.github/workflows/build.yml

name: CI

on:
  push:
    tags: [ '[0-9]+.[0-9]+.[0-9]+' ]
    branches: [ main ]
  pull_request:
    branches: [ main ]
    types: [ opened, reopened, synchronize ]
  workflow_dispatch:

concurrency:
  group: ${{ github.ref }}
  cancel-in-progress: true

jobs:
  test-project:
    runs-on: ${{ matrix.os }}
    strategy:
      fail-fast: false
      matrix:
        os: [ ubuntu-22.04, macos-12, windows-2022 ]
        java: [ 21 ]
    steps:
      - name: Checkout repository
        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
      - name: Setup Java
        uses: actions/setup-java@0ab4596768b603586c0de567f2430c30f5b0d2b0
        with:
          distribution: temurin
          java-version: ${{ matrix.java }}
          cache: maven
      - name: Executable Maven Wrapper
        if: contains(matrix.os, 'win') == false
        run: chmod +x ./mvnw
      - name: Test project
        run: ./mvnw test

  quality-check:
    needs: test-project
    runs-on: ubuntu-22.04
    permissions:
      security-events: write
    steps:
      - name: Checkout repository
        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
        with:
          fetch-depth: 0
      - name: Setup Java
        uses: actions/setup-java@0ab4596768b603586c0de567f2430c30f5b0d2b0
        with:
          distribution: temurin
          java-version: 21
          cache: maven
      - name: Initialize CodeQL
        uses: github/codeql-action/init@cdcdbb579706841c47f7063dda365e292e5cad7a
        with:
          languages: java
          queries: security-and-quality
      - name: Executable Maven Wrapper
        run: chmod +x ./mvnw
      - name: Compile project
        run: ./mvnw compile
      - name: Perform CodeQL Analysis
        uses: github/codeql-action/analyze@cdcdbb579706841c47f7063dda365e292e5cad7a
      - name: Perform SonarCloud Analysis
        run: |
          ./mvnw verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar \
            -Dsonar.host.url=https://sonarcloud.io \
            -Dsonar.token=${{ secrets.SONAR_TOKEN }} \
            -Dsonar.organization=${{ secrets.SONAR_KEY }} \
            -Dsonar.pullrequest.branch=${{ github.HEAD_REF }} \
            -Dsonar.pullrequest.base=${{ github.BASE_REF }} \
            -Dsonar.pullrequest.key=${{ github.event.number }} \
            -Dsonar.qualitygate.wait=true

  package-jars:
    needs: quality-check
    runs-on: ubuntu-22.04
    steps:
      - name: Checkout repository
        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
      - name: Setup Java
        uses: actions/setup-java@0ab4596768b603586c0de567f2430c30f5b0d2b0
        with:
          distribution: temurin
          java-version: 21
          cache: maven
      - name: Executable Maven Wrapper
        run: chmod +x ./mvnw
      - name: Package project
        run: ./mvnw package -Passembly -DskipTests
      - name: Upload artifacts
        uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32
        with:
          name: opdf-jar
          path: ./opdf-assembly/target/opdf.jar

  build-native:
    needs: package-jars
    runs-on: ${{ matrix.os }}
    strategy:
      fail-fast: false
      matrix:
        os: [ ubuntu-22.04, macos-12, windows-2022 ]
        include:
          - os: ubuntu-22.04
            artifact_name: opdf
            package_name: opdf-linux
          - os: macos-12
            artifact_name: opdf
            package_name: opdf-macos
          - os: windows-2022
            artifact_name: opdf.exe
            package_name: opdf-windows
    steps:
      - name: Download artifacts
        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a
        with:
          name: opdf-jar
      - name: Setup GraalVM
        uses: graalvm/setup-graalvm@2a93b69fdf86ac5a078a98c1a707744632e1da94
        with:
          java-version: 21
          distribution: graalvm
          github-token: ${{ secrets.GITHUB_TOKEN }}
      - name: Build native image
        run: native-image --no-fallback -H:+AddAllCharsets -jar opdf.jar
      - name: Upload artifacts
        uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32
        with:
          name: ${{ matrix.package_name }}
          path: ${{ matrix.artifact_name }}