Skip to content

Merge pull request #10164 from JabRef/dependabot/gradle/com.tngtech.a… #328

Merge pull request #10164 from JabRef/dependabot/gradle/com.tngtech.a…

Merge pull request #10164 from JabRef/dependabot/gradle/com.tngtech.a… #328

Workflow file for this run

name: Deployment
on:
workflow_dispatch:
inputs:
notarization:
type: boolean
required: false
default: false
push:
branches:
- main
- main-release
paths-ignore:
- 'docs/**'
- 'src/test/**'
- 'README.md'
tags:
- '*'
pull_request:
paths-ignore:
- 'docs/**'
- 'src/test/**'
- 'README.md'
env:
SpringerNatureAPIKey: ${{ secrets.SpringerNatureAPIKey }}
AstrophysicsDataSystemAPIKey: ${{ secrets.AstrophysicsDataSystemAPIKey }}
IEEEAPIKey: ${{ secrets.IEEEAPIKey }}
BiodiversityHeritageApiKey: ${{ secrets.BiodiversityHeritageApiKey}}
OSXCERT: ${{ secrets.OSX_SIGNING_CERT }}
GRADLE_OPTS: -Xmx4g -Dorg.gradle.daemon=false -Dorg.gradle.vfs.watch=false
JAVA_OPTS: -Xmx4g
JDK21: ""
concurrency:
group: ${{ github.ref }}
cancel-in-progress: true
jobs:
build:
strategy:
fail-fast: false
matrix:
os: [ubuntu-latest, windows-latest, macos-latest]
include:
- os: ubuntu-latest
displayName: linux
archivePortable: tar -c -C build/distribution JabRef | pigz --rsyncable > build/distribution/JabRef-portable_linux.tar.gz && rm -R build/distribution/JabRef
eaJdk: https://files.jabref.org/jdks/jdk-linux-x64.tar.gz
- os: windows-latest
displayName: windows
archivePortable: 7z a -r build/distribution/JabRef-portable_windows.zip ./build/distribution/JabRef && rm -R build/distribution/JabRef
eaJDK: https://files.jabref.org/jdks/jdk-windows-x64.zip
- os: macos-latest
displayName: macOS
archivePortable: brew install pigz && tar -c -C build/distribution JabRef.app | pigz --rsyncable > build/distribution/JabRef-portable_macos.tar.gz && rm -R build/distribution/JabRef.app
eaJDK: https://files.jabref.org/jdks/jdk-macos-x64.tar.gz
runs-on: ${{ matrix.os }}
name: Create installer and portable version for ${{ matrix.displayName }}
steps:
- name: Check secrets presence
id: checksecrets
shell: bash
run: |
if [ "$BUILDJABREFPRIVATEKEY" == "" ]; then
echo "secretspresent=NO" >> $GITHUB_OUTPUT
else
echo "secretspresent=YES" >> $GITHUB_OUTPUT
fi
env:
BUILDJABREFPRIVATEKEY: ${{ secrets.buildJabRefPrivateKey }}
- name: Fetch all history for all tags and branches
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Install GitVersion
uses: gittools/actions/gitversion/[email protected]
with:
versionSpec: "5.x"
- name: Run GitVersion
id: gitversion
uses: gittools/actions/gitversion/[email protected]
- name: Set up JDK
uses: actions/setup-java@v3
with:
java-version: 20
distribution: 'temurin'
cache: 'gradle'
- name: setup jdk JabRef-fix (windows)
if: (matrix.os == 'windows-latest')
shell: bash
run: |
mkdir ${{runner.temp}}\jdk
curl -kLsS ${{matrix.eaJDK}} -o temp.zip && 7z x temp.zip -o"$(cygpath -u "$RUNNER_TEMP\jdk")"
echo "JDK21=${{runner.temp}}\jdk\jdk-21" >> "$GITHUB_ENV"
ls "$(cygpath -u "$RUNNER_TEMP\jdk\jdk-21")"
echo "org.gradle.java.installations.paths=${{runner.temp}}\jdk\jdk-21" | sed "s/\\\\/\\\\\\\\/g" >> gradle.properties
echo "org.gradle.java.installations.auto-detect=false" >> gradle.properties
cat gradle.properties
sed -i "s/JavaLanguageVersion.of(20)/JavaLanguageVersion.of(21)/" build.gradle
- name: setup jdk JabRef-fix (ubuntu)
if: (matrix.os == 'ubuntu-latest')
shell: bash
run: |
mkdir ${{runner.temp}}/jdk
wget -qO- ${{matrix.eaJDK}} | tar xz -C ${{runner.temp}}/jdk
echo "JDK21=${{runner.temp}}/jdk/jdk-21" >> "$GITHUB_ENV"
ls ${{runner.temp}}/jdk
echo "org.gradle.java.installations.paths=${{runner.temp}}/jdk/jdk-21" >> gradle.properties
echo "org.gradle.java.installations.auto-detect=false" >> gradle.properties
cat gradle.properties
sed -i "s/JavaLanguageVersion.of(20)/JavaLanguageVersion.of(21)/" build.gradle
- name: setup jdk JabRef-fix (macos)
if: (matrix.os == 'macos-latest')
shell: bash
run: |
mkdir ${{runner.temp}}/jdk
wget -qO- ${{matrix.eaJDK}} | tar xz -C ${{runner.temp}}/jdk
mv ${{runner.temp}}/jdk/jdk-21.jdk ${{runner.temp}}/jdk/jdk-21
echo "JDK21=${{runner.temp}}/jdk/jdk-21" >> "$GITHUB_ENV"
ls ${{runner.temp}}/jdk
echo "org.gradle.java.installations.paths=${{runner.temp}}/jdk/jdk-21" >> gradle.properties
echo "org.gradle.java.installations.auto-detect=false" >> gradle.properties
cat gradle.properties
sed -i'.bak' -e "s/JavaLanguageVersion.of(20)/JavaLanguageVersion.of(21)/" build.gradle
- name: Setup OSX key chain (macos)
if: (matrix.os == 'macos-latest') && (steps.checksecrets.outputs.secretspresent == 'YES')
uses: apple-actions/import-codesign-certs@v2
with:
p12-file-base64: ${{ secrets.OSX_SIGNING_CERT }}
p12-password: ${{ secrets.OSX_CERT_PWD }}
keychain-password: jabref
- name: Setup OSX key chain on OSX for app id cert (macos)
if: (matrix.os == 'macos-latest') && (steps.checksecrets.outputs.secretspresent == 'YES')
uses: apple-actions/import-codesign-certs@v2
with:
p12-file-base64: ${{ secrets.OSX_SIGNING_CERT_APPLICATION }}
p12-password: ${{ secrets.OSX_CERT_PWD }}
create-keychain: false
keychain-password: jabref
- name: Build runtime image (non-macos)
if: (matrix.os != 'macos-latest')
run: ./gradlew -i -PprojVersion="${{ steps.gitversion.outputs.AssemblySemVer }}" -PprojVersionInfo="${{ steps.gitversion.outputs.InformationalVersion }}" jlinkZip
- name: Prepare merged jars and modules dir (macos)
if: (matrix.os == 'macos-latest') && (steps.checksecrets.outputs.secretspresent == 'YES')
run: ./gradlew -i -PprojVersion="${{ steps.gitversion.outputs.AssemblySemVer }}" -PprojVersionInfo="${{ steps.gitversion.outputs.InformationalVersion }}" prepareModulesDir
- name: Build installer (non-macos)
if: (matrix.os != 'macos-latest')
shell: bash
run: ./gradlew -i -PprojVersion="${{ steps.gitversion.outputs.AssemblySemVer }}" -PprojVersionInfo="${{ steps.gitversion.outputs.InformationalVersion }}" jpackage
- name: Build dmg (macos)
if: (matrix.os == 'macos-latest') && (steps.checksecrets.outputs.secretspresent == 'YES')
shell: bash
run: |
${{env.JDK21}}/Contents/Home/bin/jpackage \
--module org.jabref/org.jabref.cli.Launcher \
--module-path ${{env.JDK21}}/Contents/Home/jmods/:build/jlinkbase/jlinkjars \
--add-modules org.jabref,org.jabref.merged.module \
--dest build/distribution \
--name JabRef \
--app-version ${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }} \
--verbose \
--mac-sign \
--vendor JabRef \
--mac-package-identifier Jabref \
--mac-package-name JabRef \
--type dmg --mac-signing-key-user-name "JabRef e.V. (6792V39SK3)" \
--mac-package-signing-prefix org.jabref \
--mac-entitlements buildres/mac/jabref.entitlements \
--icon src/main/resources/icons/jabref.icns \
--resource-dir buildres/mac \
--file-associations buildres/mac/bibtexAssociations.properties \
--jlink-options --bind-services
- name: Build pkg (macos)
if: (matrix.os == 'macos-latest') && (steps.checksecrets.outputs.secretspresent == 'YES')
shell: bash
run: |
${{env.JDK21}}/Contents/Home/bin/jpackage \
--module org.jabref/org.jabref.cli.Launcher \
--module-path ${{env.JDK21}}/Contents/Home/jmods/:build/jlinkbase/jlinkjars \
--add-modules org.jabref,org.jabref.merged.module \
--dest build/distribution \
--name JabRef \
--app-version ${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }} \
--verbose \
--mac-sign \
--vendor JabRef \
--mac-package-identifier Jabref \
--mac-package-name JabRef \
--type pkg --mac-signing-key-user-name "JabRef e.V. (6792V39SK3)" \
--mac-package-signing-prefix org.jabref \
--mac-entitlements buildres/mac/jabref.entitlements \
--icon src/main/resources/icons/jabref.icns \
--resource-dir buildres/mac \
--file-associations buildres/mac/bibtexAssociations.properties \
--jlink-options --bind-services
- name: Package application image (non-macos)
if: (matrix.os != 'macos-latest')
shell: bash
run: ${{ matrix.archivePortable }}
- name: Rename files
if: (matrix.os != 'macos-latest') || (steps.checksecrets.outputs.secretspresent == 'YES')
shell: pwsh
run: |
get-childitem -Path build/distribution/* | rename-item -NewName {$_.name -replace "${{ steps.gitversion.outputs.AssemblySemVer }}","${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}"}
get-childitem -Path build/distribution/* | rename-item -NewName {$_.name -replace "portable","${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}-portable"}
- name: Repack deb file for Debian (compression)
if: (matrix.os == 'ubuntu-latest')
shell: bash
run: |
cd build/distribution
ar x jabref_${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}_amd64.deb
zstd -d < control.tar.zst | xz > control.tar.xz
zstd -d < data.tar.zst | xz > data.tar.xz
ar -m -c -a sdsd jabref_${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}_amd64_repackaged.deb debian-binary control.tar.xz data.tar.xz
rm debian-binary control.tar.* data.tar.*
mv -f jabref_${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}_amd64_repackaged.deb jabref_${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}_amd64.deb
- name: Upload to builds.jabref.org (ubuntu)
if: (matrix.os == 'ubuntu-latest') && (steps.checksecrets.outputs.secretspresent == 'YES')
uses: Pendect/[email protected]
env:
DEPLOY_KEY: ${{ secrets.buildJabRefPrivateKey }}
with:
flags: -vaz --itemize-changes --stats --partial-dir=/tmp/partial --rsync-path="mkdir -p /var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }} && rsync"
options: ''
ssh_options: '-p 9922'
src: 'build/distribution/'
dest: [email protected]:/var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }}/
- name: Upload to GitHub workflow artifacts store (windows)
if: (matrix.os == 'windows-latest')
uses: actions/upload-artifact@v3
with:
name: JabRef-${{ matrix.displayName }}
path: build/distribution
- name: Upload to GitHub workflow artifacts store (macos)
if: (matrix.os == 'macos-latest') && (steps.checksecrets.outputs.secretspresent == 'YES')
uses: actions/upload-artifact@v3
with:
# tbn = to-be-notarized
name: JabRef-macOS-tbn
path: build/distribution
notarize: # outsourced in a separate job to be able to rerun if this fails for timeouts
name: Notarize and package Mac OS binaries
runs-on: macos-latest
needs: [build]
steps:
- name: Check secrets presence
id: checksecrets
shell: bash
run: |
if [ "$BUILDJABREFPRIVATEKEY" == "" ]; then
echo "secretspresent=NO" >> $GITHUB_OUTPUT
else
echo "secretspresent=YES" >> $GITHUB_OUTPUT
fi
env:
BUILDJABREFPRIVATEKEY: ${{ secrets.buildJabRefPrivateKey }}
- name: Fetch all history for all tags and branches
if: steps.checksecrets.outputs.secretspresent == 'YES'
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Install GitVersion
if: steps.checksecrets.outputs.secretspresent == 'YES'
uses: gittools/actions/gitversion/[email protected]
with:
versionSpec: "5.x"
- name: Run GitVersion
if: steps.checksecrets.outputs.secretspresent == 'YES'
id: gitversion
uses: gittools/actions/gitversion/[email protected]
- name: Get macOS binaries
if: steps.checksecrets.outputs.secretspresent == 'YES'
uses: actions/download-artifact@master
with:
name: JabRef-macOS-tbn
path: build/distribution/
- name: Notarize dmg
if: (steps.checksecrets.outputs.secretspresent == 'YES') && (startsWith(github.ref, 'refs/tags/') || inputs.notarization == true)
shell: bash
run: |
xcrun notarytool store-credentials "notarytool-profile" --apple-id "[email protected]" --team-id "6792V39SK3" --password "${{ secrets.OSX_NOTARIZATION_APP_PWD }}"
xcrun notarytool submit build/distribution/JabRef-${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}.dmg --keychain-profile "notarytool-profile" --wait
xcrun stapler staple build/distribution/JabRef-${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}.dmg
- name: Notarize pkg
if: (steps.checksecrets.outputs.secretspresent == 'YES') && (startsWith(github.ref, 'refs/tags/') || inputs.notarization == true)
shell: bash
run: |
xcrun notarytool store-credentials "notarytool-profile" --apple-id "[email protected]" --team-id "6792V39SK3" --password "${{ secrets.OSX_NOTARIZATION_APP_PWD }}"
xcrun notarytool submit build/distribution/JabRef-${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}.pkg --keychain-profile "notarytool-profile" --wait
xcrun stapler staple build/distribution/JabRef-${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}.pkg
- name: Package application image
if: (steps.checksecrets.outputs.secretspresent == 'YES')
shell: bash
run: ${{ matrix.archivePortable }}
- name: Upload to GitHub workflow artifacts store
if: (steps.checksecrets.outputs.secretspresent == 'YES')
uses: actions/upload-artifact@v3
with:
name: JabRef-macOS
path: build/distribution
upload:
strategy:
fail-fast: false
name: Upload binaries on builds.jabref.org
runs-on: ubuntu-latest
needs: [build, notarize]
steps:
- name: Check secrets presence
id: checksecrets
shell: bash
run: |
if [ "$BUILDJABREFPRIVATEKEY" == "" ]; then
echo "secretspresent=NO" >> $GITHUB_OUTPUT
else
echo "secretspresent=YES" >> $GITHUB_OUTPUT
fi
env:
BUILDJABREFPRIVATEKEY: ${{ secrets.buildJabRefPrivateKey }}
- name: Checkout source
if: steps.checksecrets.outputs.secretspresent == 'YES'
uses: actions/checkout@v3
- name: Fetch all history for all tags and branches
if: steps.checksecrets.outputs.secretspresent == 'YES'
run: git fetch --prune --unshallow
- name: Install GitVersion
if: steps.checksecrets.outputs.secretspresent == 'YES'
uses: gittools/actions/gitversion/[email protected]
with:
versionSpec: '5.x'
- name: Run GitVersion
if: steps.checksecrets.outputs.secretspresent == 'YES'
id: gitversion
uses: gittools/actions/gitversion/[email protected]
- name: Get windows binaries
if: steps.checksecrets.outputs.secretspresent == 'YES'
uses: actions/download-artifact@master
with:
name: JabRef-windows
path: build/distribution
- name: Get macOS binaries unsigned
if: (steps.checksecrets.outputs.secretspresent == 'YES') && (inputs.notarization == false && ! startsWith(github.ref, 'refs/tags/'))
uses: actions/download-artifact@master
with:
name: JabRef-macOS-tbn
path: build/distribution/
- name: Get macOS binaries notarized
if: (steps.checksecrets.outputs.secretspresent == 'YES') && (inputs.notarization == true || startsWith(github.ref, 'refs/tags/'))
uses: actions/download-artifact@master
with:
name: JabRef-macOS
path: build/distribution/
# Upload to build server using rsync
# The action runs on linux only (because it is a Dockerized action), therefore it is embedded in a separate workflow
- name: Upload to builds.jabref.org
if: steps.checksecrets.outputs.secretspresent == 'YES'
uses: Pendect/[email protected]
env:
DEPLOY_KEY: ${{ secrets.buildJabRefPrivateKey }}
with:
flags: -vaz --itemize-changes --stats --partial-dir=/tmp/partial --rsync-path="mkdir -p /var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }} && rsync"
options: ''
ssh_options: '-p 9922'
src: 'build/distribution/'
dest: [email protected]:/var/www/builds.jabref.org/www/${{ steps.gitversion.outputs.branchName }}/
- name: Comment PR
if: github.event_name == 'pull_request' && steps.checksecrets.outputs.secretspresent == 'YES'
uses: thollander/actions-comment-pull-request@v2
with:
message: |
The build of this PR is available at <https://builds.jabref.org/pull/${{ github.event.pull_request.number }}/merge>.
comment_tag: download-link
mode: recreate