cryptomator/.github/workflows/build.yml

name: Build

on:
  push:
  pull_request_target:
    types: [labeled]

env:
  JAVA_VERSION: 17

defaults:
  run:
    shell: bash

jobs:
  release-check-precondition:
    name: Validate pushed commit to release/hotfix branch or pushed tag
    runs-on: ubuntu-latest
    if: startsWith(github.ref, 'refs/tags/') || startsWith(github.ref, 'refs/heads/hotfix/') || startsWith(github.ref, 'refs/heads/release/')
    steps:
      - uses: actions/checkout@v2
      - id: validate-pom-version
        name: Validate POM version
        run: |
          if [[ $GITHUB_REF =~ refs/heads/(hotfix|release)/[0-9]+\.[0-9]+\.[0-9]+.* ]]; then
            SEM_VER_STR=${GITHUB_REF##*/}
          elif [[ $GITHUB_REF =~ refs/tags/[0-9]+\.[0-9]+\.[0-9]+.* ]]; then
            SEM_VER_STR=${GITHUB_REF##*/}
          else
            echo "Failed to parse version"
            exit 1
          fi

          if [[ ${SEM_VER_STR} == `mvn help:evaluate -Dexpression=project.version -q -DforceStdout` ]]; then
            echo "::set-output name=semVerStr::${SEM_VER_STR}"
          else
            echo "Version not set in POM"
            exit 1
          fi
      - name: Validate release in org.cryptomator.Cryptomator.metainfo.xml file
        run: |
          if ! grep -q "<release date=\".*\" version=\"${{ steps.validate-pom-version.outputs.semVerStr }}\"/>" dist/linux/common/org.cryptomator.Cryptomator.metainfo.xml; then
            echo "Release not set in dist/linux/common/org.cryptomator.Cryptomator.metainfo.xml"
            exit 1
          fi
  test:
    name: Compile and Test
    needs: release-check-precondition
    runs-on: ubuntu-latest
    if: "always() && (needs.release-check-precondition.result=='success' || needs.release-check-precondition.result=='skipped') && !contains(github.event.head_commit.message, '[ci skip]') && !contains(github.event.head_commit.message, '[skip ci]')"
    steps:
      - uses: actions/checkout@v2
      - uses: actions/setup-java@v2
        with:
          distribution: 'temurin'
          java-version: ${{ env.JAVA_VERSION }}
          cache: 'maven'
      - name: Cache SonarCloud packages
        uses: actions/cache@v2
        with:
          path: ~/.sonar/cache
          key: ${{ runner.os }}-sonar
          restore-keys: ${{ runner.os }}-sonar
      - name: Build and Test
        run: >
          xvfb-run
          mvn -B verify
          jacoco:report
          org.sonarsource.scanner.maven:sonar-maven-plugin:sonar
          -Pcoverage,dependency-check
          -Dsonar.projectKey=cryptomator_cryptomator
          -Dsonar.organization=cryptomator
          -Dsonar.host.url=https://sonarcloud.io
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
      - name: Sign source tarball with key 615D449FE6E6A235
        if: startsWith(github.ref, 'refs/tags/')
        run: |
          git archive --prefix="cryptomator-${{ github.ref_name }}/" -o "cryptomator-${{ github.ref_name }}.tar.gz" ${{ github.ref }}
          echo "${GPG_PRIVATE_KEY}" | gpg --batch --quiet --import
          echo "${GPG_PASSPHRASE}" | gpg --batch --quiet --passphrase-fd 0 --pinentry-mode loopback -u 615D449FE6E6A235 --detach-sign -a cryptomator-*.tar.gz
        env:
          GPG_PRIVATE_KEY: ${{ secrets.RELEASES_GPG_PRIVATE_KEY }}
          GPG_PASSPHRASE: ${{ secrets.RELEASES_GPG_PASSPHRASE }}
      - name: Draft a release
        if: startsWith(github.ref, 'refs/tags/')
        uses: softprops/action-gh-release@v1
        with:
          draft: true
          discussion_category_name: releases
          token: ${{ secrets.CRYPTOBOT_RELEASE_TOKEN }}
          generate_release_notes: true
          files: |
            cryptomator-*.tar.gz.asc
          fail_on_unmatched_files: true
          body: |-
            :construction: Work in Progress
            
            ---