--- # SPDX-License-Identifier: MIT name: "Setup Java environment" description: "Initialize Java Environment and retrieve secrets from Vault" author: Oliver Weyhmüller inputs: roleid: description: "Role ID of Approle" default: "" secretid: description: "Secret ID of Approle" default: "" outputs: gituser: description: User to use for git operations value: ${{ steps.import-gpg.outputs.name }} gitemail: description: Email to use for git operations value: ${{ steps.import-gpg.outputs.email }} runs: using: "composite" steps: - name: "Import Secrets" id: "import-secrets" uses: "https://github.com/hashicorp/vault-action@d1720f055e0635fd932a1d2a48f87a666a57906c" # v3 with: url: "https://vault.w9r.dev" method: "approle" role: "forgejo-ci" roleId: "${{ inputs.roleid }}" secretId: "${{ inputs.secretid }}" secrets: | kv/data/ci/nexus username | MAVEN_USERNAME ; kv/data/ci/nexus password | MAVEN_CENTRAL_TOKEN ; kv/data/ci/nexus username | JRELEASER_ARTIFACTORY_USERNAME ; kv/data/ci/nexus password | JRELEASER_ARTIFACTORY_TOKEN ; kv/data/ci/vulnz username | VULNZ_USERNAME ; kv/data/ci/vulnz password | VULNZ_PASSWORD ; kv/data/ci/releasebot gpgPrivateKey | JRELEASER_GPG_SECRET_KEY ; kv/data/ci/releasebot gpgPublicKey | JRELEASER_GPG_PUBLIC_KEY ; kv/data/ci/releasebot gpgPassphrase | JRELEASER_GPG_PASSPHRASE ; kv/data/ci/releasebot ciToken | JRELEASER_GITEA_TOKEN ; kv/data/ci/signing gpgPrivateKey | GPG_PRIVATE_KEY ; kv/data/ci/signing gpgPublicKey | GPG_PUBLIC_KEY ; kv/data/ci/signing gpgPassphrase | MAVEN_GPG_PASSPHRASE ; kv/data/ci/sonarqube sonarToken | SONAR_TOKEN ; kv/data/ci/sonarqube sonarHost | SONAR_HOST_URL ; - name: "Set up Environment" shell: "bash" run: | apt update apt install -y zip zstd mkdir -p /root/.jreleaser mkdir -p /root/.m2 touch /root/.jreleaser/config.properties - name: "Install syft" uses: "https://github.com/anchore/sbom-action/download-syft@df80a981bc6edbc4e220a492d3cbe9f5547a6e75" # v0 id: "install_syft" with: syft-version: "v1.18.1" - name: "Setup Java and Maven" uses: "https://github.com/s4u/setup-maven-action@4f7fb9d9675e899ca81c6161dadbba0189a4ebb1" # v1.18.0 with: checkout-fetch-depth: 0 java-distribution: "temurin" java-version: 21 maven-version: 3.9.9 settings-repositories: > [ { "id": "maven-releases", "name": "Releases", "url": "https://nexus.w9r.dev/repository/maven-releases", "releases": { "enabled": "true", "updatePolicy": "always", "checksumPolicy": "warn" }, "snapshots": { "enabled": "false", "updatePolicy": "always", "checksumPolicy": "fail" } }, { "id": "maven-snapshots", "name": "Snapshots", "url": "https://nexus.w9r.dev/repository/maven-snapshots", "releases": { "enabled": "false", "updatePolicy": "always", "checksumPolicy": "warn" }, "snapshots": { "enabled": "true", "updatePolicy": "always", "checksumPolicy": "warn" } } ] settings-servers: > [ { "id": "maven-group", "username": "${{ env.MAVEN_USERNAME }}", "password": "${{ env.MAVEN_CENTRAL_TOKEN }}" }, { "id": "maven-snapshots", "username": "${{ env.MAVEN_USERNAME }}", "password": "${{ env.MAVEN_CENTRAL_TOKEN }}" }, { "id": "maven-releases", "username": "${{ env.MAVEN_USERNAME }}", "password": "${{ env.MAVEN_CENTRAL_TOKEN }}" }, { "id": "vulnz", "username": "${{ env.VULNZ_USERNAME }}", "password": "${{ env.VULNZ_PASSWORD }}" } ] settings-mirrors: > [ { "id": "maven-group", "name": "central", "mirrorOf": "*", "url": "https://nexus.w9r.dev/repository/maven-group/" } ] - name: "Import Commit Signing GPG key" id: "import-gpg" uses: "https://github.com/crazy-max/ghaction-import-gpg@cb9bde2e2525e640591a934b1fd28eef1dcaf5e5" # v6 with: gpg_private_key: "${{ env.JRELEASER_GPG_SECRET_KEY }}" passphrase: "${{ env.JRELEASER_GPG_PASSPHRASE }}" git_user_signingkey: true git_commit_gpgsign: true - name: "GPG user IDs" shell: "bash" run: | echo "fingerprint: ${{ steps.import-gpg.outputs.fingerprint }}" echo "keyid: ${{ steps.import-gpg.outputs.keyid }}" echo "name: ${{ steps.import-gpg.outputs.name }}" echo "email: ${{ steps.import-gpg.outputs.email }}"