-
Notifications
You must be signed in to change notification settings - Fork 1
145 lines (139 loc) · 5.54 KB
/
build.yml
File metadata and controls
145 lines (139 loc) · 5.54 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
name: Gradle Build
on:
workflow_call:
inputs:
split-jobs:
description: 'Run the build as separate lint, unit, integration, and package jobs'
default: false
required: false
type: boolean
job-name:
description: 'Display name for the job'
default: 'Build and Test'
required: false
type: string
java-version:
description: 'Java version to use'
default: '17'
required: false
type: string
runs-on:
description: 'Runner label to use for the job'
default: 'ubuntu-latest'
required: false
type: string
gradle-tasks:
description: 'Gradle tasks to run for the legacy single-job path'
default: 'build'
required: false
type: string
lint-gradle-tasks:
description: 'Gradle tasks to run for lint and static analysis. Set to an empty string to disable this job when split-jobs is enabled.'
default: '--parallel spotlessCheck pmdMain checkstyleMain'
required: false
type: string
test-gradle-tasks:
description: 'Gradle tasks to run for the default JVM test suite, typically `test`. Set to an empty string to disable this job when split-jobs is enabled.'
default: '--parallel test'
required: false
type: string
integration-gradle-tasks:
description: 'Gradle tasks to run for additional JVM test suites, typically `integrationTest` from Gradle testing suites. Set to an empty string to disable this job when split-jobs is enabled.'
default: '--parallel integrationTest'
required: false
type: string
package-gradle-tasks:
description: 'Gradle tasks to run for packaging and assembly verification. Set to an empty string to disable this job when split-jobs is enabled.'
default: '--parallel assemble'
required: false
type: string
aws-role-arn:
description: 'AWS IAM role ARN for OIDC authentication (for integration tests)'
required: false
type: string
aws-region:
description: 'AWS region (used with aws-role-arn or aws secrets)'
default: 'us-east-1'
required: false
type: string
secrets:
aws-access-key-id:
description: 'AWS access key ID (alternative to OIDC)'
required: false
aws-secret-access-key:
description: 'AWS secret access key (alternative to OIDC)'
required: false
unlock-public-key:
description: 'Base64-encoded Ed25519 public key for unlock token verification'
required: false
jobs:
build:
if: ${{ !inputs.split-jobs }}
uses: ./.github/workflows/reusable-build-job.yml
with:
job-name: ${{ inputs.job-name }}
java-version: ${{ inputs.java-version }}
runs-on: ${{ inputs.runs-on }}
gradle-tasks: ${{ inputs.gradle-tasks }}
aws-role-arn: ${{ inputs.aws-role-arn }}
aws-region: ${{ inputs.aws-region }}
secrets:
aws-access-key-id: ${{ secrets.aws-access-key-id }}
aws-secret-access-key: ${{ secrets.aws-secret-access-key }}
unlock-public-key: ${{ secrets.unlock-public-key }}
lint:
if: ${{ inputs.split-jobs && inputs.lint-gradle-tasks != '' }}
uses: ./.github/workflows/reusable-build-job.yml
with:
job-name: 'Lint And Static Analysis'
java-version: ${{ inputs.java-version }}
runs-on: ${{ inputs.runs-on }}
gradle-tasks: ${{ inputs.lint-gradle-tasks }}
aws-role-arn: ${{ inputs.aws-role-arn }}
aws-region: ${{ inputs.aws-region }}
secrets:
aws-access-key-id: ${{ secrets.aws-access-key-id }}
aws-secret-access-key: ${{ secrets.aws-secret-access-key }}
unlock-public-key: ${{ secrets.unlock-public-key }}
unit-tests:
if: ${{ inputs.split-jobs && inputs.test-gradle-tasks != '' }}
uses: ./.github/workflows/reusable-build-job.yml
with:
job-name: 'Unit Tests'
java-version: ${{ inputs.java-version }}
runs-on: ${{ inputs.runs-on }}
gradle-tasks: ${{ inputs.test-gradle-tasks }}
aws-role-arn: ${{ inputs.aws-role-arn }}
aws-region: ${{ inputs.aws-region }}
secrets:
aws-access-key-id: ${{ secrets.aws-access-key-id }}
aws-secret-access-key: ${{ secrets.aws-secret-access-key }}
unlock-public-key: ${{ secrets.unlock-public-key }}
integration-tests:
if: ${{ inputs.split-jobs && inputs.integration-gradle-tasks != '' }}
uses: ./.github/workflows/reusable-build-job.yml
with:
job-name: 'Integration Tests'
java-version: ${{ inputs.java-version }}
runs-on: ${{ inputs.runs-on }}
gradle-tasks: ${{ inputs.integration-gradle-tasks }}
aws-role-arn: ${{ inputs.aws-role-arn }}
aws-region: ${{ inputs.aws-region }}
secrets:
aws-access-key-id: ${{ secrets.aws-access-key-id }}
aws-secret-access-key: ${{ secrets.aws-secret-access-key }}
unlock-public-key: ${{ secrets.unlock-public-key }}
package-verification:
if: ${{ inputs.split-jobs && inputs.package-gradle-tasks != '' }}
uses: ./.github/workflows/reusable-build-job.yml
with:
job-name: 'Package Verification'
java-version: ${{ inputs.java-version }}
runs-on: ${{ inputs.runs-on }}
gradle-tasks: ${{ inputs.package-gradle-tasks }}
aws-role-arn: ${{ inputs.aws-role-arn }}
aws-region: ${{ inputs.aws-region }}
secrets:
aws-access-key-id: ${{ secrets.aws-access-key-id }}
aws-secret-access-key: ${{ secrets.aws-secret-access-key }}
unlock-public-key: ${{ secrets.unlock-public-key }}