diff --git a/.github/workflows/github-actions-demo.yml b/.github/workflows/github-actions-demo.yml new file mode 100644 index 0000000..613ceeb --- /dev/null +++ b/.github/workflows/github-actions-demo.yml @@ -0,0 +1,113 @@ +name: GitHub Actions Demo +run-name: ${{ github.actor }} is testing out GitHub Actions 🚀 +on: [push] +env: + GH_TOKEN: ${{ github.token }} +permissions: + id-token: write + actions: read +jobs: + Another-Job: + runs-on: ubuntu-latest + steps: + - run: echo "🎉 The job was automatically triggered by a ${{ github.event_name }} event." + - name: get the job details + run: | + echo ${{ github.run_id }} + echo ${{ github.run_number }} + echo ${{ github.run_attempt }} + echo ${{ github.action }} + echo ${{ github.job }} + gh api \ + -H "Accept: application/vnd.github+json" \ + -H "X-GitHub-Api-Version: 2022-11-28" \ + /repos/${{ github.repository }}/actions/runs/${{ github.run_id }}/jobs + Explore-GitHub-Actions: + name: Another-Job + runs-on: ubuntu-latest + steps: + # - run: echo "🎉 The job was automatically triggered by a ${{ github.event_name }} event." + # - run: echo "🐧 This job is now running on a ${{ runner.os }} server hosted by GitHub!" + # - run: echo "🔎 The name of your branch is ${{ github.ref }} and your repository is ${{ github.repository }}." + # - name: Check out repository code + # uses: actions/checkout@v4 + # - run: echo "💡 The ${{ github.repository }} repository has been cloned to the runner." + # - run: echo "🖥️ The workflow is now ready to test your code on the runner." + # - name: List files in the repository + # run: | + # ls ${{ github.workspace }} + - run: echo "🍏 This job's status is ${{ job.status }}." + # - name: Show the OIDC token + # run: | + # echo token: $ACTIONS_ID_TOKEN_REQUEST_TOKEN + # echo url: $ACTIONS_ID_TOKEN_REQUEST_URL + # curl -H "Authorization: bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" "$ACTIONS_ID_TOKEN_REQUEST_URL" | jq '.value' + + - name: get the job details + run: | + echo ${{ github.run_id }} + echo ${{ github.run_number }} + echo ${{ github.run_attempt }} + echo ${{ github.action }} + echo ${{ github.job }} + gh api \ + -H "Accept: application/vnd.github+json" \ + -H "X-GitHub-Api-Version: 2022-11-28" \ + /repos/${{ github.repository }}/actions/runs/${{ github.run_id }}/jobs + - name: check if self-hostedX + run: | + gh api \ + -H "Accept: application/vnd.github+json" \ + -H "X-GitHub-Api-Version: 2022-11-28" \ + /repos/${{ github.repository }}/actions/runs/${{ github.run_id }}/jobs \ + | jq '.jobs.[].labels' | jq -es 'flatten | any(. == "self-hostedX") | not' >/dev/null \ + && echo success || echo failure + - name: check if self-hostedX + run: | + pwd + ls -lahR + - name: debug + run: | + assert_false() { + local actual="$1" + local msg="${2-}" + + assert_eq false "$actual" "$msg" + return "$?" + } + + assert_eq() { + local expected="$1" + local actual="$2" + local msg="${3-}" + + if [ "$expected" == "$actual" ]; then + return 0 + else + ([ "${#msg}" -gt 0 ] && log_failure "$expected == $actual :: $msg") || true + return 1 + fi + } + + log_failure() { + printf "${RED}✖ %s${NORMAL}\n" "$@" >&2 + } + + TARGET_LABEL="self-hosted" + echo target Label: "$TARGET_LABEL" + + JOB_LABLES=$(gh api \ + -H "Accept: application/vnd.github+json" \ + -H "X-GitHub-Api-Version: 2022-11-28" \ + /repos/${{ github.repository }}/actions/runs/${{ github.run_id }}/jobs \ + | jq '.jobs[].labels' | jq -s 'flatten' + ) + echo Job Labels: "$JOB_LABLES" + + HAS_TARGET_LABEL=$(echo $JOB_LABLES | jq -r 'any(. == "$TARGET_LABEL")') + + assert_false "$HAS_TARGET_LABEL" "expected HAS_TARGET_LABEL: false, actual: $HAS_TARGET_LABEL" + + +# /repos/${{ github.repository }}/actions/jobs/${{ github.job }} + diff --git a/.github/workflows/gradle-build.yml b/.github/workflows/gradle-build.yml new file mode 100644 index 0000000..79bb643 --- /dev/null +++ b/.github/workflows/gradle-build.yml @@ -0,0 +1,26 @@ +name: Run Gradle on PRs +on: [pull_request] +jobs: + gradle: + strategy: + matrix: + os: [ubuntu-latest] + runs-on: ${{ matrix.os }} + steps: + - uses: actions/checkout@v4 + - uses: actions/setup-java@v4 + with: + distribution: temurin + java-version: 11 + + - name: Setup Gradle + uses: gradle/gradle-build-action@v3 + + - name: Execute Gradle build + run: ./gradlew build + + - name: Upload Artifact + uses: actions/upload-artifact@v4 + with: + name: app + path: ${{ github.workspace }}/app/build/libs/app.jar diff --git a/.github/workflows/slsa-gradle-build.yml b/.github/workflows/slsa-gradle-build.yml new file mode 100644 index 0000000..61845f0 --- /dev/null +++ b/.github/workflows/slsa-gradle-build.yml @@ -0,0 +1,23 @@ +name: SLSA Provenance with Gradle builder +on: [workflow_dispatch, push] + +permissions: read-all + +jobs: + build: + # runs-on: self-hosted # not allowed whe using a resuable workflow + permissions: + id-token: write + contents: read + actions: read + # uses: slsa-framework/slsa-github-generator/.github/workflows/builder_gradle_slsa3.yml@v1.9.0 + uses: ramonpetgrave64/slsa-github-generator/.github/workflows/builder_gradle_slsa3.yml@ramonpetgrave64-gradle-fix + with: + artifact-list: >- + ./build/app/libs/app.jar, + ./build/app/classes/java/main/my/example/gradle/project/App.class, + + other-job: + runs-on: self-hosted + steps: + - run: echo hello diff --git a/app/build.gradle.kts b/app/build.gradle.kts index 9bd7a30..9700233 100644 --- a/app/build.gradle.kts +++ b/app/build.gradle.kts @@ -41,3 +41,12 @@ tasks.named("test") { // Use JUnit Platform for unit tests. useJUnitPlatform() } + +tasks.register("copySubProjectBuild") { + from(layout.buildDirectory) + into("${rootProject.projectDir}/build/${project.name}") +} + +tasks.named("build") { + finalizedBy("copySubProjectBuild") +} \ No newline at end of file