github workflows (#2)

kortemik · web-flow · commit ebb1941b4788 · 2026-04-20T14:00:32.000+03:00
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -0,0 +1,26 @@
+name: CI
+
+on: [ push ]
+
+jobs:
+  upload:
+    name: CI
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Cache Local Maven Repository
+        uses: actions/cache@v4
+        with:
+          path: ~/.m2/repository
+          key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
+
+      - name: Setup Java
+        uses: actions/setup-java@v4
+        with:
+          java-version: 25
+          distribution: 'adopt'
+
+      - name: Run CI
+        run: mvn --batch-mode clean verify
diff --git a/.github/workflows/coverity.yaml b/.github/workflows/coverity.yaml
@@ -0,0 +1,99 @@
+name: Coverity
+
+on: push
+
+jobs:
+  verify:
+    name: Verify Code
+    runs-on: ubuntu-latest
+    if: ${{ startsWith(github.repository, 'teragrep/') }}
+
+    env:
+      COVERITY: coverity_tool
+
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Install jq
+        run: sudo apt-get update && sudo apt-get install jq
+
+      - name: Get version
+        run: printf "RELEASE_VERSION=%q\n" "$(git describe --tags)" >> $GITHUB_ENV
+
+      - name: Setup Maven Central
+        uses: actions/setup-java@v4
+        with:
+          java-version: 25
+          distribution: 'adopt'
+
+      - name: Cache Local Maven Repository
+        uses: actions/cache@v4
+        with:
+          path: ~/.m2/repository
+          key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
+
+      - name: Download Coverity distribution md5sum for cache key
+        run: wget https://scan.coverity.com/download/linux64 --post-data "token=${{ secrets.COVERITY_TOKEN }}&project_id=${{ vars.COVERITY_PROJECT_URL_ID }}&md5=1" -O coverity_tool.md5
+
+      - name: Cache pull Coverity distribution, extracted
+        id: cache-pull-coverity-distribution
+        uses: actions/cache@v4
+        with:
+          path: ${{ runner.temp }}/${{ env.COVERITY }}
+          key: ${{ runner.os }}-coverity-${{ hashFiles('coverity_tool.md5') }}
+
+      - name: Move coverity_tool.md5 file so it won't conflict with maven
+        run: mv coverity_tool.md5 ${RUNNER_TEMP}/coverity_tool.md5
+
+      - name: Download and extract Coverity distribution if cache-miss
+        if: steps.cache-pull-coverity-distribution.outputs.cache-hit != 'true'
+        run: |
+          wget --quiet https://scan.coverity.com/download/linux64 --post-data "token=${{ secrets.COVERITY_TOKEN }}&project_id=${{ vars.COVERITY_PROJECT_URL_ID }}" -O ${RUNNER_TEMP}/${{ env.COVERITY }}.tgz
+          mkdir -p ${RUNNER_TEMP}/${{ env.COVERITY }}
+          tar zxf ${RUNNER_TEMP}/${{ env.COVERITY }}.tgz -C ${RUNNER_TEMP}/${{ env.COVERITY }} --strip-components 1
+
+      - name: Compile Coverity
+        run: |
+           ${RUNNER_TEMP}/${{ env.COVERITY }}/bin/cov-build --dir ${RUNNER_TEMP}/cov-int mvn -B -Drevision=${{ env.RELEASE_VERSION }} -Dsha1= -Dchangelist= -Dmaven.test.skip.exec=true clean verify
+           cd ${RUNNER_TEMP} && tar czvf ${{ vars.COVERITY_PROJECT_URL_ID }}.tgz cov-int
+
+      - name: Wait for Coverity analysis slot
+        run: |
+          while true; do
+            curl -X POST -d version=${{ env.RELEASE_VERSION }} -d description="automated upload" -d email=${{ secrets.COVERITY_EMAIL }} -d token=${{ secrets.COVERITY_TOKEN }} -d file_name="${{ vars.COVERITY_PROJECT_URL_ID }}.tgz" https://scan.coverity.com/projects/${{ vars.COVERITY_PROJECT_URL_ID }}/builds/init -o ${RUNNER_TEMP}/response;
+
+            if grep -q 'build submission quota' ${RUNNER_TEMP}/response; then
+              cat ${RUNNER_TEMP}/response
+              echo 'Giving up, submission quota met'
+              exit 1
+            fi;
+
+            if grep -q 'already in the queue' ${RUNNER_TEMP}/response; then
+              cat ${RUNNER_TEMP}/response
+              echo 'Waiting for 15 seconds and retrying'
+              sleep 15
+            else
+              break
+            fi
+          done
+
+      - name: Prepare response url
+        run: printf "RESPONSE_URL=%q\n" "$(jq -r '.url' ${RUNNER_TEMP}/response)" >> $GITHUB_ENV
+
+      - name: Upload to Coverity
+        run: |
+          curl -X PUT --header 'Content-Type: application/json' --upload-file ${RUNNER_TEMP}/${{ vars.COVERITY_PROJECT_URL_ID }}.tgz ${{ env.RESPONSE_URL }}
+
+      - name: Prepare build id
+        run: printf "COVERITY_BUILD_ID=%q\n" "$(jq -r '.build_id' ${RUNNER_TEMP}/response)" >> $GITHUB_ENV
+
+      - name: Build Coverity Submit URL
+        run: printf 'COVERITY_SUBMIT_URL=%q/%s/builds/%s/enqueue' "https://scan.coverity.com/projects" "${{ vars.COVERITY_PROJECT_URL_ID }}" "${{ env.COVERITY_BUILD_ID }}" >> $GITHUB_ENV
+
+      - name: Trigger Coverity analysis
+        run: curl -X PUT -d token=${{ secrets.COVERITY_TOKEN }} ${{ env.COVERITY_SUBMIT_URL }}
+
+      - name: Restore coverity_tool.md5 file so caches can be generated
+        run: mv ${RUNNER_TEMP}/coverity_tool.md5 coverity_tool.md5
diff --git a/.github/workflows/upload_release_github_packages.yaml b/.github/workflows/upload_release_github_packages.yaml
@@ -0,0 +1,40 @@
+name: Upload Release to GitHub Packages
+
+on:
+  release:
+    types: [published]
+
+jobs:
+  upload:
+    name: Upload
+    runs-on: ubuntu-latest
+    permissions:
+      packages: write
+
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Cache Local Maven Repository
+        uses: actions/cache@v4
+        with:
+          path: ~/.m2/repository
+          key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
+
+      - name: Setup Signing
+        uses: actions/setup-java@v4
+        with:
+          java-version: 25
+          distribution: 'adopt'
+
+      - name: Setup GitHub Packages
+        uses: actions/setup-java@v4
+        with:
+          java-version: 25
+          distribution: 'adopt'
+
+      - name: Publish to GitHub Packages
+        run: mvn --batch-mode -Drevision=${{ github.event.release.tag_name }} -Dsha1= -Dchangelist= clean deploy -Ppublish-github-packages
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/upload_release_maven_central.yaml b/.github/workflows/upload_release_maven_central.yaml
@@ -0,0 +1,48 @@
+name: Upload Release to Maven Central
+
+on:
+  release:
+    types: [published]
+
+jobs:
+  upload:
+    name: Upload
+    runs-on: ubuntu-latest
+    if: ${{ startsWith(github.repository, 'teragrep/') }}
+
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Cache Local Maven Repository
+        uses: actions/cache@v4
+        with:
+          path: ~/.m2/repository
+          key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
+
+      - name: Setup Signing
+        uses: actions/setup-java@v4
+        with:
+          java-version: 25
+          distribution: 'adopt'
+          gpg-private-key: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }}
+          gpg-passphrase: MAVEN_GPG_PASSPHRASE
+
+      - name: Setup Maven Central
+        uses: actions/setup-java@v4
+        with:
+          java-version: 25
+          distribution: 'adopt'
+
+          server-id: central-sonatype-org
+          server-username: CENTRAL_SONATYPE_ORG_USERNAME
+          server-password: CENTRAL_SONATYPE_ORG_PASSWORD
+          gpg-passphrase: MAVEN_GPG_PASSPHRASE
+
+      - name: Publish to Maven Central
+        run: mvn --batch-mode -Drevision=${{ github.event.release.tag_name }} -Dsha1= -Dchangelist= clean deploy -Ppublish-maven-central
+        env:
+          CENTRAL_SONATYPE_ORG_USERNAME: ${{ secrets.CENTRAL_SONATYPE_ORG_USERNAME }}
+          CENTRAL_SONATYPE_ORG_PASSWORD: ${{ secrets.CENTRAL_SONATYPE_ORG_PASSWORD }}
+          MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }}
diff --git a/pom.xml b/pom.xml
@@ -121,7 +121,7 @@
               <goal>jar</goal>
             </goals>
             <configuration>
-              <source>8</source>
+              <source>25</source>
               <failOnError>false</failOnError>
               <doclint>none</doclint>
               <tags>
@@ -294,8 +294,8 @@
         <version>3.8.1</version>
         <configuration>
           <compilerArgument>-Xlint:all</compilerArgument>
-          <source>16</source>
-          <target>16</target>
+          <source>25</source>
+          <target>25</target>
         </configuration>
       </plugin>
       <plugin>
@@ -526,19 +526,9 @@
     </plugins>
   </build>
   <profiles>
+    <!-- Required when publishing to Maven Central -->
     <profile>
       <id>publish-maven-central</id>
-      <distributionManagement>
-        <repository>
-          <id>ossrh</id>
-          <name>Central Repository OSSRH</name>
-          <url>https://oss.sonatype.org/service/local/staging/deploy/maven2/</url>
-        </repository>
-        <snapshotRepository>
-          <id>ossrh</id>
-          <url>https://oss.sonatype.org/content/repositories/snapshots</url>
-        </snapshotRepository>
-      </distributionManagement>
       <build>
         <plugins>
           <plugin>
@@ -550,7 +540,7 @@
               <publishingServerId>central-sonatype-org</publishingServerId>
               <tokenAuth>true</tokenAuth>
               <autoPublish>true</autoPublish>
-              <waitUntil>published</waitUntil>
+              <waitUntil>validated</waitUntil>
             </configuration>
           </plugin>
           <plugin>
@@ -576,39 +566,18 @@
         </plugins>
       </build>
     </profile>
+    <!-- /Required when publishing to Maven Central -->
+    <!-- Required when publishing to GitHub Packages -->
     <profile>
       <id>publish-github-packages</id>
       <distributionManagement>
         <repository>
           <id>github</id>
           <name>GitHub Packages</name>
-          <url>https://maven.pkg.github.com/teragrep/tmt_01</url>
+          <url>https://maven.pkg.github.com/${env.GITHUB_REPOSITORY}</url>
         </repository>
       </distributionManagement>
-      <build>
-        <plugins>
-          <plugin>
-            <groupId>org.apache.maven.plugins</groupId>
-            <artifactId>maven-gpg-plugin</artifactId>
-            <version>1.6</version>
-            <executions>
-              <execution>
-                <id>sign-artifacts</id>
-                <goals>
-                  <goal>sign</goal>
-                </goals>
-                <phase>verify</phase>
-                <configuration>
-                  <gpgArguments>
-                    <arg>--pinentry-mode</arg>
-                    <arg>loopback</arg>
-                  </gpgArguments>
-                </configuration>
-              </execution>
-            </executions>
-          </plugin>
-        </plugins>
-      </build>
     </profile>
+    <!-- Required when publishing to GitHub Packages -->
   </profiles>
 </project>
