Skip to content

Commit

Permalink
Merge branch 'release/1.5.0'
Browse files Browse the repository at this point in the history
  • Loading branch information
@overheadhunter
overheadhunter committed Oct 6, 2023
2 parents a3ac5d1 + 1acf5ff commit 7a1fe68
Show file tree
Hide file tree
Showing 14 changed files with 697 additions and 67 deletions.
22 changes: 22 additions & 0 deletions .github/dependabot.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
version: 2
updates:
- package-ecosystem: "maven"
directory: "/"
schedule:
interval: "monthly"
day: "monday"
time: "06:00"
timezone: "UTC"
groups:
maven-dependencies:
patterns:
- "*"

- package-ecosystem: "github-actions"
directory: "/" # even for `.github/workflows`
schedule:
interval: "monthly"
groups:
github-actions:
patterns:
- "*"
23 changes: 23 additions & 0 deletions .github/release.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
# .github/release.yml
# see https://docs.github.com/en/repositories/releasing-projects-on-github/automatically-generated-release-notes#configuring-automatically-generated-release-notes

changelog:
exclude:
authors:
- cryptobot
- dependabot
- github-actions
categories:
- title: What's New 🎉
labels:
- enhancement
- title: Bugfixes 🐛
labels:
- bug
- title: Other Changes 📎
labels:
- "*"
exclude:
labels:
- bug
- enhancement
56 changes: 35 additions & 21 deletions .github/workflows/build.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,27 +7,26 @@ jobs:
runs-on: ubuntu-latest
if: "!contains(github.event.head_commit.message, '[ci skip]') && !contains(github.event.head_commit.message, '[skip ci]')"
steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: actions/setup-java@v2
- uses: actions/setup-java@v3
with:
java-version: 11
distribution: 'temurin'
java-version: 21
distribution: 'zulu'
cache: 'maven'
- name: Cache SonarCloud packages
uses: actions/cache@v2
uses: actions/cache@v3
with:
path: ~/.sonar/cache
key: ${{ runner.os }}-sonar
restore-keys: ${{ runner.os }}-sonar
- name: Ensure to use tagged version
if: startsWith(github.ref, 'refs/tags/')
run: mvn versions:set --file ./pom.xml -DnewVersion=${GITHUB_REF##*/}
run: ./mvnw versions:set --file ./pom.xml -DnewVersion=${GITHUB_REF##*/}
- name: Build and Test
id: buildAndTest
run: >
mvn -B verify
./mvnw -B verify
jacoco:report
org.sonarsource.scanner.maven:sonar-maven-plugin:sonar
-Pcoverage,dependency-check
Expand All @@ -37,22 +36,37 @@ jobs:
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
- name: Upload code coverage report
id: codacyCoverageReporter
run: bash <(curl -Ls https://coverage.codacy.com/get.sh)
env:
CODACY_PROJECT_TOKEN: ${{ secrets.CODACY_PROJECT_TOKEN }}
continue-on-error: true
- uses: actions/upload-artifact@v2
- uses: actions/upload-artifact@v3
with:
name: artifacts
path: target/*.jar
- name: Calculate Checksums
id: checksums
run: |
{
echo 'sha256<<EOF'
shasum -a256 target/*.jar
echo EOF
} >> $GITHUB_OUTPUT
- name: Create Release
uses: actions/create-release@v1
if: startsWith(github.ref, 'refs/tags/')
env:
GITHUB_TOKEN: ${{ secrets.CRYPTOBOT_RELEASE_TOKEN }} # release as "cryptobot"
uses: softprops/action-gh-release@v1
with:
tag_name: ${{ github.ref }}
release_name: Release ${{ github.ref }}
prerelease: true
token: ${{ secrets.CRYPTOBOT_RELEASE_TOKEN }}
body: |-
## Maven Coordinates
```xml
<dependency>
<groupId>org.cryptomator</groupId>
<artifactId>siv-mode</artifactId>
<version>${{ github.ref_name }}</version>
</dependency>
```
## Artifact Checksums
```txt
${{ steps.checksums.outputs.sha256 }}
```
See [README.md](../#reproducible-builds) section regarding reproducing this build.
generate_release_notes: true
14 changes: 7 additions & 7 deletions .github/workflows/codeql-analysis.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,19 +15,19 @@ jobs:
runs-on: ubuntu-latest
if: "!contains(github.event.head_commit.message, '[ci skip]') && !contains(github.event.head_commit.message, '[skip ci]')"
steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v4
with:
fetch-depth: 2
- uses: actions/setup-java@v2
- uses: actions/setup-java@v3
with:
java-version: 11
distribution: 'temurin'
java-version: 21
distribution: 'zulu'
cache: 'maven'
- name: Initialize CodeQL
uses: github/codeql-action/init@v1
uses: github/codeql-action/init@v2
with:
languages: java
- name: Build and Test
run: mvn -B install -DskipTests
run: ./mvnw -B install -DskipTests
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v1
uses: github/codeql-action/analyze@v2
16 changes: 9 additions & 7 deletions .github/workflows/publish-central.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,23 +10,25 @@ jobs:
publish:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v4
with:
ref: "refs/tags/${{ github.event.inputs.tag }}"
- uses: actions/setup-java@v2
- uses: actions/setup-java@v3
with:
java-version: 11
distribution: 'temurin'
java-version: 21
distribution: 'zulu'
cache: 'maven'
server-id: ossrh # Value of the distributionManagement/repository/id field of the pom.xml
server-username: MAVEN_USERNAME # env variable for username in deploy
server-password: MAVEN_PASSWORD # env variable for token in deploy
gpg-private-key: ${{ secrets.RELEASES_GPG_PRIVATE_KEY }} # Value of the GPG private key to import
gpg-passphrase: MAVEN_GPG_PASSPHRASE # env variable for GPG private key passphrase
- name: Enforce project version ${{ github.event.inputs.tag }}
run: mvn versions:set -B -DnewVersion=${{ github.event.inputs.tag }}
- name: Verify project version = ${{ github.event.release.tag_name }}
run: |
PROJECT_VERSION=$(./mvnw help:evaluate "-Dexpression=project.version" -q -DforceStdout)
test "$PROJECT_VERSION" = "${{ github.event.release.tag_name }}"
- name: Deploy
run: mvn deploy -B -DskipTests -Psign,deploy-central --no-transfer-progress
run: ./mvnw deploy -B -DskipTests -Psign,deploy-central --no-transfer-progress
env:
MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }}
MAVEN_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
Expand Down
16 changes: 9 additions & 7 deletions .github/workflows/publish-github.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,18 +7,20 @@ jobs:
runs-on: ubuntu-latest
if: startsWith(github.ref, 'refs/tags/') # only allow publishing tagged versions
steps:
- uses: actions/checkout@v2
- uses: actions/setup-java@v2
- uses: actions/checkout@v4
- uses: actions/setup-java@v3
with:
java-version: 11
distribution: 'temurin'
java-version: 21
distribution: 'zulu'
cache: 'maven'
gpg-private-key: ${{ secrets.RELEASES_GPG_PRIVATE_KEY }} # Value of the GPG private key to import
gpg-passphrase: MAVEN_GPG_PASSPHRASE # env variable for GPG private key passphrase
- name: Enforce project version ${{ github.event.release.tag_name }}
run: mvn versions:set -B -DnewVersion=${{ github.event.release.tag_name }}
- name: Verify project version = ${{ github.event.release.tag_name }}
run: |
PROJECT_VERSION=$(./mvnw help:evaluate "-Dexpression=project.version" -q -DforceStdout)
test "$PROJECT_VERSION" = "${{ github.event.release.tag_name }}"
- name: Deploy
run: mvn deploy -B -DskipTests -Psign,deploy-github --no-transfer-progress
run: ./mvnw deploy -B -DskipTests -Psign,deploy-github --no-transfer-progress
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
MAVEN_GPG_PASSPHRASE: ${{ secrets.RELEASES_GPG_PASSPHRASE }}
Expand Down
18 changes: 18 additions & 0 deletions .mvn/wrapper/maven-wrapper.properties
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.9.4/apache-maven-3.9.4-bin.zip
wrapperUrl=https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.1.0/maven-wrapper-3.1.0.jar
12 changes: 8 additions & 4 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@ public void encryptWithAssociatedData() {
</dependencies>
```

## JPMS
## Java Module

From version 1.3.2 onwards this library is an explicit module with the name `org.cryptomator.siv`. You can use it by adding the following line to your `module-info.java`.

Expand All @@ -63,11 +63,15 @@ requires org.cryptomator.siv;

Because BouncyCastle classes are shaded, this library only depends on `java.base`.

## Building
## Reproducible Builds

This is a Maven project. To build it, run `mvn clean install`.
This is a Maven project that can be built using `mvn install`. However, if you want to build this reproducibly, please make sure:

Requires JDK 11.0.3 or newer at build time due to JPMS support.
1. Use the same build environment
* The same [JDK as our CI builds](https://github.com/cryptomator/siv-mode/blob/develop/.github/workflows/build.yml#L15-L16)
* Ideally the same same arch and OS (x86_64 Linux)
* Same locale (en_US) and linebreaks (POSIX)
2. Use `./mvnw install` instead (or `./mvnw verify` or `./mvnw package -DskipTests`, depending on your intentions)

## License
Distributed under the MIT X Consortium license. See the LICENSE file for more info.
Expand Down
Loading

0 comments on commit 7a1fe68

Please sign in to comment.