Skip to content

chore: workflow permissions #45

chore: workflow permissions

chore: workflow permissions #45

name: Push to GCR Github Action
permissions:
contents: read
id-token: write
on:
push:
tags:
- '*'
branches:
- 'srl295/issue46' # TESTING!
jobs:
build-and-push-to-gcr:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Set up JDK 11
uses: actions/setup-java@v1
with:
java-version: 11
- name: Get the CLDR_REF from pom.xml
id: cldr_ref
run: echo "CLDR_REF="$(mvn help:evaluate -Dexpression=cldr.version -q -DforceStdout | cut -d- -f3) >> $GITHUB_OUTPUT && cat ${GITHUB_OUTPUT}
- name: Verify CLDR checkout ref
run: echo CLDR_REF="${{ steps.cldr_ref.outputs.CLDR_REF }}" && [ "${{ steps.cldr_ref.outputs.CLDR_REF }}x" != "x" ] # fail if empty
- name: Cache CLDR
uses: actions/cache@v2
with:
path: cldr
key: cldr-${{ steps.cldr_ref.outputs.CLDR_REF }}
restore-keys: |
cldr-${{ steps.cldr_ref.outputs.CLDR_REF }}
- name: Check out CLDR
uses: actions/checkout@v3
with:
repository: unicode-org/cldr
path: cldr
ref: main
fetch-depth: 0
- name: Switch CLDR to CLDR_REF
run: cd cldr && git fetch && git checkout ${{ steps.cldr_ref.outputs.CLDR_REF }}
- name: Backup Unicodetools and CLDR for jsps # this is needed only for the Docker build
run:
mkdir -p UnicodeJsps/target && tar -cpz --exclude=.git -f UnicodeJsps/target/cldr-unicodetools.tgz ./cldr ./unicodetools
- name: Cache local Maven repository
uses: actions/cache@v2
with:
path: ~/.m2/repository
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
restore-keys: |
${{ runner.os }}-maven-
- name: Package with Maven
run: >
mvn -s .github/workflows/mvn-settings.xml -B package -am -pl UnicodeJsps -DskipTests=true
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Upload UnicodeJsps.war
uses: actions/upload-artifact@v2
with:
name: UnicodeJsps
path: UnicodeJsps/target/UnicodeJsps.war
- name: setup ucd txt
run: cd UnicodeJsps && bash update-bidic-ucd.sh
- name: Get the version
id: get_tag_name
run: echo ::set-output name=GIT_TAG_NAME::${GITHUB_REF/refs\/tags\//}
- id: 'auth'
name: 'Authenticate to Google Cloud'
uses: 'google-github-actions/[email protected]'
with:
token_format: 'access_token'
workload_identity_provider: 'projects/goog-unicode-dev/locations/global/workloadIdentityPools/pool1/providers/unicode-dev-provider'
service_account: '[email protected]'
- uses: RafikFarhad/push-to-gcr-github-action@241707854fb71f655ec4e2a98bb16505f218bcc2
with:
gcloud_service_key: ${{ steps.auth.outputs.access_token }}
registry: us-central1-docker.pkg.dev
project_id: goog-unicode-dev
image_name: unicode-jsps
image_tag: srl-test
#image_tag: ${{ steps.get_tag_name.outputs.GIT_TAG_NAME }}
dockerfile: ./UnicodeJsps/Dockerfile
context: ./UnicodeJsps/