2025-01-07 05:58:42 +01:00
|
|
|
---
|
2025-01-07 09:11:46 +01:00
|
|
|
# SPDX-License-Identifier: MIT
|
|
|
|
|
name: "Setup Java environment"
|
|
|
|
|
description: "Initialize Java Environment and retrieve secrets from Vault"
|
|
|
|
|
author: Oliver Weyhmüller
|
2025-01-07 06:54:09 +01:00
|
|
|
inputs:
|
2025-01-07 09:11:46 +01:00
|
|
|
roleid:
|
|
|
|
|
description: "Role ID of Approle"
|
2025-01-07 06:54:09 +01:00
|
|
|
required: true
|
2025-01-07 09:11:46 +01:00
|
|
|
default: ""
|
|
|
|
|
secretid:
|
|
|
|
|
description: "Secret ID of Approle"
|
2025-01-07 06:54:09 +01:00
|
|
|
required: true
|
2025-01-07 09:11:46 +01:00
|
|
|
default: ""
|
2025-01-07 05:58:42 +01:00
|
|
|
runs:
|
2025-01-07 09:11:46 +01:00
|
|
|
using: "composite"
|
2025-01-07 05:58:42 +01:00
|
|
|
steps:
|
2025-01-07 09:11:46 +01:00
|
|
|
- name: "Import Secrets"
|
|
|
|
|
id: "import-secrets"
|
|
|
|
|
uses: "https://github.com/hashicorp/vault-action@v3"
|
2025-01-07 05:58:42 +01:00
|
|
|
with:
|
2025-01-07 09:11:46 +01:00
|
|
|
url: "https://vault.w9r.dev"
|
|
|
|
|
method: "approle"
|
|
|
|
|
role: "forgejo-ci"
|
|
|
|
|
roleId: "${{ inputs.roleid }}"
|
|
|
|
|
secretId: "${{ inputs.secretid }}"
|
2025-01-07 05:58:42 +01:00
|
|
|
secrets: |
|
|
|
|
|
kv/data/ci/nexus username | NEXUS_USERNAME ;
|
|
|
|
|
kv/data/ci/nexus password | NEXUS_PASSWORD ;
|
|
|
|
|
kv/data/ci/vulnz username | VULNZ_USERNAME ;
|
|
|
|
|
kv/data/ci/vulnz password | VULNZ_PASSWORD ;
|
|
|
|
|
kv/data/ci/releasebot gpgPrivateKey | RELEASEBOT_PRIVATE_KEY ;
|
|
|
|
|
kv/data/ci/releasebot gpgPublicKey | RELEASEBOT_PUBLIC_KEY ;
|
2025-01-07 09:11:46 +01:00
|
|
|
kv/data/ci/releasebot gpgPassphrase | RELEASEBOT_PASSPHRASE ;
|
2025-01-07 05:58:42 +01:00
|
|
|
kv/data/ci/releasebot ciToken | JRELEASER_GITEA_TOKEN ;
|
|
|
|
|
kv/data/ci/signing gpgPrivateKey | GPG_PRIVATE_KEY ;
|
|
|
|
|
kv/data/ci/signing gpgPublicKey | GPG_PUBLIC_KEY ;
|
2025-01-07 09:11:46 +01:00
|
|
|
kv/data/ci/signing gpgPassphrase | GPG_PASSPHRASE ;
|
2025-01-07 05:58:42 +01:00
|
|
|
kv/data/ci/sonarqube sonarToken | SONARQUBE_TOKEN ;
|
|
|
|
|
kv/data/ci/sonarqube sonarHost | SONARQUBE_HOST ;
|
|
|
|
|
|
2025-01-07 09:11:46 +01:00
|
|
|
- name: "Set up Environment"
|
|
|
|
|
shell: "bash"
|
2025-01-07 05:58:42 +01:00
|
|
|
run: |
|
|
|
|
|
apt update
|
|
|
|
|
apt install -y zip
|
|
|
|
|
mkdir -p /root/.jreleaser
|
|
|
|
|
mkdir -p /root/.m2
|
|
|
|
|
touch /root/.jreleaser/config.properties
|
|
|
|
|
|
2025-01-07 09:11:46 +01:00
|
|
|
- name: "Install syft"
|
|
|
|
|
uses: "https://github.com/anchore/sbom-action/download-syft@v0"
|
|
|
|
|
id: "install_syft"
|
2025-01-07 05:58:42 +01:00
|
|
|
with:
|
2025-01-07 09:11:46 +01:00
|
|
|
syft-version: "v1.18.1"
|
2025-01-07 05:58:42 +01:00
|
|
|
|
2025-01-07 09:11:46 +01:00
|
|
|
- name: "maven-settings-xml-action"
|
|
|
|
|
uses: "https://github.com/whelk-io/maven-settings-xml-action@v22"
|
2025-01-07 05:58:42 +01:00
|
|
|
with:
|
|
|
|
|
repositories: >
|
|
|
|
|
[
|
|
|
|
|
{
|
|
|
|
|
"id": "maven-releases",
|
|
|
|
|
"name": "Releases",
|
|
|
|
|
"url": "https://nexus.w9r.dev/repository/maven-releases",
|
|
|
|
|
"releases": {
|
|
|
|
|
"enabled": "true",
|
|
|
|
|
"updatePolicy": "always",
|
|
|
|
|
"checksumPolicy": "warn"
|
|
|
|
|
},
|
|
|
|
|
"snapshots": {
|
|
|
|
|
"enabled": "false",
|
|
|
|
|
"updatePolicy": "always",
|
|
|
|
|
"checksumPolicy": "fail"
|
|
|
|
|
}
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"id": "maven-snapshots",
|
|
|
|
|
"name": "Snapshots",
|
|
|
|
|
"url": "https://nexus.w9r.dev/repository/maven-snapshots",
|
|
|
|
|
"releases": {
|
|
|
|
|
"enabled": "false",
|
|
|
|
|
"updatePolicy": "always",
|
|
|
|
|
"checksumPolicy": "warn"
|
|
|
|
|
},
|
|
|
|
|
"snapshots": {
|
|
|
|
|
"enabled": "true",
|
|
|
|
|
"updatePolicy": "always",
|
|
|
|
|
"checksumPolicy": "warn"
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
]
|
|
|
|
|
servers: >
|
|
|
|
|
[
|
|
|
|
|
{
|
|
|
|
|
"id": "maven-group",
|
|
|
|
|
"username": "${{ env.NEXUS_USERNAME }}",
|
|
|
|
|
"password": "${{ env.NEXUS_PASSWORD }}"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"id": "maven-snapshots",
|
|
|
|
|
"username": "${{ env.NEXUS_USERNAME }}",
|
|
|
|
|
"password": "${{ env.NEXUS_PASSWORD }}"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"id": "maven-releases",
|
|
|
|
|
"username": "${{ env.NEXUS_USERNAME }}",
|
|
|
|
|
"password": "${{ env.NEXUS_PASSWORD }}"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"id": "vulnz",
|
|
|
|
|
"username": "${{ env.VULNZ_USERNAME }}",
|
|
|
|
|
"password": "${{ env.VULNZ_PASSWORD }}"
|
|
|
|
|
}
|
|
|
|
|
]
|
|
|
|
|
mirrors: >
|
|
|
|
|
[
|
|
|
|
|
{
|
|
|
|
|
"id": "maven-group",
|
|
|
|
|
"name": "central",
|
|
|
|
|
"mirrorOf": "*",
|
|
|
|
|
"url": "https://nexus.w9r.dev/repository/maven-group/"
|
|
|
|
|
}
|
|
|
|
|
]
|
|
|
|
|
plugin_groups: >
|
|
|
|
|
[
|
|
|
|
|
"org.sonarsource.scanner.maven"
|
|
|
|
|
]
|
|
|
|
|
output_file: /root/.m2/settings.xml
|
|
|
|
|
|
2025-01-07 09:11:46 +01:00
|
|
|
- name: "Setup Java"
|
|
|
|
|
uses: "https://github.com/actions/setup-java@v4"
|
2025-01-07 05:58:42 +01:00
|
|
|
with:
|
2025-01-07 09:11:46 +01:00
|
|
|
distribution: "temurin"
|
2025-01-07 06:54:09 +01:00
|
|
|
java-version: 21
|
2025-01-07 09:11:46 +01:00
|
|
|
cache: "maven"
|
2025-01-07 05:58:42 +01:00
|
|
|
check-latest: true
|
|
|
|
|
|
|
|
|
|
|
2025-01-07 09:11:46 +01:00
|
|
|
- name: "Import Commit Signing GPG key"
|
|
|
|
|
id: "import-gpg"
|
|
|
|
|
uses: "https://github.com/crazy-max/ghaction-import-gpg@v6"
|
2025-01-07 05:58:42 +01:00
|
|
|
with:
|
2025-01-07 09:11:46 +01:00
|
|
|
gpg_private_key: "${{ env.RELEASEBOT_PRIVATE_KEY }}"
|
|
|
|
|
passphrase: "${{ env.RELEASEBOT_PASSPHRASE }}"
|
2025-01-07 05:58:42 +01:00
|
|
|
git_user_signingkey: true
|
|
|
|
|
git_commit_gpgsign: true
|
|
|
|
|
|
2025-01-07 09:11:46 +01:00
|
|
|
- name: "GPG user IDs"
|
|
|
|
|
shell: "bash"
|
2025-01-07 05:58:42 +01:00
|
|
|
run: |
|
|
|
|
|
echo "fingerprint: ${{ steps.import-gpg.outputs.fingerprint }}"
|
|
|
|
|
echo "keyid: ${{ steps.import-gpg.outputs.keyid }}"
|
|
|
|
|
echo "name: ${{ steps.import-gpg.outputs.name }}"
|
|
|
|
|
echo "email: ${{ steps.import-gpg.outputs.email }}"
|
