.github/workflows/build-release.yaml

name: Build and release

on:
  push:
    tags:
      - 'v*'
  pull_request:
    branches:
      - main
  workflow_dispatch:

concurrency:
  group: ci-${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

env:
  BROKER_URL: https://broker.io.nrs.gov.bc.ca
  BROKER_JWT: ${{ secrets.BROKER_JWT_0E727E83_F027_426A_A31C_D7C1CCEADDF6 }}
  SERVICE_PROJECT: oneteam-example
  SERVICE_NAME: java-maven-pipeline-example

jobs:
  check_token_expiration:
    name: Check Token Expiration
    runs-on: ubuntu-latest
    steps:
      - name: Checkout token expiration
        shell: bash
        run: sh ./.github/workflows/check-token.sh
        env:
          broker_jwt: ${{ secrets.BROKER_JWT_0E727E83_F027_426A_A31C_D7C1CCEADDF6 }}

  build-release:
    name: Build and release
    runs-on: ubuntu-latest
    needs: check_token_expiration
    permissions:
      contents: read
      packages: write
    outputs:
      project_version: ${{ steps.set-build-output-parameters.outputs.project_version }}
      intention_id: ${{ steps.set-intention-id.outputs.intention_id }}
      branch: $${{ steps.set-branch.outputs.branch }}
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
        with:
            fetch-depth: 0
            fetch-tags: true
            ref: ${{ github.ref }}
      - name: Set up Java
        uses: actions/setup-java@v4
        with:
          java-version: '8'
          distribution: 'temurin'
          cache: maven
      - name: Set branch
        id: set-branch
        if: ${{ ! startsWith(github.ref, 'refs/tags/v') }}
        run: |
          if [[ ${{ startsWith(github.ref, 'refs/heads/') }} = true ]]; then
            echo "branch=${{ github.ref_name }}" >> "$GITHUB_OUTPUT"
          fi
          if [[ ${{ startsWith(github.ref, 'refs/pull/') }} = true ]]; then
            echo "branch=${{ github.head_ref }}" >> "$GITHUB_OUTPUT"
          fi
      - name: Update pom.xml
        id: update-repo
        if: ${{ startsWith(github.ref, 'refs/tags/v') }}
        shell: bash
        run: |
          TAG=${{ github.ref_name }}
          VERSION=${TAG#v}
          echo "VERSION=${VERSION}" >> $GITHUB_ENV
          mvn versions:set -DnewVersion=${VERSION} --file ./pom.xml
      - name: Set build output parameters
        id: set-build-output-parameters
        run: |
          echo "project_version=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout --file ./pom.xml)" >> $GITHUB_OUTPUT
          echo "artifact_id=$(mvn help:evaluate -Dexpression=project.artifactId -q -DforceStdout --file ./pom.xml)" >> $GITHUB_OUTPUT
          echo "package_type=$(mvn help:evaluate -Dexpression=project.packaging -q -DforceStdout --file ./pom.xml)" >> $GITHUB_OUTPUT
          echo "git_commit=$(git rev-parse --verify HEAD)" >> $GITHUB_OUTPUT
          echo "build_guid=uuid::$(uuidgen)" >> $GITHUB_OUTPUT
      - name: Build intention
        run: sh ./.github/workflows/build-intention.sh
        env:
          EVENT_REASON: Build ${{ github.ref_name }}
          GITHUB_REPOSITORY: ${{ github.repository}}
          GITHUB_RUN_ID: ${{ github.run_id}}
          PACKAGE_BUILD_GUID:  ${{ steps.set-build-output-parameters.outputs.build_guid }}
          PACKAGE_BUILD_NUMBER: ${{ github.run_number }}
          PACKAGE_BUILD_VERSION: ${{ steps.set-build-output-parameters.outputs.git_commit }}
          PACKAGE_TYPE: ${{ steps.set-build-output-parameters.outputs.package_type }}
          PACKAGE_VERSION: ${{ steps.set-build-output-parameters.outputs.project_version }}
      - name: Open intention
        uses: bcgov-nr/action-broker-intention-open@v2
        with:
          broker_jwt: ${{ secrets.BROKER_JWT_0E727E83_F027_426A_A31C_D7C1CCEADDF6 }}
          intention_path: intention.json
          quickstart: true
      - name: Set intention ID for deployment job
        id: set-intention-id
        run: |
          echo "intention_id=${INTENTION_ID}" >> $GITHUB_OUTPUT
        env:
          INTENTION_ID: ${{ env.INTENTION_ID }}
      - name: Publish artifact
        id: publish-artifact
        run: |
          ARTIFACT_NAME="${ARTIFACT_ID}-${PROJECT_VERSION}.${PACKAGE_TYPE}"
          mvn --batch-mode -Dmaven.test.skip=true -Pgithub deploy --file ./pom.xml
          echo "artifact_sha256=$(sha256sum ./target/${ARTIFACT_NAME} | awk '{ print $1 }')" >> $GITHUB_OUTPUT
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          PROJECT_VERSION: ${{ steps.set-build-output-parameters.outputs.project_version }}
          ARTIFACT_ID: ${{ steps.set-build-output-parameters.outputs.artifact_id }}
          PACKAGE_TYPE: ${{ steps.set-build-output-parameters.outputs.package_type }}
      - name: Send build info
        run: |
          curl -s POST ${{ env.BROKER_URL }}/v1/intention/action/patch \
              -H 'Content-Type: application/json' \
              -H 'X-Broker-Token: '"${BUILD_TOKEN}"'' \
              -d '{"package":{"checksum": "sha256:'${ARTIFACT_SHA256}'"}}'
        env:
          ARTIFACT_SHA256: ${{ steps.publish-artifact.outputs.artifact_sha256 }}
          BUILD_TOKEN: ${{ env.ACTION_TOKEN_BUILD }}
      - name: Close intention
        uses: bcgov-nr/action-broker-intention-close@v1
        with:
          intention_token: ${{ env.INTENTION_TOKEN }}