build(deps): bump gradle/actions from 4.4.0 to 4.4.1 (#1300) #693
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # SPDX-License-Identifier: Apache-2.0 | |
| name: Release Workflow | |
| on: | |
| push: | |
| # `v*` tags are used for production environment | |
| tags: | |
| - v* | |
| # `main` tag is used for integration environment | |
| branches: | |
| - main | |
| # Manual trigger with custom release tag | |
| workflow_dispatch: | |
| inputs: | |
| version: | |
| description: "Release tag:" | |
| type: string | |
| required: false | |
| publish: | |
| description: "Publish to registries?" | |
| type: boolean | |
| required: false | |
| default: true | |
| defaults: | |
| run: | |
| shell: bash | |
| permissions: | |
| id-token: write | |
| contents: read | |
| packages: write | |
| env: | |
| OWNER: hashgraph | |
| PACKAGE_NAME: hedera-block-node | |
| REGISTRY: ghcr.io | |
| GRADLE_EXEC: "ionice -c 2 -n 2 nice -n 19 ./gradlew " | |
| JAVA_DISTRIBUTION: "temurin" | |
| JAVA_VERSION: "21.0.6" | |
| DOCKER_MIRROR: "https://hub.mirror.docker.lat.ope.eng.hashgraph.io" | |
| BUILDKIT_VERSION: "v0.22.0" | |
| jobs: | |
| check-gradle: | |
| name: Gradle | |
| uses: ./.github/workflows/zxc-verify-gradle-build-determinism.yaml | |
| with: | |
| ref: ${{ github.event.inputs.ref || '' }} | |
| java-distribution: ${{ inputs.java-distribution || 'temurin' }} | |
| java-version: ${{ inputs.java-version || '21.0.6' }} | |
| package-protobuf-source: | |
| timeout-minutes: 5 | |
| needs: [check-gradle] | |
| runs-on: hiero-block-node-linux-medium | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1 | |
| with: | |
| egress-policy: audit | |
| - name: Checkout repository | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| fetch-depth: 0 | |
| - name: Extract version | |
| id: extract_version | |
| run: | | |
| VERSION=$(cat version.txt) | |
| echo "VERSION=${VERSION}" >> $GITHUB_ENV | |
| - name: Produce artifact | |
| working-directory: protobuf-sources | |
| run: scripts/build-bn-proto.sh -t "efb0134e921b32ed6302da9c93874d65492e876f" -v ${{ env.VERSION }} -o "block-node-protobuf" -i true -b "../src/main/proto/" # CN 0.62.2 | |
| - name: Upload artifact | |
| if: "${{ github.event_name != 'workflow_dispatch' || github.event.inputs.publish == 'true' }}" | |
| uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 | |
| with: | |
| name: block-node-protobuf-${{ env.VERSION }}.tgz | |
| path: ./protobuf-sources/block-node-protobuf-${{ env.VERSION }}.tgz | |
| if-no-files-found: error | |
| publish-app: | |
| timeout-minutes: 30 | |
| needs: [check-gradle] | |
| runs-on: hiero-block-node-linux-medium | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1 | |
| with: | |
| egress-policy: audit | |
| - name: Checkout repository | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| fetch-depth: 0 | |
| - name: Install JDK | |
| uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1 | |
| with: | |
| distribution: ${{ env.JAVA_DISTRIBUTION }} | |
| java-version: ${{ env.JAVA_VERSION }} | |
| - name: Build | |
| run: ${GRADLE_EXEC} clean assemble | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Set up Docker Qemu | |
| uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 | |
| with: | |
| driver-opts: network=host | |
| buildkitd-config-inline: | | |
| [registry."docker.io"] | |
| mirrors = ["${{ env.DOCKER_MIRROR }}"] | |
| version: ${{ env.BUILDKIT_VERSION }} | |
| - name: Extract version | |
| id: extract_version | |
| run: | | |
| VERSION=$(cat version.txt) | |
| echo "VERSION=${VERSION}" >> $GITHUB_ENV | |
| - name: Extract Source Date Epoch | |
| id: extract_source_date_epoch | |
| run: | | |
| SOURCE_DATE_EPOCH=$(git log -1 --pretty=%ct) | |
| echo "SOURCE_DATE_EPOCH=${SOURCE_DATE_EPOCH}" >> $GITHUB_ENV | |
| - name: Server - Build and push image | |
| uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 | |
| with: | |
| context: ./block-node/app/docker | |
| file: ./block-node/app/docker/Dockerfile | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| platforms: linux/amd64, linux/arm64 | |
| push: "${{ github.event_name != 'workflow_dispatch' || github.event.inputs.publish == 'true' }}" | |
| tags: ${{ env.REGISTRY }}/${{ github.repository }}:${{ env.VERSION }} | |
| build-args: | | |
| VERSION=${{ env.VERSION }} | |
| SOURCE_DATE_EPOCH=${{ env.SOURCE_DATE_EPOCH }} | |
| build-contexts: | | |
| distributions=./block-node/app/build/distributions | |
| publish-protobuf-jar: | |
| timeout-minutes: 30 | |
| needs: [check-gradle] | |
| runs-on: hiero-block-node-linux-medium | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1 | |
| with: | |
| egress-policy: audit | |
| - name: Checkout repository | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| fetch-depth: 0 | |
| - name: Install GnuPG Tools | |
| if: "${{ github.event_name != 'workflow_dispatch' || github.event.inputs.publish == 'true' }}" | |
| run: | | |
| if ! command -v gpg2 >/dev/null 2>&1; then | |
| echo "::group::Updating APT Repository Indices" | |
| sudo apt update | |
| echo "::endgroup::" | |
| echo "::group::Installing GnuPG Tools" | |
| sudo apt install -y gnupg2 | |
| echo "::endgroup::" | |
| fi | |
| - name: Import GPG key | |
| id: gpg_key | |
| uses: step-security/ghaction-import-gpg@c86c374c0659a6c2d1284bccf8af889e73ce8fe0 # v6.3.0 | |
| with: | |
| gpg_private_key: ${{ secrets.GPG_KEY_CONTENTS }} | |
| passphrase: ${{ secrets.GPG_KEY_PASSPHRASE }} | |
| git_config_global: true | |
| git_user_signingkey: true | |
| git_commit_gpgsign: true | |
| git_tag_gpgsign: true | |
| - name: Install JDK | |
| uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1 | |
| with: | |
| distribution: ${{ env.JAVA_DISTRIBUTION }} | |
| java-version: ${{ env.JAVA_VERSION }} | |
| - name: Build | |
| run: ${GRADLE_EXEC} clean assemble | |
| - name: Extract version | |
| id: extract_version | |
| run: | | |
| VERSION=$(cat version.txt) | |
| echo "VERSION=${VERSION}" >> $GITHUB_ENV | |
| - name: Publish protobuf jar to Maven Central | |
| if: "${{ github.event_name != 'workflow_dispatch' || github.event.inputs.publish == 'true' }}" | |
| env: | |
| NEXUS_USERNAME: ${{ secrets.SONATYPE_USERNAME }} | |
| NEXUS_PASSWORD: ${{ secrets.SONATYPE_PASSWORD }} | |
| # If VERSION is *-SNAPSHOT the publishing directs to Maven Central Snapshots, otherwise to Maven Central | |
| run: ./gradlew publishAggregationToCentralPortal -PpublishSigningEnabled=true | |
| publish-simulator: | |
| timeout-minutes: 30 | |
| needs: [check-gradle] | |
| runs-on: hiero-block-node-linux-medium | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1 | |
| with: | |
| egress-policy: audit | |
| - name: Checkout repository | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| fetch-depth: 0 | |
| - name: Install JDK | |
| uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1 | |
| with: | |
| distribution: ${{ env.JAVA_DISTRIBUTION }} | |
| java-version: ${{ env.JAVA_VERSION }} | |
| - name: Build | |
| run: ${GRADLE_EXEC} clean assemble | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Set up Docker Qemu | |
| uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 | |
| with: | |
| driver-opts: network=host | |
| buildkitd-config-inline: | | |
| [registry."docker.io"] | |
| mirrors = ["${{ env.DOCKER_MIRROR }}"] | |
| version: ${{ env.BUILDKIT_VERSION }} | |
| - name: Extract version | |
| id: extract_version | |
| run: | | |
| VERSION=$(cat version.txt) | |
| echo "VERSION=${VERSION}" >> $GITHUB_ENV | |
| # Build and push SIMULATOR image | |
| - name: Simulator - Prepare docker directory | |
| run: | | |
| ${GRADLE_EXEC} :simulator:copyDependenciesFolders | |
| - name: Simulator - Build and push image | |
| uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 | |
| with: | |
| context: ./simulator/build/docker | |
| file: ./simulator/build/docker/Dockerfile | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| platforms: linux/amd64, linux/arm64 | |
| push: "${{ github.event_name != 'workflow_dispatch' || github.event.inputs.publish == 'true' }}" | |
| tags: ${{ env.REGISTRY }}/${{ github.repository }}/simulator-image:${{ env.VERSION }} | |
| build-args: | | |
| VERSION=${{ env.VERSION }} | |
| helm-chart-release-app: | |
| timeout-minutes: 15 | |
| needs: publish-app | |
| runs-on: hiero-block-node-linux-medium | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1 | |
| with: | |
| egress-policy: audit | |
| - name: Checkout repository | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - name: Install Helm | |
| uses: azure/setup-helm@b9e51907a09c216f16ebe8536097933489208112 # v4.3.0 | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Extract version | |
| id: extract_version | |
| run: | | |
| VERSION=$(cat version.txt) | |
| echo "VERSION=${VERSION}" >> $GITHUB_ENV | |
| - name: Package helm chart | |
| run: | | |
| helm dependency update charts/block-node-server | |
| helm package charts/block-node-server | |
| - name: Push helm chart | |
| if: "${{ github.event_name != 'workflow_dispatch' || github.event.inputs.publish == 'true' }}" | |
| run: | | |
| helm push block-node-helm-chart-${{ env.VERSION }}.tgz oci://ghcr.io/hiero-ledger/hiero-block-node | |
| helm-chart-release-simulator: | |
| timeout-minutes: 15 | |
| needs: publish-simulator | |
| runs-on: hiero-block-node-linux-medium | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1 | |
| with: | |
| egress-policy: audit | |
| - name: Checkout repository | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - name: Install Helm | |
| uses: azure/setup-helm@b9e51907a09c216f16ebe8536097933489208112 # v4.3.0 | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Extract version | |
| id: extract_version | |
| run: | | |
| VERSION=$(cat version.txt) | |
| echo "VERSION=${VERSION}" >> $GITHUB_ENV | |
| - name: Simulator Chart - Package helm chart | |
| run: | | |
| helm dependency update charts/blockstream-simulator | |
| helm package charts/blockstream-simulator | |
| - name: Simulator Chart - Push helm chart | |
| if: "${{ github.event_name != 'workflow_dispatch' || github.event.inputs.publish == 'true' }}" | |
| run: | | |
| helm push blockstream-simulator-chart-${{ env.VERSION }}.tgz oci://ghcr.io/hiero-ledger/hiero-block-node |