2023-06-10 16:06:01 +02:00
|
|
|
name: Release Artifacts
|
2023-08-27 12:59:08 +02:00
|
|
|
|
2023-06-10 19:06:59 +02:00
|
|
|
on:
|
2024-04-21 17:30:17 +02:00
|
|
|
workflow_dispatch:
|
2023-06-10 19:06:59 +02:00
|
|
|
release:
|
|
|
|
|
types: [created]
|
2024-12-22 00:33:41 +01:00
|
|
|
|
2025-01-02 19:22:14 +01:00
|
|
|
permissions:
|
|
|
|
|
contents: read
|
2024-12-22 00:33:41 +01:00
|
|
|
|
2023-06-10 16:06:01 +02:00
|
|
|
jobs:
|
2025-01-09 21:56:20 +01:00
|
|
|
build:
|
2023-06-10 16:06:01 +02:00
|
|
|
runs-on: ubuntu-latest
|
2023-08-27 12:59:08 +02:00
|
|
|
strategy:
|
|
|
|
|
matrix:
|
|
|
|
|
enable_security: [true, false]
|
|
|
|
|
include:
|
|
|
|
|
- enable_security: true
|
2024-04-21 17:30:17 +02:00
|
|
|
file_suffix: "-with-login"
|
2023-08-27 12:59:08 +02:00
|
|
|
- enable_security: false
|
2024-04-21 17:30:17 +02:00
|
|
|
file_suffix: ""
|
2025-01-09 21:56:20 +01:00
|
|
|
outputs:
|
|
|
|
|
version: ${{ steps.versionNumber.outputs.versionNumber }}
|
2023-06-10 16:06:01 +02:00
|
|
|
steps:
|
2024-12-21 13:28:35 +01:00
|
|
|
- name: Harden Runner
|
2025-01-13 23:26:05 +01:00
|
|
|
uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3
|
2024-12-21 13:28:35 +01:00
|
|
|
with:
|
|
|
|
|
egress-policy: audit
|
|
|
|
|
|
|
|
|
|
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
2024-04-21 17:30:17 +02:00
|
|
|
|
|
|
|
|
- name: Set up JDK 17
|
2024-12-21 13:28:35 +01:00
|
|
|
uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0
|
2024-04-21 17:30:17 +02:00
|
|
|
with:
|
|
|
|
|
java-version: "17"
|
|
|
|
|
distribution: "temurin"
|
|
|
|
|
|
2024-12-21 13:28:35 +01:00
|
|
|
- uses: gradle/actions/setup-gradle@0bdd871935719febd78681f197cd39af5b6e16a6 # v4.2.2
|
2024-04-21 17:30:17 +02:00
|
|
|
with:
|
2025-01-03 12:26:40 +01:00
|
|
|
gradle-version: 8.12
|
2024-04-21 17:30:17 +02:00
|
|
|
|
|
|
|
|
- name: Generate jar (With Security=${{ matrix.enable_security }})
|
|
|
|
|
run: ./gradlew clean createExe
|
|
|
|
|
env:
|
|
|
|
|
DOCKER_ENABLE_SECURITY: ${{ matrix.enable_security }}
|
2024-12-11 22:54:05 +01:00
|
|
|
STIRLING_PDF_DESKTOP_UI: false
|
2024-04-21 17:30:17 +02:00
|
|
|
|
|
|
|
|
- name: Get version number
|
|
|
|
|
id: versionNumber
|
2025-01-09 21:56:20 +01:00
|
|
|
run: |
|
|
|
|
|
VERSION=$(grep "^version =" build.gradle | awk -F'"' '{print $2}')
|
|
|
|
|
echo "versionNumber=$VERSION" >> $GITHUB_OUTPUT
|
|
|
|
|
|
|
|
|
|
- name: Rename binaries
|
|
|
|
|
run: |
|
|
|
|
|
mv ./build/launch4j/Stirling-PDF.exe ./build/launch4j/Stirling-PDF-Server${{ matrix.file_suffix }}.exe
|
|
|
|
|
mv ./build/libs/Stirling-PDF-${{ steps.versionNumber.outputs.versionNumber }}.jar ./build/libs/Stirling-PDF${{ matrix.file_suffix }}.jar
|
2024-04-21 17:30:17 +02:00
|
|
|
|
2025-01-09 21:56:20 +01:00
|
|
|
- name: Debug build artifacts
|
|
|
|
|
run: |
|
|
|
|
|
echo "Current Directory: $(pwd)"
|
|
|
|
|
ls -R ./build/libs
|
|
|
|
|
ls -R ./build/launch4j
|
2024-04-21 17:30:17 +02:00
|
|
|
|
2025-01-09 21:56:20 +01:00
|
|
|
- name: Upload build artifacts
|
2025-01-14 14:50:14 +01:00
|
|
|
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
|
2024-04-21 17:30:17 +02:00
|
|
|
with:
|
2025-01-09 21:56:20 +01:00
|
|
|
name: binaries${{ matrix.file_suffix }}
|
|
|
|
|
path: |
|
|
|
|
|
./build/launch4j/Stirling-PDF-Server${{ matrix.file_suffix }}.*
|
|
|
|
|
./build/libs/Stirling-PDF${{ matrix.file_suffix }}.*
|
2024-12-21 15:34:07 +01:00
|
|
|
|
2025-01-09 21:56:20 +01:00
|
|
|
sign_verify:
|
|
|
|
|
needs: build
|
|
|
|
|
runs-on: ubuntu-latest
|
|
|
|
|
strategy:
|
|
|
|
|
matrix:
|
|
|
|
|
enable_security: [true, false]
|
|
|
|
|
include:
|
|
|
|
|
- enable_security: true
|
|
|
|
|
file_suffix: "-with-login"
|
|
|
|
|
- enable_security: false
|
|
|
|
|
file_suffix: ""
|
|
|
|
|
steps:
|
2025-01-10 12:25:40 +01:00
|
|
|
- name: Harden Runner
|
|
|
|
|
uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3
|
|
|
|
|
with:
|
|
|
|
|
egress-policy: audit
|
|
|
|
|
|
2025-01-09 21:56:20 +01:00
|
|
|
- name: Download build artifacts
|
|
|
|
|
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
|
2024-04-21 17:30:17 +02:00
|
|
|
with:
|
2025-01-09 21:56:20 +01:00
|
|
|
name: binaries${{ matrix.file_suffix }}
|
|
|
|
|
- name: Display structure of downloaded files
|
|
|
|
|
run: ls -R
|
|
|
|
|
|
|
|
|
|
- name: Install Cosign
|
|
|
|
|
uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # v3.7.0
|
|
|
|
|
|
|
|
|
|
- name: Generate key pair
|
|
|
|
|
run: cosign generate-key-pair
|
|
|
|
|
|
|
|
|
|
- name: Sign and generate attestations
|
|
|
|
|
run: |
|
|
|
|
|
cosign sign-blob \
|
|
|
|
|
--key ./cosign.key \
|
|
|
|
|
--yes \
|
|
|
|
|
--output-signature ./libs/Stirling-PDF${{ matrix.file_suffix }}.jar.sig \
|
|
|
|
|
./libs/Stirling-PDF${{ matrix.file_suffix }}.jar
|
|
|
|
|
|
|
|
|
|
cosign attest-blob \
|
|
|
|
|
--predicate - \
|
|
|
|
|
--key ./cosign.key \
|
|
|
|
|
--yes \
|
|
|
|
|
--output-attestation ./libs/Stirling-PDF${{ matrix.file_suffix }}.jar.intoto.jsonl \
|
|
|
|
|
./libs/Stirling-PDF${{ matrix.file_suffix }}.jar
|
2024-04-21 17:30:17 +02:00
|
|
|
|
2025-01-09 21:56:20 +01:00
|
|
|
cosign verify-blob \
|
|
|
|
|
--key ./cosign.pub \
|
|
|
|
|
--signature ./libs/Stirling-PDF${{ matrix.file_suffix }}.jar.sig \
|
|
|
|
|
./libs/Stirling-PDF${{ matrix.file_suffix }}.jar
|
2024-04-21 17:30:17 +02:00
|
|
|
|
2025-01-09 21:56:20 +01:00
|
|
|
cosign sign-blob \
|
|
|
|
|
--key ./cosign.key \
|
|
|
|
|
--yes \
|
|
|
|
|
--output-signature ./launch4j/Stirling-PDF-Server${{ matrix.file_suffix }}.exe.sig \
|
|
|
|
|
./launch4j/Stirling-PDF-Server${{ matrix.file_suffix }}.exe
|
|
|
|
|
|
|
|
|
|
cosign attest-blob \
|
|
|
|
|
--predicate - \
|
|
|
|
|
--key ./cosign.key \
|
|
|
|
|
--yes \
|
|
|
|
|
--output-attestation ./launch4j/Stirling-PDF-Server${{ matrix.file_suffix }}.exe.intoto.jsonl \
|
|
|
|
|
./launch4j/Stirling-PDF-Server${{ matrix.file_suffix }}.exe
|
|
|
|
|
|
|
|
|
|
cosign verify-blob \
|
|
|
|
|
--key ./cosign.pub \
|
|
|
|
|
--signature ./launch4j/Stirling-PDF-Server${{ matrix.file_suffix }}.exe.sig \
|
|
|
|
|
./launch4j/Stirling-PDF-Server${{ matrix.file_suffix }}.exe
|
|
|
|
|
|
|
|
|
|
- name: Upload signed artifacts
|
2025-01-14 14:50:14 +01:00
|
|
|
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
|
2024-04-21 17:30:17 +02:00
|
|
|
with:
|
2025-01-09 21:56:20 +01:00
|
|
|
name: signed${{ matrix.file_suffix }}
|
|
|
|
|
path: |
|
|
|
|
|
./libs/Stirling-PDF${{ matrix.file_suffix }}.*
|
|
|
|
|
./launch4j/Stirling-PDF-Server${{ matrix.file_suffix }}.*
|
|
|
|
|
|
|
|
|
|
release:
|
|
|
|
|
needs: [build, sign_verify]
|
|
|
|
|
runs-on: ubuntu-latest
|
|
|
|
|
permissions:
|
|
|
|
|
contents: write
|
|
|
|
|
strategy:
|
|
|
|
|
matrix:
|
|
|
|
|
enable_security: [true, false]
|
|
|
|
|
include:
|
|
|
|
|
- enable_security: true
|
|
|
|
|
file_suffix: "-with-login"
|
|
|
|
|
- enable_security: false
|
|
|
|
|
file_suffix: ""
|
|
|
|
|
steps:
|
2025-01-10 12:25:40 +01:00
|
|
|
- name: Harden Runner
|
|
|
|
|
uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3
|
|
|
|
|
with:
|
|
|
|
|
egress-policy: audit
|
|
|
|
|
|
2025-01-09 21:56:20 +01:00
|
|
|
- name: Download signed artifacts
|
|
|
|
|
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
|
|
|
|
|
with:
|
|
|
|
|
name: signed${{ matrix.file_suffix }}
|
2024-04-21 17:30:17 +02:00
|
|
|
|
2025-01-09 21:56:20 +01:00
|
|
|
- name: Upload binaries, attestations and signatures to Release and create GitHub Release
|
2024-12-22 13:12:48 +01:00
|
|
|
uses: softprops/action-gh-release@01570a1f39cb168c169c802c3bceb9e93fb10974 # v2.1.0
|
2024-04-21 17:30:17 +02:00
|
|
|
with:
|
2025-01-09 21:56:20 +01:00
|
|
|
tag_name: v${{ needs.build.outputs.version }}
|
|
|
|
|
generate_release_notes: true
|
|
|
|
|
files: |
|
|
|
|
|
./libs/Stirling-PDF*
|
|
|
|
|
./launch4j/Stirling-PDF-Server*
|
