.github/workflows/maven.yml

name: Java CI with Maven

on:
  push:
    branches:
      - 'main'
      - 'release-*'
    tags:
      - "v*.*.*"
  pull_request:

# TODO: only request needed permissions
permissions: write-all

jobs:
  build:
    # TODO: systemd in docker fails on 22.04, stay on 20.04 for now
    runs-on: ubuntu-20.04
    env:
      GITHUB_ACTOR: ${{ github.actor }}
      GITHUB_TOKEN: ${{ github.token }}
      # usernames are stored as secrets, so we have all authentication information together as one type
      OSSRH_USERNAME: ${{ secrets.OSSRH_USERNAME }}
      OSSRH_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
      DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
      DOCKERHUB_PASSWORD: ${{ secrets.DOCKERHUB_PASSWORD }}
      # support dockerhub organizations. If none is present, use the dockerhub username
      DOCKERHUB_ORGANIZATION: ${{ secrets.DOCKERHUB_ORGANIZATION == null && secrets.DOCKERHUB_USERNAME || secrets.DOCKERHUB_ORGANIZATION }}

    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0
      - name: Install tools from asdf config
        uses: asdf-vm/actions/install@v3
      - name: set java home
        run: echo "JAVA_HOME=$(dirname $( cd -P "$( dirname "$(asdf which java)" )" && pwd ))" >> $GITHUB_ENV
      - id: lowercase-repository-owner
        name: lowercase repository owner
        uses: ASzc/change-string-case-action@v6
        with:
          string: ${{ github.repository_owner }}
      - uses: s4u/maven-settings-action@v3.1.0
        if: env.DOCKERHUB_USERNAME == null
        with:
          servers: '[{"id": "ossrh", "username": "${env.OSSRH_USERNAME}", "password": "${env.OSSRH_PASSWORD}"},
                     {"id": "ghcr.io", "username": "${env.GITHUB_ACTOR}", "password": "${env.GITHUB_TOKEN}"}]'
      - uses: s4u/maven-settings-action@v3.1.0
        if: env.DOCKERHUB_USERNAME != null
        with:
          servers: '[{"id": "ossrh", "username": "${env.OSSRH_USERNAME}", "password": "${env.OSSRH_PASSWORD}"},
                     {"id": "ghcr.io", "username": "${env.GITHUB_ACTOR}", "password": "${env.GITHUB_TOKEN}"},
                     {"id": "registry-1.docker.io", "username": "${env.DOCKERHUB_USERNAME}", "password": "${env.DOCKERHUB_PASSWORD}"}]'
      - name: Deploy
        run: SIGN_KEY=${{ secrets.GPG_SECRET_KEYS }} SIGN_KEY_PASS=$(echo ${{ secrets.GPG_PASSPHRASE }} | base64 --decode) ./mvnw --no-transfer-progress -B ${MAVEN_PHASE} -Dgithub.repository=${{ github.repository }} -Dversioning.disable=false -Ddist.oci.registry=ghcr.io/${{ steps.lowercase-repository-owner.outputs.lowercase }}/
        env:
          # Never deploy PRs
          MAVEN_PHASE: ${{ github.event_name == 'pull_request' && 'install' || 'deploy' }}
      - name: tag main branch as latest
        if: github.ref_name == 'main'
        run: git tag -f latest
      - name: push latest tag
        if: github.ref_name == 'main'
        run: git push -f origin latest
      - name: Extract release notes
        if: github.ref_name == 'main' || github.ref_type == 'tag'
        id: extract-release-notes
        uses: ffurrer2/extract-release-notes@v2
        with:
          prerelease: ${{ github.ref_type != 'tag' }}
      - name: Release
        if: github.ref_name == 'main' || github.ref_type == 'tag'
        uses: softprops/action-gh-release@v2
        with:
          body: ${{ steps.extract-release-notes.outputs.release_notes }}
          files: |
            saic-java-api-cli/target/saic-ismart-cli-*-full.jar
            saic-java-api-gateway/target/saic-ismart-http-gateway-*-full.jar
            saic-java-mqtt-gateway/target/saic-ismart-mqtt-gateway-*-full.jar
            saic-java-mqtt-gateway/target/saic-ismart-mqtt-gateway-*.deb
          prerelease: ${{ github.ref_type != 'tag' }}
          tag_name: ${{ github.ref_type == 'tag' && github.ref_name || 'latest' }}