build.yml

name: Build

on:
  workflow_dispatch:
    inputs: {}
  push:
    branches: [ "develop" ]
    tags: [ "v**" ]
  pull_request:
    branches: [ "develop" ]

permissions:
  contents: read

jobs:
  checksecret:
    runs-on: ubuntu-latest
    outputs:
      HAVE_SECRETS: ${{ steps.checksecret_job.outputs.HAVE_SECRETS }}
    steps:
      - id: checksecret_job
        env:
          TOKEN_BITWARDEN_SM: ${{ secrets.TOKEN_BITWARDEN_SM }}
        run: |
          echo "HAVE_SECRETS=${{ env.TOKEN_BITWARDEN_SM != '' }}" >> $GITHUB_OUTPUT
  build:
    runs-on: ubuntu-latest
    needs: [ 'checksecret' ]
    steps:
    - uses: 7mind/github-env@main
      with:
        java-version: 17
    - name: Build and Test
      run: |
        bash .build.sh build
  test-scripted:
    runs-on: ubuntu-latest
    needs: [ 'checksecret' ]
    steps:
      - uses: 7mind/github-env@main
        with:
          java-version: 17
      - name: Build and Test
        run: |
          bash .build.sh scripted
  publish:
    runs-on: ubuntu-latest
    needs: [ 'build', 'test-scripted', 'checksecret']
    if: needs.checksecret.outputs.HAVE_SECRETS == 'true'
    steps:
      - uses: 7mind/github-env@main
        with:
          java-version: 17
      - uses: bitwarden/sm-action@v2
        with:
          access_token: ${{ secrets.TOKEN_BITWARDEN_SM }}
          secrets: |
            994f97a2-97a4-4fe1-806a-b1930104435f > SONATYPE_CREDENTIALS_FILE
            749f4227-9f11-4ceb-9121-b1930110c3a9 > OPENSSL_KEY
            a2fe5b5b-5f3f-47f8-961c-b1930110cea7 > OPENSSL_IV
      - name: Publish
        run: |
          bash .build.sh secrets publish
  all-good:
    if: always()
    runs-on: ubuntu-latest
    needs: [ 'build', 'test-scripted', 'publish' ]
    steps:
      - name: Decide whether the needed jobs succeeded or failed
        uses: re-actors/alls-green@release/v1
        with:
          jobs: ${{ toJSON(needs) }}