fix: give GHA token write permissions #14
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Proxy GUI | |
on: | |
workflow_dispatch: | |
push: | |
branches: [ "master" ] | |
pull_request: | |
branches: [ "master" ] | |
jobs: | |
test: | |
strategy: | |
matrix: | |
os: [ ubuntu-latest, macos-latest, windows-latest ] | |
runs-on: ${{ matrix.os }} | |
permissions: | |
contents: read | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Cache Gradle dependencies | |
uses: actions/cache@v4 | |
with: | |
path: | | |
~/.gradle/caches | |
~/.gradle/wrapper | |
key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties', '**/settings.gradle') }} | |
restore-keys: | | |
${{ runner.os }}-gradle- | |
- name: Set up JDK 11 | |
uses: actions/setup-java@v4 | |
with: | |
java-version: '11' | |
distribution: 'temurin' | |
- name: Setup Gradle | |
uses: gradle/actions/setup-gradle@v3 | |
- name: Test with Gradle Wrapper | |
run: ./gradlew test | |
deploy: | |
runs-on: ubuntu-latest | |
if: github.ref == 'refs/heads/master' | |
needs: test | |
permissions: | |
contents: read | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Cache Gradle dependencies | |
uses: actions/cache@v4 | |
with: | |
path: | | |
~/.gradle/caches | |
~/.gradle/wrapper | |
key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties', '**/settings.gradle') }} | |
restore-keys: | | |
${{ runner.os }}-gradle- | |
- name: Set up JDK 11 | |
uses: actions/setup-java@v4 | |
with: | |
java-version: '11' | |
distribution: 'temurin' | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v1 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: eu-west-1 | |
- name: Setup Gradle | |
uses: gradle/actions/setup-gradle@v3 | |
- name: Publish maven artifacts | |
run: ./gradlew publish | |
- name: Build gui | |
run: ./gradlew :gui:build | |
- name: Deploy to S3 | |
run: ./gradlew uploadJarsToS3 | |
- name: Generate bootstrap signature | |
run: 'echo "$SIGNING_PRIVATE_KEY" > private.pem && openssl dgst -sha256 -sign private.pem -out bootstrap.json.sha256 bootstrap.json' | |
env: | |
SIGNING_PRIVATE_KEY: ${{ secrets.SIGNING_PRIVATE_KEY }} | |
- name: Upload bootstrap | |
run: | | |
aws s3 cp bootstrap.json s3://cdn.rsprox.net/launcher/ | |
aws s3 cp bootstrap.json.sha256 s3://cdn.rsprox.net/launcher/ | |
- name: Invalidate CloudFront | |
run: | | |
aws cloudfront create-invalidation --distribution-id $CLOUDFRONT_DISTRIBUTION --paths "/launcher/*" "/dependencies/*" "/maven/*" | |
env: | |
CLOUDFRONT_DISTRIBUTION: ${{ secrets.CLOUDFRONT_DISTRIBUTION }} |