diff --git a/.forgejo/workflows/release.yaml b/.forgejo/workflows/release.yaml index cb5e54e..dc6671d 100644 --- a/.forgejo/workflows/release.yaml +++ b/.forgejo/workflows/release.yaml @@ -18,87 +18,9 @@ jobs: with: fetch-depth: 0 - - name: Set up Environment - run: | - apt update - apt install -y zip - mkdir -p /root/.jreleaser - mkdir -p /root/.m2 - touch /root/.jreleaser/config.properties + - name: Initialize Environment + uses: https://w9r.dev/w9r.dev/action-setup-environment - - name: maven-settings-xml-action - uses: https://github.com/whelk-io/maven-settings-xml-action@v22 - with: - repositories: > - [ - { - "id": "maven-releases", - "name": "Releases", - "url": "https://nexus.w9r.dev/repository/maven-releases", - "releases": { - "enabled": "true", - "updatePolicy": "always", - "checksumPolicy": "warn" - }, - "snapshots": { - "enabled": "false", - "updatePolicy": "always", - "checksumPolicy": "fail" - } - }, - { - "id": "maven-snapshots", - "name": "Snapshots", - "url": "https://nexus.w9r.dev/repository/maven-snapshots", - "releases": { - "enabled": "false", - "updatePolicy": "always", - "checksumPolicy": "warn" - }, - "snapshots": { - "enabled": "true", - "updatePolicy": "always", - "checksumPolicy": "warn" - } - } - ] - servers: > - [ - { - "id": "maven-group", - "username": "${{ secrets.NEXUS_USERNAME }}", - "password": "${{ secrets.NEXUS_PASSWORD }}" - }, - { - "id": "maven-snapshots", - "username": "${{ secrets.NEXUS_USERNAME }}", - "password": "${{ secrets.NEXUS_PASSWORD }}" - }, - { - "id": "maven-releases", - "username": "${{ secrets.NEXUS_USERNAME }}", - "password": "${{ secrets.NEXUS_PASSWORD }}" - }, - { - "id": "vulnz", - "username": "${{ secrets.VULNZ_USERNAME }}", - "password": "${{ secrets.VULNZ_PASSWORD }}" - } - ] - mirrors: > - [ - { - "id": "maven-group", - "name": "central", - "mirrorOf": "*", - "url": "https://nexus.w9r.dev/repository/maven-group/" - } - ] - plugin_groups: > - [ - "org.sonarsource.scanner.maven" - ] - output_file: /root/.m2/settings.xml - name: Determine next version uses: https://github.com/obfu5c8/action-svu@v1 @@ -113,49 +35,15 @@ jobs: prefix: '' suffix: '' - - name: Install syft - uses: https://github.com/anchore/sbom-action/download-syft@v0 - id: install_syft - with: - syft-version: v1.18.1 - - name: Set new version + env: + MAVEN_USERNAME: ${{ env.NEXUS_USERNAME }} + MAVEN_CENTRAL_TOKEN: ${{ env.NEXUS_PASSWORD }} + MAVEN_GPG_PASSPHRASE: ${{ env.GPG_PASSPHRASE }} run: | NEW_VERSION=${{steps.generate_next_version.outputs.version}} echo NEW_VERSION=$NEW_VERSION >> "$GITHUB_ENV" echo "New version: $NEW_VERSION" - - - name: Cache Java and Maven software - uses: https://github.com/actions/cache@v4 - with: - path: ~/.sdkman - key: ${{ runner.os }}-sdkman-${{ hashFiles('**/.sdkmanrc') }} - restore-keys: | - ${{ runner.os }}-sdkman- - env: - ACTIONS_STEP_DEBUG: true - - - name: Cache local Maven repository - uses: https://github.com/actions/cache@v4 - with: - path: ~/.m2/repository - key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} - restore-keys: | - ${{ runner.os }}-maven- - env: - ACTIONS_STEP_DEBUG: true - - - name: Install Java & Maven - uses: https://github.com/sdkman/sdkman-action@main - id: sdkman - - - name: Set Version - env: - MAVEN_USERNAME: ${{ secrets.NEXUS_USERNAME }} - MAVEN_CENTRAL_TOKEN: ${{ secrets.NEXUS_PASSWORD }} - MAVEN_GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} - run: | - export GPG_TTY=$(tty) mvn -B --file pom.xml versions:set -DnewVersion=${{ env.NEW_VERSION }} - name: Run JReleaser (Changelog) @@ -167,26 +55,10 @@ jobs: env: JRELEASER_OUTPUT_DIRECTORY: target JRELEASER_PROJECT_VERSION: ${{ env.NEW_VERSION }} - JRELEASER_GITEA_TOKEN: ${{ secrets.JRELEASER_GITEA_TOKEN }} - JRELEASER_GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} - JRELEASER_GPG_PUBLIC_KEY: ${{ secrets.GPG_PUBLIC_KEY }} - JRELEASER_GPG_SECRET_KEY: ${{ secrets.GPG_PRIVATE_KEY }} - - - name: Import GPG key - id: import-gpg - uses: https://github.com/crazy-max/ghaction-import-gpg@v6 - with: - gpg_private_key: ${{ secrets.RELEASEBOT_PRIVATE_KEY }} - passphrase: ${{ secrets.RELEASEBOT_PASSPHRASE }} - git_user_signingkey: true - git_commit_gpgsign: true - - - name: GPG user IDs - run: | - echo "fingerprint: ${{ steps.import-gpg.outputs.fingerprint }}" - echo "keyid: ${{ steps.import-gpg.outputs.keyid }}" - echo "name: ${{ steps.import-gpg.outputs.name }}" - echo "email: ${{ steps.import-gpg.outputs.email }}" + JRELEASER_GITEA_TOKEN: ${{ env.JRELEASER_GITEA_TOKEN }} + JRELEASER_GPG_PASSPHRASE: ${{ env.GPG_PASSPHRASE }} + JRELEASER_GPG_PUBLIC_KEY: ${{ env.GPG_PUBLIC_KEY }} + JRELEASER_GPG_SECRET_KEY: ${{ env.GPG_PRIVATE_KEY }} - name: Commit and push changes run: | @@ -212,9 +84,9 @@ jobs: JRELEASER_OUTPUT_DIRECTORY: target JRELEASER_PROJECT_VERSION: ${{ env.NEW_VERSION }} JRELEASER_GITEA_TOKEN: ${{ secrets.JRELEASER_GITEA_TOKEN }} - JRELEASER_GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} - JRELEASER_GPG_PUBLIC_KEY: ${{ secrets.GPG_PUBLIC_KEY }} - JRELEASER_GPG_SECRET_KEY: ${{ secrets.GPG_PRIVATE_KEY }} + JRELEASER_GPG_PASSPHRASE: ${{ env.GPG_PASSPHRASE }} + JRELEASER_GPG_PUBLIC_KEY: ${{ env.GPG_PUBLIC_KEY }} + JRELEASER_GPG_SECRET_KEY: ${{ env.GPG_PRIVATE_KEY }} - name: Run JReleaser (Release) uses: https://w9r.dev/actions/release-action@main @@ -225,11 +97,11 @@ jobs: JRELEASER_OUTPUT_DIRECTORY: target JRELEASER_PROJECT_VERSION: ${{ env.NEW_VERSION }} JRELEASER_GITEA_TOKEN: ${{ secrets.JRELEASER_GITEA_TOKEN }} - JRELEASER_GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} - JRELEASER_GPG_PUBLIC_KEY: ${{ secrets.GPG_PUBLIC_KEY }} - JRELEASER_GPG_SECRET_KEY: ${{ secrets.GPG_PRIVATE_KEY }} - JRELEASER_ARTIFACTORY_USERNAME: ${{ secrets.NEXUS_USERNAME }} - JRELEASER_ARTIFACTORY_TOKEN: ${{ secrets.NEXUS_PASSWORD }} + JRELEASER_GPG_PASSPHRASE: ${{ env.GPG_PASSPHRASE }} + JRELEASER_GPG_PUBLIC_KEY: ${{ env.GPG_PUBLIC_KEY }} + JRELEASER_GPG_SECRET_KEY: ${{ env.GPG_PRIVATE_KEY }} + JRELEASER_ARTIFACTORY_USERNAME: ${{ env.NEXUS_USERNAME }} + JRELEASER_ARTIFACTORY_TOKEN: ${{ env.NEXUS_PASSWORD }} # Persist logs diff --git a/.forgejo/workflows/sonarqube.yaml b/.forgejo/workflows/sonarqube.yaml index 95aab7a..f189553 100644 --- a/.forgejo/workflows/sonarqube.yaml +++ b/.forgejo/workflows/sonarqube.yaml @@ -12,107 +12,15 @@ jobs: name: SonarQube Trigger runs-on: ubuntu-latest steps: - - name: Checking out + + - name: Checkout uses: actions/checkout@v4 with: fetch-depth: 0 - - name: Set up Environment - run: | - apt update - apt install -y zip - mkdir -p /root/.jreleaser - mkdir -p /root/.m2 - touch /root/.jreleaser/config.properties - - name: Install syft - uses: https://github.com/anchore/sbom-action/download-syft@v0 - id: install_syft - with: - syft-version: v1.18.1 - - - name: maven-settings-xml-action - uses: https://github.com/whelk-io/maven-settings-xml-action@v22 - with: - repositories: > - [ - { - "id": "maven-releases", - "name": "Releases", - "url": "https://nexus.w9r.dev/repository/maven-releases", - "releases": { - "enabled": "true", - "updatePolicy": "always", - "checksumPolicy": "warn" - }, - "snapshots": { - "enabled": "false", - "updatePolicy": "always", - "checksumPolicy": "fail" - } - }, - { - "id": "maven-snapshots", - "name": "Snapshots", - "url": "https://nexus.w9r.dev/repository/maven-snapshots", - "releases": { - "enabled": "false", - "updatePolicy": "always", - "checksumPolicy": "warn" - }, - "snapshots": { - "enabled": "true", - "updatePolicy": "always", - "checksumPolicy": "warn" - } - } - ] - servers: > - [ - { - "id": "maven-group", - "username": "${{ secrets.NEXUS_USERNAME }}", - "password": "${{ secrets.NEXUS_PASSWORD }}" - }, - { - "id": "maven-snapshots", - "username": "${{ secrets.NEXUS_USERNAME }}", - "password": "${{ secrets.NEXUS_PASSWORD }}" - }, - { - "id": "maven-releases", - "username": "${{ secrets.NEXUS_USERNAME }}", - "password": "${{ secrets.NEXUS_PASSWORD }}" - }, - { - "id": "vulnz", - "username": "${{ secrets.VULNZ_USERNAME }}", - "password": "${{ secrets.VULNZ_PASSWORD }}" - } - ] - mirrors: > - [ - { - "id": "maven-group", - "name": "central", - "mirrorOf": "*", - "url": "https://nexus.w9r.dev/repository/maven-group/" - } - ] - plugin_groups: > - [ - "org.sonarsource.scanner.maven" - ] - output_file: /root/.m2/settings.xml - - - name: Cache Java and Maven software - uses: https://github.com/actions/cache@v4 - with: - path: ~/.sdkman - key: ${{ runner.os }}-sdkman-${{ hashFiles('**/.sdkmanrc') }} - restore-keys: | - ${{ runner.os }}-sdkman- - env: - ACTIONS_STEP_DEBUG: true + - name: Initialize Environment + uses: + https://w9r.dev/w9r.dev/action-setup-environment - name: Cache SonarQube packages uses: https://github.com/actions/cache@v4 @@ -121,22 +29,8 @@ jobs: key: ${{ runner.os }}-sonar restore-keys: ${{ runner.os }}-sonar - - name: Cache local Maven repository - uses: https://github.com/actions/cache@v4 - with: - path: ~/.m2/repository - key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} - restore-keys: | - ${{ runner.os }}-maven- - env: - ACTIONS_STEP_DEBUG: true - - - name: Install Java & Maven - uses: https://github.com/sdkman/sdkman-action@main - id: sdkman - - name: SonarQube Scan env: - SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }} - SONAR_HOST_URL: ${{ vars.SONARQUBE_HOST }} + SONAR_TOKEN: ${{ env.SONARQUBE_TOKEN }} + SONAR_HOST_URL: ${{ env.SONARQUBE_HOST }} run: mvn -B verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar