mirror of
https://github.com/Frooodle/Stirling-PDF.git
synced 2025-02-07 00:17:07 +01:00
b9bfcd59cd
Bumps [gradle/actions](https://github.com/gradle/actions) from 4.2.2 to 4.3.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/gradle/actions/releases">gradle/actions's releases</a>.</em></p> <blockquote> <h2>v4.3.0</h2> <p>This release brings some significant improvements to cache-cleanup and dependency-submission:</p> <ul> <li>Cleanup cache entries written by newly released Gradle versions (<a href="https://redirect.github.com/gradle/actions/issues/436">#436</a>)</li> <li>Use existing Gradle wrapper distribution for cache-cleanup where possible (<a href="https://redirect.github.com/gradle/actions/issues/515">#515</a>)</li> <li>Automatically save each dependency-graph that is submitted by <code>dependency-submission</code> (<a href="https://redirect.github.com/gradle/actions/issues/519">#519</a>)</li> <li>Fix deprecation warnings emitted by Gradle 8.12+ when: <ul> <li>Using <code>build-scan-publish: true</code> or Develocity injection (<a href="https://redirect.github.com/gradle/actions/issues/543">#543</a>)</li> <li>Using dependency-submission with an authenticated plugin repository with Gradle (<a href="https://redirect.github.com/gradle/actions/issues/541">#541</a>)</li> </ul> </li> <li>Fix warning when using toolchain support with Gradle 7.x (<a href="https://redirect.github.com/gradle/actions/issues/511">#511</a>)</li> </ul> <h2>What's Changed</h2> <ul> <li>Update known wrapper checksums by <a href="https://github.com/github-actions"><code>@github-actions</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/493">gradle/actions#493</a></li> <li>Fix typo in <code>cache-reporting.ts</code> by <a href="https://github.com/SimonMarquis"><code>@SimonMarquis</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/492">gradle/actions#492</a></li> <li>Bump Gradle Wrappers by <a href="https://github.com/github-actions"><code>@github-actions</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/499">gradle/actions#499</a></li> <li>Bump the github-actions group across 3 directories with 7 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/510">gradle/actions#510</a></li> <li>Bump the npm-dependencies group across 1 directory with 6 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/512">gradle/actions#512</a></li> <li>Clean-up missing imports for tests by <a href="https://github.com/bigdaz"><code>@bigdaz</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/513">gradle/actions#513</a></li> <li>Bump the npm-dependencies group in /sources with 3 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/521">gradle/actions#521</a></li> <li>Add npm build scans by <a href="https://github.com/bigdaz"><code>@bigdaz</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/517">gradle/actions#517</a></li> <li>Avoid env-var interpolation in toolchains.xml by <a href="https://github.com/bigdaz"><code>@bigdaz</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/518">gradle/actions#518</a></li> <li>Avoid saving build-results for cache cleanup by <a href="https://github.com/bigdaz"><code>@bigdaz</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/520">gradle/actions#520</a></li> <li>Save dependency graph as workflow artifact by <a href="https://github.com/bigdaz"><code>@bigdaz</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/522">gradle/actions#522</a></li> <li>Update to CCUDGP 2.1 by <a href="https://github.com/bigdaz"><code>@bigdaz</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/524">gradle/actions#524</a></li> <li>Bump references to Develocity Gradle plugin from 3.19 to 3.19.1 by <a href="https://github.com/bot-githubaction"><code>@bot-githubaction</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/527">gradle/actions#527</a></li> <li>Choose best Gradle version to use for cache cleanup by <a href="https://github.com/bigdaz"><code>@bigdaz</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/526">gradle/actions#526</a></li> <li>Uppercase cache-encryption-key by <a href="https://github.com/Goooler"><code>@Goooler</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/528">gradle/actions#528</a></li> <li>Attempt to use gradle wrapper for cache cleanup by <a href="https://github.com/bigdaz"><code>@bigdaz</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/525">gradle/actions#525</a></li> <li>Document GRADLE_ACTIONS_SKIP_BUILD_RESULT_CAPTURE by <a href="https://github.com/bigdaz"><code>@bigdaz</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/529">gradle/actions#529</a></li> <li>Update known wrapper checksums by <a href="https://github.com/github-actions"><code>@github-actions</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/509">gradle/actions#509</a></li> <li>Bump Gradle Wrappers by <a href="https://github.com/github-actions"><code>@github-actions</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/535">gradle/actions#535</a></li> <li>Bump the github-actions group across 2 directories with 2 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/538">gradle/actions#538</a></li> <li>Update undici to resolve vulnerability by <a href="https://github.com/bigdaz"><code>@bigdaz</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/536">gradle/actions#536</a></li> <li>Bump the npm-dependencies group across 1 directory with 2 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/539">gradle/actions#539</a></li> <li>Update docs for dependency review by <a href="https://github.com/bigdaz"><code>@bigdaz</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/540">gradle/actions#540</a></li> <li>Fix space assignment deprecations in init-scripts by <a href="https://github.com/bigdaz"><code>@bigdaz</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/542">gradle/actions#542</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/SimonMarquis"><code>@SimonMarquis</code></a> made their first contribution in <a href="https://redirect.github.com/gradle/actions/pull/492">gradle/actions#492</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/gradle/actions/compare/v4.2.2...v4.3.0">https://github.com/gradle/actions/compare/v4.2.2...v4.3.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="94baf225fe"><code>94baf22</code></a> Fix space assignment deprecations in init-scripts (<a href="https://redirect.github.com/gradle/actions/issues/542">#542</a>)</li> <li><a href="6f10c21ec5"><code>6f10c21</code></a> Make it easier to produce 'prerelease' versions</li> <li><a href="0b492c475f"><code>0b492c4</code></a> Fix deprecation warnings in develocity init-script</li> <li><a href="79bad900c0"><code>79bad90</code></a> Fix deprecation warnings in dependency-graph init-script</li> <li><a href="986922f6a6"><code>986922f</code></a> Update docs for dependency review (<a href="https://redirect.github.com/gradle/actions/issues/540">#540</a>)</li> <li><a href="65a3beb941"><code>65a3beb</code></a> [bot] Update dist directory</li> <li><a href="0e67f6d83b"><code>0e67f6d</code></a> Bump the npm-dependencies group across 1 directory with 2 updates</li> <li><a href="b6ac71fd86"><code>b6ac71f</code></a> [bot] Update dist directory</li> <li><a href="9053a599ae"><code>9053a59</code></a> Update undici to resolve vulnerability</li> <li><a href="7560c304a6"><code>7560c30</code></a> Bump the github-actions group across 2 directories with 2 updates</li> <li>Additional commits viewable in <a href="0bdd871935...94baf225fe">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Anthony Stirling <77850077+Frooodle@users.noreply.github.com>
289 lines
9.4 KiB
YAML
289 lines
9.4 KiB
YAML
name: Test Installers Build
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
release:
|
|
types: [created]
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
read_versions:
|
|
runs-on: ubuntu-latest
|
|
outputs:
|
|
version: ${{ steps.versionNumber.outputs.versionNumber }}
|
|
versionMac: ${{ steps.versionNumberMac.outputs.versionNumberMac }}
|
|
steps:
|
|
- name: Harden Runner
|
|
uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
|
|
with:
|
|
egress-policy: audit
|
|
|
|
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
|
|
|
# Get version number
|
|
- name: Get version number
|
|
id: versionNumber
|
|
run: |
|
|
VERSION=$(grep "^version =" build.gradle | awk -F'"' '{print $2}')
|
|
echo "versionNumber=$VERSION" >> $GITHUB_OUTPUT
|
|
|
|
- name: Get version number mac
|
|
id: versionNumberMac
|
|
run: |
|
|
VERSION=$(grep "^version =" build.gradle | awk -F'"' '{print $2}')
|
|
CURRENT_YEAR=$(date +'%Y')
|
|
IFS='.' read -r -a VERSION_PARTS <<< "$VERSION"
|
|
MAC_VERSION="$CURRENT_YEAR.${VERSION_PARTS[1]:-0}.${VERSION_PARTS[2]:-0}"
|
|
echo "versionNumberMac=$MAC_VERSION" >> $GITHUB_OUTPUT
|
|
|
|
build-portable:
|
|
needs: read_versions
|
|
runs-on: ubuntu-latest
|
|
strategy:
|
|
matrix:
|
|
enable_security: [true, false]
|
|
include:
|
|
- enable_security: true
|
|
file_suffix: "-with-login"
|
|
- enable_security: false
|
|
file_suffix: ""
|
|
steps:
|
|
- name: Harden Runner
|
|
uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
|
|
with:
|
|
egress-policy: audit
|
|
|
|
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
|
|
|
- name: Set up JDK 21
|
|
uses: actions/setup-java@3a4f6e1af504cf6a31855fa899c6aa5355ba6c12 # v4.7.0
|
|
with:
|
|
java-version: "21"
|
|
distribution: "temurin"
|
|
|
|
- uses: gradle/actions/setup-gradle@94baf225fe0a508e581a564467443d0e2379123b # v4.3.0
|
|
with:
|
|
gradle-version: 8.12
|
|
|
|
- name: Generate jar (With Security=${{ matrix.enable_security }})
|
|
run: ./gradlew clean createExe
|
|
env:
|
|
DOCKER_ENABLE_SECURITY: ${{ matrix.enable_security }}
|
|
STIRLING_PDF_DESKTOP_UI: false
|
|
|
|
- name: Rename binaries
|
|
run: |
|
|
mkdir ./binaries
|
|
mv ./build/launch4j/Stirling-PDF.exe ./binaries/win-Stirling-PDF-portable-Server${{ matrix.file_suffix }}.exe
|
|
mv ./build/libs/Stirling-PDF-${{ needs.read_versions.outputs.version }}.jar ./binaries/Stirling-PDF${{ matrix.file_suffix }}.jar
|
|
|
|
- name: Upload build artifacts
|
|
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
|
|
with:
|
|
retention-days: 1
|
|
if-no-files-found: error
|
|
name: stirling${{ matrix.file_suffix }}-binaries
|
|
path: |
|
|
./binaries/*
|
|
|
|
sign_verify-portable:
|
|
needs: [build-portable, read_versions]
|
|
runs-on: ubuntu-latest
|
|
strategy:
|
|
matrix:
|
|
enable_security: [true, false]
|
|
include:
|
|
- enable_security: true
|
|
file_suffix: "with-login-"
|
|
- enable_security: false
|
|
file_suffix: ""
|
|
steps:
|
|
- name: Harden Runner
|
|
uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
|
|
with:
|
|
egress-policy: audit
|
|
|
|
- name: Download build artifacts
|
|
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
|
|
with:
|
|
name: stirling-${{ matrix.file_suffix }}binaries
|
|
|
|
- name: Display structure of downloaded files
|
|
run: ls -R
|
|
|
|
- name: Upload signed artifacts
|
|
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
|
|
with:
|
|
retention-days: 1
|
|
if-no-files-found: error
|
|
name: stirling-${{ matrix.file_suffix }}signed
|
|
path: |
|
|
./*
|
|
!cosign.*
|
|
|
|
build-installers:
|
|
needs: read_versions
|
|
strategy:
|
|
matrix:
|
|
include:
|
|
- os: windows-latest
|
|
platform: win-
|
|
- os: macos-latest
|
|
platform: mac-
|
|
# - os: ubuntu-latest
|
|
# platform: linux-
|
|
runs-on: ${{ matrix.os }}
|
|
permissions:
|
|
contents: write
|
|
steps:
|
|
- name: Harden Runner
|
|
uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
|
|
with:
|
|
egress-policy: audit
|
|
|
|
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
|
|
|
- name: Set up JDK 21
|
|
uses: actions/setup-java@3a4f6e1af504cf6a31855fa899c6aa5355ba6c12 # v4.7.0
|
|
with:
|
|
java-version: "21"
|
|
distribution: "temurin"
|
|
|
|
- uses: gradle/actions/setup-gradle@94baf225fe0a508e581a564467443d0e2379123b # v4.3.0
|
|
with:
|
|
gradle-version: 8.12
|
|
|
|
# Install Windows dependencies
|
|
- name: Install WiX Toolset
|
|
if: matrix.os == 'windows-latest'
|
|
run: |
|
|
curl -L -o wix.exe https://github.com/wixtoolset/wix3/releases/download/wix3141rtm/wix314.exe
|
|
.\wix.exe /install /quiet
|
|
|
|
# Build installer
|
|
- name: Build Installer
|
|
run: ./gradlew build jpackage -x test --info
|
|
env:
|
|
DOCKER_ENABLE_SECURITY: false
|
|
STIRLING_PDF_DESKTOP_UI: true
|
|
BROWSER_OPEN: true
|
|
|
|
# Rename and collect artifacts based on OS
|
|
- name: Prepare artifacts
|
|
id: prepare
|
|
shell: bash
|
|
run: |
|
|
mkdir ./binaries
|
|
if [ "${{ matrix.os }}" = "windows-latest" ]; then
|
|
mv "./build/jpackage/Stirling-PDF-${{ needs.read_versions.outputs.version }}.exe" "./binaries/Stirling-PDF-win-installer.exe"
|
|
elif [ "${{ matrix.os }}" = "macos-latest" ]; then
|
|
mv "./build/jpackage/Stirling-PDF-${{ needs.read_versions.outputs.versionMac }}.dmg" "./binaries/Stirling-PDF-mac-installer.dmg"
|
|
else
|
|
mv "./build/jpackage/stirling-pdf_${{ needs.read_versions.outputs.version }}-1_amd64.deb" "./binaries/Stirling-PDF-linux-installer.deb"
|
|
fi
|
|
|
|
- name: Display structure of downloaded files
|
|
run: ls -R ./binaries
|
|
|
|
- name: Upload build artifacts
|
|
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
|
|
with:
|
|
retention-days: 1
|
|
if-no-files-found: error
|
|
name: ${{ matrix.platform }}binaries
|
|
path: |
|
|
./binaries/*
|
|
|
|
sign_verify:
|
|
needs: [read_versions, build-installers]
|
|
strategy:
|
|
matrix:
|
|
include:
|
|
- os: windows-latest
|
|
platform: win-
|
|
- os: macos-latest
|
|
platform: mac-
|
|
# - os: ubuntu-latest
|
|
# platform: linux-
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Harden Runner
|
|
uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
|
|
with:
|
|
egress-policy: audit
|
|
|
|
- name: Download build artifacts
|
|
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
|
|
with:
|
|
name: ${{ matrix.platform }}binaries
|
|
|
|
- name: Display structure of downloaded files
|
|
run: ls -R
|
|
|
|
- name: Install Cosign
|
|
if: matrix.os == 'windows-latest'
|
|
uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # v3.7.0
|
|
|
|
- name: Generate key pair
|
|
if: matrix.os == 'windows-latest'
|
|
run: cosign generate-key-pair
|
|
|
|
- name: Sign and generate attestations
|
|
if: matrix.os == 'windows-latest'
|
|
run: |
|
|
cosign sign-blob \
|
|
--key ./cosign.key \
|
|
--yes \
|
|
--output-signature ./Stirling-PDF-win-installer.exe.sig \
|
|
./Stirling-PDF-win-installer.exe
|
|
|
|
cosign attest-blob \
|
|
--predicate - \
|
|
--key ./cosign.key \
|
|
--yes \
|
|
--output-attestation ./Stirling-PDF-win-installer.exe.intoto.jsonl \
|
|
./Stirling-PDF-win-installer.exe
|
|
|
|
cosign verify-blob \
|
|
--key ./cosign.pub \
|
|
--signature ./Stirling-PDF-win-installer.exe.sig \
|
|
./Stirling-PDF-win-installer.exe
|
|
|
|
- name: Display structure of downloaded files
|
|
run: ls -R
|
|
|
|
- name: Upload signed artifacts
|
|
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
|
|
with:
|
|
retention-days: 1
|
|
if-no-files-found: error
|
|
name: ${{ matrix.platform }}signed
|
|
path: |
|
|
./Stirling-PDF-${{ matrix.platform }}installer.*
|
|
!cosign.*
|
|
|
|
create-release:
|
|
needs: [read_versions, sign_verify, sign_verify-portable]
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
contents: write
|
|
steps:
|
|
- name: Harden Runner
|
|
uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
|
|
with:
|
|
egress-policy: audit
|
|
|
|
- name: Download signed artifacts
|
|
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
|
|
- name: Display structure of downloaded files
|
|
run: ls -R
|
|
- name: Upload binaries, attestations and signatures to Release and create GitHub Release
|
|
uses: softprops/action-gh-release@01570a1f39cb168c169c802c3bceb9e93fb10974 # v2.1.0
|
|
with:
|
|
tag_name: v${{ needs.read_versions.outputs.version }}
|
|
generate_release_notes: true
|
|
files: |
|
|
./*signed/*
|