Extract shared CI setup into composite action & harden workflow #450
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| pull_request: | |
| branches: [ "master" ] | |
| push: | |
| branches: [ "master" ] | |
| permissions: | |
| contents: read | |
| jobs: | |
| build: | |
| name: Build on ${{ matrix.os }} | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| matrix: | |
| include: | |
| - os: ubuntu-latest | |
| tasks: build | |
| - os: macos-latest | |
| tasks: > | |
| iosX64Test | |
| macosX64Test | |
| tvosX64Test | |
| watchosX64Test | |
| - os: windows-latest | |
| tasks: mingwX64Test | |
| steps: | |
| - name: Checkout Project | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| persist-credentials: false | |
| - name: Setup | |
| uses: ./.github/actions/setup | |
| - name: Audit GitHub Actions | |
| if: runner.os == 'Linux' | |
| uses: zizmorcore/zizmor-action@71321a20a9ded102f6e9ce5718a2fcec2c4f70d8 # v0.5.2 | |
| with: | |
| advanced-security: false | |
| - name: Build with Gradle Wrapper | |
| run: ./gradlew ${{ matrix.tasks }} | |
| publish: | |
| name: Publish on ${{ matrix.os }} | |
| runs-on: ${{ matrix.os }} | |
| if: github.ref == 'refs/heads/master' && github.repository == 'michaelbull/kotlin-result' | |
| needs: build | |
| environment: Maven Central | |
| strategy: | |
| matrix: | |
| include: | |
| - os: ubuntu-latest | |
| tasks: > | |
| publishAndroidNativeArm32PublicationToMavenCentralRepository | |
| publishAndroidNativeArm64PublicationToMavenCentralRepository | |
| publishAndroidNativeX64PublicationToMavenCentralRepository | |
| publishAndroidNativeX86PublicationToMavenCentralRepository | |
| publishJsPublicationToMavenCentralRepository | |
| publishJvmPublicationToMavenCentralRepository | |
| publishKotlinMultiplatformPublicationToMavenCentralRepository | |
| publishLinuxArm64PublicationToMavenCentralRepository | |
| publishLinuxX64PublicationToMavenCentralRepository | |
| publishWasmJsPublicationToMavenCentralRepository | |
| - os: windows-latest | |
| tasks: publishMingwX64PublicationToMavenCentralRepository | |
| - os: macos-latest | |
| tasks: > | |
| publishIosArm64PublicationToMavenCentralRepository | |
| publishIosSimulatorArm64PublicationToMavenCentralRepository | |
| publishIosX64PublicationToMavenCentralRepository | |
| publishMacosArm64PublicationToMavenCentralRepository | |
| publishMacosX64PublicationToMavenCentralRepository | |
| publishTvosArm64PublicationToMavenCentralRepository | |
| publishTvosSimulatorArm64PublicationToMavenCentralRepository | |
| publishTvosX64PublicationToMavenCentralRepository | |
| publishWatchosArm32PublicationToMavenCentralRepository | |
| publishWatchosArm64PublicationToMavenCentralRepository | |
| publishWatchosDeviceArm64PublicationToMavenCentralRepository | |
| publishWatchosSimulatorArm64PublicationToMavenCentralRepository | |
| publishWatchosX64PublicationToMavenCentralRepository | |
| steps: | |
| - name: Checkout Project | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| persist-credentials: false | |
| - name: Setup | |
| uses: ./.github/actions/setup | |
| - name: Publish with Gradle Wrapper | |
| run: ./gradlew ${{ matrix.tasks }} | |
| env: | |
| ORG_GRADLE_PROJECT_mavenCentralUsername: ${{ secrets.MAVEN_CENTRAL_USERNAME }} | |
| ORG_GRADLE_PROJECT_mavenCentralPassword: ${{ secrets.MAVEN_CENTRAL_PASSWORD }} | |
| ORG_GRADLE_PROJECT_signingInMemoryKey: ${{ secrets.SIGNING_KEY }} | |
| ORG_GRADLE_PROJECT_signingInMemoryKeyId: ${{ secrets.SIGNING_KEY_ID }} | |
| ORG_GRADLE_PROJECT_signingInMemoryKeyPassword: ${{ secrets.SIGNING_KEY_PASSWORD }} |