name: Eclipse Distro STS Build (Self Hosted) on: workflow_dispatch: inputs: eclipse_profile: description: Eclipse profile 'e428' etc required: true default: 'e428' type: string build_type: description: Build type such as 'snapshot', 'milestone' or 'release' required: true default: 'snapshot' type: string ref: description: Git branch, tag, commit hash required: false default: 'main' type: string jobs: eclipse-distro-build: runs-on: [self-hosted, macOS] steps: - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 with: ref: ${{ inputs.ref }} sparse-checkout: | .github eclipse-distribution eclipse-extensions - name: Set up JDK 17 uses: actions/setup-java@5ffc13f4174014e2d4d4572b3d74c3fa61aeb2c2 with: java-version: '17' distribution: 'temurin' - name: Enforce https instead of http run: ./nohttp.sh - name: Install GPG key run: | echo "${{ secrets.GPG_PRIVATE_KEY }}" > gpg.asc echo "${{ secrets.GPG_PASSPHRASE }}" | gpg --batch --yes --passphrase-fd 0 --import gpg.asc - name: Unlock login keychain for OSX signing run: | security unlock-keychain -p ${{ secrets.KEYCHAIN_PASSWORD }} /Users/runner/Library/Keychains/login.keychain-db - name: Create Temp Directory Structure for Notarization Service run: | cd /tmp mkdir -p macos-notarization-service/pending-files - name: Build Eclipse Distro env: tools_s3_access_key: ${{ secrets.TOOLS_S3_ACCESS_KEY }} tools_s3_secret_key: ${{ secrets.TOOLS_S3_SECRET_KEY }} gpg_passphrase: ${{ secrets.GPG_PASSPHRASE }} gpg_keyname: ${{ secrets.GPG_KEYID }} MACOS_CERTIFICATE_ID: ${{ secrets.MACOS_CERTIFICATE_ID }} KEYCHAIN: /Users/runner/Library/Keychains/login.keychain-db MACOS_NOTARIZATION_SERVICE_URL: http://localhost:8080 AC_USERNAME: ${{ secrets.AC_USERNAME }} AC_PASSWORD: ${{ secrets.AC_PASSWORD }} APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} run: | cd eclipse-distribution ./mvnw --batch-mode -U clean deploy -P${{ inputs.eclipse_profile }} -P${{ inputs.build_type }} -Pgitactions -Pgpg.sign -Dsigning.skip=true -Dmaven.repo.local=~/.m2/repository-signed -Dhttpclient.retry-max=20 -Dmaven.test.skip=true -Declipse.p2.mirrors=false -Dtycho.localArtifacts=ignore -Ds3service.https-only=true -Dp2.replaceQualifier=true -Dorg.eclipse.ecf.provider.filetransfer.httpclient.retrieve.readTimeout=1200000 -Dorg.eclipse.equinox.p2.transport.ecf.retry=5 -Dskip.eclipserun.proxies=false -Dskip.osx.signing=false -Dskip.win.signing=false -Dskip.osx.notarizing=false -Dtycho.equinox.resolver.uses=true - name: Sign EXE within zip files id: sign env: SSH_KEY: ~/.ssh/id_rsa SSH_USER: signer run: | cd eclipse-distribution/org.springframework.boot.ide.product.${{ inputs.eclipse_profile }}/target/products files=`ls spring-tool-suite-4*win*.zip` for file in $files do ${{ github.workspace }}/.github/scripts/sign-exe-in-zip-file.sh $file ${{ github.workspace }}/.github/scripts/sign-exe.sh ${{ github.workspace }}/.github/scripts/self-extracting-jar-creator.jar done - name: Update Win zip/jar on S3 id: update-s3 env: AWS_ACCESS_KEY_ID: ${{ secrets.TOOLS_S3_ACCESS_KEY }} AWS_SECRET_ACCESS_KEY: ${{ secrets.TOOLS_S3_SECRET_KEY }} run: | dist_path=`cat ./eclipse-distribution/org.springframework.boot.ide.product.${{ inputs.eclipse_profile }}/target/s3-dist-path.txt` cd eclipse-distribution/org.springframework.boot.ide.product.${{ inputs.eclipse_profile }}/target/products echo "Processing S3 update..." ls spring-tool-suite-4*win*.zip* ls spring-tool-suite-4*win*.self-extracting.jar* echo "Removing old win zip and self extracting jar files from s3..." aws s3 rm s3://dist.springsource.com/${dist_path} --recursive --exclude "*" --include "spring-tool-suite-4*win*.zip*" --include "spring-tool-suite-4*win*.self-extracting.jar* --exclude "*/*"" echo "Uploading new win zip and self extracting jar files to s3..." aws s3 cp . s3://dist.springsource.com/${dist_path} --recursive --exclude "*" --include "spring-tool-suite-4*win*.zip*" --include "spring-tool-suite-4*win*.self-extracting.jar*" --exclude "*/*" --acl public-read --no-progress