Skip to content
Scala CI & Release

internal audit #135

Sign in to view logs

internal audit

internal audit #135

Workflow file for this run

.github/workflows/scala.yml at 1b05bc1
name: Scala CI & Release
on:
push:
branches: [ main ]
tags: [ 'v*' ]
pull_request:
branches: [ main ]
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Set up JDK 21
uses: actions/setup-java@v4
with:
distribution: 'temurin'
java-version: '21'
cache: 'sbt'
- name: Set up sbt
uses: sbt/setup-sbt@v1
- name: Cache Scala Native dependencies
uses: actions/cache@v4
with:
path: |
~/.cache/coursier
~/.ivy2/cache
~/.sbt
key: ${{ runner.os }}-scala-native-${{ hashFiles('**/build.sbt', 'project/**/*.scala', 'project/build.properties') }}
restore-keys: |
${{ runner.os }}-scala-native-
- name: Run all checks (style, formatting, API compatibility)
run: sbt check
- name: Run tests with coverage on JVM
run: sbt coverage valarCoreJVM/test valarMunitJVM/test valarTranslatorJVM/test coverageReport
- name: Run all tests on Scala Native
run: sbt valarCoreNative/test valarMunitNative/test valarTranslatorNative/test
- name: Check documentation (mdoc)
run: sbt "valarCoreJVM/mdoc --check"
- name: Upload coverage to Codecov
uses: codecov/codecov-action@v4
with:
files: ./valar-core/jvm/target/scala-3.7.1/scoverage-report/scoverage.xml,./valar-munit/jvm/target/scala-3.7.1/scoverage-report/scoverage.xml,./valar-translator/jvm/target/scala-3.7.1/scoverage-report/scoverage.xml
flags: unittests
name: codecov-valar
fail_ci_if_error: false
# Publish job: Runs only on tag pushes, publishes to Sonatype, creates GitHub release
publish:
if: startsWith(github.ref, 'refs/tags/') # Only run on tags like v0.2.0
needs: build # Depends on the build job succeeding
runs-on: ubuntu-latest
permissions:
contents: write
id-token: write
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 0 # Fetch full history for dynver/release notes
- name: Set up JDK 21
uses: actions/setup-java@v4
with:
distribution: 'temurin'
java-version: '21'
cache: 'sbt'
- name: Set up sbt launcher
uses: sbt/setup-sbt@v1
- name: Import GPG key
id: import_gpg
uses: crazy-max/ghaction-import-gpg@v6
with:
gpg_private_key: ${{ secrets.PGP_SECRET }}
passphrase: ${{ secrets.PGP_PASSPHRASE }}
- name: Debug Secrets Availability
run: |
echo "Checking SONATYPE_USERNAME..."
if [ -z "$SONATYPE_USERNAME" ]; then
echo "SONATYPE_USERNAME is empty or not set in the environment."
else
echo "SONATYPE_USERNAME is SET in the environment."
fi
echo "Checking SONATYPE_PASSWORD..."
if [ -z "$SONATYPE_PASSWORD" ]; then
echo "SONATYPE_PASSWORD is empty or not set in the environment."
else
echo "SONATYPE_PASSWORD is SET in the environment."
fi
env:
SONATYPE_USERNAME: ${{ secrets.SONATYPE_USERNAME }}
SONATYPE_PASSWORD: ${{ secrets.SONATYPE_PASSWORD }}
# --- ADDED: Publish to Sonatype and create GitHub Release ---
- name: Publish release
# It typically handles:
# - PGP signing (using sbt-pgp settings, finds key via GPG agent)
# - Publishing artifacts (JAR, sources, javadoc, POM, signatures)
# - Staging the release on Sonatype
# - Closing and releasing the staging repository on Sonatype
# - Creating a GitHub Release for the tag
env:
PGP_PASSPHRASE: ${{ secrets.PGP_PASSPHRASE }} # Passphrase for GPG key
SONATYPE_USERNAME: ${{ secrets.SONATYPE_USERNAME }} # Sonatype username/token
SONATYPE_PASSWORD: ${{ secrets.SONATYPE_PASSWORD }} # Sonatype password/token
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Token for creating GitHub release
run: sbt +publishSigned sonatypeCentralUpload