w9r.dev/action-setup-environment
w9r.dev/action-setup-environment
3
0
Fork 0
Code Issues 1 Pull requests 2 Projects Releases Packages Wiki Activity Actions

feat: initial Version

Browse source
This commit is contained in:
Oliver Weyhmüller 2025-01-07 05:58:42 +01:00
commit 5a9915a5db
Signed by: oliver
GPG key ID: 5286794099F934A3
2 changed files with 219 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

78
.gitignore vendored Normal file
View file

@ -0,0 +1,78 @@
### Intellij+all template
# Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio, WebStorm and Rider
# Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839
# User-specific stuff
.idea/**/workspace.xml
.idea/**/tasks.xml
.idea/**/usage.statistics.xml
.idea/**/dictionaries
.idea/**/shelf
# AWS User-specific
.idea/**/aws.xml
# Generated files
.idea/**/contentModel.xml
# Sensitive or high-churn files
.idea/**/dataSources/
.idea/**/dataSources.ids
.idea/**/dataSources.local.xml
.idea/**/sqlDataSources.xml
.idea/**/dynamic.xml
.idea/**/uiDesigner.xml
.idea/**/dbnavigator.xml
# Gradle
.idea/**/gradle.xml
.idea/**/libraries
# Gradle and Maven with auto-import
# When using Gradle or Maven with auto-import, you should exclude module files,
# since they will be recreated, and may cause churn. Uncomment if using
# auto-import.
# .idea/artifacts
# .idea/compiler.xml
# .idea/jarRepositories.xml
# .idea/modules.xml
# .idea/*.iml
# .idea/modules
# *.iml
# *.ipr
# CMake
cmake-build-*/
# Mongo Explorer plugin
.idea/**/mongoSettings.xml
# File-based project format
*.iws
# IntelliJ
out/
# mpeltonen/sbt-idea plugin
.idea_modules/
# JIRA plugin
atlassian-ide-plugin.xml
# Cursive Clojure plugin
.idea/replstate.xml
# SonarLint plugin
.idea/sonarlint/
# Crashlytics plugin (for Android Studio and IntelliJ)
com_crashlytics_export_strings.xml
crashlytics.properties
crashlytics-build.properties
fabric.properties
# Editor-based Rest Client
.idea/httpRequests
# Android studio 3.1+ serialized cache file
.idea/caches/build_file_checksums.ser

141
action.yml Normal file
View file

@ -0,0 +1,141 @@
---
name: 'Setup Java environment'
description: 'Initialise Java Environment and retrieve secrets from Vault'
runs:
using: 'composite'
steps:
- name: Import Secrets
id: import-secrets
uses: https://github.com/hashicorp/vault-action@v2
with:
url: https://vault.w9r.dev
method: approle
roleId: ${{ secrets.VAULT_ROLE_ID }}
secretId: ${{ secrets.VAULT_SECRET_ID }}
secrets: |
kv/data/ci/nexus username | NEXUS_USERNAME ;
kv/data/ci/nexus password | NEXUS_PASSWORD ;
kv/data/ci/vulnz username | VULNZ_USERNAME ;
kv/data/ci/vulnz password | VULNZ_PASSWORD ;
kv/data/ci/releasebot gpgPrivateKey | RELEASEBOT_PRIVATE_KEY ;
kv/data/ci/releasebot gpgPublicKey | RELEASEBOT_PUBLIC_KEY ;
kv/data/ci/releasebot gpgPassphrease | RELEASEBOT_PASSPHRASE ;
kv/data/ci/releasebot ciToken | JRELEASER_GITEA_TOKEN ;
kv/data/ci/signing gpgPrivateKey | GPG_PRIVATE_KEY ;
kv/data/ci/signing gpgPublicKey | GPG_PUBLIC_KEY ;
kv/data/ci/signing gpgPassphrease | GPG_PASSPHRASE ;
kv/data/ci/sonarqube sonarToken | SONARQUBE_TOKEN ;
kv/data/ci/sonarqube sonarHost | SONARQUBE_HOST ;
- name: Set up Environment
run: |
apt update
apt install -y zip
mkdir -p /root/.jreleaser
mkdir -p /root/.m2
touch /root/.jreleaser/config.properties
- name: Install syft
uses: https://github.com/anchore/sbom-action/download-syft@v0
id: install_syft
with:
syft-version: v1.18.1
- name: maven-settings-xml-action
uses: https://github.com/whelk-io/maven-settings-xml-action@v22
with:
repositories: >
[
{
"id": "maven-releases",
"name": "Releases",
"url": "https://nexus.w9r.dev/repository/maven-releases",
"releases": {
"enabled": "true",
"updatePolicy": "always",
"checksumPolicy": "warn"
},
"snapshots": {
"enabled": "false",
"updatePolicy": "always",
"checksumPolicy": "fail"
}
},
{
"id": "maven-snapshots",
"name": "Snapshots",
"url": "https://nexus.w9r.dev/repository/maven-snapshots",
"releases": {
"enabled": "false",
"updatePolicy": "always",
"checksumPolicy": "warn"
},
"snapshots": {
"enabled": "true",
"updatePolicy": "always",
"checksumPolicy": "warn"
}
}
]
servers: >
[
{
"id": "maven-group",
"username": "${{ env.NEXUS_USERNAME }}",
"password": "${{ env.NEXUS_PASSWORD }}"
},
{
"id": "maven-snapshots",
"username": "${{ env.NEXUS_USERNAME }}",
"password": "${{ env.NEXUS_PASSWORD }}"
},
{
"id": "maven-releases",
"username": "${{ env.NEXUS_USERNAME }}",
"password": "${{ env.NEXUS_PASSWORD }}"
},
{
"id": "vulnz",
"username": "${{ env.VULNZ_USERNAME }}",
"password": "${{ env.VULNZ_PASSWORD }}"
}
]
mirrors: >
[
{
"id": "maven-group",
"name": "central",
"mirrorOf": "*",
"url": "https://nexus.w9r.dev/repository/maven-group/"
}
]
plugin_groups: >
[
"org.sonarsource.scanner.maven"
]
output_file: /root/.m2/settings.xml
- name: Setup Java
uses: https://github.com/actions/setup-java@v4
with:
distribution: 'temurin' # See 'Supported distributions' for available options
java-version: '21'
cache: 'maven'
check-latest: true
- name: Import Commit Signing GPG key
id: import-gpg
uses: https://github.com/crazy-max/ghaction-import-gpg@v6
with:
gpg_private_key: ${{ env.RELEASEBOT_PRIVATE_KEY }}
passphrase: ${{ env.RELEASEBOT_PASSPHRASE }}
git_user_signingkey: true
git_commit_gpgsign: true
- name: GPG user IDs
run: |
echo "fingerprint: ${{ steps.import-gpg.outputs.fingerprint }}"
echo "keyid: ${{ steps.import-gpg.outputs.keyid }}"
echo "name: ${{ steps.import-gpg.outputs.name }}"
echo "email: ${{ steps.import-gpg.outputs.email }}"