mirror of
https://github.com/Frooodle/Stirling-PDF.git
synced 2026-02-01 20:10:35 +01:00
8bb807471f
# Description of Changes This pull request updates the CI/CD workflows and Gradle configuration to improve build reproducibility, security, and external dependency management. The main changes include standardizing Gradle setup across workflows, securely injecting Maven credentials, and enabling Gradle build caching. There are also minor improvements to dependency version management and plugin repository configuration. **CI/CD Workflow Improvements:** - Standardized Gradle setup across all GitHub Actions workflows by explicitly adding a `Setup Gradle` step using `gradle/actions/setup-gradle@v5.0.0` and specifying Gradle version 8.14. This replaces previous usages and ensures consistency. [[1]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721R71-R81) [[2]](diffhunk://#diff-8d23782ae5caff72d55828bb25814854f5f2523f299d7dbcda4a3537dd84c5c3L157-R176) [[3]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721R134-R144) [[4]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721R206-R216) [[5]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721R260-R264) [[6]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721R331-R341) [[7]](diffhunk://#diff-3c0f521958c53ad27c967692b4d5480ead136acb33622ee97d39df814b1b202eR339-R351) [[8]](diffhunk://#diff-895b214ee023c8c26048a2a3b946cfb1ebc4f26fbc8a9c2fa54b77c12e763b6bL53-R54) [[9]](diffhunk://#diff-895b214ee023c8c26048a2a3b946cfb1ebc4f26fbc8a9c2fa54b77c12e763b6bL121-R127) [[10]](diffhunk://#diff-895b214ee023c8c26048a2a3b946cfb1ebc4f26fbc8a9c2fa54b77c12e763b6bR206-R217) [[11]](diffhunk://#diff-6a2e9fb077e57351f4a7e10d03b114e256298babdf06e7e7ae666781a5cf36a1R60-R70) [[12]](diffhunk://#diff-62dcbe64a950b4efb54d691e1e87451a8cd535400aa9ea1e40893de5b57cd73bL45-R46) [[13]](diffhunk://#diff-76056236de05155107f6a660f1e3956059e37338011b8f0e72188afcb9b17b6fL46-R56) [[14]](diffhunk://#diff-fd60dc2adec58c1005c4e4164e9c24362fd6082fd3ab0403e54d276d9835fa6eL42-R65) [[15]](diffhunk://#diff-b34ab107dd4bc92075b2e89b6f16e4a2813e267ca7c2afebdb1931a0a3900d5aR102-R114) [[16]](diffhunk://#diff-98b618771a57e1758961359ecacbac2cff7cfef29aa021c3bc294ae926c4ce5bL47-R51) - Enabled Gradle build cache (`--build-cache`) for all build-related commands in workflows, improving build performance and consistency. Also removed unnecessary `clean` commands before builds to further optimize workflow times. [[1]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721R71-R81) [[2]](diffhunk://#diff-8d23782ae5caff72d55828bb25814854f5f2523f299d7dbcda4a3537dd84c5c3L157-R176) [[3]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721R134-R144) [[4]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721R206-R216) [[5]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721R331-R341) [[6]](diffhunk://#diff-3c0f521958c53ad27c967692b4d5480ead136acb33622ee97d39df814b1b202eR339-R351) [[7]](diffhunk://#diff-895b214ee023c8c26048a2a3b946cfb1ebc4f26fbc8a9c2fa54b77c12e763b6bL134-R144) [[8]](diffhunk://#diff-895b214ee023c8c26048a2a3b946cfb1ebc4f26fbc8a9c2fa54b77c12e763b6bR206-R217) [[9]](diffhunk://#diff-6a2e9fb077e57351f4a7e10d03b114e256298babdf06e7e7ae666781a5cf36a1R60-R70) [[10]](diffhunk://#diff-76056236de05155107f6a660f1e3956059e37338011b8f0e72188afcb9b17b6fL46-R56) [[11]](diffhunk://#diff-fd60dc2adec58c1005c4e4164e9c24362fd6082fd3ab0403e54d276d9835fa6eL42-R65) [[12]](diffhunk://#diff-b34ab107dd4bc92075b2e89b6f16e4a2813e267ca7c2afebdb1931a0a3900d5aR102-R114) [[13]](diffhunk://#diff-98b618771a57e1758961359ecacbac2cff7cfef29aa021c3bc294ae926c4ce5bL47-R51) **Security and Dependency Management:** - Injected Maven credentials (`MAVEN_USER`, `MAVEN_PASSWORD`, `MAVEN_PUBLIC_URL`) as environment variables in all relevant workflow steps, supporting secure access to private or custom Maven repositories. [[1]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721R71-R81) [[2]](diffhunk://#diff-8d23782ae5caff72d55828bb25814854f5f2523f299d7dbcda4a3537dd84c5c3L157-R176) [[3]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721R134-R144) [[4]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721R206-R216) [[5]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721R290-R293) [[6]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721R331-R341) [[7]](diffhunk://#diff-3c0f521958c53ad27c967692b4d5480ead136acb33622ee97d39df814b1b202eR339-R351) [[8]](diffhunk://#diff-895b214ee023c8c26048a2a3b946cfb1ebc4f26fbc8a9c2fa54b77c12e763b6bR66-R69) [[9]](diffhunk://#diff-895b214ee023c8c26048a2a3b946cfb1ebc4f26fbc8a9c2fa54b77c12e763b6bL134-R144) [[10]](diffhunk://#diff-895b214ee023c8c26048a2a3b946cfb1ebc4f26fbc8a9c2fa54b77c12e763b6bR281-R283) [[11]](diffhunk://#diff-62dcbe64a950b4efb54d691e1e87451a8cd535400aa9ea1e40893de5b57cd73bR57-R60) [[12]](diffhunk://#diff-76056236de05155107f6a660f1e3956059e37338011b8f0e72188afcb9b17b6fR73-R76) [[13]](diffhunk://#diff-fd60dc2adec58c1005c4e4164e9c24362fd6082fd3ab0403e54d276d9835fa6eL42-R65) [[14]](diffhunk://#diff-b34ab107dd4bc92075b2e89b6f16e4a2813e267ca7c2afebdb1931a0a3900d5aR178-R180) [[15]](diffhunk://#diff-98b618771a57e1758961359ecacbac2cff7cfef29aa021c3bc294ae926c4ce5bL47-R51) - Added a `pluginManagement` block in `settings.gradle` to allow Gradle plugins to be resolved from a custom Maven repository if specified by environment variables, increasing flexibility for plugin sourcing. **Build and Dependency Versioning:** - Updated `app/proprietary/build.gradle` to use the `bouncycastleVersion` variable for the Bouncy Castle dependency version, improving maintainability and consistency of dependency versioning. **Workflow Trigger Improvements:** - Expanded the file path triggers in `.github/workflows/sync_files_v2.yml` to include additional Gradle build files, ensuring the workflow runs when any core build files are changed. --- ## Checklist ### General - [ ] I have read the [Contribution Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md) - [ ] I have read the [Stirling-PDF Developer Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md) (if applicable) - [ ] I have read the [How to add new languages to Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md) (if applicable) - [ ] I have performed a self-review of my own code - [ ] My changes generate no new warnings ### Documentation - [ ] I have updated relevant docs on [Stirling-PDF's doc repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/) (if functionality has heavily changed) - [ ] I have read the section [Add New Translation Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md#add-new-translation-tags) (for new translation tags only) ### Translations (if applicable) - [ ] I ran [`scripts/counter_translation.py`](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/docs/counter_translation.md) ### UI Changes (if applicable) - [ ] Screenshots or videos demonstrating the UI changes are attached (e.g., as comments or direct attachments in the PR) ### Testing (if applicable) - [ ] I have tested my changes locally. Refer to the [Testing Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md#6-testing) for more details.
123 lines
4.8 KiB
YAML
123 lines
4.8 KiB
YAML
name: Sync Files (TOML)
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
push:
|
|
branches:
|
|
- main
|
|
paths:
|
|
- "build.gradle"
|
|
- "app/common/build.gradle"
|
|
- "app/core/build.gradle"
|
|
- "app/proprietary/build.gradle"
|
|
- "README.md"
|
|
- "frontend/public/locales/*/translation.toml"
|
|
- "app/core/src/main/resources/static/3rdPartyLicenses.json"
|
|
- "scripts/ignore_translation.toml"
|
|
|
|
# cancel in-progress jobs if a new job is triggered
|
|
# This is useful to avoid running multiple builds for the same branch if a new commit is pushed
|
|
# or a pull request is updated.
|
|
# It helps to save resources and time by ensuring that only the latest commit is built and tested
|
|
# This is particularly useful for long-running jobs that may take a while to complete.
|
|
# The `group` is set to a combination of the workflow name, event name, and branch name.
|
|
# This ensures that jobs are grouped by the workflow and branch, allowing for cancellation of
|
|
# in-progress jobs when a new commit is pushed to the same branch or a new pull request is opened.
|
|
concurrency:
|
|
group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.ref_name || github.ref }}
|
|
cancel-in-progress: true
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
sync-files:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Harden Runner
|
|
uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
|
|
with:
|
|
egress-policy: audit
|
|
|
|
- uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
|
|
|
|
- name: Setup GitHub App Bot
|
|
id: setup-bot
|
|
uses: ./.github/actions/setup-bot
|
|
with:
|
|
app-id: ${{ secrets.GH_APP_ID }}
|
|
private-key: ${{ secrets.GH_APP_PRIVATE_KEY }}
|
|
|
|
- name: Set up Python
|
|
uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
|
|
with:
|
|
python-version: "3.12"
|
|
cache: "pip" # caching pip dependencies
|
|
|
|
- name: Install Python dependencies
|
|
run: pip install --require-hashes -r ./.github/scripts/requirements_sync_readme.txt
|
|
|
|
- name: Sync translation TOML files
|
|
run: |
|
|
python .github/scripts/check_language_toml.py --reference-file "frontend/public/locales/en-GB/translation.toml" --branch main
|
|
|
|
- name: Commit translation files
|
|
run: |
|
|
git add frontend/public/locales/*/translation.toml
|
|
git diff --staged --quiet || git commit -m ":memo: Sync translation files (TOML)" || echo "No changes detected"
|
|
|
|
- name: Sync README.md
|
|
run: |
|
|
python scripts/counter_translation_v3.py
|
|
|
|
- name: Run git add
|
|
run: |
|
|
git add README.md scripts/ignore_translation.toml
|
|
git diff --staged --quiet || git commit -m ":memo: Sync README.md & scripts/ignore_translation.toml" || echo "No changes detected"
|
|
|
|
- name: Create Pull Request
|
|
if: always()
|
|
uses: peter-evans/create-pull-request@98357b18bf14b5342f975ff684046ec3b2a07725 # v8.0.0
|
|
with:
|
|
token: ${{ steps.setup-bot.outputs.token }}
|
|
commit-message: Update files
|
|
committer: ${{ steps.setup-bot.outputs.committer }}
|
|
author: ${{ steps.setup-bot.outputs.committer }}
|
|
signoff: true
|
|
branch: sync_readme_v3
|
|
base: main
|
|
title: ":globe_with_meridians: Sync Translations + Update README Progress Table"
|
|
body: |
|
|
### Description of Changes
|
|
|
|
This Pull Request was automatically generated to synchronize updates to translation files and documentation. Below are the details of the changes made:
|
|
|
|
#### **1. Synchronization of Translation Files**
|
|
- Updated translation files (`frontend/public/locales/*/translation.toml`) to reflect changes in the reference file `en-GB/translation.toml`.
|
|
- Ensured consistency and synchronization across all supported language files.
|
|
- Highlighted any missing or incomplete translations.
|
|
- **Format**: TOML
|
|
|
|
#### **2. Update README.md**
|
|
- Generated the translation progress table in `README.md` using `counter_translation_v3.py`.
|
|
- Added a summary of the current translation status for all supported languages.
|
|
- Included up-to-date statistics on translation coverage.
|
|
|
|
#### **Why these changes are necessary**
|
|
- Keeps translation files aligned with the latest reference updates.
|
|
- Ensures the documentation reflects the current translation progress.
|
|
|
|
---
|
|
|
|
Auto-generated by [create-pull-request][1].
|
|
|
|
[1]: https://github.com/peter-evans/create-pull-request
|
|
draft: false
|
|
delete-branch: true
|
|
labels: github-actions
|
|
sign-commits: true
|
|
add-paths: |
|
|
README.md
|
|
frontend/public/locales/*/translation.toml
|
|
scripts/ignore_translation.toml
|