Develop #119
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Main / Docker Native (GraalVM) | |
| on: | |
| push: | |
| branches: ["main"] | |
| tags: ["*.*.*"] | |
| pull_request: | |
| branches: ["main"] | |
| workflow_dispatch: | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| env: | |
| REGISTRY: ghcr.io | |
| IMAGE_NAME: ${{ github.repository }} | |
| GRAALVM_VERSION: "25" | |
| NODE_VERSION: "v24.12.0" | |
| PNPM_VERSION: "10.28.2" | |
| MAVEN_VERSION: "3.9.11" | |
| jobs: | |
| test: | |
| name: Run Tests | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Set up JDK 25 | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: "25" | |
| distribution: "temurin" | |
| cache: maven | |
| - name: Setup pnpm | |
| uses: pnpm/action-setup@v4 | |
| with: | |
| version: ${{ env.PNPM_VERSION }} | |
| - name: Set up Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: ${{ env.NODE_VERSION }} | |
| cache: "pnpm" | |
| cache-dependency-path: src/main/web/pnpm-lock.yaml | |
| - name: Install dependencies (pnpm) | |
| working-directory: src/main/web | |
| run: pnpm install --frozen-lockfile --prefer-offline | |
| - name: Run backend tests | |
| run: mvn test | |
| - name: Run frontend tests | |
| working-directory: src/main/web | |
| run: pnpm test -- --run | |
| build-native: | |
| name: Build Native Image | |
| needs: test | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: write | |
| id-token: write | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Set up GraalVM | |
| uses: graalvm/setup-graalvm@v1 | |
| with: | |
| java-version: ${{ env.GRAALVM_VERSION }} | |
| distribution: "graalvm-community" | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| native-image-job-reports: "true" | |
| - name: Set up Maven | |
| uses: stCarolas/setup-maven@v5 | |
| with: | |
| maven-version: ${{ env.MAVEN_VERSION }} | |
| - name: Cache Maven packages | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.m2/repository | |
| key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} | |
| restore-keys: | | |
| ${{ runner.os }}-maven- | |
| - name: Build Native Executable | |
| run: | | |
| mvn -B clean package -Pnative \ | |
| -DskipTests \ | |
| -Dquarkus.native.container-build=false \ | |
| -Dquarkus.native.native-image-xmx=6g \ | |
| -Dquarkus.native.additional-build-args="--verbose" | |
| env: | |
| MAVEN_OPTS: "-Xmx8g" | |
| - name: Verify Native Executable | |
| run: | | |
| ls -lh target/*-runner | |
| file target/*-runner | |
| - name: Install cosign | |
| if: github.event_name != 'pull_request' | |
| uses: sigstore/cosign-installer@v4.0.0 | |
| with: | |
| cosign-release: "v3.0.3" | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Log into registry ${{ env.REGISTRY }} | |
| if: github.event_name != 'pull_request' | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Extract Docker metadata | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
| tags: | | |
| # If this is a tag (release), build latest and X.Y.Z | |
| type=raw,value=latest,enable=${{ startsWith(github.ref, 'refs/tags/') }} | |
| type=ref,event=tag | |
| # Otherwise, build main | |
| type=raw,value=main,enable=${{ github.ref == 'refs/heads/main' }} | |
| - name: Build and push Docker image | |
| id: build-and-push | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| file: ./Dockerfile.native | |
| push: ${{ github.event_name != 'pull_request' }} | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| platforms: linux/amd64 | |
| - name: Sign the published Docker image | |
| if: ${{ github.event_name != 'pull_request' }} | |
| env: | |
| TAGS: ${{ steps.meta.outputs.tags }} | |
| DIGEST: ${{ steps.build-and-push.outputs.digest }} | |
| run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST} | |
| - name: Upload Native Executable as Artifact | |
| if: github.event_name != 'pull_request' | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: native-executable | |
| path: target/*-runner | |
| retention-days: 7 |