chore: workflow permissions2 #46
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Push to GCR Github Action | |
on: | |
push: | |
tags: | |
- '*' | |
branches: | |
- 'srl295/issue46' # TESTING! | |
jobs: | |
build-and-push-to-gcr: | |
permissions: | |
contents: read | |
id-token: write | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Set up JDK 11 | |
uses: actions/setup-java@v1 | |
with: | |
java-version: 11 | |
- name: Get the CLDR_REF from pom.xml | |
id: cldr_ref | |
run: echo "CLDR_REF="$(mvn help:evaluate -Dexpression=cldr.version -q -DforceStdout | cut -d- -f3) >> $GITHUB_OUTPUT && cat ${GITHUB_OUTPUT} | |
- name: Verify CLDR checkout ref | |
run: echo CLDR_REF="${{ steps.cldr_ref.outputs.CLDR_REF }}" && [ "${{ steps.cldr_ref.outputs.CLDR_REF }}x" != "x" ] # fail if empty | |
- name: Cache CLDR | |
uses: actions/cache@v2 | |
with: | |
path: cldr | |
key: cldr-${{ steps.cldr_ref.outputs.CLDR_REF }} | |
restore-keys: | | |
cldr-${{ steps.cldr_ref.outputs.CLDR_REF }} | |
- name: Check out CLDR | |
uses: actions/checkout@v3 | |
with: | |
repository: unicode-org/cldr | |
path: cldr | |
ref: main | |
fetch-depth: 0 | |
- name: Switch CLDR to CLDR_REF | |
run: cd cldr && git fetch && git checkout ${{ steps.cldr_ref.outputs.CLDR_REF }} | |
- name: Backup Unicodetools and CLDR for jsps # this is needed only for the Docker build | |
run: | |
mkdir -p UnicodeJsps/target && tar -cpz --exclude=.git -f UnicodeJsps/target/cldr-unicodetools.tgz ./cldr ./unicodetools | |
- name: Cache local Maven repository | |
uses: actions/cache@v2 | |
with: | |
path: ~/.m2/repository | |
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} | |
restore-keys: | | |
${{ runner.os }}-maven- | |
- name: Package with Maven | |
run: > | |
mvn -s .github/workflows/mvn-settings.xml -B package -am -pl UnicodeJsps -DskipTests=true | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Upload UnicodeJsps.war | |
uses: actions/upload-artifact@v2 | |
with: | |
name: UnicodeJsps | |
path: UnicodeJsps/target/UnicodeJsps.war | |
- name: setup ucd txt | |
run: cd UnicodeJsps && bash update-bidic-ucd.sh | |
- name: Get the version | |
id: get_tag_name | |
run: echo ::set-output name=GIT_TAG_NAME::${GITHUB_REF/refs\/tags\//} | |
- id: 'auth' | |
name: 'Authenticate to Google Cloud' | |
uses: 'google-github-actions/[email protected]' | |
with: | |
token_format: 'access_token' | |
workload_identity_provider: 'projects/goog-unicode-dev/locations/global/workloadIdentityPools/pool1/providers/unicode-dev-provider' | |
service_account: '[email protected]' | |
- uses: RafikFarhad/push-to-gcr-github-action@241707854fb71f655ec4e2a98bb16505f218bcc2 | |
with: | |
gcloud_service_key: ${{ steps.auth.outputs.access_token }} | |
registry: us-central1-docker.pkg.dev | |
project_id: goog-unicode-dev | |
image_name: unicode-jsps | |
image_tag: srl-test | |
#image_tag: ${{ steps.get_tag_name.outputs.GIT_TAG_NAME }} | |
dockerfile: ./UnicodeJsps/Dockerfile | |
context: ./UnicodeJsps/ |