Bump the java-production-dependencies group in /backend with 2 updates #1405

Workflow file for this run

	name: CI Build

	on:
	push:
	pull_request_target:
	types: [labeled]

	env:
	NODE_VERSION: 20
	JAVA_VERSION: 21

	defaults:
	run:
	shell: bash

	jobs:
	test:
	name: Run Tests
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4
	with:
	fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
	- uses: actions/setup-node@v4
	with:
	node-version: ${{ env.NODE_VERSION }}
	cache: 'npm'
	cache-dependency-path: frontend/package-lock.json
	- name: NPM install
	working-directory: frontend
	run: npm ci --ignore-scripts
	- name: Build and test frontend
	working-directory: frontend
	run: npm test
	- name: Deploy frontend
	working-directory: frontend
	run: npm run dist
	- name: SonarCloud Scan Frontend
	uses: SonarSource/sonarqube-scan-action@v4
	with:
	projectBaseDir: frontend
	args: >
	-Dsonar.organization=cryptomator
	-Dsonar.projectKey=cryptomator_hub_frontend
	-Dsonar.typescript.tsconfigPath=tsconfig.json
	-Dsonar.sources=src/
	-Dsonar.tests=test/
	-Dsonar.javascript.lcov.reportPaths=coverage/lcov.info
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
	SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
	- uses: actions/setup-java@v4
	with:
	distribution: 'temurin'
	java-version: ${{ env.JAVA_VERSION }}
	cache: 'maven'
	- name: Cache SonarCloud packages
	uses: actions/cache@v4
	with:
	path: ~/.sonar/cache
	key: ${{ runner.os }}-sonar
	restore-keys: ${{ runner.os }}-sonar
	- name: Build and test backend
	working-directory: backend
	run: >
	./mvnw -B clean verify
	org.sonarsource.scanner.maven:sonar-maven-plugin:sonar
	-Dsonar.projectKey=cryptomator_hub_backend
	-Dsonar.organization=cryptomator
	-Dsonar.host.url=https://sonarcloud.io
	--no-transfer-progress
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

	build-native-image:
	name: Build and Push ${{ matrix.arch }} Image
	needs: test
	if: startsWith(github.ref, 'refs/tags/') \|\| contains(github.event.head_commit.message, '[build image]')
	strategy:
	fail-fast: false
	matrix:
	include:
	- os: ubuntu-latest
	platform: linux/amd64
	arch: amd64
	- os: ubuntu-24.04-arm
	platform: linux/arm64
	arch: arm64
	runs-on: ${{ matrix.os }}
	outputs:
	digest_amd64: ${{ steps.digest.outputs.digest_amd64 }}
	digest_arm64: ${{ steps.digest.outputs.digest_arm64 }}
	permissions:
	contents: read
	packages: write
	steps:
	- uses: actions/checkout@v4
	- uses: actions/setup-node@v4
	with:
	node-version: ${{ env.NODE_VERSION }}
	cache: 'npm'
	cache-dependency-path: frontend/package-lock.json
	- name: NPM install
	working-directory: frontend
	run: npm ci --ignore-scripts
	- name: Deploy frontend
	working-directory: frontend
	run: npm run dist
	- name: Ensure to use tagged version
	working-directory: backend
	run: ./mvnw versions:set --file pom.xml -DnewVersion=${GITHUB_REF##*/}
	- name: Docker metadata
	id: meta
	uses: docker/metadata-action@v5
	with:
	images: ghcr.io/cryptomator/hub
	tags: \|
	type=sha,prefix=,format=short
	flavor: \|
	suffix=-${{ matrix.arch }}
	labels: \|
	org.opencontainers.image.title=Cryptomator Hub
	org.opencontainers.image.vendor=Skymatic GmbH
	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3
	- name: Login to GHCR
	uses: docker/login-action@v3
	with:
	registry: ghcr.io
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}
	- name: Build and Push Container Image
	id: push
	uses: docker/build-push-action@v6
	with:
	context: backend
	file: backend/src/main/docker/Dockerfile.native
	platforms: ${{ matrix.platform }}
	tags: ${{ steps.meta.outputs.tags }}
	labels: ${{ steps.meta.outputs.labels }}
	push: true
	- name: Export Digest
	id: digest
	run: \|
	echo "digest_${{ matrix.arch }}=${{ steps.push.outputs.digest }}" >> "$GITHUB_OUTPUT"

	multi-arch-image:
	name: Build and Push Multi-Arch Image
	needs: build-native-image
	runs-on: ubuntu-latest
	permissions:
	id-token: write
	contents: read
	attestations: write
	packages: write
	steps:
	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3
	- name: Determine short Commit SHA
	id: sha
	run: echo "short_sha=${LONG_SHA:0:7}" >> "$GITHUB_OUTPUT"
	env:
	LONG_SHA: ${{ github.sha }}
	- name: Login to GHCR
	uses: docker/login-action@v3
	with:
	registry: ghcr.io
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}
	- name: Create Multi-Arch Manifest for ghcr.io/cryptomator/hub:${{ steps.sha.outputs.short_sha }}
	run: >
	docker buildx imagetools create --tag ghcr.io/cryptomator/hub:${{ steps.sha.outputs.short_sha }}
	ghcr.io/cryptomator/hub@${{ needs.build-native-image.outputs.digest_amd64 }}
	ghcr.io/cryptomator/hub@${{ needs.build-native-image.outputs.digest_arm64 }}
	- name: Retrieve Multi-Arch Digest
	id: inspect
	run: \|
	DIGEST=$(docker buildx imagetools inspect ghcr.io/cryptomator/hub:${{ steps.sha.outputs.short_sha }} --format "{{json .Manifest}}" \| jq -r .digest)
	echo "digest_multiarch=${DIGEST}" >> "$GITHUB_OUTPUT"
	- name: Generate artifact attestation
	uses: actions/attest-build-provenance@v2
	with:
	subject-name: ghcr.io/cryptomator/hub
	subject-digest: ${{ steps.inspect.outputs.digest_multiarch }}
	push-to-registry: true

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the java-production-dependencies group in /backend with 2 updates #1405

Workflow file

Bump the java-production-dependencies group in /backend with 2 updates #1405

Jobs

Run details

Workflow file for this run