Merge pull request #10164 from JabRef/dependabot/gradle/com.tngtech.a… #328
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Deployment | |
on: | |
workflow_dispatch: | |
inputs: | |
notarization: | |
type: boolean | |
required: false | |
default: false | |
push: | |
branches: | |
- main | |
- main-release | |
paths-ignore: | |
- 'docs/**' | |
- 'src/test/**' | |
- 'README.md' | |
tags: | |
- '*' | |
pull_request: | |
paths-ignore: | |
- 'docs/**' | |
- 'src/test/**' | |
- 'README.md' | |
env: | |
SpringerNatureAPIKey: ${{ secrets.SpringerNatureAPIKey }} | |
AstrophysicsDataSystemAPIKey: ${{ secrets.AstrophysicsDataSystemAPIKey }} | |
IEEEAPIKey: ${{ secrets.IEEEAPIKey }} | |
BiodiversityHeritageApiKey: ${{ secrets.BiodiversityHeritageApiKey}} | |
OSXCERT: ${{ secrets.OSX_SIGNING_CERT }} | |
GRADLE_OPTS: -Xmx4g -Dorg.gradle.daemon=false -Dorg.gradle.vfs.watch=false | |
JAVA_OPTS: -Xmx4g | |
JDK21: "" | |
concurrency: | |
group: ${{ github.ref }} | |
cancel-in-progress: true | |
jobs: | |
build: | |
strategy: | |
fail-fast: false | |
matrix: | |
os: [ubuntu-latest, windows-latest, macos-latest] | |
include: | |
- os: ubuntu-latest | |
displayName: linux | |
archivePortable: tar -c -C build/distribution JabRef | pigz --rsyncable > build/distribution/JabRef-portable_linux.tar.gz && rm -R build/distribution/JabRef | |
eaJdk: https://files.jabref.org/jdks/jdk-linux-x64.tar.gz | |
- os: windows-latest | |
displayName: windows | |
archivePortable: 7z a -r build/distribution/JabRef-portable_windows.zip ./build/distribution/JabRef && rm -R build/distribution/JabRef | |
eaJDK: https://files.jabref.org/jdks/jdk-windows-x64.zip | |
- os: macos-latest | |
displayName: macOS | |
archivePortable: brew install pigz && tar -c -C build/distribution JabRef.app | pigz --rsyncable > build/distribution/JabRef-portable_macos.tar.gz && rm -R build/distribution/JabRef.app | |
eaJDK: https://files.jabref.org/jdks/jdk-macos-x64.tar.gz | |
runs-on: ${{ matrix.os }} | |
name: Create installer and portable version for ${{ matrix.displayName }} | |
steps: | |
- name: Check secrets presence | |
id: checksecrets | |
shell: bash | |
run: | | |
if [ "$BUILDJABREFPRIVATEKEY" == "" ]; then | |
echo "secretspresent=NO" >> $GITHUB_OUTPUT | |
else | |
echo "secretspresent=YES" >> $GITHUB_OUTPUT | |
fi | |
env: | |
BUILDJABREFPRIVATEKEY: ${{ secrets.buildJabRefPrivateKey }} | |
- name: Fetch all history for all tags and branches | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: Install GitVersion | |
uses: gittools/actions/gitversion/[email protected] | |
with: | |
versionSpec: "5.x" | |
- name: Run GitVersion | |
id: gitversion | |
uses: gittools/actions/gitversion/[email protected] | |
- name: Set up JDK | |
uses: actions/setup-java@v3 | |
with: | |
java-version: 20 | |
distribution: 'temurin' | |
cache: 'gradle' | |
- name: setup jdk JabRef-fix (windows) | |
if: (matrix.os == 'windows-latest') | |
shell: bash | |
run: | | |
mkdir ${{runner.temp}}\jdk | |
curl -kLsS ${{matrix.eaJDK}} -o temp.zip && 7z x temp.zip -o"$(cygpath -u "$RUNNER_TEMP\jdk")" | |
echo "JDK21=${{runner.temp}}\jdk\jdk-21" >> "$GITHUB_ENV" | |
ls "$(cygpath -u "$RUNNER_TEMP\jdk\jdk-21")" | |
echo "org.gradle.java.installations.paths=${{runner.temp}}\jdk\jdk-21" | sed "s/\\\\/\\\\\\\\/g" >> gradle.properties | |
echo "org.gradle.java.installations.auto-detect=false" >> gradle.properties | |
cat gradle.properties | |
sed -i "s/JavaLanguageVersion.of(20)/JavaLanguageVersion.of(21)/" build.gradle | |
- name: setup jdk JabRef-fix (ubuntu) | |
if: (matrix.os == 'ubuntu-latest') | |
shell: bash | |
run: | | |
mkdir ${{runner.temp}}/jdk | |
wget -qO- ${{matrix.eaJDK}} | tar xz -C ${{runner.temp}}/jdk | |
echo "JDK21=${{runner.temp}}/jdk/jdk-21" >> "$GITHUB_ENV" | |
ls ${{runner.temp}}/jdk | |
echo "org.gradle.java.installations.paths=${{runner.temp}}/jdk/jdk-21" >> gradle.properties | |
echo "org.gradle.java.installations.auto-detect=false" >> gradle.properties | |
cat gradle.properties | |
sed -i "s/JavaLanguageVersion.of(20)/JavaLanguageVersion.of(21)/" build.gradle | |
- name: setup jdk JabRef-fix (macos) | |
if: (matrix.os == 'macos-latest') | |
shell: bash | |
run: | | |
mkdir ${{runner.temp}}/jdk | |
wget -qO- ${{matrix.eaJDK}} | tar xz -C ${{runner.temp}}/jdk | |
mv ${{runner.temp}}/jdk/jdk-21.jdk ${{runner.temp}}/jdk/jdk-21 | |
echo "JDK21=${{runner.temp}}/jdk/jdk-21" >> "$GITHUB_ENV" | |
ls ${{runner.temp}}/jdk | |
echo "org.gradle.java.installations.paths=${{runner.temp}}/jdk/jdk-21" >> gradle.properties | |
echo "org.gradle.java.installations.auto-detect=false" >> gradle.properties | |
cat gradle.properties | |
sed -i'.bak' -e "s/JavaLanguageVersion.of(20)/JavaLanguageVersion.of(21)/" build.gradle | |
- name: Setup OSX key chain (macos) | |
if: (matrix.os == 'macos-latest') && (steps.checksecrets.outputs.secretspresent == 'YES') | |
uses: apple-actions/import-codesign-certs@v2 | |
with: | |
p12-file-base64: ${{ secrets.OSX_SIGNING_CERT }} | |
p12-password: ${{ secrets.OSX_CERT_PWD }} | |
keychain-password: jabref | |
- name: Setup OSX key chain on OSX for app id cert (macos) | |
if: (matrix.os == 'macos-latest') && (steps.checksecrets.outputs.secretspresent == 'YES') | |
uses: apple-actions/import-codesign-certs@v2 | |
with: | |
p12-file-base64: ${{ secrets.OSX_SIGNING_CERT_APPLICATION }} | |
p12-password: ${{ secrets.OSX_CERT_PWD }} | |
create-keychain: false | |
keychain-password: jabref | |
- name: Build runtime image (non-macos) | |
if: (matrix.os != 'macos-latest') | |
run: ./gradlew -i -PprojVersion="${{ steps.gitversion.outputs.AssemblySemVer }}" -PprojVersionInfo="${{ steps.gitversion.outputs.InformationalVersion }}" jlinkZip | |
- name: Prepare merged jars and modules dir (macos) | |
if: (matrix.os == 'macos-latest') && (steps.checksecrets.outputs.secretspresent == 'YES') | |
run: ./gradlew -i -PprojVersion="${{ steps.gitversion.outputs.AssemblySemVer }}" -PprojVersionInfo="${{ steps.gitversion.outputs.InformationalVersion }}" prepareModulesDir | |
- name: Build installer (non-macos) | |
if: (matrix.os != 'macos-latest') | |
shell: bash | |
run: ./gradlew -i -PprojVersion="${{ steps.gitversion.outputs.AssemblySemVer }}" -PprojVersionInfo="${{ steps.gitversion.outputs.InformationalVersion }}" jpackage | |
- name: Build dmg (macos) | |
if: (matrix.os == 'macos-latest') && (steps.checksecrets.outputs.secretspresent == 'YES') | |
shell: bash | |
run: | | |
${{env.JDK21}}/Contents/Home/bin/jpackage \ | |
--module org.jabref/org.jabref.cli.Launcher \ | |
--module-path ${{env.JDK21}}/Contents/Home/jmods/:build/jlinkbase/jlinkjars \ | |
--add-modules org.jabref,org.jabref.merged.module \ | |
--dest build/distribution \ | |
--name JabRef \ | |
--app-version ${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }} \ | |
--verbose \ | |
--mac-sign \ | |
--vendor JabRef \ | |
--mac-package-identifier Jabref \ | |
--mac-package-name JabRef \ | |
--type dmg --mac-signing-key-user-name "JabRef e.V. (6792V39SK3)" \ | |
--mac-package-signing-prefix org.jabref \ | |
--mac-entitlements buildres/mac/jabref.entitlements \ | |
--icon src/main/resources/icons/jabref.icns \ | |
--resource-dir buildres/mac \ | |
--file-associations buildres/mac/bibtexAssociations.properties \ | |
--jlink-options --bind-services | |
- name: Build pkg (macos) | |
if: (matrix.os == 'macos-latest') && (steps.checksecrets.outputs.secretspresent == 'YES') | |
shell: bash | |
run: | | |
${{env.JDK21}}/Contents/Home/bin/jpackage \ | |
--module org.jabref/org.jabref.cli.Launcher \ | |
--module-path ${{env.JDK21}}/Contents/Home/jmods/:build/jlinkbase/jlinkjars \ | |
--add-modules org.jabref,org.jabref.merged.module \ | |
--dest build/distribution \ | |
--name JabRef \ | |
--app-version ${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }} \ | |
--verbose \ | |
--mac-sign \ | |
--vendor JabRef \ | |
--mac-package-identifier Jabref \ | |
--mac-package-name JabRef \ | |
--type pkg --mac-signing-key-user-name "JabRef e.V. (6792V39SK3)" \ | |
--mac-package-signing-prefix org.jabref \ | |
--mac-entitlements buildres/mac/jabref.entitlements \ | |
--icon src/main/resources/icons/jabref.icns \ | |
--resource-dir buildres/mac \ | |
--file-associations buildres/mac/bibtexAssociations.properties \ | |
--jlink-options --bind-services | |
- name: Package application image (non-macos) | |
if: (matrix.os != 'macos-latest') | |
shell: bash | |
run: ${{ matrix.archivePortable }} | |
- name: Rename files | |
if: (matrix.os != 'macos-latest') || (steps.checksecrets.outputs.secretspresent == 'YES') | |
shell: pwsh | |
run: | | |
get-childitem -Path build/distribution/* | rename-item -NewName {$_.name -replace "${{ steps.gitversion.outputs.AssemblySemVer }}","${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}"} | |
get-childitem -Path build/distribution/* | rename-item -NewName {$_.name -replace "portable","${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}-portable"} | |
- name: Repack deb file for Debian (compression) | |
if: (matrix.os == 'ubuntu-latest') | |
shell: bash | |
run: | | |
cd build/distribution | |
ar x jabref_${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}_amd64.deb | |
zstd -d < control.tar.zst | xz > control.tar.xz | |
zstd -d < data.tar.zst | xz > data.tar.xz | |
ar -m -c -a sdsd jabref_${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}_amd64_repackaged.deb debian-binary control.tar.xz data.tar.xz | |
rm debian-binary control.tar.* data.tar.* | |
mv -f jabref_${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}_amd64_repackaged.deb jabref_${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}_amd64.deb | |
- name: Upload to builds.jabref.org (ubuntu) | |
if: (matrix.os == 'ubuntu-latest') && (steps.checksecrets.outputs.secretspresent == 'YES') | |
uses: Pendect/[email protected] | |
env: | |
DEPLOY_KEY: ${{ secrets.buildJabRefPrivateKey }} | |
with: | |
flags: -vaz --itemize-changes --stats --partial-dir=/tmp/partial --rsync-path="mkdir -p /var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }} && rsync" | |
options: '' | |
ssh_options: '-p 9922' | |
src: 'build/distribution/' | |
dest: [email protected]:/var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }}/ | |
- name: Upload to GitHub workflow artifacts store (windows) | |
if: (matrix.os == 'windows-latest') | |
uses: actions/upload-artifact@v3 | |
with: | |
name: JabRef-${{ matrix.displayName }} | |
path: build/distribution | |
- name: Upload to GitHub workflow artifacts store (macos) | |
if: (matrix.os == 'macos-latest') && (steps.checksecrets.outputs.secretspresent == 'YES') | |
uses: actions/upload-artifact@v3 | |
with: | |
# tbn = to-be-notarized | |
name: JabRef-macOS-tbn | |
path: build/distribution | |
notarize: # outsourced in a separate job to be able to rerun if this fails for timeouts | |
name: Notarize and package Mac OS binaries | |
runs-on: macos-latest | |
needs: [build] | |
steps: | |
- name: Check secrets presence | |
id: checksecrets | |
shell: bash | |
run: | | |
if [ "$BUILDJABREFPRIVATEKEY" == "" ]; then | |
echo "secretspresent=NO" >> $GITHUB_OUTPUT | |
else | |
echo "secretspresent=YES" >> $GITHUB_OUTPUT | |
fi | |
env: | |
BUILDJABREFPRIVATEKEY: ${{ secrets.buildJabRefPrivateKey }} | |
- name: Fetch all history for all tags and branches | |
if: steps.checksecrets.outputs.secretspresent == 'YES' | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: Install GitVersion | |
if: steps.checksecrets.outputs.secretspresent == 'YES' | |
uses: gittools/actions/gitversion/[email protected] | |
with: | |
versionSpec: "5.x" | |
- name: Run GitVersion | |
if: steps.checksecrets.outputs.secretspresent == 'YES' | |
id: gitversion | |
uses: gittools/actions/gitversion/[email protected] | |
- name: Get macOS binaries | |
if: steps.checksecrets.outputs.secretspresent == 'YES' | |
uses: actions/download-artifact@master | |
with: | |
name: JabRef-macOS-tbn | |
path: build/distribution/ | |
- name: Notarize dmg | |
if: (steps.checksecrets.outputs.secretspresent == 'YES') && (startsWith(github.ref, 'refs/tags/') || inputs.notarization == true) | |
shell: bash | |
run: | | |
xcrun notarytool store-credentials "notarytool-profile" --apple-id "[email protected]" --team-id "6792V39SK3" --password "${{ secrets.OSX_NOTARIZATION_APP_PWD }}" | |
xcrun notarytool submit build/distribution/JabRef-${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}.dmg --keychain-profile "notarytool-profile" --wait | |
xcrun stapler staple build/distribution/JabRef-${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}.dmg | |
- name: Notarize pkg | |
if: (steps.checksecrets.outputs.secretspresent == 'YES') && (startsWith(github.ref, 'refs/tags/') || inputs.notarization == true) | |
shell: bash | |
run: | | |
xcrun notarytool store-credentials "notarytool-profile" --apple-id "[email protected]" --team-id "6792V39SK3" --password "${{ secrets.OSX_NOTARIZATION_APP_PWD }}" | |
xcrun notarytool submit build/distribution/JabRef-${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}.pkg --keychain-profile "notarytool-profile" --wait | |
xcrun stapler staple build/distribution/JabRef-${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}.pkg | |
- name: Package application image | |
if: (steps.checksecrets.outputs.secretspresent == 'YES') | |
shell: bash | |
run: ${{ matrix.archivePortable }} | |
- name: Upload to GitHub workflow artifacts store | |
if: (steps.checksecrets.outputs.secretspresent == 'YES') | |
uses: actions/upload-artifact@v3 | |
with: | |
name: JabRef-macOS | |
path: build/distribution | |
upload: | |
strategy: | |
fail-fast: false | |
name: Upload binaries on builds.jabref.org | |
runs-on: ubuntu-latest | |
needs: [build, notarize] | |
steps: | |
- name: Check secrets presence | |
id: checksecrets | |
shell: bash | |
run: | | |
if [ "$BUILDJABREFPRIVATEKEY" == "" ]; then | |
echo "secretspresent=NO" >> $GITHUB_OUTPUT | |
else | |
echo "secretspresent=YES" >> $GITHUB_OUTPUT | |
fi | |
env: | |
BUILDJABREFPRIVATEKEY: ${{ secrets.buildJabRefPrivateKey }} | |
- name: Checkout source | |
if: steps.checksecrets.outputs.secretspresent == 'YES' | |
uses: actions/checkout@v3 | |
- name: Fetch all history for all tags and branches | |
if: steps.checksecrets.outputs.secretspresent == 'YES' | |
run: git fetch --prune --unshallow | |
- name: Install GitVersion | |
if: steps.checksecrets.outputs.secretspresent == 'YES' | |
uses: gittools/actions/gitversion/[email protected] | |
with: | |
versionSpec: '5.x' | |
- name: Run GitVersion | |
if: steps.checksecrets.outputs.secretspresent == 'YES' | |
id: gitversion | |
uses: gittools/actions/gitversion/[email protected] | |
- name: Get windows binaries | |
if: steps.checksecrets.outputs.secretspresent == 'YES' | |
uses: actions/download-artifact@master | |
with: | |
name: JabRef-windows | |
path: build/distribution | |
- name: Get macOS binaries unsigned | |
if: (steps.checksecrets.outputs.secretspresent == 'YES') && (inputs.notarization == false && ! startsWith(github.ref, 'refs/tags/')) | |
uses: actions/download-artifact@master | |
with: | |
name: JabRef-macOS-tbn | |
path: build/distribution/ | |
- name: Get macOS binaries notarized | |
if: (steps.checksecrets.outputs.secretspresent == 'YES') && (inputs.notarization == true || startsWith(github.ref, 'refs/tags/')) | |
uses: actions/download-artifact@master | |
with: | |
name: JabRef-macOS | |
path: build/distribution/ | |
# Upload to build server using rsync | |
# The action runs on linux only (because it is a Dockerized action), therefore it is embedded in a separate workflow | |
- name: Upload to builds.jabref.org | |
if: steps.checksecrets.outputs.secretspresent == 'YES' | |
uses: Pendect/[email protected] | |
env: | |
DEPLOY_KEY: ${{ secrets.buildJabRefPrivateKey }} | |
with: | |
flags: -vaz --itemize-changes --stats --partial-dir=/tmp/partial --rsync-path="mkdir -p /var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }} && rsync" | |
options: '' | |
ssh_options: '-p 9922' | |
src: 'build/distribution/' | |
dest: [email protected]:/var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }}/ | |
- name: Comment PR | |
if: github.event_name == 'pull_request' && steps.checksecrets.outputs.secretspresent == 'YES' | |
uses: thollander/actions-comment-pull-request@v2 | |
with: | |
message: | | |
The build of this PR is available at <https://builds.jabref.org/pull/${{ github.event.pull_request.number }}/merge>. | |
comment_tag: download-link | |
mode: recreate |