Skip to content
Build and verify

Migrate renovate config #4813

Sign in to view logs

Migrate renovate config

Migrate renovate config #4813

Workflow file for this run

.github/workflows/build.yml at 79a0940
# XXX: Once we've merged the remaining work on the `website` branch into
# `master`, merge the `deploy-website.yml` workflow into this file and deploy
# the website only if all builds pass. When doing this, also review which other
# workflow files can be combined. Also use that opportunity to revisit file
# names and workflow names.
# XXX: Let website deployment also depend on successful SNAPSHOT deployment.
# Then update the website to describe how users can use SNAPSHOTs.
name: Build and verify
on:
pull_request:
push:
branches: [ master ]
permissions:
contents: read
env:
MAVEN_ARGS: --batch-mode -Dstyle.color=always -T1C
jobs:
build:
strategy:
matrix:
os: [ ubuntu-24.04, macos-15, windows-2025 ]
build-jdk: [ 25 ]
target-jdk: [ 21.0.8 ]
runs-on: ${{ matrix.os }}
steps:
- name: Install Harden-Runner
uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
with:
disable-sudo-and-containers: true
egress-policy: block
allowed-endpoints: >
api.adoptium.net:443
github.com:443
github-registry-files.githubusercontent.com:443
hosted-compute-watchdog-prod-*.githubapp.com:443
maven.pkg.github.com:443
objects.githubusercontent.com:443
release-assets.githubusercontent.com:443
repo.maven.apache.org:443
# We run the build twice for each supported JDK: once against the
# original Error Prone release, using only Error Prone checks available
# on Maven Central, and once against the Picnic Error Prone fork,
# additionally enabling all checks defined in this project and any Error
# Prone checks available only from other artifact repositories.
- name: Check out code and set up JDK and Maven
uses: s4u/setup-maven-action@6c4e9964d4ecb8f1026310cd8618791fd51a8016 # v1.19.0
with:
java-version: |
${{ matrix.target-jdk }}
${{ matrix.build-jdk }}
java-distribution: temurin
maven-version: 3.9.11
- name: Build project against vanilla Error Prone, compile Javadoc
run: mvn install javadoc:jar
# Note that the `-D` argument is quoted for compatibility with the
# Windows build.
- name: Build project with self-check against Error Prone fork, test using the targeted JDK
run: mvn clean verify -s settings.xml -Perror-prone-fork -Pself-check '-Dsurefire.jdk-toolchain-version=${{ matrix.target-jdk }}'
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Remove installed project artifacts
run: mvn dependency:purge-local-repository -DmanualInclude='${project.groupId}' -DresolutionFuzziness=groupId
deploy:
if: github.ref == 'refs/heads/master'
needs: build
runs-on: ubuntu-24.04
environment: maven-deploy
steps:
- name: Install Harden-Runner
uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
with:
disable-sudo-and-containers: true
egress-policy: block
allowed-endpoints: >
api.adoptium.net:443
central.sonatype.com:443
github.com:443
release-assets.githubusercontent.com:443
repo.maven.apache.org:443
- name: Check out code and set up JDK and Maven
uses: s4u/setup-maven-action@6c4e9964d4ecb8f1026310cd8618791fd51a8016 # v1.19.0
with:
java-version: 25
java-distribution: temurin
maven-version: 3.9.11
- name: Build and deploy
run: mvn deploy -s settings.xml -DskipTests -Dverification.skip
env:
MAVEN_CENTRAL_USER: ${{ secrets.MAVEN_CENTRAL_USER }}
MAVEN_CENTRAL_PASS: ${{ secrets.MAVEN_CENTRAL_PASS }}
MAVEN_GPG_KEY: ${{ secrets.RELEASES_GPG_PRIVATE_KEY }}
MAVEN_GPG_PASSPHRASE: ${{ secrets.RELEASES_GPG_PASSPHRASE }}