slsa.yaml

name: Build with provenance
on: [push]

permissions: read-all

jobs:
  staging-okr-deploy:
    permissions:
      id-token: write # For signing.
      contents: read # For repo checkout of private repos.
      actions: read # For getting workflow run on private repos.
    runs-on: ubuntu-latest
    steps:
      - name: Checkout project
        uses: actions/checkout@v2
        with:
          token: ${{secrets.VERSION_TOKEN}}

      - name: Set up JDK 17
        uses: actions/setup-java@v2
        with:
          java-version: '17'
          distribution: 'adopt'
          server-id: github
          settings-path: ${{github.workspace}}

      - name: Generate and Set New Version
        run: mvn build-helper:parse-version versions:set -DnewVersion=\${parsedVersion.majorVersion}.\${parsedVersion.minorVersion}.\${parsedVersion.nextIncrementalVersion} -DgenerateBackupPoms=false

      - name: Extract Maven project version
        run: echo "version=$(mvn -q -Dexec.executable=echo -Dexec.args='${project.version}' --non-recursive exec:exec)" >> $GITHUB_OUTPUT
        id: store-version


      - name: Set New Snapshot Version
        run: mvn build-helper:parse-version versions:set -DnewVersion=${{ steps.store-version.outputs.version}}-SNAPSHOT -DgenerateBackupPoms=false

      - name: Set up node 16
        uses: actions/setup-node@v3
        with:
          node-version: 16

      - name: Install Dependencies
        run: cd ./frontend && npm ci

      - name: Build frontend with Angular
        run: cd ./frontend && npm run build:staging

      - name: Build backend with Maven
        run: mvn -B clean package --file pom.xml -P staging
      - name: create provenance
        uses: slsa-framework/slsa-github-generator/.github/workflows/builder_maven_slsa3.yml@main