fix(deps): bump com.guardsquare:proguard-core from 9.0.10 to 9.1.0 #524
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# SPDX-FileCopyrightText: © Vegard IT GmbH (https://vegardit.com) | |
# SPDX-License-Identifier: Apache-2.0 | |
# | |
# Author: Sebastian Thomschke, Vegard IT GmbH | |
# | |
# https://docs.github.com/en/free-pro-team@latest/actions/reference/workflow-syntax-for-github-actions | |
name: Build | |
on: | |
push: | |
branches: | |
- '**' | |
tags-ignore: | |
- '**' | |
paths-ignore: | |
- '**/*.adoc' | |
- '**/*.md' | |
- '.github/*.yml' | |
pull_request: | |
workflow_dispatch: | |
# https://github.blog/changelog/2020-07-06-github-actions-manual-triggers-with-workflow_dispatch/ | |
inputs: | |
additional_maven_args: | |
description: 'Additional Maven Args' | |
required: false | |
default: '' | |
defaults: | |
run: | |
shell: bash | |
env: | |
# don't upgrade to 22.1.0.1 which breaks Windows builds https://github.com/oracle/graal/issues/4340 | |
GRAALVM_VERSION: 21.3.3.1 # https://github.com/graalvm/graalvm-ce-builds/releases | |
JAVA_VERSION: 17 | |
RELEASE_NAME: "snapshot" | |
jobs: | |
########################################################### | |
maven-build: | |
########################################################### | |
runs-on: ubuntu-latest | |
steps: | |
- name: Git Checkout | |
uses: actions/checkout@v4 #https://github.com/actions/checkout | |
- name: Set up JDK ${{ env.JAVA_VERSION }} | |
uses: actions/setup-java@v3 #https://github.com/actions/setup-java | |
with: | |
distribution: temurin | |
java-version: ${{ env.JAVA_VERSION }} | |
- name: "Cache: Local Maven Repository" | |
uses: actions/cache@v3 | |
with: | |
path: ~/.m2/repository | |
key: ${{ runner.os }}-mvnrepo-${{ hashFiles('**/pom.xml') }} | |
restore-keys: | | |
${{ runner.os }}-mvnrepo- | |
- name: "Cache: Maven Binaries" | |
uses: actions/cache@v3 | |
with: | |
path: | | |
~/.m2/bin | |
key: ${{ runner.os }}-mvnbin-${{ hashFiles('.ci/build.sh') }} | |
- name: Test with Maven | |
id: maven-test | |
if: ${{ github.ref_name != 'main' || env.ACT }} | |
env: | |
GITHUB_USER: ${{ github.actor }} | |
GITHUB_API_KEY: ${{ github.token }} | |
MAY_CREATE_RELEASE: false | |
run: | | |
bash .ci/build.sh ${{ github.event.inputs.additional_maven_args }} | |
- name: Build with Maven | |
id: maven-build | |
if: ${{ github.ref_name == 'main' && !env.ACT }} | |
env: | |
GITHUB_USER: ${{ github.actor }} | |
GITHUB_API_KEY: ${{ secrets.GH_API_TOKEN }} | |
MAY_CREATE_RELEASE: true | |
run: | | |
set -eu | |
# https://gh.neting.ccmunity/t/github-actions-bot-email-address/17204 | |
git config user.name "github-actions[bot]" | |
git config user.email "41898282+github-actions[bot]@users.noreply.github.com" | |
bash .ci/build.sh ${{ github.event.inputs.additional_maven_args }} | |
- name: Test minimized fat jar | |
run: | | |
set -ex | |
mv target/copycat-*-fat-minimized.jar target/copycat-fat.jar | |
java -jar target/copycat-fat.jar --help | |
java -jar target/copycat-fat.jar -V | |
java -jar target/copycat-fat.jar sync target/classes target/classes.copy -v | |
- name: "Share: maven-build-artifacts" | |
uses: actions/upload-artifact@v3 | |
with: | |
name: maven-build-artifacts | |
path: | | |
target/copycat-fat.jar | |
target/picocli-reflections.json | |
target/bash/bashcompletion.sh | |
########################################################### | |
native-image: | |
########################################################### | |
runs-on: ${{ matrix.os }} | |
needs: [maven-build] | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- arch: "linux-amd64" | |
os: "ubuntu-latest" | |
graal_install_root: "/opt/graalvm" | |
- arch: "linux-arm64" | |
os: "ubuntu-latest" | |
graal_install_root: "/opt/graalvm" | |
- arch: "darwin-amd64" | |
os: "macos-latest" | |
graal_install_root: "graalvm" | |
- arch: "windows-amd64" | |
os: "windows-latest" | |
graal_install_root: "graalvm" | |
env: | |
# https://www.graalvm.org/21.3/reference-manual/native-image/Options/ | |
# -H:NativeLinkerOption=-no-pie -> do not to generate Position Independent Executables (PIE) | |
NATIVE_IMAGE_ARGS: | |
-H:NativeLinkerOption=-no-pie | |
-H:ReflectionConfigurationFiles=picocli-reflections.json | |
-H:Log=registerResource:3 | |
-H:+ReportExceptionStackTraces | |
-H:+RemoveUnusedSymbols | |
-H:ExcludeResources=com/sun/.*.properties | |
--exclude-config copycat-fat.jar META-INF/native-image/net.sf.jstuff/.*.json | |
--exclude-config copycat-fat.jar META-INF/native-image/jansi/.*.json | |
--allow-incomplete-classpath | |
--no-fallback | |
--no-server | |
--verbose | |
-Dfile.encoding=UTF-8 | |
--class-path native-image-metadata | |
--class-path copycat-fat.jar | |
com.vegardit.copycat.CopyCatMain | |
copycat-${{ matrix.arch }} | |
steps: | |
- name: "Cache: GraalVM binaries" | |
uses: actions/cache@v3 | |
with: | |
path: | | |
${{ matrix.graal_install_root }} | |
key: ${{ matrix.arch }}-graalvm-${{ env.GRAALVM_VERSION }}-java-${{ env.JAVA_VERSION }} | |
- name: "Create arm64 container" | |
if: matrix.arch == 'linux-arm64' | |
run: | | |
sudo apt-get update -y | |
sudo apt-get install --no-install-recommends -y qemu-user-static | |
docker run --rm --privileged multiarch/qemu-user-static --reset -p yes | |
docker container create --name arm64 --tty \ | |
-v /opt:/opt:rw \ | |
-v $PWD:/workspace:rw \ | |
arm64v8/ubuntu:22.04 | |
docker container start arm64 | |
docker exec --tty arm64 apt-get update -y | |
docker exec --tty arm64 apt-get install -y curl sudo | |
- name: "Install: GraalVM" | |
run: | | |
set -eu | |
case "${{ matrix.arch }}" in | |
linux-amd64) | |
sudo apt-get install --no-install-recommends -y gcc g++ libz-dev | |
GRAAL_VM_HOME=${{ matrix.graal_install_root }} | |
if [ ! -e $GRAAL_VM_HOME/bin/native-image ]; then | |
rm -rf $GRAAL_VM_HOME | |
mkdir -p $GRAAL_VM_HOME | |
curl -fL "https://github.com/graalvm/graalvm-ce-builds/releases/download/vm-${{ env.GRAALVM_VERSION }}/graalvm-ce-java${{ env.JAVA_VERSION}}-linux-amd64-${{ env.GRAALVM_VERSION }}.tar.gz" \ | |
| tar zxv -C $GRAAL_VM_HOME --strip-components=1 \ | |
--exclude=*/bin/jvisualvm \ | |
--exclude=*/lib/src.zip \ | |
--exclude=*/lib/visualvm | |
$GRAAL_VM_HOME/bin/gu install native-image | |
fi | |
$GRAAL_VM_HOME/bin/native-image --version | |
echo "JAVA_HOME=$GRAAL_VM_HOME" >> $GITHUB_ENV | |
echo "$GRAAL_VM_HOME/bin" >> $GITHUB_PATH | |
;; | |
linux-arm64) | |
cat <<EOF > install_graalvm.sh | |
set -eu | |
sudo apt-get install --no-install-recommends -y gcc g++ libz-dev | |
GRAAL_VM_HOME=${{ matrix.graal_install_root }} | |
if [ ! -e \$GRAAL_VM_HOME/bin/native-image ]; then | |
rm -rf \$GRAAL_VM_HOME | |
mkdir -p \$GRAAL_VM_HOME | |
curl -fL "https://github.com/graalvm/graalvm-ce-builds/releases/download/vm-${{ env.GRAALVM_VERSION }}/graalvm-ce-java${{ env.JAVA_VERSION }}-linux-aarch64-${{ env.GRAALVM_VERSION }}.tar.gz" \ | |
| tar zxv -C \$GRAAL_VM_HOME --strip-components=1 \ | |
--exclude=*/bin/jvisualvm \ | |
--exclude=*/lib/src.zip \ | |
--exclude=*/lib/visualvm | |
\$GRAAL_VM_HOME/bin/gu install native-image | |
fi | |
\$GRAAL_VM_HOME/bin/native-image --version | |
EOF | |
docker exec --tty -w /workspace arm64 /bin/bash ./install_graalvm.sh | |
;; | |
darwin-amd64) | |
GRAAL_VM_HOME=${{ matrix.graal_install_root }}/Contents/Home | |
if [ ! -e $GRAAL_VM_HOME/bin/native-image ]; then | |
rm -rf ${{ matrix.graal_install_root }} | |
mkdir ${{ matrix.graal_install_root }} | |
curl -fL "https://github.com/graalvm/graalvm-ce-builds/releases/download/vm-${{ env.GRAALVM_VERSION }}/graalvm-ce-java${{ env.JAVA_VERSION }}-darwin-amd64-${{ env.GRAALVM_VERSION }}.tar.gz" \ | |
| tar zxv -C graalvm --strip-components=1 \ | |
--exclude=*/bin/jvisualvm \ | |
--exclude=*/lib/src.zip \ | |
--exclude=*/lib/visualvm | |
$GRAAL_VM_HOME/bin/gu install native-image | |
fi | |
$GRAAL_VM_HOME/bin/native-image --version | |
echo "JAVA_HOME=$GRAAL_VM_HOME" >> $GITHUB_ENV | |
echo "$GRAAL_VM_HOME/bin" >> $GITHUB_PATH | |
;; | |
windows-amd64) | |
GRAAL_VM_HOME=${{ matrix.graal_install_root }} | |
if [ ! -e $GRAAL_VM_HOME/bin/native-image ]; then | |
rm -rf $GRAAL_VM_HOME | |
echo "Downloading GraalVM..." | |
curl -fL -o graalvm.zip https://github.com/graalvm/graalvm-ce-builds/releases/download/vm-${{ env.GRAALVM_VERSION }}/graalvm-ce-java${{ env.JAVA_VERSION }}-windows-amd64-${{ env.GRAALVM_VERSION }}.zip | |
echo "Extracting GraalVM..." | |
7z x graalvm.zip | |
mv graalvm-ce-* $GRAAL_VM_HOME | |
$GRAAL_VM_HOME/bin/gu.cmd install native-image | |
fi | |
$GRAAL_VM_HOME/bin/native-image.cmd --version | |
echo "JAVA_HOME=$(cygpath -wa $GRAAL_VM_HOME)" >> $GITHUB_ENV | |
echo "$(cygpath -wa $GRAAL_VM_HOME/bin)" >> $GITHUB_PATH | |
;; | |
esac | |
- name: "Install: binutils (strip)" | |
run: | | |
case "${{ matrix.arch }}" in | |
linux-amd64) | |
sudo apt-get --no-install-recommends install -y binutils | |
;; | |
linux-arm64) | |
docker exec --tty arm64 \ | |
sudo apt-get --no-install-recommends install -y binutils | |
;; | |
esac | |
- name: "Install: UPX" | |
run: | | |
case "${{ matrix.arch }}" in | |
linux-amd64) | |
mkdir /opt/upx | |
upx_download_url=$(curl -fsSL -H "Authorization: token ${{ github.token }}" https://api.github.com/repos/upx/upx/releases/latest | grep browser_download_url | grep amd64_linux.tar.xz | cut "-d\"" -f4) | |
echo "Downloading [$upx_download_url]..." | |
curl -fL $upx_download_url | tar Jxv -C /opt/upx --strip-components=1 | |
;; | |
linux-arm64) | |
mkdir /opt/upx | |
upx_download_url=$(curl -fsSL -H "Authorization: token ${{ github.token }}" https://api.github.com/repos/upx/upx/releases/latest | grep browser_download_url | grep arm64_linux.tar.xz | cut "-d\"" -f4) | |
echo "Downloading [$upx_download_url]..." | |
curl -fL $upx_download_url | tar Jxv -C /opt/upx --strip-components=1 | |
;; | |
darwin-amd64) | |
brew install upx | |
;; | |
windows-amd64) | |
# first choco install in a build takes 3+ minutes | |
# choco install -y upx | |
upx_download_url=$(curl -fsSL -H "Authorization: token ${{ github.token }}" https://api.github.com/repos/upx/upx/releases/latest | grep browser_download_url | grep win64.zip | cut "-d\"" -f4) | |
echo "Downloading [$upx_download_url]..." | |
curl -fL -o /tmp/upx.zip $upx_download_url | |
echo "Extracting upx.zip..." | |
mkdir /tmp/upx | |
7z e /tmp/upx.zip -o/tmp/upx *.exe -r | |
echo "$(cygpath -wa /tmp/upx)" >> $GITHUB_PATH | |
;; | |
esac | |
- name: "Get: maven-build-artifacts" | |
uses: actions/download-artifact@v3 | |
with: | |
name: maven-build-artifacts | |
- name: Enable Developer Command Prompt | |
if: matrix.arch == 'windows-amd64' | |
# makes cl.exe available on PATH | |
# https://github.com/marketplace/actions/enable-developer-command-prompt | |
uses: ilammy/msvc-dev-cmd@v1 | |
- name: "Collect metadata" | |
run: | | |
set -eu | |
# https://www.graalvm.org/22.3/reference-manual/native-image/metadata/AutomaticMetadataCollection/#tracing-agent | |
cat <<'EOF' > collect_metadata.sh | |
set -eu | |
rm -rf native-image-metadata | |
function traceCall() { | |
echo "Tracing copycat ${@}..." | |
java -agentlib:native-image-agent=config-merge-dir=native-image-metadata/META-INF/native-image/ -jar copycat-fat.jar ${@} >/dev/null | |
} | |
rm -rf workdir | |
mkdir -p workdir/source/dir1 | |
touch workdir/source/dir1/file1 | |
traceCall sync workdir/source workdir/target | |
traceCall --help | |
traceCall --help | |
traceCall --version | |
traceCall sync --help | |
traceCall watch --help | |
EOF | |
case "${{ matrix.arch }}" in | |
linux-arm64) | |
docker exec --tty -w /workspace arm64 /bin/bash -c " | |
export JAVA_HOME=${{ matrix.graal_install_root }} | |
export PATH=${{ matrix.graal_install_root }}/bin:\$PATH | |
bash collect_metadata.sh | |
" | |
;; | |
*) | |
bash collect_metadata.sh | |
;; | |
esac | |
- name: "Build executable" | |
run: | | |
case "${{ matrix.arch }}" in | |
linux-amd64) | |
/usr/bin/gcc -v | |
native-image \ | |
-H:+StaticExecutableWithDynamicLibC `# https://www.graalvm.org/21.3/reference-manual/native-image/StaticImages/#build-mostly-static-native-image` \ | |
--report-unsupported-elements-at-runtime `# avoid: Unsupported type sun.awt.X11.XBaseWindow is reachable` \ | |
${{ env.NATIVE_IMAGE_ARGS }} | |
;; | |
linux-arm64) | |
docker exec --tty -w /workspace arm64 /bin/bash -c " | |
export JAVA_HOME=${{ matrix.graal_install_root }} | |
export PATH=${{ matrix.graal_install_root }}/bin:\$PATH | |
/usr/bin/gcc -v | |
native-image \ | |
-H:+StaticExecutableWithDynamicLibC `# https://www.graalvm.org/21.3/reference-manual/native-image/StaticImages/#build-mostly-static-native-image` \ | |
--report-unsupported-elements-at-runtime `# avoid: Unsupported type sun.awt.X11.XBaseWindow is reachable` \ | |
-Djdk.lang.Process.launchMechanism=vfork `# https://github.com/oracle/graal/issues/4143`\ | |
-H:-CheckToolchain `#https://github.com/oracle/graal/issues/4143`\ | |
${{ env.NATIVE_IMAGE_ARGS }} | |
" | |
;; | |
darwin-amd64) | |
# not using "--static" because of error: DARWIN does not support building static executable images. | |
native-image ${{ env.NATIVE_IMAGE_ARGS }} | |
;; | |
windows-amd64) | |
# https://www.graalvm.org/21.3/reference-manual/native-image/StaticImages/ | |
native-image.cmd --static ${{ env.NATIVE_IMAGE_ARGS }} | |
;; | |
esac | |
- name: "Test executable" | |
run: | | |
case "${{ matrix.arch }}" in | |
linux-arm64) | |
docker exec --tty -w /workspace arm64 /bin/bash -c " | |
chmod u+x copycat-${{ matrix.arch }} && | |
./copycat-${{ matrix.arch }} --version && | |
./copycat-${{ matrix.arch }} --help && | |
./copycat-${{ matrix.arch }} sync --help && | |
./copycat-${{ matrix.arch }} watch --help | |
" | |
;; | |
*) | |
chmod u+x copycat-${{ matrix.arch }} | |
./copycat-${{ matrix.arch }} --version | |
./copycat-${{ matrix.arch }} --help | |
./copycat-${{ matrix.arch }} sync --help | |
./copycat-${{ matrix.arch }} --help | |
;; | |
esac | |
- name: "Compress executable" | |
run: | | |
set -eu | |
case "${{ matrix.arch }}" in | |
linux-amd64) | |
strip --strip-unneeded copycat-${{ matrix.arch }} | |
/opt/upx/upx -v -9 --no-progress copycat-${{ matrix.arch }} | |
;; | |
linux-arm64) | |
docker exec --tty -w /workspace arm64 /bin/bash -c " | |
strip --strip-unneeded copycat-${{ matrix.arch }} && | |
/opt/upx/upx -v -9 --no-progress copycat-${{ matrix.arch }} | |
" | |
;; | |
darwin-amd64) | |
# https://www.unix.com/man-page/osx/1/strip/ | |
strip copycat-${{ matrix.arch }} | |
upx -v -9 --no-progress copycat-${{ matrix.arch }} | |
;; | |
windows-amd64) | |
cp copycat-${{ matrix.arch }}.exe copycat-${{ matrix.arch }}-uncompressed.exe | |
upx -v -9 --no-progress copycat-${{ matrix.arch }}.exe | |
;; | |
esac | |
- name: "Test compressed executable" | |
run: | | |
case "${{ matrix.arch }}" in | |
linux-arm64) | |
docker exec --tty -w /workspace arm64 /bin/bash -c " | |
chmod u+x copycat-${{ matrix.arch }} && | |
./copycat-${{ matrix.arch }} --version && | |
./copycat-${{ matrix.arch }} --help && | |
./copycat-${{ matrix.arch }} sync --help && | |
./copycat-${{ matrix.arch }} watch --help | |
" | |
;; | |
*) | |
chmod u+x copycat-${{ matrix.arch }} | |
./copycat-${{ matrix.arch }} --version | |
./copycat-${{ matrix.arch }} --help | |
./copycat-${{ matrix.arch }} sync --help | |
./copycat-${{ matrix.arch }} --help | |
;; | |
esac | |
- name: "Share: native binary" | |
uses: actions/upload-artifact@v3 | |
if: matrix.arch != 'windows-amd64' | |
with: | |
path: copycat-${{ matrix.arch }} | |
- name: "Share: native binary" | |
uses: actions/upload-artifact@v3 | |
if: matrix.arch == 'windows-amd64' | |
with: | |
path: | | |
copycat-${{ matrix.arch }}.exe | |
copycat-${{ matrix.arch }}-uncompressed.exe | |
########################################################### | |
publish-release: | |
########################################################### | |
runs-on: ubuntu-latest | |
needs: | |
- native-image | |
if: ${{ github.ref_name == 'main' && !github.event.act }} | |
steps: | |
- name: "SCM Checkout" | |
# only required by "hub release create" to prevent "fatal: Not a git repository" | |
uses: actions/checkout@v4 #https://github.com/actions/checkout | |
- name: "Get: all build artifacts" | |
uses: actions/download-artifact@v3 | |
- name: "Delete previous '${{ env.RELEASE_NAME }}' release" | |
if: env.RELEASE_NAME == 'snapshot' | |
run: | | |
set -eu | |
creds="${{ secrets.GH_API_TOKEN }}:x-oauth-basic" | |
api_base_url="$GITHUB_API_URL/repos/$GITHUB_REPOSITORY" | |
# delete github release | |
release_id=$(curl -fsL $creds https://api.github.com/repos/vegardit/copycat/releases | jq -r '.[] | select(.name == "${{ env.RELEASE_NAME }}") | .id') | |
if [[ -n $release_id ]]; then | |
echo "Deleting release [$api_base_url/releases/$release_id]..." | |
curl -u $creds -fsSL -X DELETE "$api_base_url/releases/$release_id" | |
fi | |
# delete git tag | |
tag_url="$api_base_url/git/refs/tags/${{ env.RELEASE_NAME }}" | |
if curl -u $creds -fsLo /dev/null --head "$tag_url"; then | |
echo "Deleting tag [$tag_url]..." | |
curl -u $creds -fsSL -u $creds -X DELETE "$tag_url" | |
fi | |
- name: "Create '${{ env.RELEASE_NAME }}' Release" | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
run: | | |
set -eu | |
# https://hub.github.com/hub-release.1.html | |
hub release create \ | |
--message "${{ env.RELEASE_NAME }}" "${{ env.RELEASE_NAME }}" \ | |
--attach "maven-build-artifacts/copycat-fat.jar#copycat-${{ env.RELEASE_NAME }}-fat.jar" \ | |
--attach "maven-build-artifacts/bash/bashcompletion.sh#copycat-${{ env.RELEASE_NAME }}-bashcompletion.sh" \ | |
--attach "artifact/copycat-linux-amd64#copycat-${{ env.RELEASE_NAME }}-linux-amd64" \ | |
--attach "artifact/copycat-linux-arm64#copycat-${{ env.RELEASE_NAME }}-linux-arm64" \ | |
--attach "artifact/copycat-darwin-amd64#copycat-${{ env.RELEASE_NAME }}-darwin-amd64" \ | |
--attach "artifact/copycat-windows-amd64.exe#copycat-${{ env.RELEASE_NAME }}-windows-amd64.exe" \ | |
--attach "artifact/copycat-windows-amd64-uncompressed.exe#copycat-${{ env.RELEASE_NAME }}-windows-amd64-uncompressed.exe" \ | |
--prerelease | |
- name: "Delete intermediate build artifacts" | |
uses: geekyeggo/delete-artifact@v2 # https://github.com/GeekyEggo/delete-artifact/ | |
with: | |
name: "*" | |
failOnError: false |