Release: `1.0-v3-alpha4-b9` #1495

Workflow file for this run

.github/workflows/build.ci.yml at fa3d4b2

	name: Framework

	on:
	push:
	branches:
	- stable
	- v3
	pull_request:
	types: [opened, reopened, synchronize]
	merge_group: {}

	env:
	GRADLE_CACHE_LOCAL: false
	GRADLE_CACHE_REMOTE: true
	GRADLE_CACHE_PUSH: true
	CACHE_ENDPOINT: "https://gradle.less.build/cache/generic/"
	BUILDLESS_APIKEY: ${{ secrets.BUILDLESS_APIKEY }}
	GRADLE_OPTS: "-Xmx6g -XX:MaxMetaspaceSize=1024m -XX:+UseParallelGC"

	jobs:
	##
	## Job: Pre-flight Checks
	##
	preflight-checks:
	name: "Pre-flight Checks"
	runs-on: "ubuntu-latest"
	permissions:
	contents: "read"
	id-token: "write"
	checks: "write"
	packages: "read"
	pull-requests: "write"
	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 # v2.5.0
	with:
	egress-policy: audit

	- name: "Setup: Checkout"
	uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
	- name: "Setup: GraalVM"
	uses: graalvm/setup-graalvm@d1891786152ae96fee67f86c3a1eae596291bbed # v1.1.2
	with:
	components: "native-image,js,wasm,espresso"
	distribution: 'graalvm'
	java-version: 20
	check-for-updates: false
	github-token: ${{ secrets.GITHUB_TOKEN }}
	- id: "auth"
	name: "Setup: Authorize Service Account"
	uses: google-github-actions/auth@35b0e87d162680511bf346c299f71c9c5c379033 # v1.1.1
	with:
	credentials_json: "${{ secrets.BUILDBOT_SERVICE_ACCOUNT }}"
	create_credentials_file: true
	export_environment_variables: true
	cleanup_credentials: true
	- name: "Patch: Neutralize Yarn Lock"
	run: mv yarn.lock yarn.inert
	- name: "Check: Dependency Review"
	uses: actions/dependency-review-action@1360a344ccb0ab6e9475edef90ad2f46bf8003b1 # v3.0.6
	continue-on-error: true
	with:
	config-file: "./.github/dependency-review-config.yml"
	license-check: true
	vulnerability-check: true
	fail-on-severity: "low"
	base-ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.base.ref \|\| 'v3' }}
	- name: "Patch: Restore Yarn Lock"
	run: mv yarn.inert yarn.lock
	- name: "Check: Library ABI"
	uses: gradle/gradle-build-action@a4cf152f482c7ca97ef56ead29bf08bcd953284c # v2.7.0
	id: abicheck
	continue-on-error: ${{ contains(github.event.pull_request.labels.*.name, 'ci:ignore-abicheck') }}
	env:
	CI: true
	with:
	cache-read-only: false
	arguments: \|
	apiCheck
	--dependency-verification=lenient
	--write-locks
	--no-daemon
	--warning-mode=none
	-Pelide.ci=true
	-PbuildDocs=false
	-PbuildSamples=false
	-PbuildDocsSite=false

	##
	## Job: Library Build
	##

	gradle:
	strategy:
	fail-fast: false
	matrix:
	os: [Ubuntu]
	mode: ['Strict']
	machine: [ubuntu-latest]
	provenance: [true]
	include:
	- os: macOS
	mode: Strict
	machine: macos-13
	provenance: false
	- os: Windows
	mode: Labs
	machine: windows-latest

	name: "Build (${{ matrix.os }})"
	runs-on: ${{ matrix.machine }}
	continue-on-error: ${{ matrix.mode != 'Strict' }}

	permissions:
	contents: "write"
	actions: "read"
	id-token: "write"
	checks: "write"
	pull-requests: "write"
	packages: "read"
	security-events: "write"

	defaults:
	run:
	shell: bash

	outputs:
	hashes: ${{ steps.hash.outputs.hashes }}

	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 # v2.5.0
	with:
	egress-policy: audit

	- name: "Setup: Checkout"
	uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
	- name: "Setup: GraalVM (Java 20)"
	uses: graalvm/setup-graalvm@d1891786152ae96fee67f86c3a1eae596291bbed # v1.1.2
	with:
	components: "native-image,js,wasm,espresso"
	distribution: 'graalvm'
	java-version: 20
	check-for-updates: ${{ matrix.os == 'ubuntu' }}
	github-token: ${{ secrets.GITHUB_TOKEN }}
	- name: "Setup: Node"
	uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0
	with:
	node-version: 20
	cache: "yarn"
	- name: "Setup: Yarn"
	run: npm install -g yarn@1.22.19 && yarn --ignore-platform
	- id: "auth"
	name: "Setup: Authorize Service Account"
	uses: google-github-actions/auth@35b0e87d162680511bf346c299f71c9c5c379033 # v1.1.1
	with:
	credentials_json: "${{ secrets.BUILDBOT_SERVICE_ACCOUNT }}"
	create_credentials_file: true
	export_environment_variables: true
	cleanup_credentials: true
	- name: "🛠️ Build"
	uses: gradle/gradle-build-action@a4cf152f482c7ca97ef56ead29bf08bcd953284c # v2.7.0
	id: gradlebuild
	continue-on-error: ${{ matrix.mode == 'labs' }}
	env:
	CI: true
	with:
	cache-read-only: false
	dependency-graph: generate-and-submit
	arguments: \|
	build
	-x check
	-x test
	-x jvmTest
	-x jsTest
	-x jsBrowserTest
	-x nativeCompile
	--scan
	--no-daemon
	--warning-mode=none
	--dependency-verification=lenient
	--stacktrace
	-Pelide.ci=true
	-PbuildSamples=false
	-PbuildDocsSite=false
	-PbuildDocs=false
	- name: "Build reports"
	if: failure()
	uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
	with:
	name: build-reports-${{ matrix.os }}-latest-gvm-latest
	path: \|
	build/reports/*/.*
	- name: "Build: Provenance Subject"
	id: hash
	if: ${{ matrix.os == 'ubuntu' }}
	run: \|
	echo "hashes=$(sha256sum ./packages//build/libs/ \| base64 -w0)" >> "$GITHUB_OUTPUT"

	## Report: Provenance
	provenance:
	name: Provenance
	needs: [gradle]
	permissions:
	actions: read
	id-token: write
	contents: write
	uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.7.0
	with:
	base64-subjects: "${{ needs.gradle.outputs.hashes }}"
	upload-assets: ${{ github.ref == 'refs/heads/stable' \|\| github.ref == 'refs/heads/v3' \|\| startsWith(github.ref, 'release/') \|\| startsWith(github.ref, 'refs/tags/v') }}

	##
	## Job: Testsuite (JVM)
	##
	tests-jvm:
	name: "Tests: JVM"
	runs-on: ubuntu-latest
	continue-on-error: true
	needs: [preflight-checks]

	permissions:
	contents: "read"
	id-token: "write"
	checks: "write"
	packages: "read"
	pull-requests: "write"

	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 # v2.5.0
	with:
	egress-policy: audit

	- name: "Setup: Checkout"
	uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
	- name: "Setup: Git History"
	run: git fetch --unshallow \|\| exit 0
	- name: "Setup: GraalVM (Java 20)"
	uses: graalvm/setup-graalvm@d1891786152ae96fee67f86c3a1eae596291bbed # v1.1.2
	with:
	components: "native-image,js,wasm,espresso"
	distribution: 'graalvm'
	java-version: 20
	check-for-updates: false
	github-token: ${{ secrets.GITHUB_TOKEN }}
	- id: "auth"
	name: "Setup: Authorize Service Account"
	uses: google-github-actions/auth@35b0e87d162680511bf346c299f71c9c5c379033 # v1.1.1
	with:
	credentials_json: "${{ secrets.BUILDBOT_SERVICE_ACCOUNT }}"
	create_credentials_file: true
	export_environment_variables: true
	cleanup_credentials: true
	- name: "Setup: Node"
	uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0
	with:
	node-version: 20
	cache: "yarn"
	- name: "Setup: Yarn"
	run: npm install -g yarn@1.22.19 && yarn --ignore-platform
	- name: "Run Tests (JVM)"
	uses: gradle/gradle-build-action@a4cf152f482c7ca97ef56ead29bf08bcd953284c # v2.7.0
	env:
	CI: true
	SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
	TEST_EXCEPTIONS: true
	with:
	cache-read-only: false
	arguments: \|
	test
	check
	jacocoTestReport
	koverXmlReport
	:substrate:redakt:test
	:substrate:koverXmlReport
	:tools:reports:reports
	--scan
	--no-daemon
	--warning-mode=none
	--dependency-verification=lenient
	-x ktlintCheck
	-x ktlintKotlinScriptCheck
	-x apiCheck
	-x nativeTest
	-x testNativeImage
	-Pelide.ci=true
	-PbuildSamples=false
	-PbuildDocs=false
	-PbuildDocsSite=false
	- uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
	with:
	name: test-reports-jvm
	path: \|
	**/build/reports/jacoco/test/jacocoTestReport.xml
	**/build/reports/jacoco/testCodeCoverageReport/jacocoTestReport.xml
	**/build/reports/jacoco/testCodeCoverageReport/testCodeCoverageReport.xml
	build/reports/kover/merged/html/*/.*
	tools/reports/build/reports/*/.xml
	tools/reports/build/test-results/*/.xml
	- name: "Annotate: Test Results"
	uses: elide-tools/action-junit-report@f14b1271fab649beb23e70eae2a258f3ee24a591 # v3.1.0
	if: always() # always run even if the previous step fails
	with:
	report_paths: "*/build/test-results/test/TEST-.xml"
	- name: "Report: Codecov (Main)"
	uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d # v3.1.4
	with:
	token: ${{ secrets.CODECOV_TOKEN }}
	files: ./build/reports/kover/merged/xml/report.xml
	name: elide
	flags: jvm,lib
	fail_ci_if_error: false
	verbose: true
	- name: "Report: Codecov (Substrate)"
	uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d # v3.1.4
	with:
	token: ${{ secrets.CODECOV_TOKEN }}
	files: ./tools/substrate/build/reports/kover/merged/xml/report.xml
	name: substrate
	flags: jvm,substrate
	fail_ci_if_error: false
	verbose: true
	- name: "Report: Codecov (Plugin)"
	uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d # v3.1.4
	with:
	token: ${{ secrets.CODECOV_TOKEN }}
	files: ./tools/plugin/gradle-plugin/plugin-build/plugin/build/reports/kover/xml/report.xml
	name: plugin-gradle
	flags: jvm,plugin,gradle
	fail_ci_if_error: false
	verbose: true

	##
	## Job: Testsuite (Native)
	##
	tests-native:
	name: "Tests: Native"
	runs-on: ubuntu-latest-8-cores
	needs: [tests-jvm, preflight-checks]
	continue-on-error: true
	if: false

	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 # v2.5.0
	with:
	egress-policy: audit

	- name: "Setup: Checkout"
	uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
	- name: "Setup: GraalVM"
	uses: graalvm/setup-graalvm@d1891786152ae96fee67f86c3a1eae596291bbed # v1.1.2
	with:
	components: "native-image,js,wasm,espresso"
	distribution: 'graalvm'
	java-version: 20
	check-for-updates: true
	github-token: ${{ secrets.GITHUB_TOKEN }}
	- id: "auth"
	name: "Setup: Authorize Service Account"
	uses: google-github-actions/auth@35b0e87d162680511bf346c299f71c9c5c379033 # v1.1.1
	with:
	credentials_json: "${{ secrets.BUILDBOT_SERVICE_ACCOUNT }}"
	create_credentials_file: true
	export_environment_variables: true
	cleanup_credentials: true
	- name: "Setup: Node"
	uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0
	with:
	node-version: 20
	cache: "yarn"
	- name: "Setup: Yarn"
	run: npm install -g yarn@1.22.19 && yarn --ignore-platform
	- name: "Run Tests (Native)"
	uses: gradle/gradle-build-action@a4cf152f482c7ca97ef56ead29bf08bcd953284c # v2.7.0
	continue-on-error: true
	env:
	CI: true
	with:
	cache-read-only: false
	arguments: \|
	nativeTest
	check
	jacocoTestReport
	--scan
	--no-daemon
	--warning-mode=none
	--dependency-verification=lenient
	-x ktlintCheck
	-x ktlintKotlinScriptCheck
	-x apiCheck
	-Pelide.ci=true
	-PbuildSamples=false
	-PbuildDocsSite=false
	-PbuildDocs=false
	- uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
	with:
	name: test-reports-native
	path: \|
	**/build/reports/jacoco/test/jacocoTestReport.xml
	**/build/reports/jacoco/testCodeCoverageReport/jacocoTestReport.xml
	**/build/reports/jacoco/testCodeCoverageReport/testCodeCoverageReport.xml
	tools/reports/build/reports/*/.xml
	tools/reports/build/test-results/*/.xml

	##
	## Job: CLI (Native Debug)
	##
	cli-build-debug:
	name: "CLI: Native (Debug, ${{ matrix.os }}, ${{ matrix.arch \|\| 'amd64' }})"
	runs-on: ${{ matrix.runner }}
	needs: [preflight-checks, gradle]
	continue-on-error: true
	if: \|
	(
	github.ref == 'refs/heads/stable' \|\|
	github.ref == 'refs/heads/v3' \|\|
	startsWith(github.ref, 'release/') \|\|
	contains(github.event.pull_request.labels.*.name, 'ci:build-cli') \|\|
	contains(github.event.head_commit.message, 'ci:build-cli') \|\|
	startsWith(github.ref, 'refs/tags/v')
	)

	strategy:
	fail-fast: false
	matrix:
	os: ["Linux"]
	arch: ["amd64"]
	runner: ["ubuntu-latest-8-cores"]
	labs: [false]
	tag: [linux-amd64]
	include:
	- os: Linux
	runner: ubuntu-latest-8-cores
	arch: amd64
	labs: false
	tag: linux-amd64
	- os: macOS
	runner: macos-13-xl
	arch: amd64
	labs: false
	tag: darwin-amd64
	- os: Windows
	runner: windows-latest-8-cores
	arch: amd64
	tag: windows-amd64
	labs: true

	steps:
	- name: "Setup: Checkout"
	uses: actions/checkout@v3
	- id: "auth"
	name: "Setup: Authorize Service Account"
	uses: google-github-actions/auth@v1
	with:
	credentials_json: "${{ secrets.BUILDBOT_SERVICE_ACCOUNT }}"
	create_credentials_file: true
	export_environment_variables: true
	cleanup_credentials: true
	- name: "Setup: MSVC"
	if: contains(matrix.runner, 'windows')
	uses: ilammy/msvc-dev-cmd@v1
	with:
	arch: ${{ matrix.arch }}
	- name: "Setup: GraalVM"
	uses: graalvm/setup-graalvm@v1
	with:
	components: "native-image,js,wasm,espresso"
	distribution: 'graalvm'
	java-version: 20
	check-for-updates: true
	github-token: ${{ secrets.GITHUB_TOKEN }}
	- name: "Setup: Node"
	uses: actions/setup-node@v3
	with:
	node-version: 20
	cache: "yarn"
	- name: "Setup: Yarn"
	run: npm install -g yarn@1.22.19 && yarn --ignore-platform
	- name: "Build: CLI (Native/Debug)"
	uses: gradle/gradle-build-action@915a66c096a03101667f9df2e56c9efef558b165 # v2.6.1
	env:
	CI: true
	with:
	cache-read-only: false
	arguments: \|
	:packages:cli:nativeCompile
	-Prelease=false
	-PbuildMode=dev
	--scan
	--no-daemon
	--warning-mode=none
	--dependency-verification=lenient
	-Pelide.ci=true
	-PbuildSamples=false
	-PbuildDocsSite=false
	-PbuildDocs=false
	- name: "Post-process: Compress (xz)"
	if: success() && !contains(matrix.runner, 'windows')
	run: \|
	pushd packages/cli/build/native/nativeCompile;
	xz -9kv elide.debug;
	popd;
	echo "Binary compressed.";
	- name: "Artifacts: Debug Binary (Unix)"
	uses: actions/upload-artifact@v3
	if: success() && !contains(matrix.runner, 'windows')
	with:
	name: cli-debug-${{ matrix.tag }}
	path: \|
	./packages/cli/build/native/nativeCompile/elide.debug.xz
	- name: "Artifacts: Debug Binary (Windows)"
	uses: actions/upload-artifact@v3
	if: success() && contains(matrix.runner, 'windows')
	with:
	name: cli-debug-${{ matrix.tag }}
	path: \|
	./packages/cli/build/native/nativeCompile/elide.debug
	- name: "Artifacts: Dashboard Dump"
	uses: actions/upload-artifact@v3
	if: success()
	with:
	name: cli-debug-report-${{ matrix.tag }}
	path: \|
	./packages/cli/build/native/nativeCompile/elide-tool.bgv

	##
	## Job: CLI (Native Release)
	##
	cli-build-release:
	name: "CLI: Native (Release, ${{ matrix.os }}, ${{ matrix.arch \|\| 'amd64' }})"
	runs-on: ${{ matrix.runner }}
	needs: [preflight-checks, gradle]
	continue-on-error: true
	if: \|
	(
	github.ref == 'refs/heads/stable' \|\|
	github.ref == 'refs/heads/v3' \|\|
	startsWith(github.ref, 'release/') \|\|
	contains(github.event.pull_request.labels.*.name, 'ci:build-cli') \|\|
	contains(github.event.head_commit.message, 'ci:build-cli') \|\|
	startsWith(github.ref, 'refs/tags/v')
	)

	strategy:
	fail-fast: false
	matrix:
	os: ["Linux"]
	arch: ["amd64"]
	runner: ["ubuntu-latest-8-cores"]
	labs: [false]
	tag: [linux-amd64]
	include:
	- os: Linux
	runner: ubuntu-latest-8-cores
	arch: amd64
	labs: false
	tag: linux-amd64
	- os: macOS
	runner: macos-13-xl
	arch: amd64
	labs: false
	tag: darwin-amd64
	- os: Windows
	runner: windows-latest-8-cores
	arch: amd64
	tag: windows-amd64
	labs: true

	steps:
	- name: "Setup: Checkout"
	uses: actions/checkout@v3
	- id: "auth"
	name: "Setup: Authorize Service Account"
	uses: google-github-actions/auth@v1
	with:
	credentials_json: "${{ secrets.BUILDBOT_SERVICE_ACCOUNT }}"
	create_credentials_file: true
	export_environment_variables: true
	cleanup_credentials: true
	- name: "Setup: MSVC"
	if: contains(matrix.runner, 'windows')
	uses: ilammy/msvc-dev-cmd@v1
	with:
	arch: ${{ matrix.arch }}
	- name: "Setup: GraalVM"
	uses: graalvm/setup-graalvm@v1
	with:
	components: "native-image,js,wasm,espresso"
	distribution: 'graalvm'
	java-version: 20
	check-for-updates: true
	github-token: ${{ secrets.GITHUB_TOKEN }}
	- name: "Setup: Node"
	uses: actions/setup-node@v3
	with:
	node-version: 20
	cache: "yarn"
	- name: "Setup: Yarn"
	run: npm install -g yarn@1.22.19 && yarn --ignore-platform
	- name: "Build: CLI (Native/Release)"
	uses: gradle/gradle-build-action@915a66c096a03101667f9df2e56c9efef558b165 # v2.6.1
	env:
	CI: true
	with:
	cache-read-only: false
	arguments: \|
	:packages:cli:nativeOptimizedCompile
	-Prelease=true
	-PbuildMode=release
	--scan
	--no-daemon
	--warning-mode=none
	--dependency-verification=lenient
	-Pelide.ci=true
	-PbuildSamples=false
	-PbuildDocsSite=false
	-PbuildDocs=false
	- name: "Post-process: Compress (xz)"
	if: success() && !contains(matrix.runner, 'windows')
	run: \|
	pushd packages/cli/build/native/nativeOptimizedCompile;
	xz -9kv elide.debug;
	popd;
	echo "Binary compressed.";
	- name: "Artifacts: Release Binary (Unix)"
	uses: actions/upload-artifact@v3
	if: success() && !contains(matrix.runner, 'windows')
	with:
	name: cli-release-${{ matrix.tag }}
	path: \|
	./packages/cli/build/native/nativeOptimizedCompile/elide.xz
	- name: "Artifacts: Release Binary (Windows)"
	uses: actions/upload-artifact@v3
	if: success() && contains(matrix.runner, 'windows')
	with:
	name: cli-release-${{ matrix.tag }}
	path: \|
	./packages/cli/build/native/nativeOptimizedCompile/elide.exe

	##
	## Job: Docker Samples (JVM)
	##
	docker-jvm:
	name: "Docker: JVM"
	runs-on: ubuntu-latest
	needs: [gradle, preflight-checks]
	if: \|
	(
	github.ref == 'refs/heads/stable' \|\|
	github.ref == 'refs/heads/v3' \|\|
	contains(github.event.pull_request.labels.*.name, 'ci:build-img-jvm') \|\|
	contains(github.event.head_commit.message, 'ci:build-img-jvm') \|\|
	startsWith(github.ref, 'refs/tags/v')
	)

	permissions:
	contents: "read"
	id-token: "write"
	checks: "write"
	packages: "read"
	pull-requests: "write"

	strategy:
	fail-fast: false
	matrix:
	project: ["server:hellocss"]
	labs: [false]
	include:
	- project: "server:hellocss"
	labs: false
	- project: "fullstack:react-ssr:server"
	labs: true

	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 # v2.5.0
	with:
	egress-policy: audit

	- name: "Setup: GraalVM"
	uses: graalvm/setup-graalvm@d1891786152ae96fee67f86c3a1eae596291bbed # v1.1.2
	with:
	components: "native-image,js,wasm,espresso"
	distribution: 'graalvm'
	java-version: 20
	check-for-updates: false
	github-token: ${{ secrets.GITHUB_TOKEN }}
	- name: "Setup: QEMU"
	uses: docker/setup-qemu-action@2b82ce82d56a2a04d2637cd93a637ae1b359c0a7 # v2.2.0
	- name: "Setup: Docker"
	uses: docker/setup-buildx-action@4c0219f9ac95b02789c1075625400b2acbff50b1 # v2.9.1
	id: buildx
	with:
	install: true
	- name: "Setup: Checkout"
	uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
	- name: "Setup: Node"
	uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0
	with:
	node-version: 20
	- name: "Setup: Yarn"
	run: npm install -g yarn@1.22.19 && yarn --ignore-platform
	- id: "auth"
	name: "Setup: Authorize Service Account"
	uses: google-github-actions/auth@35b0e87d162680511bf346c299f71c9c5c379033 # v1.1.1
	with:
	credentials_json: "${{ secrets.BUILDBOT_SERVICE_ACCOUNT }}"
	create_credentials_file: true
	export_environment_variables: true
	cleanup_credentials: true
	- name: "Setup: Setup Cloud SDK"
	uses: google-github-actions/setup-gcloud@e30db14379863a8c79331b04a9969f4c1e225e0b # v1.1.1
	with:
	version: 389.0.0
	project_id: elide-fw
	- name: "Authorize Docker: GCP"
	run: \|
	gcloud auth configure-docker us-docker.pkg.dev
	- name: "Authorize Docker: GHCR"
	uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0
	with:
	registry: ghcr.io
	username: elidebot
	password: ${{ secrets.BUILDBOT_GHCR_TOKEN }}

	## -- Samples -- ##
	- name: "Build/Push: '${{ matrix.project }}' (JVM)"
	continue-on-error: ${{ fromJson(matrix.labs) }}
	uses: gradle/gradle-build-action@a4cf152f482c7ca97ef56ead29bf08bcd953284c # v2.7.0
	with:
	arguments: \|
	--no-daemon
	--warning-mode=none
	-Pelide.ci=true
	-PbuildSamples=true
	-PbuildDocs=false
	-Pelide.runtime=JVM
	-x nativeCompile
	-x test
	:samples:${{ matrix.project }}:optimizedDockerBuild
	:samples:${{ matrix.project }}:optimizedDockerPush

	##
	## Job: Docker Samples (JVM)
	##

	docker-native:
	name: "Docker: Native"
	runs-on: ubuntu-latest
	continue-on-error: true
	needs: [gradle, preflight-checks]
	if: \|
	(
	github.ref == 'refs/heads/stable' \|\|
	github.ref == 'refs/heads/v3' \|\|
	contains(github.event.pull_request.labels.*.name, 'ci:build-img-native') \|\|
	contains(github.event.head_commit.message, 'ci:build-img-native') \|\|
	startsWith(github.ref, 'refs/tags/v')
	)

	permissions:
	contents: "read"
	id-token: "write"
	checks: "write"
	packages: "read"
	pull-requests: "write"

	strategy:
	fail-fast: false
	matrix:
	project: ["server:hellocss"]
	path: ["server/hellocss"]
	image: ["elide-fw/samples/server/hellocss/native"]
	include:
	- project: "fullstack:react-ssr:server"
	path: "fullstack/react-ssr/server"
	image: "elide-fw/samples/fullstack/react-ssr/native"

	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 # v2.5.0
	with:
	egress-policy: audit

	- name: "Setup: GraalVM"
	uses: graalvm/setup-graalvm@d1891786152ae96fee67f86c3a1eae596291bbed # v1.1.2
	with:
	components: "native-image,js,wasm,espresso"
	distribution: 'graalvm'
	java-version: 20
	check-for-updates: false
	github-token: ${{ secrets.GITHUB_TOKEN }}
	- name: "Setup: QEMU"
	uses: docker/setup-qemu-action@2b82ce82d56a2a04d2637cd93a637ae1b359c0a7 # v2.2.0
	- name: "Setup: Docker"
	uses: docker/setup-buildx-action@4c0219f9ac95b02789c1075625400b2acbff50b1 # v2.9.1
	id: buildx
	with:
	install: true
	- name: "Setup: Checkout"
	uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
	- name: "Setup: Node"
	uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0
	with:
	node-version: 20
	- name: "Setup: Yarn"
	run: npm install -g yarn@1.22.19 && yarn --ignore-platform
	- id: "auth"
	name: "Authorize Service Account"
	uses: google-github-actions/auth@35b0e87d162680511bf346c299f71c9c5c379033 # v1.1.1
	with:
	credentials_json: "${{ secrets.BUILDBOT_SERVICE_ACCOUNT }}"
	create_credentials_file: true
	export_environment_variables: true
	cleanup_credentials: true
	- name: "Setup: Cloud SDK"
	uses: google-github-actions/setup-gcloud@e30db14379863a8c79331b04a9969f4c1e225e0b # v1.1.1
	with:
	version: 389.0.0
	project_id: elide-fw
	install_components: "beta"
	- name: "Authorize Docker: GCP"
	run: \|
	gcloud auth configure-docker us-docker.pkg.dev
	- name: "Authorize Docker: GHCR"
	uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0
	with:
	registry: ghcr.io
	username: elidebot
	password: ${{ secrets.BUILDBOT_GHCR_TOKEN }}

	## -- Samples -- ##
	- name: "Build/Push: '${{ matrix.project }}' (Native)"
	uses: gradle/gradle-build-action@a4cf152f482c7ca97ef56ead29bf08bcd953284c # v2.7.0
	continue-on-error: true
	with:
	arguments: \|
	--no-daemon
	--warning-mode=none
	-Pelide.ci=true
	-PbuildSamples=true
	-PbuildDocs=false
	-Pelide.runtime=NATIVE
	-Pelide.ci=true
	-x test
	:samples:${{ matrix.project }}:optimizedDockerBuildNative
	:samples:${{ matrix.project }}:optimizedDockerPushNative
	- name: "Build/Push: Fallback to GCB"
	if: failure()
	run: \|
	mv ./samples/${{ matrix.path }}/build/docker/native-optimized/DockerfileNative ./samples/${{ matrix.path }}/build/docker/native-optimized/Dockerfile
	gcloud beta builds submit \
	--machine-type e2-highcpu-32 \
	--timeout=2h \
	--project elide-fw \
	--tag=us-docker.pkg.dev/${{ matrix.image }}:opt-latest \
	./samples/${{ matrix.path }}/build/docker/native-optimized

	##
	## Deploy: Samples
	##

	deploy-samples:
	name: "Deploy"
	needs: [gradle, tests-jvm, docker-jvm, docker-native]
	if: \|
	(
	github.ref == 'refs/heads/stable' \|\|
	contains(github.event.pull_request.labels.*.name, 'ci:deploy-samples') \|\|
	contains(github.event.pull_request.labels.*.name, 'ci:deploy') \|\|
	contains(github.event.head_commit.message, 'ci:deploy-samples') \|\|
	contains(github.event.head_commit.message, 'ci:deploy') \|\|
	startsWith(github.ref, 'refs/tags/v')
	)

	strategy:
	matrix:
	category: [fullstack]
	app: [react-ssr]
	variant: [native]

	permissions:
	contents: "read"
	id-token: "write"
	checks: "write"
	pull-requests: "write"
	deployments: "write"
	statuses: "write"
	packages: "read"

	uses: ./.github/workflows/deploy.ci.yml
	secrets: inherit
	with:
	path: "samples/${{ matrix.category }}/${{ matrix.app }}"
	image: "us-docker.pkg.dev/elide-fw/samples/${{ matrix.category }}/${{ matrix.app }}/${{ matrix.variant }}:opt-latest"
	environment: samples
	url: https://${{ matrix.app }}.samples.elide.dev

	##
	## Publish: Library Snapshot
	##

	publish-snapshot:
	name: "Publish: Snapshot"
	needs: [gradle, tests-jvm]
	if: \|
	(
	github.ref == 'refs/heads/stable' \|\|
	contains(github.event.pull_request.labels.*.name, 'ci:publish-snapshot') \|\|
	contains(github.event.head_commit.message, 'ci:publish-snapshot')
	)

	permissions:
	contents: "read"
	id-token: "write"
	checks: "write"
	pull-requests: "write"
	deployments: "write"
	statuses: "write"
	packages: "write"

	uses: ./.github/workflows/publish.ci.yml
	secrets: inherit
	with:
	environment: snapshots
	gcp: true
	snapshot: true
	packages: true
	processor: true
	substrate: true
	conventions: true
	url: https://console.cloud.google.com/storage/browser/elide-snapshots/repository/v3

	##
	## Publish: Library OSSRH
	##

	publish-ossrh:
	name: "Publish: OSSRH"
	needs: [publish-snapshot]
	if: \|
	(
	contains(github.event.pull_request.labels.*.name, 'ci:publish') \|\|
	contains(github.event.head_commit.message, 'ci:publish')
	) && (
	false
	) && (
	startsWith(github.ref, 'refs/tags/v')
	)

	permissions:
	contents: "read"
	id-token: "write"
	checks: "write"
	pull-requests: "write"
	deployments: "write"
	statuses: "write"
	packages: "write"

	uses: ./.github/workflows/publish.ci.yml
	secrets: inherit
	with:
	environment: central
	snapshot: false
	repo: https://s01.oss.sonatype.org

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Release: `1.0-v3-alpha4-b9` #1495

Workflow file

Release: `1.0-v3-alpha4-b9` #1495

Jobs

Run details

Workflow file for this run

Release: 1.0-v3-alpha4-b9 #1495

Workflow file

Workflow file for this run

Release: `1.0-v3-alpha4-b9` #1495