use 32 bit liberice in pom #697
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Package | |
| on: | |
| push: | |
| tags: | |
| - "v[0-9]+.[0-9]+.[0-9]+" | |
| jobs: | |
| linux-debian: | |
| environment: packaging | |
| runs-on: ubuntu-22.04 | |
| container: "debian:11" | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| steps: | |
| - name: Setup dependencies | |
| run: | | |
| apt-get -q update && apt-get -q upgrade -y | |
| apt-get -q install -y wget git gpg | |
| wget https://download.bell-sw.com/java/21.0.8+12/bellsoft-jdk21.0.8+12-linux-amd64-full.deb | |
| apt-get -q install -y ./bellsoft-jdk21.0.8+12-linux-amd64-full.deb | |
| apt-get -q install -y binutils fakeroot | |
| - uses: actions/checkout@v4 | |
| - name: Build artifact | |
| run: | | |
| export JAVA_HOME=/usr/lib/jvm/$(ls /usr/lib/jvm/ | grep bellsoft-java24-full) | |
| export PATH=$JAVA_HOME/bin:$PATH | |
| git config --global --add safe.directory ${GITHUB_WORKSPACE} | |
| ./mvnw versions:set -DnewVersion=$(git describe --tags --abbrev=0 | sed -r 's/^v//g') | |
| ./mvnw -B -C -V package -P system-jdk | |
| ls -lah ./target | |
| - name: Rename artifact | |
| run: mv target/autogram*.deb target/autogram_debian.deb | |
| - name: Create release if tag pushed | |
| uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 | |
| if: startsWith(github.ref, 'refs/tags/') | |
| with: | |
| draft: true | |
| prerelease: true | |
| files: | | |
| target/*.deb | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| linux-ubuntu: | |
| environment: packaging | |
| runs-on: ubuntu-22.04 | |
| container: "ubuntu:22.04" | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| steps: | |
| - name: Setup dependencies | |
| run: | | |
| apt-get -q update && apt-get -q upgrade -y | |
| apt-get -q install -y wget git gpg | |
| wget https://download.bell-sw.com/java/21.0.8+12/bellsoft-jdk21.0.8+12-linux-amd64-full.deb | |
| apt-get -q install -y ./bellsoft-jdk21.0.8+12-linux-amd64-full.deb | |
| apt-get -q install -y binutils fakeroot | |
| - uses: actions/checkout@v4 | |
| - name: Build artifact | |
| run: | | |
| export JAVA_HOME=/usr/lib/jvm/$(ls /usr/lib/jvm/ | grep bellsoft-java24-full) | |
| export PATH=$JAVA_HOME/bin:$PATH | |
| git config --global --add safe.directory ${GITHUB_WORKSPACE} | |
| ./mvnw versions:set -DnewVersion=$(git describe --tags --abbrev=0 | sed -r 's/^v//g') | |
| ./mvnw -B -C -V package -P system-jdk | |
| ls -lah ./target | |
| - name: Rename artifact | |
| run: mv target/autogram*.deb target/autogram_ubuntu.deb | |
| - name: Create release if tag pushed | |
| uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 | |
| if: startsWith(github.ref, 'refs/tags/') | |
| with: | |
| draft: true | |
| prerelease: true | |
| files: | | |
| target/*.deb | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| linux-fedora: | |
| environment: packaging | |
| runs-on: ubuntu-latest | |
| container: "fedora:41" | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| steps: | |
| - name: Setup dependencies | |
| run: | | |
| dnf -q install -y rpm-build git wget | |
| wget https://download.bell-sw.com/java/21.0.8+12/bellsoft-jdk21.0.8+12-linux-amd64-full.rpm | |
| sudo yum install -y ./bellsoft-jdk21.0.8+12-linux-amd64-full.rpm | |
| - uses: actions/checkout@v4 | |
| - name: Build artifact | |
| run: | | |
| export JAVA_HOME=/usr/lib/jvm/$(ls /usr/lib/jvm/ | grep bellsoft-java24-full) | |
| export PATH=$JAVA_HOME/bin:$PATH | |
| git config --global --add safe.directory ${GITHUB_WORKSPACE} | |
| ./mvnw versions:set -DnewVersion=$(git describe --tags --abbrev=0 | sed -r 's/^v//g') | |
| ./mvnw -B -C -V package -P system-jdk | |
| ls -lah ./target | |
| - name: Create release if tag pushed | |
| uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 | |
| if: startsWith(github.ref, 'refs/tags/') | |
| with: | |
| draft: true | |
| prerelease: true | |
| files: | | |
| target/*.rpm | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| macos: | |
| environment: packaging | |
| runs-on: macos-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/download-artifact@v4 | |
| with: | |
| merge-multiple: true | |
| path: target | |
| - name: Update version in pom if tag pushed | |
| if: startsWith(github.ref, 'refs/tags/') | |
| run: ./mvnw versions:set -DnewVersion=$(git describe --tags --abbrev=0 | sed -r 's/^v//g') | |
| shell: bash | |
| - name: Set up JDK | |
| uses: actions/setup-java@v3 | |
| with: | |
| java-version: "21.0.8+12" | |
| distribution: "liberica" | |
| java-package: "jdk+fx" | |
| - name: Cache local Maven repository and JDK cache | |
| uses: actions/cache@v3 | |
| with: | |
| path: | | |
| ~/.m2/repository | |
| target/jdkCache | |
| key: macos-maven-${{ hashFiles('**/pom.xml') }} | |
| restore-keys: | | |
| macos-maven- | |
| - name: Install an Apple keychain (MacOS) | |
| # based on https://docs.github.com/en/actions/deployment/deploying-xcode-applications/installing-an-apple-certificate-on-macos-runners-for-xcode-development#add-a-step-to-your-workflow | |
| env: | |
| APPLE_KEYCHAIN_BASE64: ${{ secrets.APPLE_KEYCHAIN_BASE64 }} | |
| APPLE_KEYCHAIN_PASSWORD: ${{ secrets.APPLE_KEYCHAIN_PASSWORD }} | |
| APPLE_DEVELOPER_IDENTITY: ${{ secrets.APPLE_DEVELOPER_IDENTITY }} | |
| shell: bash | |
| run: | | |
| # create variables | |
| APPLE_KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db | |
| # share to rest of steps | |
| echo "APPLE_KEYCHAIN_PATH=$APPLE_KEYCHAIN_PATH" >> "$GITHUB_ENV" | |
| # import keychain from secrets | |
| echo -n "$APPLE_KEYCHAIN_BASE64" | base64 --decode -o $APPLE_KEYCHAIN_PATH | |
| set -x | |
| # unlock, set timeout and set as used keychain | |
| security unlock-keychain -p "$APPLE_KEYCHAIN_PASSWORD" $APPLE_KEYCHAIN_PATH | |
| #security set-keychain-settings -lut 21600 $APPLE_KEYCHAIN_PATH | |
| security list-keychain -d user -s $APPLE_KEYCHAIN_PATH | |
| security default-keychain -s $APPLE_KEYCHAIN_PATH | |
| - name: Package with Maven | |
| run: ./mvnw -B -C -V package -P system-jdk | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| APPLE_KEYCHAIN_PATH: ${{ env.APPLE_KEYCHAIN_PATH }} | |
| APPLE_DEVELOPER_IDENTITY: ${{ secrets.APPLE_DEVELOPER_IDENTITY }} | |
| - name: Notarize release with Apple (MacOS) | |
| env: | |
| APPLE_KEYCHAIN_PATH: ${{ env.APPLE_KEYCHAIN_PATH }} | |
| shell: bash | |
| run: | | |
| set -x | |
| # run notarization | |
| xcrun notarytool submit --keychain-profile "autogram" --keychain $APPLE_KEYCHAIN_PATH --wait target/Autogram-*.pkg | |
| # staple | |
| xcrun stapler staple target/Autogram-*.pkg | |
| # lock all keychains | |
| security lock-keychain -a | |
| - name: Create release if tag pushed | |
| uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 | |
| if: startsWith(github.ref, 'refs/tags/') | |
| with: | |
| draft: true | |
| prerelease: true | |
| files: | | |
| target/*.pkg | |
| target/*.dmg | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| windows: | |
| environment: packaging | |
| runs-on: windows-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/download-artifact@v4 | |
| with: | |
| merge-multiple: true | |
| path: target | |
| - name: Update version in pom if tag pushed | |
| if: startsWith(github.ref, 'refs/tags/') | |
| run: ./mvnw versions:set -DnewVersion=$(git describe --tags --abbrev=0 | sed -r 's/^v//g') | |
| shell: bash | |
| - name: Set up JDK | |
| uses: actions/setup-java@v3 | |
| with: | |
| java-version: "21.0.8+12" | |
| distribution: "liberica" | |
| java-package: "jdk+fx" | |
| - name: Cache local Maven repository and JDK cache | |
| uses: actions/cache@v3 | |
| with: | |
| path: | | |
| ~/.m2/repository | |
| target/jdkCache | |
| key: windows-maven-${{ hashFiles('**/pom.xml') }} | |
| restore-keys: | | |
| windows-maven- | |
| - name: Package with Maven | |
| run: ./mvnw -B -C -V package | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Sign on Azure | |
| shell: bash | |
| run: | | |
| dotnet tool install --global AzureSignTool | |
| AzureSignTool sign --description "Autogram" -kvu "${{ secrets.AZURE_KEY_VAULT_URI }}" -kvi "${{ secrets.AZURE_CLIENT_ID }}" -kvt "${{ secrets.AZURE_TENANT_ID }}" -kvs "${{ secrets.AZURE_CLIENT_SECRET }}" -kvc ${{ secrets.AZURE_CERT_NAME }} -tr http://timestamp.digicert.com -v target/*.msi | |
| - name: Create release if tag pushed | |
| uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 | |
| if: startsWith(github.ref, 'refs/tags/') | |
| with: | |
| draft: true | |
| prerelease: true | |
| files: | | |
| target/*.exe | |
| target/*.msi | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |