diff --git a/.github/workflows/deployment-jdk-ea.yml b/.github/workflows/deployment-jdk-ea.yml new file mode 100644 index 00000000000..b79e7b01b19 --- /dev/null +++ b/.github/workflows/deployment-jdk-ea.yml @@ -0,0 +1,219 @@ +# This workflow is a clone of "deployment.yml" +# The difference is that this workflow uses JDK early access builds (jdk-ea) to check the build of JabRef +# We separated this from the main workflow as we do not want to check on each PR if the JDK build, but only on main +name: Deployment (JDK early access builds) + +on: + schedule: + - cron: "0 5 * * 2" + pull_request: + paths: + - .github/workflows/deployment-jdk-ea.yml + workflow_dispatch: + inputs: + notarization: + type: boolean + required: false + default: false + +env: + SpringerNatureAPIKey: ${{ secrets.SpringerNatureAPIKey }} + AstrophysicsDataSystemAPIKey: ${{ secrets.AstrophysicsDataSystemAPIKey }} + IEEEAPIKey: ${{ secrets.IEEEAPIKey }} + BiodiversityHeritageApiKey: ${{ secrets.BiodiversityHeritageApiKey}} + OSXCERT: ${{ secrets.OSX_SIGNING_CERT }} + GRADLE_OPTS: -Xmx4g -Dorg.gradle.vfs.watch=false + JAVA_OPTS: -Xmx4g + +concurrency: + group: "${{ github.workflow }}-${{ github.head_ref || github.ref }}" + cancel-in-progress: true + +jobs: + build: + strategy: + fail-fast: false + matrix: + os: [ubuntu-latest, windows-latest, macos-latest] + jdk: [22, 23] + include: + - os: ubuntu-latest + displayName: linux + archivePortable: tar -c -C build/distribution JabRef | pigz --rsyncable > build/distribution/JabRef-portable_linux.tar.gz && rm -R build/distribution/JabRef + - os: windows-latest + displayName: windows + archivePortable: 7z a -r build/distribution/JabRef-portable_windows.zip ./build/distribution/JabRef && rm -R build/distribution/JabRef + - os: macos-latest + displayName: macOS + archivePortable: brew install pigz && tar -c -C build/distribution JabRef.app | pigz --rsyncable > build/distribution/JabRef-portable_macos.tar.gz && rm -R build/distribution/JabRef.app + runs-on: ${{ matrix.os }} + outputs: + major: ${{ steps.gitversion.outputs.Major }} + minor: ${{ steps.gitversion.outputs.Minor }} + branchname: ${{ steps.gitversion.outputs.branchName }} + name: "JDK ${{ matrix.jdk }}: ${{ matrix.displayName }} installer and portable version" + steps: + - name: Check secrets presence + id: checksecrets + shell: bash + run: | + if [ "$BUILDJABREFPRIVATEKEY" == "" ]; then + echo "secretspresent=NO" >> $GITHUB_OUTPUT + else + echo "secretspresent=YES" >> $GITHUB_OUTPUT + fi + env: + BUILDJABREFPRIVATEKEY: ${{ secrets.buildJabRefPrivateKey }} + - name: Fetch all history for all tags and branches + uses: actions/checkout@v4 + with: + fetch-depth: 0 + submodules: 'true' + show-progress: 'false' + - name: Install pigz and cache (linux) + if: (matrix.os == 'ubuntu-latest') + uses: awalsh128/cache-apt-pkgs-action@latest + with: + packages: pigz + version: 1.0 + - name: Install GitVersion + uses: gittools/actions/gitversion/setup@v0.11.0 + with: + versionSpec: "5.x" + - name: Run GitVersion + id: gitversion + uses: gittools/actions/gitversion/execute@v0.11.0 + - name: 'Set up JDK ${{ matrix.jdk }}' + uses: oracle-actions/setup-java@v1 + with: + website: jdk.java.net + release: ${{ matrix.jdk }} + version: latest + - name: 'Set JDK${{ matrix.jdk }} env var' + shell: bash + run: echo "JDK${{ matrix.jdk }}=$JAVA_HOME" >> $GITHUB_ENV + - name: 'Set JDK${{ matrix.jdk }} in toolchain (linux, Windows)' + if: (matrix.os != 'macos-latest') + shell: bash + run: sed -i 's/JavaLanguageVersion.of(.*)/JavaLanguageVersion.of(${{ matrix.jdk }})/' build.gradle + - name: 'Set JDK${{ matrix.jdk }} in toolchain (macOS)' + if: (matrix.os == 'macos-latest') + shell: bash + run: sed -i'.bak' 's/JavaLanguageVersion.of(.*)/JavaLanguageVersion.of(${{ matrix.jdk }})/' build.gradle + - name: Setup JDK + uses: actions/setup-java@v4 + with: + java-version: 21.0.2 + distribution: 'liberica' + - name: Setup Gradle + uses: gradle/actions/setup-gradle@v3 + - name: Prepare merged jars and modules dir (macOS) + # prepareModulesDir is executing a build, which should run through even if no upload to builds.jabref.org is made + if: (steps.checksecrets.outputs.secretspresent == 'NO') + run: ./gradlew -i -PprojVersion="${{ steps.gitversion.outputs.AssemblySemVer }}" -PprojVersionInfo="${{ steps.gitversion.outputs.InformationalVersion }}" prepareModulesDir + - name: Setup macOS key chain + if: (matrix.os == 'macos-latest') && (steps.checksecrets.outputs.secretspresent == 'YES') + uses: apple-actions/import-codesign-certs@v2 + with: + p12-file-base64: ${{ secrets.OSX_SIGNING_CERT }} + p12-password: ${{ secrets.OSX_CERT_PWD }} + keychain-password: jabref + - name: Setup macOS key chain for app id cert + if: (matrix.os == 'macos-latest') && (steps.checksecrets.outputs.secretspresent == 'YES') + uses: apple-actions/import-codesign-certs@v2 + with: + p12-file-base64: ${{ secrets.OSX_SIGNING_CERT_APPLICATION }} + p12-password: ${{ secrets.OSX_CERT_PWD }} + create-keychain: false + keychain-password: jabref + - name: Build runtime image and installer + if: (steps.checksecrets.outputs.secretspresent == 'YES') + shell: bash + run: ./gradlew -i -PprojVersion="${{ steps.gitversion.outputs.AssemblySemVer }}" -PprojVersionInfo="${{ steps.gitversion.outputs.InformationalVersion }}" jpackage jlinkZip + - name: Package application image + if: (steps.checksecrets.outputs.secretspresent == 'YES') + shell: bash + run: ${{ matrix.archivePortable }} + - name: Rename files + if: (matrix.os != 'macos-latest') && (steps.checksecrets.outputs.secretspresent == 'YES') + shell: pwsh + run: | + get-childitem -Path build/distribution/* | rename-item -NewName {$_.name -replace "${{ steps.gitversion.outputs.AssemblySemVer }}","${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}"} + get-childitem -Path build/distribution/* | rename-item -NewName {$_.name -replace "portable","${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}-portable"} + - name: Repack deb file for Debian + if: (matrix.os == 'ubuntu-latest') && (steps.checksecrets.outputs.secretspresent == 'YES') + shell: bash + run: | + cd build/distribution + ar x jabref_${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}_amd64.deb + zstd -d < control.tar.zst | xz > control.tar.xz + zstd -d < data.tar.zst | xz > data.tar.xz + ar -m -c -a sdsd jabref_${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}_amd64_repackaged.deb debian-binary control.tar.xz data.tar.xz + rm debian-binary control.tar.* data.tar.* + mv -f jabref_${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}_amd64_repackaged.deb jabref_${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }}_amd64.deb + - name: Rename files with JDK version + shell: bash + run: | + for file in build/distribution/*.*; do + base=${file%.*} + ext=${file##*.} + mv "$file" "${base}-jdk${{ matrix.jdk }}.${ext}" + done + - name: Setup rsync (macOS) + if: (matrix.os == 'macos-latest') && (steps.checksecrets.outputs.secretspresent == 'YES') && (!startsWith(github.ref, 'refs/heads/gh-readonly-queue')) + run: brew install rsync + - name: Setup rsync (Windows) + if: (matrix.os == 'windows-latest') && (steps.checksecrets.outputs.secretspresent == 'YES') && (!startsWith(github.ref, 'refs/heads/gh-readonly-queue')) + # We want to have rsync available at this place to avoid uploading and downloading from GitHub artifact store (taking > 5 minutes in total) + # We cannot use "action-rsyncer", because that requires Docker which is unavailable on Windows + # We cannot use "setup-rsync", because that does not work on Windows + # We do not use egor-tensin/setup-cygwin@v4, because it replaces the default shell + run: choco install --no-progress rsync + - name: Setup SSH key + if: ${{ (steps.checksecrets.outputs.secretspresent == 'YES') && (!startsWith(github.ref, 'refs/heads/gh-readonly-queue')) && ((matrix.os != 'macos-latest') || !((startsWith(github.ref, 'refs/tags/') || (inputs.notarization == true)))) }} + run: | + echo "${{ secrets.buildJabRefPrivateKey }}" > sshkey + chmod 600 sshkey + - name: Upload to builds.jabref.org (Windows) + if: (matrix.os == 'windows-latest') && (steps.checksecrets.outputs.secretspresent == 'YES') && (!startsWith(github.ref, 'refs/heads/gh-readonly-queue')) + shell: cmd + # for rsync installed by chocolatey, we need the ssh.exe delivered with that installation + run: | + rsync -rt --chmod=Du=rwx,Dg=rx,Do=rx,Fu=rw,Fg=r,Fo=r --itemize-changes --stats --rsync-path="mkdir -p /var/www/builds.jabref.org/www/jdk-ea && rsync" -e 'C:\ProgramData\chocolatey\lib\rsync\tools\bin\ssh.exe -p 9922 -i sshkey -o StrictHostKeyChecking=no' build/distribution/ jrrsync@build-upload.jabref.org:/var/www/builds.jabref.org/www/jdk-ea/ + - name: Upload to builds.jabref.org (linux, macOS) + if: (matrix.os != 'windows-latest') && (steps.checksecrets.outputs.secretspresent == 'YES') && (!startsWith(github.ref, 'refs/heads/gh-readonly-queue')) + shell: bash + run: | + rsync -rt --chmod=Du=rwx,Dg=rx,Do=rx,Fu=rw,Fg=r,Fo=r --itemize-changes --stats --rsync-path="mkdir -p /var/www/builds.jabref.org/www/jdk-ea && rsync" -e 'ssh -p 9922 -i sshkey -o StrictHostKeyChecking=no' build/distribution/ jrrsync@build-upload.jabref.org:/var/www/builds.jabref.org/www/jdk-ea/ + - name: Upload to GitHub workflow artifacts store + if: (steps.checksecrets.outputs.secretspresent != 'YES') + uses: actions/upload-artifact@v4 + with: + name: JabRef-${{ matrix.os }} + path: build/distribution + compression-level: 0 # no compression + announce: + name: Comment on pull request + runs-on: ubuntu-latest + needs: [build] + if: ${{ github.event_name == 'pull_request' }} + steps: + - name: Check secrets presence + id: checksecrets + shell: bash + run: | + if [ "$BUILDJABREFPRIVATEKEY" == "" ]; then + echo "secretspresent=NO" >> $GITHUB_OUTPUT + else + echo "secretspresent=YES" >> $GITHUB_OUTPUT + fi + env: + BUILDJABREFPRIVATEKEY: ${{ secrets.buildJabRefPrivateKey }} + - name: Comment PR + if: (steps.checksecrets.outputs.secretspresent == 'YES') + uses: thollander/actions-comment-pull-request@v2 + with: + message: | + The build of this PR is available at . + comment_tag: download-link + mode: recreate diff --git a/.github/workflows/deployment.yml b/.github/workflows/deployment.yml index 6430b42c062..997dc580748 100644 --- a/.github/workflows/deployment.yml +++ b/.github/workflows/deployment.yml @@ -227,7 +227,6 @@ jobs: if: (steps.checksecrets.outputs.secretspresent != 'YES') uses: actions/upload-artifact@v4 with: - # tbn = to-be-notarized name: JabRef-${{ matrix.os }} path: build/distribution compression-level: 0 # no compression diff --git a/settings.gradle b/settings.gradle index 18e2f97a57c..01ad017d95c 100644 --- a/settings.gradle +++ b/settings.gradle @@ -1,14 +1,5 @@ -pluginManagement { - repositories { - maven { - url 'https://oss.sonatype.org/content/repositories/snapshots' - } - gradlePluginPortal() - } -} - plugins { - id("org.gradle.toolchains.foojay-resolver-convention") version "0.8.0" + id("org.gradle.toolchains.foojay-resolver-convention") version "0.8.0" } rootProject.name = "JabRef"