Skip to content

Commit 708d55a

Browse files
authored
Merge pull request #1339 from qbicsoftware/release/1.12.0
Release 1.12.0
2 parents 86e8518 + c888269 commit 708d55a

144 files changed

Lines changed: 10239 additions & 2338 deletions

File tree

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

.github/workflows/create-release.yml

Lines changed: 19 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,10 @@ on:
66
versionTag:
77
description: 'Version Tag (semantic version)'
88
required: true
9-
9+
permissions:
10+
id-token: write # This is required for requesting the JWT
11+
contents: read # This is required for actions/checkout
12+
attestations: write # required for provenance
1013
jobs:
1114
release:
1215
runs-on: ubuntu-latest
@@ -28,6 +31,14 @@ jobs:
2831
restore-keys: |
2932
${{ runner.os }}-maven-
3033
34+
- name: Debug OIDC (get a token)
35+
uses: actions/github-script@v7
36+
with:
37+
script: |
38+
const token = await core.getIDToken('sigstore'); // audience example
39+
core.setSecret(token);
40+
console.log('OIDC token acquired. Length:', token.length);
41+
3142
- name: Set up git
3243
run: |
3344
git config --global user.email "support@qbic.zendesk.com"
@@ -68,8 +79,14 @@ jobs:
6879
prerelease: true
6980
});
7081
82+
# Generate provenance (SLSA attestation) for all JARs
83+
- name: Generate SLSA build provenance
84+
uses: actions/attest-build-provenance@v1
85+
with:
86+
subject-path: "**/target/*.jar"
87+
7188
- name: Publish artefact to QBiC Nexus Repository
72-
run: VAADIN_OFFLINE_KEY=${{ secrets.VAADIN_SERVER_23_2 }} mvn --quiet --settings $GITHUB_WORKSPACE/.github.settings.xml -Pproduction -Dvaadin.force.production.build=true deploy
89+
run: VAADIN_OFFLINE_KEY=${{ secrets.VAADIN_SERVER_23_2 }} mvn --quiet --settings $GITHUB_WORKSPACE/.github.settings.xml -Pproduction -DskipTests -Dvaadin.force.production.build=true deploy
7390
env:
7491
MAVEN_REPO_USERNAME: ${{ secrets.NEXUS_USERNAME }}
7592
MAVEN_REPO_PASSWORD: ${{ secrets.NEXUS_PASSWORD }}

.github/workflows/nexus-publish-snapshots.yml

Lines changed: 18 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,10 @@ on:
88
push:
99
branches:
1010
- development
11-
11+
permissions:
12+
id-token: write # This is required for requesting the JWT
13+
contents: read # This is required for actions/checkout
14+
attestations: write # required for provenance
1215
jobs:
1316
publish_snapshot:
1417

@@ -17,6 +20,13 @@ jobs:
1720
steps:
1821
- name: Checkout repository
1922
uses: actions/checkout@v5
23+
- name: Debug OIDC (get a token)
24+
uses: actions/github-script@v7
25+
with:
26+
script: |
27+
const token = await core.getIDToken('sigstore'); // audience example
28+
core.setSecret(token);
29+
console.log('OIDC token acquired. Length:', token.length);
2030
- name: Set up JDK 21
2131
uses: actions/setup-java@v5
2232
with:
@@ -41,8 +51,14 @@ jobs:
4151
- name: Build with Maven
4252
run: VAADIN_OFFLINE_KEY=${{ secrets.VAADIN_SERVER_23_2 }} mvn -B package -Pproduction -Dvaadin.force.production.build=true --file pom.xml
4353

54+
# Generate provenance (SLSA attestation) for all JARs
55+
- name: Generate SLSA build provenance
56+
uses: actions/attest-build-provenance@v1
57+
with:
58+
subject-path: "**/target/*.jar"
59+
4460
- name: Publish artefact to QBiC Nexus Repository
45-
run: VAADIN_OFFLINE_KEY=${{ secrets.VAADIN_SERVER_23_2 }} mvn --quiet --settings $GITHUB_WORKSPACE/.github.settings.xml -Pproduction -Dvaadin.force.production.build=true deploy
61+
run: VAADIN_OFFLINE_KEY=${{ secrets.VAADIN_SERVER_23_2 }} mvn --quiet --settings $GITHUB_WORKSPACE/.github.settings.xml -Pproduction -Dvaadin.force.production.build=true -DskipTests deploy
4662
env:
4763
MAVEN_REPO_USERNAME: ${{ secrets.NEXUS_USERNAME }}
4864
MAVEN_REPO_PASSWORD: ${{ secrets.NEXUS_PASSWORD }}

.github/workflows/run_tests.yml

Lines changed: 10 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -7,14 +7,23 @@ on:
77
pull_request:
88
# The branches below must be a subset of the branches above
99
branches: [ main, master ]
10-
10+
permissions:
11+
id-token: write # This is required for requesting the JWT
12+
contents: read # This is required for actions/checkout
1113
jobs:
1214
test:
1315
runs-on: ubuntu-latest
1416

1517
steps:
1618
- name: Checkout repository
1719
uses: actions/checkout@v5
20+
- name: Debug OIDC (get a token)
21+
uses: actions/github-script@v7
22+
with:
23+
script: |
24+
const token = await core.getIDToken('sigstore'); // audience example
25+
core.setSecret(token);
26+
console.log('OIDC token acquired. Length:', token.length);
1827
- name: Set up JDK 21
1928
uses: actions/setup-java@v5
2029
with:

0 commit comments

Comments
 (0)