.github/workflows/maven-build.yml

# This workflow will build a Java project with Maven, and cache/restore any dependencies to improve the workflow execution time
# For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-maven

name: Java CI with Maven

on:
  push:
    branches: [ main ]
  pull_request:
    branches: [ main ]

jobs:
  chainloop_init:
    name: Chainloop Init
    uses: chainloop-dev/labs/.github/workflows/chainloop_init.yml@54b18c97630a84a134c3fc93489d86c533d5a440
    secrets:
      api_token: ${{ secrets.CHAINLOOP_ROBOT_ACCOUNT }}
    with:
      chainloop_labs_branch: 7f4de29435dc009326587051f507d2cd8c77d28b
      contract_revision: 2

  build:
    runs-on: ubuntu-latest
    strategy:
      matrix:
        java: [ '17' ]

    steps:
      - uses: actions/checkout@v4
      - name: Set up JDK ${{matrix.java}}
        uses: actions/setup-java@v4
        with:
          java-version: ${{matrix.java}}
          distribution: 'adopt'
          cache: maven
      - name: Build with Maven Wrapper
        run: ./mvnw -B package

      # Upload the built jar as an artifact so that it can be used in the Chainloop job
      - uses: actions/upload-artifact@v4
        with:
          name: artifacts
          path: target/*.jar

  collect-metadata:
    runs-on: ubuntu-latest
    name: Generate metadata
    needs: build
    steps:
      - name: Download all workflow run artifacts
        uses: actions/download-artifact@v4

      - name: Generate metadata
        run: |
          mkdir -p metadata

      - uses: anchore/sbom-action@v0
        with:
          file: artifacts/*.jar
          format: cyclonedx-json
          output-file: ./metadata/sbom.cyclonedx.json
          upload-artifact: false

      - uses: actions/upload-artifact@v4
        with:
          name: metadata
          path: metadata/*

  chainloop_push:
    name: Chainloop Push
    uses: chainloop-dev/labs/.github/workflows/chainloop_push.yml@54b18c97630a84a134c3fc93489d86c533d5a440
    needs:
      - collect-metadata
      - chainloop_init
    secrets:
      api_token: ${{ secrets.CHAINLOOP_ROBOT_ACCOUNT }}
      signing_key: ${{ secrets.PRIVATE_KEY }}
      signing_key_password: ${{ secrets.PRIVATE_KEY_PASSWORD }}
    with:
      attestation_name: "petclinic"
      chainloop_labs_branch: 54b18c97630a84a134c3fc93489d86c533d5a440