Resolves #940 #748
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| workflow_dispatch: | |
| pull_request: # all pull requests | |
| push: | |
| branches: | |
| - master | |
| env: | |
| MVN_CMD: ./mvnw --no-transfer-progress -B | |
| jobs: | |
| build: | |
| strategy: | |
| matrix: | |
| java: [ '8', '11', '17', '21', '24' ] | |
| distribution: [ 'zulu', 'temurin', 'corretto' ] | |
| runs-on: 'ubuntu-latest' | |
| name: jdk-${{ matrix.java }}-${{ matrix.distribution }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up JDK ${{ matrix.java }}-${{ matrix.distribution }} | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: ${{ matrix.java }} | |
| distribution: ${{ matrix.distribution }} | |
| cache: 'maven' | |
| check-latest: true | |
| - name: Install softhsm2 | |
| run: sudo apt-get install -y softhsm2 | |
| - name: Install opensc | |
| run: sudo apt-get install -y opensc | |
| - name: Ensure SoftHSM user configuration | |
| run: impl/src/test/scripts/softhsm configure | |
| - name: Populate SoftHSM with JJWT test keys | |
| run: impl/src/test/scripts/softhsm import | |
| - name: Build | |
| # run a full build, just as we would for a release (i.e. the `ossrh` profile), but don't use gpg | |
| # to sign artifacts, since we don't want to mess with storing signing credentials in CI: | |
| run: ${{env.MVN_CMD}} verify -Possrh -Dgpg.skip=true | |
| # ensure all of our files have the correct/updated license header | |
| license-check: | |
| runs-on: 'ubuntu-latest' | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 # avoid license plugin history warnings (plus it needs full history) | |
| - name: Set up JDK | |
| uses: actions/setup-java@v4 | |
| with: | |
| distribution: 'zulu' | |
| java-version: '8' | |
| cache: 'maven' | |
| check-latest: true | |
| - name: License Check | |
| # This adds about 1 minute to any build, which is why we don't want to do it on every other build: | |
| run: | | |
| ${{env.MVN_CMD}} license:check | |
| code-coverage: | |
| runs-on: 'ubuntu-latest' | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up JDK | |
| uses: actions/setup-java@v4 | |
| with: | |
| distribution: 'zulu' | |
| java-version: '8' | |
| cache: 'maven' | |
| check-latest: true | |
| - name: Install softhsm2 | |
| run: sudo apt-get install -y softhsm2 | |
| - name: Install opensc | |
| run: sudo apt-get install -y opensc | |
| - name: Ensure SoftHSM user configuration | |
| run: impl/src/test/scripts/softhsm configure | |
| - name: Populate SoftHSM with JJWT test keys | |
| run: impl/src/test/scripts/softhsm import | |
| - name: Wait to start | |
| # wait a little to start: SoftHSM install and code coverage usually takes 3 1/2 minutes, and we don't want | |
| # it fail before other jobs; we want to see if jobs fail due to build issues, not just due to the code-coverage | |
| # job causing the others to cancel). | |
| # | |
| # We choose a sleep/delay approach here instead of using the GitHub Actions `needs` attribute | |
| # because `needs` requires its dependency to fully finish before starting this one, and doing so | |
| # would double the overall build time. Instead we want to run this concurrently with the other builds for | |
| # speed. The sleep should allow this to finish around the same time, or just slightly after, all the other | |
| # jobs. | |
| run: sleep 10s | |
| shell: bash | |
| - name: Code Coverage | |
| # run a full build, just as we would for a release (i.e. the `ossrh` profile), but don't use gpg | |
| # to sign artifacts, since we don't want to mess with storing signing credentials in CI: | |
| run: | | |
| ${{env.MVN_CMD}} clover:setup test && \ | |
| ${{env.MVN_CMD}} -pl . clover:clover clover:check coveralls:report \ | |
| -DrepoToken="${{ secrets.GITHUB_TOKEN }}" \ | |
| -DserviceName=github \ | |
| -DserviceBuildNumber="${{ env.GITHUB_RUN_ID }}" |