From ed943b9c2132a04bff218ee2d06d7dbb3d39bac2 Mon Sep 17 00:00:00 2001 From: Patrik Korytar Date: Tue, 19 May 2026 14:10:38 +0200 Subject: [PATCH 1/3] NCL-9648 Implement Scala build action --- .github/actions/sbt-build/action.yml | 50 ++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) create mode 100644 .github/actions/sbt-build/action.yml diff --git a/.github/actions/sbt-build/action.yml b/.github/actions/sbt-build/action.yml new file mode 100644 index 0000000..565bc5d --- /dev/null +++ b/.github/actions/sbt-build/action.yml @@ -0,0 +1,50 @@ +name: "SBT build" +description: "Set up SBT, and build the project" + +inputs: + java_version: + description: "The Java version to use to compile. Default: 8" + required: false + default: "8" + resolvers: + description: | + SBT resolvers to configure. + Expected format: + resolvers ++= Seq( + "nameA" at "urlA", + "nameB" at "urlB", + "nameC" at "urlC" + ) + required: true + build_args: + description: "Args for SBT tool. Default: clean; compile; +test" + required: false + default: "clean; compile; +test" + +runs: + using: "composite" + + steps: + - name: Setup JDK + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 + with: + distribution: temurin + java-version: "${{ inputs.java_version }}" + cache: sbt + + - name: Setup SBT + uses: sbt/setup-sbt@2e222825582620cc38d2a54e674f3c01b7c14f5d # v1.1.24 + + - name: Configure Resolvers + shell: bash + env: + RESOLVERS: ${{ inputs.resolvers }} + run: | + mkdir -p "$HOME/.sbt/1.0" + printf '%s\n' "$RESOLVERS" > "$HOME/.sbt/1.0/resolvers.sbt" + + - name: Run SBT + shell: bash + env: + BUILD_ARGS: ${{ inputs.build_args }} + run: sbt -v -Dfile.encoding=UTF8 "$BUILD_ARGS" < /dev/null From fc27cd73314d8b1bff04cd9d633bb9ea9197c49b Mon Sep 17 00:00:00 2001 From: Patrik Korytar Date: Tue, 19 May 2026 14:10:38 +0200 Subject: [PATCH 2/3] NCL-9648 Implement Scala build action --- .github/actions/scala-build/action.yml | 50 ++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) create mode 100644 .github/actions/scala-build/action.yml diff --git a/.github/actions/scala-build/action.yml b/.github/actions/scala-build/action.yml new file mode 100644 index 0000000..d85c876 --- /dev/null +++ b/.github/actions/scala-build/action.yml @@ -0,0 +1,50 @@ +name: "Scala build" +description: "Set up Scala, and build the project" + +inputs: + java_version: + description: "The Java version to use to compile. Default: 8" + required: false + default: "8" + resolvers: + description: | + SBT resolvers to configure. + Expected format: + resolvers ++= Seq( + "nameA" at "urlA", + "nameB" at "urlB", + "nameC" at "urlC" + ) + required: true + build_args: + description: "Args for sbt tool. Default: clean; compile; +test" + required: false + default: "clean; compile; +test" + +runs: + using: "composite" + + steps: + - name: Setup JDK + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 + with: + distribution: temurin + java-version: "${{ inputs.java_version }}" + cache: sbt + + - name: Setup SBT + uses: sbt/setup-sbt@2e222825582620cc38d2a54e674f3c01b7c14f5d # v1.1.24 + + - name: Configure Resolvers + shell: bash + env: + RESOLVERS: ${{ inputs.resolvers }} + run: | + mkdir -p "$HOME/.sbt/1.0" + printf '%s\n' "$RESOLVERS" > "$HOME/.sbt/1.0/resolvers.sbt" + + - name: Run SBT + shell: bash + env: + BUILD_ARGS: ${{ inputs.build_args }} + run: sbt -v -Dfile.encoding=UTF8 "$BUILD_ARGS" < /dev/null From 4abfbee0e5e2db452efff04e138f454e1e6300cd Mon Sep 17 00:00:00 2001 From: Patrik Korytar Date: Tue, 19 May 2026 14:34:15 +0200 Subject: [PATCH 3/3] NCL-9648 Implement Scala workflows --- .github/actions/scala-build/action.yml | 50 --------------- .github/workflows/sbt-ci.yml | 85 ++++++++++++++++++++++++++ .github/workflows/sbt-snapshot.yml | 79 ++++++++++++++++++++++++ README.md | 26 +++++++- 4 files changed, 187 insertions(+), 53 deletions(-) delete mode 100644 .github/actions/scala-build/action.yml create mode 100644 .github/workflows/sbt-ci.yml create mode 100644 .github/workflows/sbt-snapshot.yml diff --git a/.github/actions/scala-build/action.yml b/.github/actions/scala-build/action.yml deleted file mode 100644 index d85c876..0000000 --- a/.github/actions/scala-build/action.yml +++ /dev/null @@ -1,50 +0,0 @@ -name: "Scala build" -description: "Set up Scala, and build the project" - -inputs: - java_version: - description: "The Java version to use to compile. Default: 8" - required: false - default: "8" - resolvers: - description: | - SBT resolvers to configure. - Expected format: - resolvers ++= Seq( - "nameA" at "urlA", - "nameB" at "urlB", - "nameC" at "urlC" - ) - required: true - build_args: - description: "Args for sbt tool. Default: clean; compile; +test" - required: false - default: "clean; compile; +test" - -runs: - using: "composite" - - steps: - - name: Setup JDK - uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 - with: - distribution: temurin - java-version: "${{ inputs.java_version }}" - cache: sbt - - - name: Setup SBT - uses: sbt/setup-sbt@2e222825582620cc38d2a54e674f3c01b7c14f5d # v1.1.24 - - - name: Configure Resolvers - shell: bash - env: - RESOLVERS: ${{ inputs.resolvers }} - run: | - mkdir -p "$HOME/.sbt/1.0" - printf '%s\n' "$RESOLVERS" > "$HOME/.sbt/1.0/resolvers.sbt" - - - name: Run SBT - shell: bash - env: - BUILD_ARGS: ${{ inputs.build_args }} - run: sbt -v -Dfile.encoding=UTF8 "$BUILD_ARGS" < /dev/null diff --git a/.github/workflows/sbt-ci.yml b/.github/workflows/sbt-ci.yml new file mode 100644 index 0000000..7d988c6 --- /dev/null +++ b/.github/workflows/sbt-ci.yml @@ -0,0 +1,85 @@ +name: SBT CI + +on: + workflow_call: + inputs: + fetch_all_commits: + description: "Whether to fetch all commits. Default: false" + required: false + type: boolean + default: false + java_version: + description: "The Java version to use to compile. Default: 8" + required: false + type: string + default: "8" + resolvers: + description: "SBT resolvers to configure" + required: false + type: string + default: | + resolvers ++= Seq( + "Sonatype Snapshots" at "https://oss.sonatype.org/content/repositories/snapshots", + "Artima" at "https://repo.artima.com/releases", + "MRRC" at "https://maven.repository.redhat.com/ga/" + ) + build_args: + description: "Args for SBT tool. Default: clean; compile; +test" + required: false + type: string + default: "clean; compile; +test" + upload_artifacts: + description: "Whether to upload artifacts and their metadata. Default: false" + required: false + type: boolean + default: false + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }}-${{ inputs.java_version }} + cancel-in-progress: true + +jobs: + build: + runs-on: ubuntu-latest + + permissions: + contents: read + + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + fetch-depth: ${{ inputs.fetch_all_commits == true && '0' || '1' }} + persist-credentials: false + + - uses: project-ncl/shared-github-actions/.github/actions/sbt-build@ # main + with: + java_version: ${{ inputs.java_version }} + resolvers: ${{ inputs.resolvers }} + build_args: ${{ inputs.build_args }} + + - name: Save PR metadata + if: inputs.upload_artifacts + env: + PR_NUMBER: ${{ github.event.pull_request.number }} + PR_SHA: ${{ github.event.pull_request.head.sha }} + run: | + mkdir -p pr-metadata + echo "$PR_NUMBER" > pr-metadata/pr-number + echo "$PR_SHA" > pr-metadata/pr-sha + + - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 + if: inputs.upload_artifacts + with: + name: pr-build + path: | + . + !.git + !pr-metadata + retention-days: 1 + + - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 + if: inputs.upload_artifacts + with: + name: pr-metadata + path: pr-metadata + retention-days: 1 diff --git a/.github/workflows/sbt-snapshot.yml b/.github/workflows/sbt-snapshot.yml new file mode 100644 index 0000000..fc88d8b --- /dev/null +++ b/.github/workflows/sbt-snapshot.yml @@ -0,0 +1,79 @@ +name: Build snapshot version and upload to registry + +on: + workflow_call: + inputs: + project_name: + # format: / + description: "The project name to run the job. Prevent forks to run snapshot job" + required: true + type: string + fetch_all_commits: + description: "Whether to fetch all commits. Default: false" + required: false + type: boolean + default: false + java_version: + description: "The Java version to use to compile. Default: 8" + required: false + type: string + default: "8" + resolvers: + description: "SBT resolvers to configure" + required: false + type: string + default: | + resolvers ++= Seq( + "Sonatype Snapshots" at "https://oss.sonatype.org/content/repositories/snapshots", + "Artima" at "https://repo.artima.com/releases", + "MRRC" at "https://maven.repository.redhat.com/ga/" + ) + build_args: + description: "Args for SBT tool. Default: clean; compile; +test" + required: false + type: string + default: "clean; compile; +test" + + secrets: + SNAPSHOT_USER: + required: true + SNAPSHOT_PASSWORD: + required: true + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +jobs: + build: + if: github.repository == inputs.project_name + runs-on: ubuntu-latest + + permissions: + contents: read + + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + fetch-depth: ${{ inputs.fetch_all_commits == true && '0' || '1' }} + persist-credentials: false + + - uses: project-ncl/shared-github-actions/.github/actions/sbt-build@ # main + with: + java_version: ${{ inputs.java_version }} + resolvers: ${{ inputs.resolvers }} + build_args: ${{ inputs.build_args }} + + - name: Publish snapshot + shell: bash + env: + SNAPSHOT_USER: ${{ secrets.SNAPSHOT_USER }} + SNAPSHOT_PASSWORD: ${{ secrets.SNAPSHOT_PASSWORD }} + run: | + mkdir -p "$HOME/.sbt" + printf '%s\n' \ + "realm=Sonatype Nexus Repository Manager" \ + "host=repository.jboss.org" \ + "user=$SNAPSHOT_USER" \ + "password=$SNAPSHOT_PASSWORD" > "$HOME/.sbt/.credentials" + sbt -v publish < /dev/null diff --git a/README.md b/README.md index a0b4ef6..08f0055 100644 --- a/README.md +++ b/README.md @@ -50,13 +50,23 @@ Standard CI workflow for Gradle projects. - **Inputs**: The following inputs are available to be overridden * java_version (default: `17`) * gradle_version (default `wrapper`) - * build_command + * build_args * pre_build_script * fetch_all_commits (default: `false`) * upload_coverage (default: `false`) * coverage_files (report files to upload) * upload_artifacts (default: `false`) +## SBT CI (`sbt-ci.yml`) +Standard CI workflow for Scala/SBT projects. + +- **Tasks**: Checkout code, set up Java, set up SBT, run build command, and optionally push build artifact (which is used by Mend workflow). +- **Inputs**: The following inputs are available to be overridden + * java_version (default: `8`) + * build_args + * resolvers (contents of SBT resolves file) + * fetch_all_commits (default: `false`) + * upload_artifacts (default: `false`) ## NPM CI (`npm-ci.yml`) Standard CI workflow for NPM projects. @@ -191,7 +201,7 @@ Workflow for performing a release to Maven Central (Sonatype). This can be manua Note that the `jboss-parent` overrides the release-plugin `tagNameFormat` to use `@{project.version}`. To revert to the default format add the following to the calling projects properties: `@{project.artifactId}-@{project.version}` ## Maven Snapshot (`maven-snapshot.yml`) -Workflow for deploying snapshot versions to Maven Central. +Workflow for deploying snapshot versions to Maven Central. Gated to the upstream repo so forks don't attempt to publish - **Tasks**: Deploy our SNAPSHOT version of our project to Maven Central Optionally builds and pushes a Quarkus Jib image to Quay.io. @@ -205,7 +215,13 @@ Workflow for deploying snapshot versions to Maven Central. ## Gradle Snapshot (`gradle-snapshot.yml`) -Workflow for deploying snapshot versions to Gradle Central, similar to its Maven counterpart. +Workflow for deploying snapshot versions to Gradle Central, similar to its Maven counterpart. Gated to the upstream repo so forks don't attempt to publish. + +## SBT Snapshot (`sbt-snapshot.yml`) + +Workflow for deploying snapshot versions to Sonatype Nexus, similar to its Maven counterpart. Gated to the upstream repo so forks don't attempt to publish. + +The workflow writes `~/.sbt/.credentials` for SBT to authenticate against the snapshot repository. ## Maven Set Version (`maven-set-version.yml`) Workflow to update the version in a Maven `pom.xml`. This can be manually run by going to the GitHub Actions tab and selecting the workflow. @@ -278,6 +294,10 @@ Sets up Java, sets up Gradle, and runs build command. Sets up Node.js, sets up NPM, and runs build command. +## SBT Build (`sbt-build/action.yml`) + +Sets up Java, sets up SBT, and runs build command. + ## Mend (`mend/action.yml`) Downloads and installs Mend CLI, runs Mend SCA scan (if enabled), and runs Mend SAST scan (if enabled). Publishes artifacts of results of SCA/SAST scans.