Skip to content
Build

Build #853

Sign in to view logs

Build

Build #853

Workflow file for this run

.github/workflows/build.yml at 51b99f8
name: Build
on:
workflow_dispatch:
inputs: {}
push:
branches: [ "develop" ]
tags: [ "v**" ]
pull_request:
branches: [ "develop" ]
jobs:
checksecret:
runs-on: ubuntu-latest
outputs:
HAVE_SECRETS: ${{ steps.checksecret_job.outputs.HAVE_SECRETS }}
steps:
- id: checksecret_job
env:
TOKEN_BITWARDEN_SM: ${{ secrets.TOKEN_BITWARDEN_SM }}
run: |
echo "HAVE_SECRETS=${{ env.TOKEN_BITWARDEN_SM != '' }}" >> $GITHUB_OUTPUT
build:
runs-on: ubuntu-latest
needs: [ 'checksecret' ]
strategy:
fail-fast: false
matrix:
scala: [ '2.12', '2.13', '3' ]
steps:
- uses: 7mind/github-env@minimal
- name: Build and Test
env:
SCALA_VERSION: ${{ matrix.scala }}
run: ./run --nix :gen :coverage
- uses: bitwarden/sm-action@v2
if: needs.checksecret.outputs.HAVE_SECRETS == 'true'
with:
access_token: ${{ secrets.TOKEN_BITWARDEN_SM }}
secrets: |
5e21669e-48b4-49ce-82f0-b193010a2ded > TOKEN_CODECOV
- uses: codecov/codecov-action@v4
if: needs.checksecret.outputs.HAVE_SECRETS == 'true'
with:
token: ${{ env.TOKEN_CODECOV }}
verbose: true # optional (default = false)
fail_ci_if_error: true
files: "**/cobertura.xml"
# TODO: do we need scoverage.xml? If so files: may be just omitted
# files: cobertura.xml,scoverage.xml
# flags: unittests
test-compiler:
runs-on: ubuntu-latest
needs: [ 'checksecret' ]
strategy:
fail-fast: false
matrix:
test: [ ':test-scala', ':test-cs', ':test-ts', ':test-pb' ]
scala: [ '2.12', '2.13' ]
steps:
- uses: 7mind/github-env@minimal
- name: Test compiler
env:
SCALA_VERSION: ${{ matrix.scala }}
run: ./run --nix :gen ${{ matrix.test }}
- uses: dorny/test-reporter@v1
if: (needs.checksecret.outputs.HAVE_SECRETS == 'true') && (success() || failure())
with:
name: Test reports (${{ matrix.test }}, Scala ${{ matrix.scala }})
path: '**/target/spec-reports/**/*.xml'
reporter: java-junit
publish-npm:
runs-on: ubuntu-latest
needs: [ 'checksecret', 'test-compiler' ]
if: needs.checksecret.outputs.HAVE_SECRETS == 'true'
permissions:
contents: read
id-token: write
steps:
- uses: 7mind/github-env@minimal
with:
cache-scala: false
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: "24"
registry-url: "https://registry.npmjs.org"
- name: Publish NPM artifacts
env:
SCALA_VERSION: 2.13 # not used
run: ./run --nix :publish-npm
publish-nuget:
runs-on: ubuntu-latest
needs: [ 'checksecret', 'test-compiler' ]
if: needs.checksecret.outputs.HAVE_SECRETS == 'true'
steps:
- uses: 7mind/github-env@minimal
with:
cache-scala: false
- uses: bitwarden/sm-action@v2
with:
access_token: ${{ secrets.TOKEN_BITWARDEN_SM }}
secrets: |
637c5cad-a680-4ea3-ac8b-b193010bee40 > TOKEN_NUGET
- name: Publish Nuget artifacts
env:
SCALA_VERSION: 2.13 # not used
run: ./run --nix :publish-nuget
publish-scala:
runs-on: ubuntu-latest
needs: [ 'build', 'test-compiler', 'checksecret' ]
if: needs.checksecret.outputs.HAVE_SECRETS == 'true'
strategy:
fail-fast: false
matrix:
scala: [ '2.12', '2.13', '3' ]
steps:
- uses: 7mind/github-env@minimal
- uses: bitwarden/sm-action@v2
with:
access_token: ${{ secrets.TOKEN_BITWARDEN_SM }}
secrets: |
994f97a2-97a4-4fe1-806a-b1930104435f > SONATYPE_CREDENTIALS_FILE
749f4227-9f11-4ceb-9121-b1930110c3a9 > OPENSSL_KEY
a2fe5b5b-5f3f-47f8-961c-b1930110cea7 > OPENSSL_IV
- name: Build and Publish to Sonatype
env:
SONATYPE_SECRET: .secrets/credentials.sonatype-nexus.properties
SCALA_VERSION: ${{ matrix.scala }}
run: |
set -x
set -e
if [[ "$CI_PULL_REQUEST" == "false" ]] ; then
mkdir .secrets
echo "$SONATYPE_CREDENTIALS_FILE" > "$SONATYPE_SECRET"
openssl aes-256-cbc -K ${OPENSSL_KEY} -iv ${OPENSSL_IV} -in secrets.tar.enc -out secrets.tar -d
tar xvf secrets.tar
fi
./run --nix :gen :publish-scala
all-good:
if: always()
runs-on: ubuntu-latest
needs: [ 'build' ]
steps:
- name: Decide whether the needed jobs succeeded or failed
uses: re-actors/alls-green@release/v1
with:
jobs: ${{ toJSON(needs) }}