Skip to content

Merge branch 'dev-2.0' of github.com:SafeExamBrowser/seb-server into … #1992

Merge branch 'dev-2.0' of github.com:SafeExamBrowser/seb-server into …

Merge branch 'dev-2.0' of github.com:SafeExamBrowser/seb-server into … #1992

Workflow file for this run

# This workflow will build a Java project with Maven
# For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-maven
name: build
on:
push:
branches:
- '**'
tags:
- '**'
pull_request:
branches: [master, development]
jobs:
maven-build-reporting:
runs-on: ubuntu-latest
steps:
- name: Get short SHA
uses: benjlevesque/[email protected]
id: short-sha
- name: Store short SHA as environment variable
run: echo $SHA
env:
SHA: ${{ steps.short-sha.outputs.sha }}
- name: Set env
run: echo "TAG_NAME=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV
- name: Test tag name
run: |
echo $TAG_NAME
echo ${{ env.TAG_NAME }}
-
name: Checkout repository
uses: actions/checkout@v4
-
name: Build Test Reporting
uses: actions/setup-java@v4
with:
java-version: '17'
distribution: 'adopt'
-
name: Cache Maven packages
uses: actions/cache@v4
with:
path: ~/.m2
key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
restore-keys: ${{ runner.os }}-m2
-
name: Build with Maven
run: mvn clean install -e -P let_reporting -Dsebserver-version="${{ env.TAG_NAME }}-${{ env.SHA }}"
env:
sebserver-version: ${{ env.TAG_NAME }}-${{ env.SHA }}
- name: Simplify package name
run: mv target/seb-server-${{ env.TAG_NAME }}-${{ env.SHA }}.jar target/seb-server.jar
- uses: actions/upload-artifact@v4
with:
name: Package
path: target/seb-server.jar
docker-build:
needs: maven-build-reporting
# Run only on tagging
if: github.event_name == 'push' && contains(github.ref, 'refs/tags/')
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
# This is used to complete the identity challenge
# with sigstore/fulcio when running outside of PRs.
id-token: write
steps:
-
name: Set env
run: echo "TAG_NAME=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV
-
name: Test
run: |
echo $TAG_NAME
echo ${{ env.TAG_NAME }}
-
name: Set up QEMU
uses: docker/setup-qemu-action@v3
-
name: Set up Docker Buildx
uses: docker/[email protected]
-
name: Login to DockerHub
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
-
name: Checkout repository
uses: actions/checkout@v4
# Install the cosign tool except on PR
# https://github.com/sigstore/cosign-installer
-
name: Install cosign
if: github.event_name != 'pull_request'
uses: sigstore/cosign-installer@main
-
name: Download a single artifact
uses: actions/download-artifact@v4
with:
name: Package
-
name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@v4
with:
images: anhefti/seb-server
tags: |
type=raw,${{ env.TAG_NAME }}
-
name: Build and push
id: docker_build
uses: docker/build-push-action@v4
with:
context: .
file: ./docker/Dockerfile
push: true
tags: |
anhefti/seb-server:${{ env.TAG_NAME }}
# Sign the resulting Docker image digest except on PRs.
# This will only write to the public Rekor transparency log when the Docker
# repository is public to avoid leaking data. If you would like to publish
# transparency data even for private images, pass --force to cosign below.
# https://github.com/sigstore/cosign
- name: Sign the published Docker image
if: ${{ github.event_name != 'pull_request' }}
# This step uses the identity token to provision an ephemeral certificate
# against the sigstore community Fulcio instance.
run: yes | cosign sign ${TAGS}
env:
COSIGN_EXPERIMENTAL: true
TAGS: ${{ steps.meta.outputs.tags }}
cleanup:
needs: [maven-build-reporting, docker-build]
if: |
always()
runs-on: ubuntu-latest
steps:
-
name: Delete Artifacts
uses: geekyeggo/delete-artifact@v5
with:
name: Package