.github/workflows/ci_test-release.yaml

name: Java Maven CI for test and release actions

on:
  push:
    branches:
      - 'main'
      - 'feature/**'
      - 'fix/**'
  pull_request:
    branches:
      - 'main'

jobs:

  test:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout project
        uses: actions/checkout@v2
        with:
          fetch-depth: 0  # shallow clones should be disabled for a better relevancy of analysis
      - name: Setup JDK 11
        uses: actions/setup-java@v2
        with:
          java-version: 11
          distribution: adopt
          architecture: x64
      - name: Cache Maven packages
        uses: actions/cache@v2
        with:
          path: ~/.m2
          key: ${{ runner.os }}-maven2-${{ hashFiles('**/pom.xml') }}
          restore-keys: ${{ runner.os }}-maven2
      - name: Build project
        run: |
          mvn --batch-mode package \
            -DskipTests=true
      - name: Test project
        env:
          CROWD_LICENSE_KEY: ${{ secrets.CROWD_LICENSE_KEY }}
        run: |
          mvn --batch-mode verify
#      - name: Perform static code analysis
#        env:
#          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
#          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
#        run: |
#          mvn --batch-mode sonar:sonar \
#            --settings ./.github/workflows/settings.xml \
#            -P resolving,analyzing

  release:
    needs: test
    if: github.event_name == 'push' && github.ref_name == 'main'
    runs-on: ubuntu-latest
    env:
      OSSRH_USERNAME: ${{ secrets.OSSRH_USERNAME }}
      OSSRH_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
      GPG_SIGNING_KEY: ${{ secrets.GPG_KEY_BASE64 }}
      GPG_KEY_NAME: ${{ secrets.GPG_KEY_NAME }}
      GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
    steps:
      - name: Checkout project
        uses: actions/checkout@v2
      - name: Setup JDK 11
        uses: actions/setup-java@v2
        with:
          java-version: 11
          distribution: adopt
          architecture: x64
      - name: Cache Maven packages
        uses: actions/cache@v2
        with:
          path: ~/.m2
          key: ${{ runner.os }}-maven2-${{ hashFiles('**/pom.xml') }}
          restore-keys: ${{ runner.os }}-maven2
      - name: Import GPG key
        run: echo "${GPG_SIGNING_KEY}" | base64 --decode | gpg --no-tty --batch --import
      - name: Perform tagging if version has changed
        id: tagging
        uses: brettaufheber/auto-tagging-action@v1
        with:
          command: mvn --batch-mode help:evaluate -Dexpression=project.version | grep -v -E '^\[([A-Za-z])+\]'
          tag-prefix: 'v'
      - name: Build project
        run: |
          mvn --batch-mode package \
          -DskipTests=true
      - name: Publish to public Maven2 repository
        if: ${{ steps.tagging.outputs.tag-created == 'yes' || steps.tagging.outputs.strategy == 'snapshot' }}
        run: |
          mvn --batch-mode deploy \
            --settings ./.github/workflows/settings.xml \
            -P resolving,signing,deploying \
            -DskipTests=true \
            -DskipITs=true
      - name: Setup QEMU
        uses: docker/setup-qemu-action@v1
      - name: Setup Docker Buildx
        uses: docker/setup-buildx-action@v1
      - name: Login to GitHub container registry
        uses: docker/login-action@v1
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - name: Publish to GitHub Docker registry (base image RHEL UBI)
        if: ${{ steps.tagging.outputs.tag-created == 'yes' && steps.tagging.outputs.version-major-minor-patch }}
        uses: docker/build-push-action@v2
        with:
          push: true
          context: .
          file: ./docker/Dockerfile-rhel
          tags: |
            ghcr.io/${{ github.repository_owner }}/ldap-crowd-adapter:rhel
            ghcr.io/${{ github.repository_owner }}/ldap-crowd-adapter:${{ steps.tagging.outputs.version-major }}-rhel
            ghcr.io/${{ github.repository_owner }}/ldap-crowd-adapter:${{ steps.tagging.outputs.version-major-minor }}-rhel
            ghcr.io/${{ github.repository_owner }}/ldap-crowd-adapter:${{ steps.tagging.outputs.version-major-minor-patch }}-rhel
            ghcr.io/${{ github.repository_owner }}/ldap-crowd-adapter:canary-rhel
      - name: Publish to GitHub Docker registry (base image Ubuntu)
        if: ${{ steps.tagging.outputs.tag-created == 'yes' && steps.tagging.outputs.version-major-minor-patch }}
        uses: docker/build-push-action@v2
        with:
          push: true
          context: .
          file: ./docker/Dockerfile
          tags: |
            ghcr.io/${{ github.repository_owner }}/ldap-crowd-adapter:ubuntu
            ghcr.io/${{ github.repository_owner }}/ldap-crowd-adapter:${{ steps.tagging.outputs.version-major }}-ubuntu
            ghcr.io/${{ github.repository_owner }}/ldap-crowd-adapter:${{ steps.tagging.outputs.version-major-minor }}-ubuntu
            ghcr.io/${{ github.repository_owner }}/ldap-crowd-adapter:${{ steps.tagging.outputs.version-major-minor-patch }}-ubuntu
            ghcr.io/${{ github.repository_owner }}/ldap-crowd-adapter:canary-ubuntu
            ghcr.io/${{ github.repository_owner }}/ldap-crowd-adapter:latest
            ghcr.io/${{ github.repository_owner }}/ldap-crowd-adapter:${{ steps.tagging.outputs.version-major }}
            ghcr.io/${{ github.repository_owner }}/ldap-crowd-adapter:${{ steps.tagging.outputs.version-major-minor }}
            ghcr.io/${{ github.repository_owner }}/ldap-crowd-adapter:${{ steps.tagging.outputs.version-major-minor-patch }}
            ghcr.io/${{ github.repository_owner }}/ldap-crowd-adapter:canary
      - name: Publish to GitHub Docker registry (base image RHEL UBI; canary release only)
        if: ${{ steps.tagging.outputs.tag-created == 'no' }}
        uses: docker/build-push-action@v2
        with:
          push: true
          context: .
          file: ./docker/Dockerfile-rhel
          tags: |
            ghcr.io/${{ github.repository_owner }}/ldap-crowd-adapter:canary-rhel
      - name: Publish to GitHub Docker registry (base image Ubuntu; canary release only)
        if: ${{ steps.tagging.outputs.tag-created == 'no' }}
        uses: docker/build-push-action@v2
        with:
          push: true
          context: .
          file: ./docker/Dockerfile
          tags: |
            ghcr.io/${{ github.repository_owner }}/ldap-crowd-adapter:canary-ubuntu
            ghcr.io/${{ github.repository_owner }}/ldap-crowd-adapter:canary