(jq -n \ | |
--argjson versionsContent "$versions_json" \ | |
--argjson includeContent "$include_json" \ | |
'{"os": ["ubuntu-latest", "windows-latest", "macos-latest", "buildjet-4vcpu-ubuntu-2204-arm"], "jdk": [22, 23], "javafx": $versionsContent, "include": $includeContent}') | |
echo matrix=$matrix >> $GITHUB_OUTPUT | |
build: | |
needs: setup-matrix | |
strategy: | |
fail-fast: false | |
matrix: ${{fromJson(needs.setup-matrix.outputs.matrix)}} | |
runs-on: ${{ matrix.os }} | |
outputs: | |
major: ${{ steps.gitversion.outputs.Major }} | |
minor: ${{ steps.gitversion.outputs.Minor }} | |
branchname: ${{ steps.gitversion.outputs.branchName }} | |
name: "JDK ${{ matrix.jdk }}: ${{ matrix.displayName }} JavaFX ${{ matrix.javafx }}" | |
steps: | |
- name: Check secrets presence | |
id: checksecrets | |
shell: bash | |
run: | | |
if [ "$BUILDJABREFPRIVATEKEY" == "" ]; then | |
echo "secretspresent=NO" >> $GITHUB_OUTPUT | |
else | |
echo "secretspresent=YES" >> $GITHUB_OUTPUT | |
fi | |
env: | |
BUILDJABREFPRIVATEKEY: ${{ secrets.buildJabRefPrivateKey }} | |
- name: Fetch all history for all tags and branches | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
submodules: 'true' | |
show-progress: 'false' | |
- name: Install pigz and cache (linux) | |
if: (matrix.os == 'ubuntu-latest') || (matrix.os == 'buildjet-4vcpu-ubuntu-2204-arm') | |
uses: awalsh128/cache-apt-pkgs-action@master | |
with: | |
packages: pigz | |
version: 1.0 | |
- name: Install GitVersion | |
uses: gittools/actions/gitversion/[email protected] | |
with: | |
versionSpec: "5.x" | |
- name: Run GitVersion | |
id: gitversion | |
uses: gittools/actions/gitversion/[email protected] | |
- name: 'Set up JDK ${{ matrix.jdk }}' | |
uses: oracle-actions/setup-java@v1 | |
with: | |
website: jdk.java.net | |
release: ${{ matrix.jdk }} | |
version: latest | |
- name: 'Set JDK${{ matrix.jdk }} env var' | |
shell: bash | |
run: echo "JDK${{ matrix.jdk }}=$JAVA_HOME" >> $GITHUB_ENV | |
- name: 'Set JDK${{ matrix.jdk }} in toolchain (linux, Windows)' | |
if: (matrix.os != 'macos-latest') | |
shell: bash | |
run: sed -i 's/JavaLanguageVersion.of(.*)/JavaLanguageVersion.of(${{ matrix.jdk }})/' build.gradle | |
- name: 'Set JDK${{ matrix.jdk }} in toolchain (macOS)' | |
if: (matrix.os == 'macos-latest') | |
shell: bash | |
run: sed -i'.bak' 's/JavaLanguageVersion.of(.*)/JavaLanguageVersion.of(${{ matrix.jdk }})/' build.gradle | |
- name: 'Set JavaFX (linux, Windows)' | |
if: (matrix.os != 'macos-latest') | |
run: sed -i '/javafx {/{n;s/version = ".*"/version = "${{ matrix.javafx }}"/}' build.gradle | |
- name: 'Set JavaFX (macOS)' | |
if: (matrix.os == 'macos-latest') | |
run: sed -i '.bak' -e '/javafx {/{n' -e 's/version = ".*"/version = "${{ matrix.javafx }}"/;}' build.gradle | |
- name: Setup JDK | |
uses: actions/setup-java@v4 | |
with: | |
java-version: 21.0.2 | |
distribution: 'liberica' | |
- name: Setup Gradle | |
uses: gradle/actions/setup-gradle@v3 | |
- name: Prepare merged jars and modules dir (macOS) | |
# prepareModulesDir is executing a build, which should run through even if no upload to builds.jabref.org is made | |
if: (steps.checksecrets.outputs.secretspresent == 'NO') | |
run: ./gradlew -i -PprojVersion="${{ steps.gitversion.outputs.AssemblySemVer }}" -PprojVersionInfo="${{ steps.gitversion.outputs.InformationalVersion }}" prepareModulesDir | |
- name: Setup macOS key chain | |
if: (matrix.os == 'macos-latest') && (steps.checksecrets.outputs.secretspresent == 'YES') | |
uses: apple-actions/import-codesign-certs@v2 | |
with: | |
p12-file-base64: ${{ secrets.OSX_SIGNING_CERT }} | |
p12-password: ${{ secrets.OSX_CERT_PWD }} | |
keychain-password: jabref | |
- name: Setup macOS key chain for app id cert | |
if: (matrix.os == 'macos-latest') && (steps.checksecrets.outputs.secretspresent == 'YES') | |
uses: apple-actions/import-codesign-certs@v2 | |
with: | |
p12-file-base64: ${{ secrets.OSX_SIGNING_CERT_APPLICATION }} | |
p12-password: ${{ secrets.OSX_CERT_PWD }} | |
create-keychain: false | |
keychain-password: jabref | |
- name: Build runtime image and installer | |
if: (steps.checksecrets.outputs.secretspresent == 'YES') | |
shell: bash | |
run: ./gradlew -i -PprojVersion="${{ steps.gitversion.outputs.AssemblySemVer }}" -PprojVersionInfo="${{ steps.gitversion.outputs.InformationalVersion }}" jpackage jlinkZip | |
- name: Package application image | |
if: (steps.checksecrets.outputs.secretspresent == 'YES') | |
shell: bash | |
run: ${{ matrix.archivePortable }} | |
- name: Rename files | |
if: (matrix.os != 'macos-latest') && (steps.checksecrets.outputs.secretspresent == 'YES') | |
shell: pwsh | |
run: | | |
get-childitem -Path build/distribution/* | rename-item -NewName {$_.name -replace "${{ steps.gitversion.outputs.AssemblySemVer }}","${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}"} | |
get-childitem -Path build/distribution/* | rename-item -NewName {$_.name -replace "portable","${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}-portable"} | |
- name: Repack deb file for Debian | |
if: (matrix.os == 'ubuntu-latest') | |
shell: bash | |
run: | | |
cd build/distribution | |
ar x jabref_${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}_amd64.deb | |
zstd -d < control.tar.zst | xz > control.tar.xz | |
zstd -d < data.tar.zst | xz > data.tar.xz | |
ar -m -c -a sdsd jabref_${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}_amd64_repackaged.deb debian-binary control.tar.xz data.tar.xz | |
rm debian-binary control.tar.* data.tar.* | |
mv -f jabref_${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}_amd64_repackaged.deb jabref_${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}_amd64.deb | |
- name: Rename files with JDK version | |
shell: bash | |
run: | | |
for file in build/distribution/*.*; do | |
base=${file%.*} | |
ext=${file##*.} | |
mv "$file" "${base}-jdk${{ matrix.jdk }}-javafx${{ matrix.javafx }}.${ext}" | |
done | |
- name: Setup rsync (macOS) | |
if: (matrix.os == 'macos-latest') && (steps.checksecrets.outputs.secretspresent == 'YES') && (!startsWith(github.ref, 'refs/heads/gh-readonly-queue')) | |
run: brew install rsync | |
- name: Setup rsync (Windows) | |
if: (matrix.os == 'windows-latest') && (steps.checksecrets.outputs.secretspresent == 'YES') && (!startsWith(github.ref, 'refs/heads/gh-readonly-queue')) | |
# We want to have rsync available at this place to avoid uploading and downloading from GitHub artifact store (taking > 5 minutes in total) | |
# We cannot use "action-rsyncer", because that requires Docker which is unavailable on Windows | |
# We cannot use "setup-rsync", because that does not work on Windows | |
# We do not use egor-tensin/setup-cygwin@v4, because it replaces the default shell | |
run: choco install --no-progress rsync | |
- name: Setup SSH key | |
if: ${{ (steps.checksecrets.outputs.secretspresent == 'YES') && (!startsWith(github.ref, 'refs/heads/gh-readonly-queue')) && ((matrix.os != 'macos-latest') || !((startsWith(github.ref, 'refs/tags/') || (inputs.notarization == true)))) }} | |
run: | | |
echo "${{ secrets.buildJabRefPrivateKey }}" > sshkey | |
chmod 600 sshkey | |
- name: Upload to builds.jabref.org (Windows) | |
if: (matrix.os == 'windows-latest') && (steps.checksecrets.outputs.secretspresent == 'YES') && (!startsWith(github.ref, 'refs/heads/gh-readonly-queue')) | |
shell: cmd | |
# for rsync installed by chocolatey, we need the ssh.exe delivered with that installation | |
run: | | |
rsync -rt --chmod=Du=rwx,Dg=rx,Do=rx,Fu=rw,Fg=r,Fo=r --itemize-changes --stats --rsync-path="mkdir -p /var/www/builds.jabref.org/www/jdk-ea && rsync" -e 'C:\ProgramData\chocolatey\lib\rsync\tools\bin\ssh.exe -p 9922 -i sshkey -o StrictHostKeyChecking=no' build/distribution/ [email protected]:/var/www/builds.jabref.org/www/jdk-ea/ | |
- name: Upload to builds.jabref.org (linux, macOS) | |
if: (matrix.os != 'windows-latest') && (steps.checksecrets.outputs.secretspresent == 'YES') && (!startsWith(github.ref, 'refs/heads/gh-readonly-queue')) | |
shell: bash | |
run: | | |
rsync -rt --chmod=Du=rwx,Dg=rx,Do=rx,Fu=rw,Fg=r,Fo=r --itemize-changes --stats --rsync-path="mkdir -p /var/www/builds.jabref.org/www/jdk-ea && rsync" -e 'ssh -p 9922 -i sshkey -o StrictHostKeyChecking=no' build/distribution/ [email protected]:/var/www/builds.jabref.org/www/jdk-ea/ | |
- name: Upload to GitHub workflow artifacts store | |
if: (steps.checksecrets.outputs.secretspresent != 'YES') | |
uses: actions/upload-artifact@v4 | |
with: | |
name: JabRef-${{ matrix.os }} | |
path: build/distribution | |
compression-level: 0 # no compression | |
announce: | |
name: Comment on pull request | |
runs-on: ubuntu-latest | |
needs: [build] | |
if: ${{ github.event_name == 'pull_request' }} | |
steps: | |
- name: Check secrets presence | |
id: checksecrets | |
shell: bash | |
run: | | |
if [ "$BUILDJABREFPRIVATEKEY" == "" ]; then | |
echo "secretspresent=NO" >> $GITHUB_OUTPUT | |
else | |
echo "secretspresent=YES" >> $GITHUB_OUTPUT | |
fi | |
env: | |
BUILDJABREFPRIVATEKEY: ${{ secrets.buildJabRefPrivateKey }} | |
- name: Comment PR | |
if: (steps.checksecrets.outputs.secretspresent == 'YES') | |
uses: thollander/actions-comment-pull-request@v2 | |
with: | |
message: | | |
The build of this PR is available at <https://builds.jabref.org/pull/${{ github.event.pull_request.number }}/merge>. | |
comment_tag: download-link | |
mode: recreate |