name: maven-build description: Action for building and validating Maven projects inputs: java-version: required: false default: '25' description: 'Java version to set up for the build' maven-version: required: false default: '3.9.15' description: 'Maven version to set up for the build' distribution: required: false default: 'temurin' description: 'JDK distribution to use' phase: required: false default: 'verify' description: 'Build phase to execute: "verify" runs code-quality checks; "deploy" builds and pushes a Docker image' verify-goals: required: false default: 'spotless:check checkstyle:check test' description: 'Space-separated Maven goals to run during the verify phase' maven-profile: required: false default: 'test' description: 'Maven profile to activate during deploy' service-dir: required: false default: '.' description: 'Working directory for the Maven build' maven-settings: required: true description: 'Secret containing the settings.xml content used for repository authentication' extra-args: required: false default: '' description: 'Additional Maven arguments appended to the build command' outputs: image-tag: description: 'The Docker image tag used during the deploy phase' value: ${{ steps.deploy.outputs.image-tag }} runs: using: composite steps: - name: Validate phase shell: bash env: BUILD_PHASE: ${{ inputs.phase }} run: | case "$BUILD_PHASE" in verify|deploy) ;; *) echo "Invalid phase '$BUILD_PHASE'. Must be 'verify' or 'deploy'." && exit 1 ;; esac # Pinned to commit SHA instead of a tag to prevent supply chain attacks. # actions/setup-java v4.8.0 — https://github.com/actions/setup-java/tree/v4.8.0 - name: Setup Java uses: actions/setup-java@c1e323688fd81a25caa38c78aa6df2d33d3e20d9 with: java-version: ${{ inputs.java-version }} distribution: ${{ inputs.distribution }} - name: Setup Maven shell: bash env: MAVEN_VERSION: ${{ inputs.maven-version }} run: | curl -fsSL "https://archive.apache.org/dist/maven/maven-3/${MAVEN_VERSION}/binaries/apache-maven-${MAVEN_VERSION}-bin.tar.gz" \ | tar -xzf - -C /opt echo "/opt/apache-maven-${MAVEN_VERSION}/bin" >> "$GITHUB_PATH" echo "Maven ${MAVEN_VERSION} installed successfully" - name: Cache Maven local repository uses: https://schmalz-git.git.onstackit.cloud/schmalz/shared-actions/cache@cache-v1 with: path: ~/.m2/repository key: ${{ runner.os }}-maven-${{ inputs.java-version }}-${{ hashFiles(format('{0}/**/pom.xml', inputs.service-dir)) }} restore-keys: ${{ runner.os }}-maven-${{ inputs.java-version }}- - name: Write Maven settings shell: bash env: MAVEN_SETTINGS: ${{ inputs.maven-settings }} run: printf '%s\n' "$MAVEN_SETTINGS" > /tmp/maven-settings.xml - name: Verify if: ${{ inputs.phase == 'verify' }} shell: bash working-directory: ${{ inputs.service-dir }} env: VERIFY_GOALS: ${{ inputs.verify-goals }} EXTRA_ARGS: ${{ inputs.extra-args }} MAVEN_PROFILE: ${{ inputs.maven-profile }} run: | mvn --batch-mode $VERIFY_GOALS \ -s /tmp/maven-settings.xml \ -P "$MAVEN_PROFILE" \ $EXTRA_ARGS - name: Deploy id: deploy if: ${{ inputs.phase == 'deploy' }} shell: bash working-directory: ${{ inputs.service-dir }} env: MAVEN_PROFILE: ${{ inputs.maven-profile }} EXTRA_ARGS: ${{ inputs.extra-args }} run: | IMAGE_TAG="${FORGEJO_SHA}-$(date +%s)" mvn --batch-mode clean package jib:build \ -DsendCredentialsOverHttp=true \ "-Djib.to.tags=$IMAGE_TAG" \ -P "$MAVEN_PROFILE" \ -s /tmp/maven-settings.xml \ $EXTRA_ARGS echo "image-tag=$IMAGE_TAG" >> "$GITHUB_OUTPUT" - name: Remove Maven settings if: always() shell: bash run: rm -f /tmp/maven-settings.xml