ci.yaml

name: Java CI

on:
  pull_request:
    branches: [master]
  push:
    branches: [master]
  release:
    types: [created]

permissions: read-all

jobs:
  build:
    runs-on: ubuntu-24.04
    steps:
      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

      - name: Set up JDK
        uses: actions/setup-java@2dfa2011c5b2a0f1489bf9e433881c92c1631f88 # v4.3.0
        with:
          java-version: "17"
          distribution: "temurin"
          cache: "gradle"

      - uses: gradle/actions/wrapper-validation@d156388eb19639ec20ade50009f3d199ce1e2808 # v4.1.0

      - name: Setup Gradle
        uses: gradle/actions/setup-gradle@d156388eb19639ec20ade50009f3d199ce1e2808 # v4.1.0

      - name: Build with Gradle
        run: ./gradlew build

      - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
        with:
          name: package
          path: build/libs

      - name: Run Tests
        run: ./gradlew test

      - name: Run Test Coverage
        run: ./gradlew jacocoTestReport

      - name: Generate JaCoCo Badge
        uses: cicirello/jacoco-badge-generator@f33476a5a3fd5a4f77cb5eef2ebe728c1dd5b921 # v2.11.0
        with:
          jacoco-csv-file: build/reports/jacoco/test/jacocoTestReport.csv

      - name: Publish package
        if: ${{ github.event_name == 'release' && github.event.action == 'created' }}
        run: ./gradlew publish
        env:
          OSSRH_USERNAME: ${{ secrets.OSSRH_USERNAME }}
          OSSRH_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
          MIRACUM_SIGNING_KEY: ${{ secrets.MIRACUM_SIGNING_KEY }}
          MIRACUM_SIGNING_KEY_PASSPHRASE: ${{ secrets.MIRACUM_SIGNING_KEY_PASSPHRASE }}

  lint:
    uses: miracum/.github/.github/workflows/standard-lint.yaml@b2389048770aa5b9ed439810bf84911fbb07f645 # v1.12.3
    permissions:
      contents: read
      pull-requests: write
      issues: write
      security-events: write
      actions: read
    with:
      enable-validate-gradle-wrapper: true
      codeql-languages: '["java"]'
      enable-codeql: true
      enable-verify-base-image-signature: false
    secrets:
      github-token: ${{ secrets.GITHUB_TOKEN }}