change some secret ref names #9741

Workflow file for this run

	name: Java CI with Gradle
	on: [push, pull_request]
	jobs:
	set-env-vars:
	runs-on: ubuntu-20.04
	steps:
	- uses: actions/checkout@v2
	- uses: FranzDiebold/github-env-vars-action@v2.1.0
	- name: Parse SemVer if tagged build
	id: semver_parser
	uses: booxmedialtd/ws-action-parse-semver@v1.4.2
	with:
	input_string: ${{ env.CI_REF_NAME }}
	version_extractor_regex: "v(.*)$"
	if: contains( github.ref, 'refs/tags/v' )
	- name: set version var for tags and update path for releases
	id: tagged
	run: \|
	echo "GHA_VERSION=${{ steps.semver_parser.outputs.fullversion }}+$GITHUB_RUN_NUMBER" >> $GITHUB_ENV && \
	echo "UPDATE_PATH=release" >> $GITHUB_ENV && \
	echo "PRERELEASE_BOOL=false" >> $GITHUB_ENV
	if: contains( github.ref, 'refs/tags/v' )
	- name: If this is a tagged pre-release build set pre-release label and update path
	id: prerelease
	run: \|
	echo "PRERELEASE_BOOL=true" >> $GITHUB_ENV && \
	echo "UPDATE_PATH=pre-release-updates/${{ steps.semver_parser.outputs.prerelease }}" >> $GITHUB_ENV
	if: ${{ steps.semver_parser.outputs.prerelease }}
	- name: set version var for not-tags and upload dir for branches
	run: \|
	echo "GHA_VERSION=$(cat VERSION)+$GITHUB_RUN_NUMBER" >> $GITHUB_ENV && \
	echo "UPDATE_PATH=$CI_REF_NAME_SLUG" >> $GITHUB_ENV
	if: ${{ steps.tagged.outcome == 'skipped' }}
	- name: set s3 destination_dir
	run: echo "S3_DESTINATION=$CI_REPOSITORY_OWNER/$CI_REPOSITORY_NAME/$UPDATE_PATH" >> $GITHUB_ENV
	- name: output env vars
	id: output_env_vars_step
	run: \|
	echo "GHA_VERSION=$GHA_VERSION" >> $GITHUB_OUTPUT
	echo "UPDATE_PATH=$UPDATE_PATH" >> $GITHUB_OUTPUT
	echo "PRERELEASE_BOOL=$PRERELEASE_BOOL" >> $GITHUB_OUTPUT
	echo "S3_DESTINATION=$S3_DESTINATION" >> $GITHUB_OUTPUT
	- name: Source secrets
	uses: 1password/load-secrets-action@v2
	with:
	export-env: true
	env:
	OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
	MAC_SIGNING_KEY_BASE64: "op://DevOps/Orature CI_CD/Mac-Cert-and-Signing-Key/B64_CERT_AND_SIGNING"
	MAC_APP_STORE_NOTARY_API_KEY: "op://DevOps/Orature CI_CD/App-Store-Connect-API-Key/app-store-connect-private-key.p8"
	INSTALL4J_LICENSE_11: "op://Shared-IT-Development/install4j license keys and upgrade info/ORATURE-I4F-LICENSE"
	MAC_KEYSTORE_PW: "op://DevOps/Orature CI_CD/MAC-P12-SIGNING-PASSWORD"
	ORG_GRADLE_PROJECT_githubOauthToken: "op://DevOps/Orature CI_CD/CRASH_REPORTS_OAUTH_TOKEN"
	ORG_GRADLE_PROJECT_sentryDsn: "op://Shared-IT-Development/Sentry Token - Otter - Orature/TOKEN"
	SONAR_TOKEN: "op://Shared-IT-Development/SonarQube Admin Login/ORATURE-SONAR-TOKEN"
	MAC_NOTARY_ISSUER: "op://DevOps/Orature CI_CD/MAC_NOTARY_ISSUER"
	MAC_NOTARY_KEY_ID: "op://DevOps/Orature CI_CD/MAC_NOTARY_KEY_ID"
	AZURE_TENANT_ID: "op://AppDev Scripture Accessibility/azure-codesign-secrets/tenant-id"
	AZURE_CLIENT_ID: "op://AppDev Scripture Accessibility/azure-codesign-secrets/client-id"
	AZURE_CLIENT_SECRET: "op://AppDev Scripture Accessibility/azure-codesign-secrets/client-secret"
	AZURE_CODE_SIGNING_ACCOUNT_NAME: "op://AppDev Scripture Accessibility/azure-codesign-secrets/code-signing-account-name"
	AZURE_CERTIFICATE_PROFILE_NAME: "op://AppDev Scripture Accessibility/azure-codesign-secrets/certificate-profile-name"
	AWS_KEY_ID: "op://DevOps/travis-nightlybuilds aws s3 api access for travis uploads/S3_ACCESS_KEY_ID"
	AWS_SECRET_ACCESS_KEY: "op://DevOps/travis-nightlybuilds aws s3 api access for travis uploads/S3_SECRET_ACCESS_KEY"
	AWS_BUCKET: "op://DevOps/travis-nightlybuilds aws s3 api access for travis uploads/S3_BUCKET"

	outputs:
	GHA_VERSION: ${{ steps.output_env_vars_step.outputs.GHA_VERSION }}
	UPDATE_PATH: ${{ steps.output_env_vars_step.outputs.UPDATE_PATH }}
	PRERELEASE_BOOL: ${{ steps.output_env_vars_step.outputs.PRERELEASE_BOOL }}
	S3_DESTINATION: ${{ steps.output_env_vars_step.outputs.S3_DESTINATION }}

	build:
	runs-on: ubuntu-20.04
	needs: set-env-vars
	steps:
	- name: Write mac secrets for i4j
	shell: bash
	run: \|
	echo -n $MAC_SIGNING_KEY_BASE64 \| base64 -d > $HOME/signing_macos.p12 && echo -n $MAC_APP_STORE_NOTARY_API_KEY > $HOME/mac_app_notary_key.p8
	env:
	MAC_SIGNING_KEY_BASE64: ${{ env.MAC_SIGNING_KEY_BASE64 }}
	MAC_APP_STORE_NOTARY_API_KEY: ${{ env.MAC_APP_STORE_NOTARY_API_KEY }}
	- name: install4j build
	shell: bash
	run: \|
	docker run -v $(pwd):/repo \
	-v $HOME/signing_macos.p12:/root/signing_macos.p12 \
	-v $HOME/mac_app_notary_key.p8:/root/mac_app_notary_key.p8 \
	-e UPDATE_PATH \
	-e ORG_GRADLE_PROJECT_gradlewCommandVersionProp \
	-e ORG_GRADLE_PROJECT_gradlewCommandLicenseProp \
	-e ORG_GRADLE_PROJECT_githubRepoUrl \
	-e ORG_GRADLE_PROJECT_gradlewmacKeystorePassword \
	-e ORG_GRADLE_PROJECT_ \
	-e ORG_GRADLE_PROJECT_githubOauthToken \
	-e ORG_GRADLE_PROJECT_sentryDsn \
	-e GITHUB_TOKEN \
	-e SONAR_TOKEN \
	-e MAC_NOTARY_ISSUER \
	-e MAC_NOTARY_KEY_ID \
	wycliffeassociates/install4j-docker:11.0 \
	./gradlew build :jvm:workbookapp:install4jdeploy "-Dorg.gradle.jvmargs=-Xmx2048m -Dnet.bytebuddy.experimental=true -XX:MaxMetaspaceSize=1024m"
	env:
	UPDATE_PATH: ${{ needs.set-env-vars.outputs.UPDATE_PATH }}
	ORG_GRADLE_PROJECT_gradlewCommandVersionProp: ${{ needs.set-env-vars.outputs.GHA_VERSION }}
	ORG_GRADLE_PROJECT_gradlewCommandLicenseProp: ${{ env.INSTALL4J_LICENSE_11 }}
	ORG_GRADLE_PROJECT_githubRepoUrl: https://api.github.com/repos/OratureCrashReports/orature-crash-reports/issues
	ORG_GRADLE_PROJECT_gradlewmacKeystorePassword: ${{ env.MAC_KEYSTORE_PW }}
	ORG_GRADLE_PROJECT_githubOauthToken: ${{ env.ORG_GRADLE_PROJECT_githubOauthToken }}
	ORG_GRADLE_PROJECT_sentryDsn: ${{ env.ORG_GRADLE_PROJECT_sentryDsn }}
	SONAR_TOKEN: ${{ env.SONAR_TOKEN }}
	MAC_NOTARY_ISSUER: ${{ env.MAC_NOTARY_ISSUER }}
	MAC_NOTARY_KEY_ID: ${{ env.MAC_NOTARY_KEY_ID }}
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

	- name: Dump container to artifact
	if: ${{ failure() }}
	uses: actions/upload-artifact@v3
	with:
	name: build-container
	path: $(pwd)
	retention-days: 2

	- name: cache binaries
	uses: actions/upload-artifact@v4
	with:
	name: unsigned-binaries
	include-hidden-files: true
	path: jvm/workbookapp/.exec/
	sign-windows:
	runs-on: windows-latest
	needs: build
	steps:
	- name: Checkout
	uses: actions/checkout@v3
	- uses: FranzDiebold/github-env-vars-action@v2.1.0

	- name: Setup .NET Core SDK
	uses: actions/setup-dotnet@v2
	with:
	dotnet-version: 6.0.x

	- name: download artifacts from previous job
	uses: actions/download-artifact@v4
	with:
	name: unsigned-binaries
	include-hidden-files: true
	path: ${{ github.workspace }}/binaries

	- name: Sign files with Azure Code Signing
	uses: azure/trusted-signing-action@v0.4.0
	with:
	azure-tenant-id: ${{ env.AZURE_TENANT_ID }}
	azure-client-id: ${{ env.AZURE_CLIENT_ID }}
	azure-client-secret: ${{ env.AZURE_CLIENT_SECRET }}
	endpoint: https://eus.codesigning.azure.net/
	trusted-signing-account-name: ${{ env.AZURE_CODE_SIGNING_ACCOUNT_NAME }}
	certificate-profile-name: ${{ env.AZURE_CERTIFICATE_PROFILE_NAME }}
	files-folder: ${{ github.workspace }}/binaries
	files-folder-filter: exe
	file-digest: SHA256
	timestamp-rfc3161: http://timestamp.acs.microsoft.com
	timestamp-digest: SHA256
	- name: cache binaries
	uses: actions/upload-artifact@v4
	with:
	name: upload-binaries
	include-hidden-files: true
	path: ${{ github.workspace }}/binaries
	upload:
	runs-on: ubuntu-20.04
	needs: [sign-windows, set-env-vars]
	steps:
	- name: download artifacts from previous job
	uses: actions/download-artifact@v4
	with:
	name: upload-binaries
	include-hidden-files: true
	path: ${{ github.workspace }}/binaries
	- name: upload
	if: github.event_name != 'pull_request'
	run: \|
	AWS_DEFAULT_REGION=us-east-1 AWS_ACCESS_KEY_ID=${{env.AWS_KEY_ID}} AWS_SECRET_ACCESS_KEY=${{env.AWS_SECRET_ACCESS_KEY}} aws s3 sync . s3://${{ env.AWS_BUCKET }}/${{ needs.set-env-vars.outputs.S3_DESTINATION }}
	working-directory: ${{ github.workspace }}/binaries
	- name: upload artifacts to github releases on tags
	uses: "marvinpinto/action-automatic-releases@v1.2.1"
	if: contains( github.ref, 'refs/tags/v' )
	with:
	repo_token: "${{ secrets.GITHUB_TOKEN }}"
	prerelease: ${{ needs.set-env-vars.outputs.PRERELEASE_BOOL }}
	files: \|
	${{ github.workspace }}/binaries/*.exe
	${{ github.workspace }}/binaries/*.deb
	${{ github.workspace }}/binaries/*.dmg

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

change some secret ref names #9741

Workflow file

change some secret ref names #9741

Jobs

Run details

Workflow file for this run