-
-
Notifications
You must be signed in to change notification settings - Fork 76
79 lines (70 loc) · 2.7 KB
/
cacert-publish.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
name: Publish ca-certificates
on:
push:
branches: [ master ]
paths:
- 'linux/ca-certificates/**'
- '.github/workflows/cacert-publish.yml'
permissions:
contents: read
jobs:
publish-ca-certificates:
if: github.repository == 'adoptium/installer'
name: "Publish ca-certificates"
runs-on: ubuntu-latest
defaults:
run:
working-directory: ./linux
steps:
- name: Harden Runner
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
adoptium.jfrog.io:443
api.github.com:443
auth.docker.io:443
deb.debian.org:80
github.com:443
objects.githubusercontent.com:443
production.cloudflare.docker.com:443
registry-1.docker.io:443
releases-cdn.jfrog.io:443
releases.jfrog.io:443
services.gradle.org:443
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b # v4.5.0
with:
java-version: '17'
java-package: jdk
architecture: x64
distribution: 'temurin'
- uses: jfrog/setup-jfrog-cli@18e785fb220d332edbf01964f853ff0fcaa22220 # v4.4.2
env:
JF_URL: https://adoptium.jfrog.io
JF_USER: ${{ secrets.ARTIFACTORY_USER }}
JF_PASSWORD: ${{ secrets.ARTIFACTORY_PASSWORD }}
- name: Build
run: |
export _JAVA_OPTIONS="-Xmx4G"
./gradlew --parallel :ca-certificates:package --stacktrace
- name: Check if deb file exists in Artifactory
id: check-deb
run: |
FILE=$(ls ca-certificates/debian/build/ospackage/*.deb)
echo "File to upload: ${FILE}"
FILE_EXISTS=$(jf rt s --count=true "deb/pool/main/a/adoptium-ca-certificates/$(basename $FILE)")
if [[ "$FILE_EXISTS" == "0" ]]; then
echo file_exists=false >> "$GITHUB_OUTPUT"
fi
- name: Upload deb file to Artifactory
if: steps.check-deb.outputs.file_exists == 'false'
run: |
DISTRO_LIST="trixie,bookworm,buster,noble,jammy,focal,bionic"
FILE=$(ls ca-certificates/debian/build/ospackage/*.deb)
# Upload cacerts deb file
jf rt u "$FILE" "deb/pool/main/a/adoptium-ca-certificates/$(basename ${FILE})" --flat=true
# Add deb.distribution properties
jf rt sp "deb/pool/main/a/adoptium-ca-certificates/$(basename ${FILE})" "deb.distribution=${DISTRO_LIST};deb.architecture=all;deb.component=main"