11name : Build
22on :
33 push :
4- pull_request_target :
5- types : [labeled]
4+ pull_request :
65
76env :
87 JAVA_VERSION : 25
@@ -14,18 +13,18 @@ defaults:
1413jobs :
1514 build :
1615 name : Build and Test
17- runs-on : windows-latest
16+ runs-on : windows-2022
1817 permissions :
1918 contents : read
2019 id-token : write # OIDC token for the attestations step
2120 attestations : write # Required for the attestations step
2221 outputs :
2322 sha256 : ${{ steps.checksums.outputs.sha256 }}
2423 steps :
25- - uses : actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 .0.2
24+ - uses : actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 .0.0
2625 with :
2726 fetch-depth : 0 # deep fetch for better sonarcloud analysis
28- - uses : actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2 .0
27+ - uses : actions/setup-java@ad2b38190b15e4d6bdf0c97fb4fca8412226d287 # v5.3 .0
2928 with :
3029 distribution : ' temurin'
3130 java-version : ${{ env.JAVA_VERSION }}
3736 run : ./mvnw -B test --no-transfer-progress -DdevCommandFileDir="${{ vars.MSVC_DEV_FILES_DIR }}"
3837 - name : Sign DLLs with Azure Trusted Signing
3938 if : startsWith(github.ref, 'refs/tags/')
40- uses : azure/artifact-signing-action@db7a3a6bd3912025c705162fb7475389f5b69ec6 # v1 .0.0
39+ uses : azure/artifact-signing-action@c7ab2a863ab5f9a846ddb8265964877ef296ee82 # v2 .0.0
4140 with :
4241 files : |
4342 ${{ github.workspace }}\src\main\resources\integrations-x64.dll
@@ -79,27 +78,27 @@ jobs:
7978 "@ | Out-File -FilePath $env:GITHUB_OUTPUT -Encoding utf8 -Append
8079 - name : Attest
8180 if : startsWith(github.ref, 'refs/tags/')
82- uses : actions/attest-build-provenance@96278af6caaf10aea03fd8d33a09a777ca52d62f # v3.2 .0
81+ uses : actions/attest-build-provenance@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32 # v4.1 .0
8382 with :
8483 subject-path : |
8584 target/*.jar
8685 target/*.pom
87- - uses : actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6 .0.0
86+ - uses : actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7 .0.1
8887 with :
8988 name : artifacts
9089 path : target/*.jar
9190
9291 deploy-central :
9392 name : Deploy to Maven Central
94- runs-on : windows-latest
93+ runs-on : windows-2022
9594 permissions :
9695 id-token : write # OIDC token for sigstore signing
9796 contents : read # Required for sigstore signing
9897 needs : [build]
9998 if : github.repository_owner == 'cryptomator' && (startsWith(github.ref, 'refs/tags/') || contains(github.event.head_commit.message, '[deploy]'))
10099 steps :
101- - uses : actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 .0.2
102- - uses : actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2 .0
100+ - uses : actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 .0.0
101+ - uses : actions/setup-java@ad2b38190b15e4d6bdf0c97fb4fca8412226d287 # v5.3 .0
103102 with :
104103 distribution : ' temurin'
105104 java-version : ${{ env.JAVA_VERSION }}
@@ -116,10 +115,10 @@ jobs:
116115 PROJECT_VERSION=$(./mvnw help:evaluate "-Dexpression=project.version" -q -DforceStdout)
117116 test "${PROJECT_VERSION: -9}" = "-SNAPSHOT"
118117 - name : Download JAR with signed DLLs
119- uses : actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7 .0.0
118+ uses : actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8 .0.1
120119 with :
121120 name : artifacts
122- - name : Extract DLLs from JAR
121+ - name : Extract singed DLLs from JAR into src dir, skipping native compile
123122 run : |
124123 JAR_PATH=$(ls ./*.jar | grep -v -E '(-sources|-javadoc)\.jar$' | head -n1)
125124 jar --extract --file="$JAR_PATH" --dir ./src/main/resources integrations-x64.dll integrations-arm64.dll
@@ -134,16 +133,16 @@ jobs:
134133
135134 deploy-github :
136135 name : Deploy to GitHub Packages
137- runs-on : windows-latest
136+ runs-on : windows-2022
138137 permissions :
139138 packages : write # Required for the deploy to GitHub Packages step
140139 id-token : write # OIDC token for sigstore signing
141140 contents : read # Required for sigstore signing
142141 needs : [build]
143142 if : github.repository_owner == 'cryptomator' && (startsWith(github.ref, 'refs/tags/') || contains(github.event.head_commit.message, '[deploy]'))
144143 steps :
145- - uses : actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 .0.2
146- - uses : actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2 .0
144+ - uses : actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 .0.0
145+ - uses : actions/setup-java@ad2b38190b15e4d6bdf0c97fb4fca8412226d287 # v5.3 .0
147146 with :
148147 java-version : ${{ env.JAVA_VERSION }}
149148 distribution : ' temurin'
@@ -157,10 +156,10 @@ jobs:
157156 PROJECT_VERSION=$(./mvnw help:evaluate "-Dexpression=project.version" -q -DforceStdout)
158157 test "${PROJECT_VERSION: -9}" = "-SNAPSHOT"
159158 - name : Download JAR with signed DLLs
160- uses : actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7 .0.0
159+ uses : actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8 .0.1
161160 with :
162161 name : artifacts
163- - name : Extract DLLs from JAR
162+ - name : Extract singed DLLs from JAR into src dir, skipping native compile
164163 run : |
165164 JAR_PATH=$(ls ./*.jar | grep -v -E '(-sources|-javadoc)\.jar$' | head -n1)
166165 jar --extract --file="$JAR_PATH" --dir ./src/main/resources integrations-x64.dll integrations-arm64.dll
@@ -181,7 +180,7 @@ jobs:
181180 if : startsWith(github.ref, 'refs/tags/')
182181 steps :
183182 - name : Create Release
184- uses : softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b # v2.5.0
183+ uses : softprops/action-gh-release@718ea10b132b3b2eba29c1007bb80653f286566b # v3.0.1
185184 with :
186185 prerelease : true
187186 token : ${{ secrets.CRYPTOBOT_RELEASE_TOKEN }}
0 commit comments