.github/workflows/build.yml

name: '[ BUILD ] Build Project (Java/Gradle)'

on:
  workflow_dispatch:
    inputs:
      release_build:
        description: 'toggles an release-build, by default false'
        type: boolean
        default: false
        required: false
      build_version:
        description: 'The version to build and deploy'
        type: string
        required: true
        default: '0-SNAPSHOT'
  workflow_call:
    inputs:
      release_build:
        description: 'toggles an release-build, by default false'
        type: boolean
        default: false
        required: false
      build_version:
        description: 'The version to build and deploy'
        type: string
        required: false
        default: '0-SNAPSHOT'
    outputs:
      build_artifact_id:
        description: 'The id of the uploaded build artifacts.'
        value: ${{ jobs.Build.outputs.build_artifacts_id}}
  push:
    branches: [ "main" ]
  pull_request:
    branches: [ "main" ]

env:
  BUILD_VERSION: ${{ inputs.build_version != '' && inputs.build_version || '0-SNAPSHOT' }}

jobs:
  Validation:
    name: "Validation"
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: gradle/actions/wrapper-validation@v3

  Build:
    name: "Build, Sign and Upload Artifacts"
    runs-on: ubuntu-latest
    permissions:
      contents: read
      pull-requests: write
    outputs:
      build_artifacts_id: ${{ steps.BuildArtifactUpload.outputs.artifact-id }}

    steps:
      - name: Checkout
        uses: actions/checkout@v4
      - run: tree

      - name: Set up JDK 17
        uses: actions/setup-java@v4
        with:
          java-version: '17'
          distribution: 'temurin'

      # Configure Gradle for optimal use in GiHub Actions, including caching of downloaded dependencies.
      # See: https://github.com/gradle/actions/blob/main/setup-gradle/README.md
      - name: Setup Gradle
        uses: gradle/actions/setup-gradle@v3 # v3.1.0
        with:
          add-job-summary-as-pr-comment: on-failure
          artifact-retention-days: 5
      #      with:
      #        dependency-graph: generate-and-submit

      - name: Generate gradle.properties
        run: |
          echo "version=${BUILD_VERSION}"
          echo "version=${BUILD_VERSION}" >> ./gradle.properties
          cat ./gradle.properties

      - name: Clean
        if: ${{ inputs.release_build }}
        run: ./gradlew clean
        env:
          GITHUB_DEPENDENCY_GRAPH_ENABLED: false

      - name: Build with Gradle Wrapper
        id: Build
        run: ./gradlew -Pversion=${BUILD_VERSION} --info build jacocoTestReport

      - name: Sign Artifacts
        if: ${{ steps.Build.outcome == 'success' && inputs.release_build }}
        #      if: inputs.release_build
        run: |
          ./gradlew -Pversion=${BUILD_VERSION} \
                    --info signMavenJavaPublication
        env:
          GPG_SIGNING_KEY_PASSWORD: ${{ secrets.GPG_SIGNING_KEY_PASSWORD }}
          GPG_SIGNING_KEY: ${{ secrets.GPG_SIGNING_KEY }}
          GPG_KEY_ID: ${{ secrets.GPG_KEY_ID }}

      - name: Build Artifacts Upload
        id: BuildArtifactUpload
        uses: actions/upload-artifact@v4
        with:
          name: build-artifacts
          path: |
            ./**/build/libs/*${{inputs.build_version}}*.jar
            ./**/build/libs/*${{inputs.build_version}}*.jar.asc
            ./**/build/reports/

  DependencySubmission:
    name: "Dependency Submission"
    runs-on: ubuntu-latest
    permissions:
      contents: write

    steps:
    - uses: actions/checkout@v4
    - name: Set up JDK 17
      uses: actions/setup-java@v4
      with:
        java-version: '17'
        distribution: 'temurin'

    # Generates and submits a dependency graph, enabling Dependabot Alerts for all project dependencies.
      # https://github.com/gradle/actions/blob/main/docs/dependency-submission.md
    - name: Generate and submit dependency graph
      uses: gradle/actions/dependency-submission@v3
      env:
        # Exclude all dependencies that originate solely in the 'buildSrc' or testapp project
        DEPENDENCY_GRAPH_EXCLUDE_PROJECTS: ':buildSrc|:cursorpaging-testapp'
        # Exclude dependencies that are only resolved in test classpaths
        DEPENDENCY_GRAPH_EXCLUDE_CONFIGURATIONS: '.*[Tt]est(Compile|Runtime)Classpath'
      with:
        build-scan-publish: true
        build-scan-terms-of-use-url: "https://gradle.com/help/legal-terms-of-use"
        build-scan-terms-of-use-agree: "yes"