Skip to content

Add version and optimised build flags for docker images as well (#286) #136

Add version and optimised build flags for docker images as well (#286)

Add version and optimised build flags for docker images as well (#286) #136

Workflow file for this run

name: Release
on:
push:
tags:
- 'v*'
permissions:
contents: write
jobs:
calculate-checksum:
runs-on: ubuntu-latest
outputs:
next_latest_tag: ${{ steps.next-latest-tag.outputs.next_latest_tag }}
prev_hash: ${{ steps.calc-checksum.outputs.prev_hash }}
hash: ${{ steps.calc-checksum.outputs.hash }}
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 30
fetch-tags: true
ref: ${{ github.event.repository.default_branch }}
sparse-checkout: .
- name: Get next latest tag
id: next-latest-tag
run: |
CURRENT_TAG=$(curl -s https://api.github.com/repos/${{ github.repository }}/releases/latest | jq -r '.tag_name')
PREVIOUS_TAG=$(git describe --tags --abbrev=0 $CURRENT_TAG^ --exclude release*)
echo "next_latest_tag=$PREVIOUS_TAG" >> $GITHUB_OUTPUT
- uses: actions/checkout@v4
with:
repository: 'debricked/soot-wrapper'
- name: Calculate checksum
id: calc-checksum
run: |
curl -LJO https://github.com/${{ github.repository }}/releases/download/${{ steps.next-latest-tag.outputs.next_latest_tag }}/soot-wrapper-rev-hash.txt
echo "hash=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT
if [ ! -f soot-wrapper-rev-hash.txt ]; then
touch soot-wrapper-rev-hash.txt
fi
echo "prev_hash=$(cat soot-wrapper-rev-hash.txt)" >> $GITHUB_OUTPUT
- name: Store soot-wrapper revision hash
run: |
echo ${{ steps.calc-checksum.outputs.hash }} > soot-wrapper-rev-hash.txt
- name: Upload file containing soot-wrapper revision hash
uses: actions/upload-artifact@v4
with:
name: soot-wrapper-rev-hash.txt
path: soot-wrapper-rev-hash.txt
overwrite: 'true'
soot-wrapper:
needs: calculate-checksum
runs-on: ubuntu-latest
strategy:
matrix:
java-version: [ 11, 17, 21 ]
steps:
- uses: actions/checkout@v4
with:
repository: 'debricked/soot-wrapper'
- name: Pull JAR from previous release if already built
if: needs.calculate-checksum.outputs.hash == needs.calculate-checksum.outputs.prev_hash
run: |
curl -LJO https://github.com/${{ github.repository }}/releases/download/${{ needs.calculate-checksum.outputs.next_latest_tag }}/soot-wrapper-${{ matrix.java-version }}.zip
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Set up JDK ${{ matrix.java-version }}
if: needs.calculate-checksum.outputs.hash != needs.calculate-checksum.outputs.prev_hash
uses: actions/setup-java@v4
with:
java-version: ${{ matrix.java-version }}
distribution: 'adopt'
- name: Build with Maven
if: needs.calculate-checksum.outputs.hash != needs.calculate-checksum.outputs.prev_hash
run: |
cd java/common/
mvn clean package -X -DskipTests
- name: Create archive with generated JARs
if: needs.calculate-checksum.outputs.hash != needs.calculate-checksum.outputs.prev_hash
run: |
cd java/common/target/
zip soot-wrapper-${{ matrix.java-version }}.zip SootWrapper.jar # Use only the jar which includes dependencies
mv soot-wrapper-${{ matrix.java-version }}.zip ../../../soot-wrapper-${{ matrix.java-version }}.zip
- name: Upload the archive
uses: actions/upload-artifact@v4
with:
name: soot-wrapper-${{ matrix.java-version }}.zip
path: soot-wrapper-${{ matrix.java-version }}.zip
overwrite: 'true'
goreleaser:
runs-on: ubuntu-latest
needs: soot-wrapper
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- run: git fetch --force --tags
- name: Install UPX
uses: crazy-max/ghaction-upx@v3
with:
install-only: true
- uses: actions/setup-go@v5
with:
go-version: '>=1.20'
cache: true
- name: Import GPG signing key
id: import_gpg
uses: crazy-max/ghaction-import-gpg@v6
with:
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
passphrase: ${{ secrets.GPG_PASSPHRASE }}
- name: Pull Supported Formats
run: |
cd cmd/debricked
go generate -v -x
- uses: goreleaser/goreleaser-action@v6
with:
distribution: goreleaser
version: latest
args: release --clean
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}
- name: Download JAR archives
uses: actions/download-artifact@v4
- name: Add archives with JARs to release
uses: softprops/action-gh-release@v2
if: startsWith(github.ref, 'refs/tags/')
with:
tag_name: ${{ github.ref_name }}
files: |
soot-wrapper-rev-hash.txt/soot-wrapper-rev-hash.txt
soot-wrapper-11.zip/soot-wrapper-11.zip
soot-wrapper-17.zip/soot-wrapper-17.zip
soot-wrapper-21.zip/soot-wrapper-21.zip
major-release:
runs-on: ubuntu-latest
needs: goreleaser
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Update major release tag
id: major-tag
run: |
# returns v1, v2, etc, everything to the left of the leftmost dot.
MAJOR_VERSION="${GITHUB_REF_NAME%%.*}"
MAJOR_TAG="release-${MAJOR_VERSION}"
echo "MAJOR_VERSION=${MAJOR_VERSION}" >> "$GITHUB_OUTPUT"
echo "MAJOR_TAG=${MAJOR_TAG}" >> "$GITHUB_OUTPUT"
git tag -f "${MAJOR_TAG}"
git push -f origin "${MAJOR_TAG}"
- name: Fetch assets from actual release
env:
MAJOR_TAG: ${{ steps.major-tag.outputs.MAJOR_TAG }}
GH_TOKEN: ${{ github.token }}
run: |
gh release download --pattern="cli_*.tar.gz" "${GITHUB_REF_NAME}"
- name: Create or update release
uses: softprops/action-gh-release@v2
with:
body: Latest release for the ${{ steps.major-tag.outputs.MAJOR_VERSION }} branch of the CLI
name: Latest ${{ steps.major-tag.outputs.MAJOR_VERSION }} CLI
tag_name: ${{ steps.major-tag.outputs.MAJOR_TAG }}
fail_on_unmatched_files: true
make_latest: false
files: "cli_*.tar.gz"
aur:
runs-on: ubuntu-latest
needs: goreleaser
container:
image: archlinux/archlinux:base-devel
steps:
- name: Prepare Arch Linux container
run: |
pacman -Syu --noconfirm git go openssh pacman-contrib
useradd -m aur
# Setup SSH access to aur.archlinux.org
- uses: webfactory/ssh-agent@v0.9.0
with:
ssh-private-key: ${{ secrets.AUR_SSH_PRIVATE_KEY }}
# Now actually clone AUR repo, and update to new version
- name: Build package and update AUR
run: |
export NEW_VERSION="${GITHUB_REF_NAME#v}"
sudo -u aur sh -c "mkdir -p /home/aur/.ssh && chmod 700 /home/aur/.ssh && touch /home/aur/.ssh/known_hosts && chmod 600 /home/aur/.ssh/known_hosts"
sudo -u aur sh -c "echo 'aur.archlinux.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEuBKrPzbawxA/k2g6NcyV5jmqwJ2s+zpgZGZ7tpLIcN' >> /home/aur/.ssh/known_hosts"
mkdir -p /root/.ssh && chmod 700 /root/.ssh && cp /home/aur/.ssh/known_hosts /root/.ssh/known_hosts && chown root: /root/.ssh/known_hosts
# clone repo
git clone aur@aur.archlinux.org:debricked.git debricked
chown -R aur debricked/
cd debricked/
sudo -u aur NEW_VERSION="${NEW_VERSION}" make update_version
sudo -u aur make package
sudo -u aur git diff
sudo -u aur git config user.email noreply@debricked.com
sudo -u aur git config user.name "Debricked build bot"
git config --global --add safe.directory "$PWD"
make push