action-setup-environment/action.yml

---
# SPDX-License-Identifier: MIT
name: "Setup Java environment"
description: "Initialize Java Environment and retrieve secrets from Vault"
author: Oliver Weyhmüller
inputs:
  roleid:
    description: "Role ID of Approle"
    default: ""
  secretid:
    description: "Secret ID of Approle"
    default: ""
runs:
  using: "composite"
  steps:
    - name: "Import Secrets"
      id: "import-secrets"
      uses: "https://github.com/hashicorp/vault-action@v3"
      with:
        url: "https://vault.w9r.dev"
        method: "approle"
        role: "forgejo-ci"
        roleId: "${{ inputs.roleid }}"
        secretId: "${{ inputs.secretid }}"
        secrets: |
          kv/data/ci/nexus username | NEXUS_USERNAME ;
          kv/data/ci/nexus password | NEXUS_PASSWORD ;
          kv/data/ci/vulnz username | VULNZ_USERNAME ;
          kv/data/ci/vulnz password | VULNZ_PASSWORD ;
          kv/data/ci/releasebot gpgPrivateKey | RELEASEBOT_PRIVATE_KEY ;
          kv/data/ci/releasebot gpgPublicKey | RELEASEBOT_PUBLIC_KEY ;
          kv/data/ci/releasebot gpgPassphrase | RELEASEBOT_PASSPHRASE ;
          kv/data/ci/releasebot ciToken | JRELEASER_GITEA_TOKEN ;
          kv/data/ci/signing gpgPrivateKey | GPG_PRIVATE_KEY ;
          kv/data/ci/signing gpgPublicKey | GPG_PUBLIC_KEY ;
          kv/data/ci/signing gpgPassphrase | GPG_PASSPHRASE ;
          kv/data/ci/sonarqube sonarToken | SONARQUBE_TOKEN ;
          kv/data/ci/sonarqube sonarHost | SONARQUBE_HOST ;

    - name: "Set up Environment"
      shell: "bash"
      run: |
        apt update
        apt install -y zip
        mkdir -p /root/.jreleaser
        mkdir -p /root/.m2
        touch /root/.jreleaser/config.properties

    - name: "Install syft"
      uses: "https://github.com/anchore/sbom-action/download-syft@v0"
      id: "install_syft"
      with:
        syft-version: "v1.18.1"

    - name: "Setup Java and Maven"
      uses: "https://github.com/s4u/setup-maven-action@v1.18.0"
      with:
        checkout-fetch-depth: 0
        java-distribution: "temurin"
        java-version: 21
        cache: "maven"
        maven-version: 3.9.9
        settings-repositories: >
          [
            {
              "id": "maven-releases",
              "name": "Releases",
              "url": "https://nexus.w9r.dev/repository/maven-releases",
              "releases": {
                "enabled": "true",
                "updatePolicy": "always",
                "checksumPolicy": "warn"
              },
              "snapshots": {
                "enabled": "false",
                "updatePolicy": "always",
                "checksumPolicy": "fail"
              }
            },
            {
              "id": "maven-snapshots",
              "name": "Snapshots",
              "url": "https://nexus.w9r.dev/repository/maven-snapshots",
              "releases": {
                "enabled": "false",
                "updatePolicy": "always",
                "checksumPolicy": "warn"
              },
              "snapshots": {
                "enabled": "true",
                "updatePolicy": "always",
                "checksumPolicy": "warn"
              }
            }
          ]
        settings-servers: >
          [
            {
              "id": "maven-group",
              "username": "${{ env.NEXUS_USERNAME }}",
              "password": "${{ env.NEXUS_PASSWORD }}"
            },
            {
              "id": "maven-snapshots",
              "username": "${{ env.NEXUS_USERNAME }}",
              "password": "${{ env.NEXUS_PASSWORD }}"
            },
            {
              "id": "maven-releases",
              "username": "${{ env.NEXUS_USERNAME }}",
              "password": "${{ env.NEXUS_PASSWORD }}"
            },
            {
              "id": "vulnz",
              "username": "${{ env.VULNZ_USERNAME }}",
              "password": "${{ env.VULNZ_PASSWORD }}"
            }
          ]
        settings-mirrors: >
          [
            {
              "id": "maven-group",
              "name": "central",
              "mirrorOf": "*",
              "url": "https://nexus.w9r.dev/repository/maven-group/"
            }
          ]

    - name: "Import Commit Signing GPG key"
      id: "import-gpg"
      uses: "https://github.com/crazy-max/ghaction-import-gpg@v6"
      with:
        gpg_private_key: "${{ env.RELEASEBOT_PRIVATE_KEY }}"
        passphrase: "${{ env.RELEASEBOT_PASSPHRASE }}"
        git_user_signingkey: true
        git_commit_gpgsign: true

    - name: "GPG user IDs"
      shell: "bash"
      run: |
        echo "fingerprint: ${{ steps.import-gpg.outputs.fingerprint }}"
        echo "keyid:       ${{ steps.import-gpg.outputs.keyid }}"
        echo "name:        ${{ steps.import-gpg.outputs.name }}"
        echo "email:       ${{ steps.import-gpg.outputs.email }}"