From 50e0835b562fbea75fee977896fff0a74b9edd29 Mon Sep 17 00:00:00 2001
From: Peter Havekes <peter@havekes.eu>
Date: Tue, 19 Mar 2024 17:08:27 +0100
Subject: [PATCH] Add workflow to build and publish a Docker container (#11)

---
 .github/workflows/{maven.yml => build.yml} |   7 +-
 .github/workflows/release.yml              | 119 +++++++++++++++++++++
 2 files changed, 121 insertions(+), 5 deletions(-)
 rename .github/workflows/{maven.yml => build.yml} (59%)
 create mode 100644 .github/workflows/release.yml

diff --git a/.github/workflows/maven.yml b/.github/workflows/build.yml
similarity index 59%
rename from .github/workflows/maven.yml
rename to .github/workflows/build.yml
index 4963616..72ceb63 100644
--- a/.github/workflows/maven.yml
+++ b/.github/workflows/build.yml
@@ -1,7 +1,4 @@
-# This workflow will build a Java project with Maven
-# For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-maven
-
-name: CI Github
+name: Build
 
 on:
   push:
@@ -23,4 +20,4 @@ jobs:
     - name: Build with Maven
       run: mvn -B package --file pom.xml
     - name: Codecov
-      uses: codecov/codecov-action@v1.3.1
\ No newline at end of file
+      uses: codecov/codecov-action@v1.3.1
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
new file mode 100644
index 0000000..5298767
--- /dev/null
+++ b/.github/workflows/release.yml
@@ -0,0 +1,119 @@
+# yamllint disable rule:line-length
+---
+name: Release
+
+on:
+  push:
+    tags:
+      - "*"
+  workflow_dispatch:
+
+jobs:
+  build:
+    permissions:
+      packages: write
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v4
+
+      - name: Set up JAVA 8
+        uses: actions/setup-java@v4
+        with:
+          java-version: 8
+          distribution: "temurin"
+
+      - name: Determine the version
+        run: echo "version=$(mvn -q -Dexec.executable=echo -Dexec.args='${project.version}' --non-recursive exec:exec)" >> $GITHUB_OUTPUT
+        id: versioncheck
+
+      - name: Exit when workflow_dispatch is triggered, and the version does not contain SNAPSHOT in it's name
+        run: |
+          echo "Only SNAPSHOT releases can be triggered with the workflow_dispatch"
+          exit 1
+        if: github.event_name == 'workflow_dispatch' && ( !endsWith(steps.versioncheck.outputs.version, '-SNAPSHOT'))
+
+      - name: Exit when a production build is triggered, and the github tag is not the same as the version in pom.xml
+        run: |
+          echo echo "Project version ${{ steps.versioncheck.outputs.version }} does not match git tag ${{ github.ref_name }}"
+          exit 1
+        if: github.event_name != 'workflow_dispatch' && steps.versioncheck.outputs.version != github.ref_name
+
+      - name: Set up JDK 8 for snapshots
+        uses: actions/setup-java@v4
+        with:
+          java-version: "8"
+          distribution: "temurin"
+          cache: "maven"
+          server-id: openconext-snapshots
+          server-username: MAVEN_USERNAME
+          server-password: MAVEN_PASSWORD
+        if: ( endsWith(steps.versioncheck.outputs.version, '-SNAPSHOT'))
+
+      - name: Set up JDK 8 for releases
+        uses: actions/setup-java@v4
+        with:
+          java-version: "8"
+          distribution: "temurin"
+          cache: "maven"
+          server-id: openconext-releases
+          server-username: MAVEN_USERNAME
+          server-password: MAVEN_PASSWORD
+        if: ${{!( endsWith(steps.versioncheck.outputs.version, '-SNAPSHOT')) }}
+
+      - name: Deploy with Maven
+        run: mvn --batch-mode deploy -DskipTests
+        env:
+          MAVEN_USERNAME: ${{ secrets.BUILD_USERNAME }}
+          MAVEN_PASSWORD: ${{ secrets.BUILD_PASSWORD }}
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Set docker labels and tags
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ghcr.io/surfnet/student-mobility-home-institution-mock/home-institution-mock
+          flavor: |
+            latest=false
+          tags: |
+            type=ref,event=tag
+            type=raw,value=latest,event=tag
+            type=semver,pattern={{version}},value=${{ steps.versioncheck.outputs.version }}
+            type=sha
+
+      - name: Build and push the docker image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: docker/Dockerfile
+          platforms: linux/amd64
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+
+      - name: Codecov
+        uses: codecov/codecov-action@v3.1.1
+
+      - name: Create release
+        uses: actions/create-release@v1
+        id: create_release
+        with:
+          draft: false
+          prerelease: true
+          release_name: Release ${{ github.ref_name }}
+          tag_name: ${{ github.ref_name }}
+          body: |
+            ${{ steps.changelog.outputs.changelog }}
+        env:
+          GITHUB_TOKEN: ${{ github.token }}
+        if: github.event_name != 'workflow_dispatch'