Skip to content
Publish ca-certificates

Bump actions/checkout from 4.1.5 to 4.1.6 (#909) #26

Sign in to view logs

Bump actions/checkout from 4.1.5 to 4.1.6 (#909)

Bump actions/checkout from 4.1.5 to 4.1.6 (#909) #26

Workflow file for this run

.github/workflows/cacert-publish.yml at 1d7cd8b
name: Publish ca-certificates
on:
push:
branches: [ master ]
paths:
- 'linux/ca-certificates/**'
- '.github/workflows/cacert-publish.yml'
permissions:
contents: read
jobs:
publish-ca-certificates:
if: github.repository == 'adoptium/installer'
name: "Publish ca-certificates"
runs-on: ubuntu-latest
defaults:
run:
working-directory: ./linux
steps:
- name: Harden Runner
uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
adoptium.jfrog.io:443
api.github.com:443
auth.docker.io:443
deb.debian.org:80
github.com:443
objects.githubusercontent.com:443
production.cloudflare.docker.com:443
registry-1.docker.io:443
releases-cdn.jfrog.io:443
releases.jfrog.io:443
services.gradle.org:443
- name: Checkout
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
- uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1
with:
java-version: '17'
java-package: jdk
architecture: x64
distribution: 'temurin'
- uses: jfrog/setup-jfrog-cli@727b480bafd0d8adbdfdb2257a7d7c2e08eb1779 # v4.0.2
env:
JF_URL: https://adoptium.jfrog.io
JF_USER: ${{ secrets.ARTIFACTORY_USER }}
JF_PASSWORD: ${{ secrets.ARTIFACTORY_PASSWORD }}
- name: Build
run: |
export _JAVA_OPTIONS="-Xmx4G"
./gradlew --parallel :ca-certificates:package --stacktrace
- name: Check if deb file exists in Artifactory
id: check-deb
run: |
FILE=$(ls ca-certificates/debian/build/ospackage/*.deb)
echo "File to upload: ${FILE}"
FILE_EXISTS=$(jf rt s --count=true "deb/pool/main/a/adoptium-ca-certificates/$(basename $FILE)")
if [[ "$FILE_EXISTS" == "0" ]]; then
echo file_exists=false >> "$GITHUB_OUTPUT"
fi
- name: Upload deb file to Artifactory
if: steps.check-deb.outputs.file_exists == 'false'
run: |
DISTRO_LIST="trixie,bookworm,buster,noble,jammy,focal,bionic"
FILE=$(ls ca-certificates/debian/build/ospackage/*.deb)
# Upload cacerts deb file
jf rt u "$FILE" "deb/pool/main/a/adoptium-ca-certificates/$(basename ${FILE})" --flat=true
# Add deb.distribution properties
jf rt sp "deb/pool/main/a/adoptium-ca-certificates/$(basename ${FILE})" "deb.distribution=${DISTRO_LIST};deb.architecture=all;deb.component=main"