Skip to content

ci: make sure the tag being pushed is both annotated and signed #155

ci: make sure the tag being pushed is both annotated and signed

ci: make sure the tag being pushed is both annotated and signed #155

Workflow file for this run

name: publish jvm packages
concurrency:
group: "${{ github.workflow }}-${{ github.ref }}"
on:
push:
tags:
- "**"
env:
CARGO_INCREMENTAL: 0
CARGO_NET_RETRY: 10
RUSTUP_MAX_RETRIES: 10
CARGO_TERM_COLOR: always
CARGO_NET_GIT_FETCH_WITH_CLI: true
CARGO_REGISTRIES_CRATES_IO_PROTOCOL: sparse
jobs:
build-linux:
uses: ./.github/workflows/build-jvm-linux.yml
build-darwin-artifacts:
if: github.repository == 'wireapp/core-crypto'
name: build darwin artifacts
runs-on: macos-latest
steps:
- uses: actions/checkout@v4
- name: ensure the tag is signed
run: git cat-file tag ${{ github.ref_name }} | grep -q -- '-----BEGIN PGP SIGNATURE-----'
- name: setup rust
uses: actions-rust-lang/setup-rust-toolchain@v1 # this implicitly caches Rust tools and build artifacts
with:
rustflags: ''
target: "x86_64-apple-darwin,aarch64-apple-darwin"
- name: setup cargo-make
uses: davidB/rust-cargo-make@v1
- name: build artifacts
run: |
cd crypto-ffi
cargo make jvm-darwin
- name: upload x86_64-apple-darwin artifacts
uses: actions/upload-artifact@v4
with:
name: x86_64-apple-darwin
path: target/x86_64-apple-darwin/release/*.dylib
- name: upload aarch64-apple-darwin artifacts
uses: actions/upload-artifact@v4
with:
name: aarch64-apple-darwin
path: target/aarch64-apple-darwin/release/*.dylib
publish-jvm:
if: github.repository == 'wireapp/core-crypto'
name: publish jvm package
needs: [build-linux, build-darwin-artifacts]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: set up jdk 17
uses: actions/setup-java@v4
with:
java-version: "17"
distribution: "adopt"
- uses: actions-rust-lang/setup-rust-toolchain@v1 # this implicitly caches Rust tools and build artifacts
with:
rustflags: ''
- name: setup cargo-make
uses: davidB/rust-cargo-make@v1
- name: build artifacts
run: |
cd crypto-ffi
cargo make ffi-kotlin-jvm
- name: gradle setup
uses: gradle/actions/setup-gradle@v4
- name: validate gradle wrapper
uses: gradle/actions/wrapper-validation@v4
- name: download x86_64 linux artifact
uses: actions/download-artifact@v4
with:
name: jvm-linux-so-file-${{ github.run_id }}
path: target/x86_64-unknown-linux-gnu/release
- name: download x86_64 apple darwin artifact
uses: actions/download-artifact@v4
with:
name: x86_64-apple-darwin
path: target/x86_64-apple-darwin/release
- name: download aarch64 apple darwin artifact
uses: actions/download-artifact@v4
with:
name: aarch64-apple-darwin
path: target/aarch64-apple-darwin/release
- name: publish package
run: |
cd crypto-ffi/bindings
./gradlew :uniffi-jvm:publishAllPublicationsToMavenCentral --no-configuration-cache
./gradlew :jvm:publishAllPublicationsToMavenCentral --no-configuration-cache
env:
ORG_GRADLE_PROJECT_mavenCentralPassword: ${{ secrets.SONATYPE_PASSWORD }}
ORG_GRADLE_PROJECT_mavenCentralUsername: ${{ secrets.SONATYPE_USERNAME }}
ORG_GRADLE_PROJECT_signingInMemoryKeyId: ${{ secrets.PGP_KEY_ID }}
ORG_GRADLE_PROJECT_signingInMemoryKey: ${{ secrets.PGP_SIGNING_KEY }}
ORG_GRADLE_PROJECT_signingInMemoryKeyPassword: ${{ secrets.PGP_PASSPHRASE }}