release.yml

name: Deployment

on:
  workflow_dispatch:
  release:
    types: [ published ]

jobs:
  build:
    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@v3

      # Set up Java Environment
      - name: Set up JDK 17
        uses: actions/setup-java@v3
        with:
          distribution: 'temurin'
          java-version: 17.0.7

      # Setup Ballerina Environment
      - name: Set Up Ballerina
        uses: ballerina-platform/setup-ballerina@v1.1.0
        with:
          version: 2201.8.4

      # Grant execute permission to the gradlew script
      - name: Grant execute permission for gradlew
        run: chmod +x gradlew

      # Build the project with Gradle
      - name: Build with Gradle
        env:
          packageUser: ${{ secrets.BALLERINA_BOT_USERNAME }}
          packagePAT: ${{ secrets.BALLERINA_BOT_TOKEN }}
          JAVA_OPTS: -DBALLERINA_DEV_COMPILE_BALLERINA_ORG=true
        run: |
          ./gradlew build -x test

      # Perform Trivy scan
      - name: Run Trivy vulnerability scanner
        uses: aquasecurity/trivy-action@master
        with:
          scan-type: 'rootfs'
          scan-ref: '.'
          skip-dirs: 'gradle/'
          format: 'table'
          timeout: '10m0s'
          exit-code: '1'

      # Build Ballerina Project
      - name: Ballerina Build
        run: bal pack ./ballerina
        env:
          JAVA_HOME: /usr/lib/jvm/default-jvm

      # Push to Ballerina Central
      - name: Ballerina Push
        run: bal push
        working-directory: ./ballerina
        env:
          BALLERINA_CENTRAL_ACCESS_TOKEN: ${{ secrets.BALLERINA_CENTRAL_ACCESS_TOKEN }}
          JAVA_HOME: /usr/lib/jvm/default-jvm