fix: added serviceaccount pieces back in

Signed-off-by: Matt Peterson <[email protected]>
hashgraph · Dec 18, 2024 · 36eb66a · 36eb66a
1 parent 7a6702a
commit 36eb66a
Show file tree

Hide file tree

Showing 2 changed files with 60 additions and 36 deletions.
diff --git a/.github/workflows/release-push-image.yaml b/.github/workflows/release-push-image.yaml
@@ -43,13 +43,13 @@ env:
   REGISTRY: ghcr.io
 
 jobs:
-#  check-gradle:
-#    name: Gradle
-#    uses: ./.github/workflows/zxc-verify-gradle-build-determinism.yaml
-#    with:
-#      ref: ${{ github.event.inputs.ref || '' }}
-#      java-distribution: ${{ inputs.java-distribution || 'temurin' }}
-#      java-version: ${{ inputs.java-version || '21.0.4' }}
+  check-gradle:
+    name: Gradle
+    uses: ./.github/workflows/zxc-verify-gradle-build-determinism.yaml
+    with:
+      ref: ${{ github.event.inputs.ref || '' }}
+      java-distribution: ${{ inputs.java-distribution || 'temurin' }}
+      java-version: ${{ inputs.java-version || '21.0.4' }}
 
 #  check-docker:
 #    name: Docker

diff --git a/.github/workflows/zxc-verify-gradle-build-determinism.yaml b/.github/workflows/zxc-verify-gradle-build-determinism.yaml
@@ -66,6 +66,7 @@ jobs:
       path: ${{ steps.baseline.outputs.path }}
       file: ${{ steps.baseline.outputs.file }}
       name: ${{ steps.baseline.outputs.name }}
+
     steps:
       - name: Harden Runner
         uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
@@ -77,6 +78,13 @@ jobs:
         with:
           ref: ${{ inputs.ref }}
 
+      - name: Authenticate to Google Cloud
+        id: google-auth
+        uses: google-github-actions/auth@6fc4af4b145ae7821d527454aa9bd537d1f2dc5f # v2.1.7
+        with:
+          workload_identity_provider: "projects/235822363393/locations/global/workloadIdentityPools/hedera-builds-pool/providers/hedera-builds-gh-actions"
+          service_account: "[email protected]"
+
       - name: Setup Java
         uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b # v4.5.0
         with:
@@ -88,6 +96,16 @@ jobs:
         with:
           cache-disabled: true
 
+      - name: Authenticate to Google Cloud
+        id: google-auth
+        uses: google-github-actions/auth@6fc4af4b145ae7821d527454aa9bd537d1f2dc5f # v2.1.7
+        with:
+          workload_identity_provider: "projects/235822363393/locations/global/workloadIdentityPools/hedera-builds-pool/providers/hedera-builds-gh-actions"
+          service_account: "[email protected]"
+
+      - name: Setup Google Cloud SDK
+        uses: google-github-actions/setup-gcloud@6189d56e4096ee891640bb02ac264be376592d6a # v2.1.2
+
       - name: Retrieve Commit Hash
         id: commit
         run: echo "sha=$(git rev-parse HEAD)" >> "${GITHUB_OUTPUT}"
@@ -111,14 +129,20 @@ jobs:
 
       - name: Build Artifacts
         id: gradle-build
+        if: ${{ steps.baseline.outputs.exists == 'false' && !failure() && !cancelled() }}
         run: ./gradlew assemble --scan
 
       - name: Generate Manifest
         id: manifest
         env:
           MANIFEST_PATH: ${{ env.GRADLE_MANIFEST_PATH }}
+        if: ${{ steps.baseline.outputs.exists == 'false' && !failure() && !cancelled() }}
         run: ${{ env.GRADLE_MANIFEST_GENERATOR }}
 
+      - name: Upload Baseline
+        if: ${{ steps.baseline.outputs.exists == 'false' && !failure() && !cancelled() }}
+        run: gsutil cp "${{ steps.manifest.outputs.file }}" "${{ steps.baseline.outputs.file }}"
+
   verify-artifacts:
     name: "Verify Artifacts (${{ join(matrix.os, ', ') }})"
     runs-on: ${{ matrix.os }}
@@ -170,26 +194,26 @@ jobs:
 #        if: ${{ runner.os == 'macOS' }}
 #        run: brew install coreutils
 
-#      - name: Authenticate to Google Cloud
-#        id: google-auth
-#        uses: google-github-actions/auth@6fc4af4b145ae7821d527454aa9bd537d1f2dc5f # v2.1.7
-#        with:
-#          workload_identity_provider: "projects/235822363393/locations/global/workloadIdentityPools/hedera-builds-pool/providers/hedera-builds-gh-actions"
-#          service_account: "[email protected]"
-
-#      - name: Setup Google Cloud SDK
-#        uses: google-github-actions/setup-gcloud@6189d56e4096ee891640bb02ac264be376592d6a # v2.1.2
-#        env:
-#          CLOUDSDK_PYTHON: ${{ format('{0}{1}', env.pythonLocation, runner.os == 'Windows' && '\python.exe' || '/bin/python3') }}
-#
+      - name: Authenticate to Google Cloud
+        id: google-auth
+        uses: google-github-actions/auth@6fc4af4b145ae7821d527454aa9bd537d1f2dc5f # v2.1.7
+        with:
+          workload_identity_provider: "projects/235822363393/locations/global/workloadIdentityPools/hedera-builds-pool/providers/hedera-builds-gh-actions"
+          service_account: "[email protected]"
+
+      - name: Setup Google Cloud SDK
+        uses: google-github-actions/setup-gcloud@6189d56e4096ee891640bb02ac264be376592d6a # v2.1.2
+        env:
+          CLOUDSDK_PYTHON: ${{ format('{0}{1}', env.pythonLocation, runner.os == 'Windows' && '\python.exe' || '/bin/python3') }}
+
       - name: Download Baseline
         env:
           CLOUDSDK_PYTHON: ${{ format('{0}{1}', env.pythonLocation, runner.os == 'Windows' && '\python.exe' || '/bin/python3') }}
         run: |
           mkdir -p "${GRADLE_MANIFEST_PATH}"
           cd "${GRADLE_MANIFEST_PATH}"
-#          gsutil cp "${{ needs.generate-baseline.outputs.file }}" .
-#          tar -xzf "${{ needs.generate-baseline.outputs.name }}"
+          gsutil cp "${{ needs.generate-baseline.outputs.file }}" .
+          tar -xzf "${{ needs.generate-baseline.outputs.name }}"
 
       - name: Build Artifacts
         id: gradle-build
@@ -205,18 +229,18 @@ jobs:
         working-directory: ${{ github.workspace }}/server/build/libs
         run: sha256sum -c "${GRADLE_MANIFEST_PATH}/applications.sha256"
 
-#      - name: Compare Application Manifests
-#        run: |
-#          if ! diff -u "${GRADLE_MANIFEST_PATH}/applications.sha256" "${{ steps.regen-manifest.outputs.applications }}" >/dev/null 2>&1; then
-#            echo "::group::Application Manifest Differences"
-#            diff -u "${GRADLE_MANIFEST_PATH}/applications.sha256" "${{ steps.regen-manifest.outputs.applications }}"
-#            echo "::endgroup::"
-#            exit 1
-#          fi
-#
-#      - name: Publish Manifests
-#        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
-#        if: ${{ steps.regen-manifest.conclusion == 'success' && failure() && !cancelled() }}
-#        with:
-#          name: Gradle Manifests [${{ join(matrix.os, ', ') }}]
-#          path: ${{ env.GRADLE_MANIFEST_PATH }}/**
+      - name: Compare Application Manifests
+        run: |
+          if ! diff -u "${GRADLE_MANIFEST_PATH}/applications.sha256" "${{ steps.regen-manifest.outputs.applications }}" >/dev/null 2>&1; then
+            echo "::group::Application Manifest Differences"
+            diff -u "${GRADLE_MANIFEST_PATH}/applications.sha256" "${{ steps.regen-manifest.outputs.applications }}"
+            echo "::endgroup::"
+            exit 1
+          fi
+
+      - name: Publish Manifests
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
+        if: ${{ steps.regen-manifest.conclusion == 'success' && failure() && !cancelled() }}
+        with:
+          name: Gradle Manifests [${{ join(matrix.os, ', ') }}]
+          path: ${{ env.GRADLE_MANIFEST_PATH }}/**