w9r.dev/action-setup-environment
w9r.dev/action-setup-environment
3
0
Fork 0
Code Issues 1 Pull requests 2 Projects Releases Packages Wiki Activity Actions
action-setup-environment/action.yml

142 lines
4.7 KiB
YAML
Raw Permalink Normal View History

feat: initial Version
2025-01-07 05:58:42 +01:00
---
name: 'Setup Java environment'
description: 'Initialise Java Environment and retrieve secrets from Vault'
runs:
using: 'composite'
steps:
- name: Import Secrets
id: import-secrets
uses: https://github.com/hashicorp/vault-action@v2
with:
url: https://vault.w9r.dev
method: approle
roleId: ${{ secrets.VAULT_ROLE_ID }}
secretId: ${{ secrets.VAULT_SECRET_ID }}
secrets: |
kv/data/ci/nexus username | NEXUS_USERNAME ;
kv/data/ci/nexus password | NEXUS_PASSWORD ;
kv/data/ci/vulnz username | VULNZ_USERNAME ;
kv/data/ci/vulnz password | VULNZ_PASSWORD ;
kv/data/ci/releasebot gpgPrivateKey | RELEASEBOT_PRIVATE_KEY ;
kv/data/ci/releasebot gpgPublicKey | RELEASEBOT_PUBLIC_KEY ;
kv/data/ci/releasebot gpgPassphrease | RELEASEBOT_PASSPHRASE ;
kv/data/ci/releasebot ciToken | JRELEASER_GITEA_TOKEN ;
kv/data/ci/signing gpgPrivateKey | GPG_PRIVATE_KEY ;
kv/data/ci/signing gpgPublicKey | GPG_PUBLIC_KEY ;
kv/data/ci/signing gpgPassphrease | GPG_PASSPHRASE ;
kv/data/ci/sonarqube sonarToken | SONARQUBE_TOKEN ;
kv/data/ci/sonarqube sonarHost | SONARQUBE_HOST ;
- name: Set up Environment
run: |
apt update
apt install -y zip
mkdir -p /root/.jreleaser
mkdir -p /root/.m2
touch /root/.jreleaser/config.properties
- name: Install syft
uses: https://github.com/anchore/sbom-action/download-syft@v0
id: install_syft
with:
syft-version: v1.18.1
- name: maven-settings-xml-action
uses: https://github.com/whelk-io/maven-settings-xml-action@v22
with:
repositories: >
[
{
"id": "maven-releases",
"name": "Releases",
"url": "https://nexus.w9r.dev/repository/maven-releases",
"releases": {
"enabled": "true",
"updatePolicy": "always",
"checksumPolicy": "warn"
},
"snapshots": {
"enabled": "false",
"updatePolicy": "always",
"checksumPolicy": "fail"
}
},
{
"id": "maven-snapshots",
"name": "Snapshots",
"url": "https://nexus.w9r.dev/repository/maven-snapshots",
"releases": {
"enabled": "false",
"updatePolicy": "always",
"checksumPolicy": "warn"
},
"snapshots": {
"enabled": "true",
"updatePolicy": "always",
"checksumPolicy": "warn"
}
}
]
servers: >
[
{
"id": "maven-group",
"username": "${{ env.NEXUS_USERNAME }}",
"password": "${{ env.NEXUS_PASSWORD }}"
},
{
"id": "maven-snapshots",
"username": "${{ env.NEXUS_USERNAME }}",
"password": "${{ env.NEXUS_PASSWORD }}"
},
{
"id": "maven-releases",
"username": "${{ env.NEXUS_USERNAME }}",
"password": "${{ env.NEXUS_PASSWORD }}"
},
{
"id": "vulnz",
"username": "${{ env.VULNZ_USERNAME }}",
"password": "${{ env.VULNZ_PASSWORD }}"
}
]
mirrors: >
[
{
"id": "maven-group",
"name": "central",
"mirrorOf": "*",
"url": "https://nexus.w9r.dev/repository/maven-group/"
}
]
plugin_groups: >
[
"org.sonarsource.scanner.maven"
]
output_file: /root/.m2/settings.xml
- name: Setup Java
uses: https://github.com/actions/setup-java@v4
with:
distribution: 'temurin' # See 'Supported distributions' for available options
java-version: '21'
cache: 'maven'
check-latest: true
- name: Import Commit Signing GPG key
id: import-gpg
uses: https://github.com/crazy-max/ghaction-import-gpg@v6
with:
gpg_private_key: ${{ env.RELEASEBOT_PRIVATE_KEY }}
passphrase: ${{ env.RELEASEBOT_PASSPHRASE }}
git_user_signingkey: true
git_commit_gpgsign: true
- name: GPG user IDs
run: |
echo "fingerprint: ${{ steps.import-gpg.outputs.fingerprint }}"
echo "keyid: ${{ steps.import-gpg.outputs.keyid }}"
echo "name: ${{ steps.import-gpg.outputs.name }}"
echo "email: ${{ steps.import-gpg.outputs.email }}"
Reference in a new issue Copy permalink