pombast CI: fix publish, add log artifacts #562
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: build | |
| on: | |
| push: | |
| branches: | |
| - master | |
| pull_request: | |
| branches: | |
| - master | |
| schedule: | |
| # Run weekly on Sunday to keep the Maven cache alive. | |
| - cron: '4 5 * * 0' | |
| # Queue runs of the same ref; cancel superseded PR builds (they never publish). | |
| concurrency: | |
| group: build-${{ github.ref }} | |
| cancel-in-progress: ${{ github.event_name == 'pull_request' }} | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| actions: write # needed to delete and re-save the pombast cache | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Java | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: '11' | |
| java-package: 'jdk+fx' | |
| distribution: 'zulu' | |
| cache: 'maven' | |
| - uses: astral-sh/setup-uv@v6 | |
| - uses: webfactory/ssh-agent@v0.9.0 | |
| if: github.ref == 'refs/heads/master' && github.event_name == 'push' | |
| with: | |
| ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }} | |
| - name: Set up build environment | |
| run: .github/setup-build.sh | |
| shell: bash | |
| - name: Maven CI build | |
| run: .github/build.sh | |
| shell: bash | |
| env: | |
| GPG_KEY_NAME: ${{ secrets.GPG_KEY_NAME }} | |
| GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} | |
| MAVEN_USER: ${{ secrets.MAVEN_USER }} | |
| MAVEN_PASS: ${{ secrets.MAVEN_PASS }} | |
| CENTRAL_USER: ${{ secrets.CENTRAL_USER }} | |
| CENTRAL_PASS: ${{ secrets.CENTRAL_PASS }} | |
| SIGNING_ASC: ${{ secrets.SIGNING_ASC }} | |
| - name: Restore pombast cache | |
| uses: actions/cache/restore@v4 | |
| with: | |
| # pombast: success/timestamp caches; cjdk: downloaded JDKs + Maven; | |
| # jgo: per-artifact bytecode-scan results. (~/.m2 is cached above by | |
| # setup-java's cache: 'maven'.) | |
| path: | | |
| ~/.cache/pombast | |
| ~/.cache/cjdk | |
| ~/.cache/jgo | |
| key: ${{ runner.os }}-pombast-build | |
| - name: Run pombast checks (melt + smelt) | |
| run: bin/check.sh | |
| shell: bash | |
| env: | |
| COLUMNS: '200' # widen Rich tables so log output is legible | |
| - name: Upload pombast logs | |
| if: always() | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: pombast-logs | |
| # mega-melt validation.log + dependency-tree.log + per-component build | |
| # logs, plus the smelt report. Lets us diagnose melt/smelt failures | |
| # without waiting on a status.scijava.org deploy. | |
| path: | | |
| target/pombast/**/*.log | |
| target/pombast/smelt.json | |
| if-no-files-found: warn | |
| retention-days: 14 | |
| - name: Delete old pombast cache | |
| if: always() | |
| run: .github/delete-cache.sh "${{ runner.os }}-pombast-build" | |
| shell: bash | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Save pombast cache | |
| if: always() | |
| uses: actions/cache/save@v4 | |
| with: | |
| path: | | |
| ~/.cache/pombast | |
| ~/.cache/cjdk | |
| ~/.cache/jgo | |
| key: ${{ runner.os }}-pombast-build | |
| - name: Publish smelt results | |
| if: always() && github.ref == 'refs/heads/master' && github.event_name == 'push' | |
| run: .github/publish.sh "Update smelt results" target/pombast/smelt.json | |
| shell: bash |