diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 9765dbd..36fde6c 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -1,47 +1,25 @@ name: Build - on: [push] - jobs: build: name: Build and Test runs-on: ubuntu-latest - #This check is case insensitive if: "!contains(github.event.head_commit.message, '[ci skip]') && !contains(github.event.head_commit.message, '[skip ci]')" - outputs: - # Get from step "setversion" - artifact-version: ${{ steps.setversion.outputs.version }} - env: - BUILD_VERSION: SNAPSHOT - # Name of the project; used in multiple steps (e.g. for upload) - PROJECT_NAME: fuse-nio-adapter steps: - # Foreign Action: Checkout the current commit - uses: actions/checkout@v2 - # Foreign Action: Setup Java Runtime Environment - uses: actions/setup-java@v1 with: java-version: 11 - server-id: bintray-jcenter - server-username: BINTRAY_USERNAME # Defined in step "deploytojcenter" - server-password: BINTRAY_API_KEY # See above - - uses: actions/cache@v1 + - uses: actions/cache@v2 with: path: ~/.m2/repository key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} restore-keys: | ${{ runner.os }}-maven- - name: Ensure to use tagged version - id: taggedVersion + if: startsWith(github.ref, 'refs/tags/') run: mvn versions:set --file ./pom.xml -DnewVersion=${GITHUB_REF##*/} - if: startsWith(github.ref, 'refs/tags/') # Run if ref is tagged (e.g. "v.1.4") - - name: Export the project version to the job environment and fix it as an ouput of this step - id: setVersion # Output used above (outputs.artifact-version) - run: | - v=$(mvn help:evaluate "-Dexpression=project.version" -q -DforceStdout) - echo "BUILD_VERSION=${v}" >> $GITHUB_ENV - echo "::set-output name=version::${v}" - name: Build and Test id: buildAndTest run: mvn -B clean install jacoco:report -Pcoverage,dependency-check @@ -51,16 +29,16 @@ jobs: env: CODACY_PROJECT_TOKEN: ${{ secrets.CODACY_PROJECT_TOKEN }} continue-on-error: true - - name: Upload snapshot artifact ${{ env.PROJECT_NAME }}-${{ env.BUILD_VERSION }}.jar - id: uploadSnapshot - uses: actions/upload-artifact@v2 + - uses: actions/upload-artifact@v2 with: - name: ${{ env.PROJECT_NAME }}-${{ env.BUILD_VERSION }}.jar - path: target/${{ env.PROJECT_NAME }}-*.jar - - name: Deploy to jcenter - id: deployToJcenter - run: mvn -B deploy -Prelease -DskipTests - if: startsWith(github.ref, 'refs/tags/') # Run if ref is tagged (e.g. "v.1.4") + name: artifacts + path: target/*.jar + - name: Create Release + uses: actions/create-release@v1 + if: startsWith(github.ref, 'refs/tags/') env: - BINTRAY_USERNAME: cryptobot - BINTRAY_API_KEY: ${{ secrets.BINTRAY_API_KEY }} + GITHUB_TOKEN: ${{ secrets.CRYPTOBOT_RELEASE_TOKEN }} # release as "cryptobot" + with: + tag_name: ${{ github.ref }} + release_name: Release ${{ github.ref }} + prerelease: true \ No newline at end of file diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml new file mode 100644 index 0000000..a46ddd6 --- /dev/null +++ b/.github/workflows/codeql-analysis.yml @@ -0,0 +1,37 @@ + +name: "CodeQL" + +on: + push: + branches: [develop, main] + pull_request: + branches: [develop] + schedule: + - cron: '0 8 * * 0' + +jobs: + analyse: + name: Analyse + runs-on: ubuntu-latest + if: "!contains(github.event.head_commit.message, '[ci skip]') && !contains(github.event.head_commit.message, '[skip ci]')" + steps: + - uses: actions/checkout@v2 + with: + fetch-depth: 2 + - uses: actions/setup-java@v1 + with: + java-version: 11 + - uses: actions/cache@v2 + with: + path: ~/.m2/repository + key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} + restore-keys: | + ${{ runner.os }}-maven- + - name: Initialize CodeQL + uses: github/codeql-action/init@v1 + with: + languages: java + - name: Build + run: mvn -B compile + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v1 \ No newline at end of file diff --git a/.github/workflows/publish-central.yml b/.github/workflows/publish-central.yml new file mode 100644 index 0000000..f22b7a9 --- /dev/null +++ b/.github/workflows/publish-central.yml @@ -0,0 +1,37 @@ +name: Publish to Maven Central +on: + workflow_dispatch: + inputs: + tag: + description: 'Tag' + required: true + default: '0.0.0' +jobs: + publish: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + with: + ref: "refs/tags/${{ github.event.inputs.tag }}" + - uses: actions/setup-java@v1 + with: + java-version: 11 + server-id: ossrh # Value of the distributionManagement/repository/id field of the pom.xml + server-username: MAVEN_USERNAME # env variable for username in deploy + server-password: MAVEN_PASSWORD # env variable for token in deploy + gpg-private-key: ${{ secrets.RELEASES_GPG_PRIVATE_KEY }} # Value of the GPG private key to import + gpg-passphrase: MAVEN_GPG_PASSPHRASE # env variable for GPG private key passphrase + - uses: actions/cache@v2 + with: + path: ~/.m2/repository + key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} + restore-keys: | + ${{ runner.os }}-maven- + - name: Enforce project version ${{ github.event.inputs.tag }} + run: mvn versions:set -B -DnewVersion=${{ github.event.inputs.tag }} + - name: Deploy + run: mvn deploy -B -DskipTests -Psign,deploy-central --no-transfer-progress + env: + MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }} + MAVEN_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + MAVEN_GPG_PASSPHRASE: ${{ secrets.RELEASES_GPG_PASSPHRASE }} \ No newline at end of file diff --git a/.github/workflows/publish-github.yml b/.github/workflows/publish-github.yml new file mode 100644 index 0000000..32a3041 --- /dev/null +++ b/.github/workflows/publish-github.yml @@ -0,0 +1,40 @@ +name: Publish to GitHub Packages +on: + release: + types: [published] +jobs: + publish: + runs-on: ubuntu-latest + if: startsWith(github.ref, 'refs/tags/') # only allow publishing tagged versions + steps: + - uses: actions/checkout@v2 + - uses: actions/setup-java@v1 + with: + java-version: 11 + gpg-private-key: ${{ secrets.RELEASES_GPG_PRIVATE_KEY }} # Value of the GPG private key to import + gpg-passphrase: MAVEN_GPG_PASSPHRASE # env variable for GPG private key passphrase + - uses: actions/cache@v2 + with: + path: ~/.m2/repository + key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} + restore-keys: | + ${{ runner.os }}-maven- + - name: Enforce project version ${{ github.event.release.tag_name }} + run: mvn versions:set -B -DnewVersion=${{ github.event.release.tag_name }} + - name: Deploy + run: mvn deploy -B -DskipTests -Psign,deploy-github --no-transfer-progress + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + MAVEN_GPG_PASSPHRASE: ${{ secrets.RELEASES_GPG_PASSPHRASE }} + - name: Slack Notification + uses: rtCamp/action-slack-notify@v2 + env: + SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }} + SLACK_USERNAME: 'Cryptobot' + SLACK_ICON: + SLACK_ICON_EMOJI: ':bot:' + SLACK_CHANNEL: 'cryptomator-desktop' + SLACK_TITLE: "Published ${{ github.event.repository.name }} ${{ github.event.release.tag_name }}" + SLACK_MESSAGE: "Ready to ." + SLACK_FOOTER: + MSG_MINIMAL: true \ No newline at end of file diff --git a/pom.xml b/pom.xml index d24a725..6640536 100644 --- a/pom.xml +++ b/pom.xml @@ -3,7 +3,7 @@ 4.0.0 org.cryptomator fuse-nio-adapter - 1.2.8 + 1.2.9 FUSE-NIO-Adapter Access resources at a given NIO path via FUSE. https://github.com/cryptomator/fuse-nio-adapter @@ -15,16 +15,19 @@ + UTF-8 11 - 0.5.4 - 2.27 - 30.0-jre + + 0.5.5 + 2.31.2 + 30.1-jre 1.7.30 - 5.6.2 - 3.3.3 - UTF-8 + + 5.7.1 + 3.7.7 + 1.9.14 @@ -45,14 +48,6 @@ - - - bintray - bintray - https://jcenter.bintray.com - - - @@ -116,7 +111,7 @@ org.cryptomator cryptofs - 1.9.7 + ${cryptofs.version} test @@ -141,6 +136,42 @@ maven-surefire-plugin 2.22.2 + + org.apache.maven.plugins + maven-jar-plugin + 3.2.0 + + + + org.cryptomator.frontend.fuse + + + + + + maven-source-plugin + 3.2.1 + + + attach-sources + + jar-no-fork + + + + + + maven-javadoc-plugin + 3.2.0 + + + attach-javadocs + + jar + + + + @@ -152,7 +183,7 @@ org.owasp dependency-check-maven - 6.0.2 + 6.1.0 24 0 @@ -181,7 +212,7 @@ org.jacoco jacoco-maven-plugin - 0.8.5 + 0.8.6 prepare-agent @@ -202,41 +233,67 @@ - release - - - bintray-jcenter - https://api.bintray.com/maven/cryptomator/maven/fuse-nio-adapter/;publish=1 - - + sign - maven-source-plugin - 3.2.1 + maven-gpg-plugin + 1.6 - attach-sources + sign-artifacts + verify - jar-no-fork + sign + + + --pinentry-mode + loopback + + + + + + + + deploy-central + + + ossrh + Maven Central + https://oss.sonatype.org/service/local/staging/deploy/maven2/ + + + + - maven-javadoc-plugin - 3.2.0 - - - attach-javadocs - - jar - - - + org.sonatype.plugins + nexus-staging-maven-plugin + 1.6.8 + true + + ossrh + https://oss.sonatype.org/ + true + + + + deploy-github + + + github + GitHub Packages + https://maven.pkg.github.com/cryptomator/fuse-nio-adapter + + +