CI: Refactor dependency-submission (#194)

* CI: Refactor dependency-submission * CI: Refactor signing --------- Co-authored-by: hfhbd <hfhbd@users.noreply.github.com>
hfhbd · Mar 22, 2024 · 531d9ca · 531d9ca
1 parent 9243ff3
commit 531d9ca
Show file tree

Hide file tree

Showing 5 changed files with 36 additions and 12 deletions.
diff --git a/.github/workflows/CD.yml b/.github/workflows/CD.yml
@@ -24,10 +24,6 @@ jobs:
  - name: Set environment for version
  run: long="${{ github.ref }}"; version=${long#"refs/tags/v"}; echo "version=${version}" >> $GITHUB_ENV
  - uses: actions/checkout@v4
- - uses: actions/setup-java@v4
- with:
- distribution: 'adopt'
- java-version: 17
  - uses: gradle/actions/setup-gradle@v3
  - name: Publish
  run: ./gradlew -Pversion=$version -Dorg.gradle.parallel=false --no-configuration-cache publish closeAndReleaseStagingRepository

diff --git a/.github/workflows/CI.yml b/.github/workflows/CI.yml
@@ -13,14 +13,13 @@ jobs:
  build:
  runs-on: macos-14
  permissions:
- contents: write
+ contents: read
  security-events: write
 
  steps:
  - uses: actions/checkout@v4
  - uses: gradle/actions/setup-gradle@v3
  with:
- dependency-graph: generate-and-submit
  gradle-home-cache-cleanup: true
  - name: Build with Gradle
  run: ./gradlew build

diff --git a/.github/workflows/Docs.yml b/.github/workflows/Docs.yml
@@ -20,9 +20,8 @@ jobs:
  url: ${{ steps.deployment.outputs.page_url }}
 
  steps:
- - uses: actions/configure-pages@v4
  - uses: actions/checkout@v4
- - uses: gradle/wrapper-validation-action@v2
+ - uses: actions/configure-pages@v4
  - uses: gradle/actions/setup-gradle@v3
  - name: Generate Docs
  run: ./gradlew dokkaHtmlMultiModule --no-configuration-cache

diff --git a/.github/workflows/dependencies.yml b/.github/workflows/dependencies.yml
@@ -0,0 +1,29 @@
+name: Dependency review for pull requests
+
+on:
+ push:
+ branches: [ main ]
+ pull_request:
+ branches: [ main ]
+
+jobs:
+ dependency-submission:
+ runs-on: ubuntu-latest
+
+ permissions:
+ contents: write
+
+ steps:
+ - uses: actions/checkout@v4
+ - name: Generate and submit dependency graph
+ uses: gradle/actions/dependency-submission@v3
+ with:
+ cache-encryption-key: ${{ secrets.GradleEncryptionKey }}
+
+ dependency-review:
+ runs-on: ubuntu-latest
+ needs: dependency-submission
+ if: github.event_name == 'pull_request'
+ steps:
+ - name: Perform dependency review
+ uses: actions/dependency-review-action@v4
diff --git a/gradle/build-logic/src/main/kotlin/publish.gradle.kts b/gradle/build-logic/src/main/kotlin/publish.gradle.kts
@@ -38,10 +38,11 @@ publishing {
 }
 
 signing {
- val signingKey: String? by project
- val signingPassword: String? by project
- useInMemoryPgpKeys(signingKey?.let { String(java.util.Base64.getDecoder().decode(it)).trim() }, signingPassword)
- sign(publishing.publications)
+ val signingKey = providers.gradleProperty("signingKey")
+ if (signingKey.isPresent) {
+ useInMemoryPgpKeys(signingKey.get(), providers.gradleProperty("signingPassword").get())
+ sign(publishing.publications)
+ }
 }
 
 // https://youtrack.jetbrains.com/issue/KT-46466