.github/workflows/build-and-deploy.yml

name: Build & Deploy

on:
  push:
    paths-ignore:
      - '.gitignore'
      - '.mergify.yml'
      - 'CHANGELOG.md'
      - 'LICENSE'
      - 'README.md'
      - 'renovate.json'
  pull_request:

jobs:
  validation:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout the repository
        uses: actions/checkout@v4
      - name: Validate the Gradle Wrapper
        uses: gradle/wrapper-validation-action@v1.1.0

  build:
    needs:
      - validation
    strategy:
      matrix:
        os: [ ubuntu, macos, windows ]
        java-version: [ 11, 17 ]
    runs-on: ${{ matrix.os }}-latest
    steps:
      - name: Checkout the repository
        uses: actions/checkout@v4
        with:
          submodules: recursive
          fetch-depth: 0
      - name: Setup Java
        uses: actions/setup-java@v4
        with:
          java-version: ${{ matrix.java-version }}
          distribution: adopt
      - name: Compile and run quality assurance
        env:
          ORG_GRADLE_PROJECT_ghPackageUsername: ${{ secrets.GH_PACKAGES_USERNAME }}
          ORG_GRADLE_PROJECT_ghPackagesPwd: ${{ secrets.GH_PACKAGES_PASSWORD }}
        run: ./gradlew clean check

  release-and-delivery:
    permissions:
      contents: write
      issues: write
      pull-requests: write
      packages: write
    concurrency:
      # Allow only one release at a time.
      group: release-and-delivery-${{ github.event.number || github.ref }}
    needs:
      - build
    runs-on: ubuntu-latest
    outputs:
      release-status: ${{ env.release_status }}
    # Release only where secrets are available.
    if: >-
      !github.event.repository.fork
      && (
        github.event_name != 'pull_request'
        || github.event.pull_request.head.repo.full_name == github.repository
      )
    steps:
      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: "lts/*"
      - name: Release and container delivery
        uses: AndreaGiulianelli/release-and-delivery-action@1.0.0
        with:
          should-release: true
          release-command: |
            npm install
            npx semantic-release
          should-build-and-deliver-container: true
          container-registry-name: 'ghcr.io'
          container-registry-username: ${{ github.actor }}
          container-registry-password: ${{ secrets.GITHUB_TOKEN }}
          dockerfile-secrets: |
            "gh_packages_username=${{ secrets.GH_PACKAGES_USERNAME }}"
            "gh_packages_password=${{ secrets.GH_PACKAGES_PASSWORD }}"
          github-token: ${{ secrets.GITHUB_TOKEN }}

  success:
    runs-on: ubuntu-latest
    needs:
      - validation
      - build
      - release-and-delivery
    if: >-
      always() && (
        contains(join(needs.*.result, ','), 'failure')
        || !contains(join(needs.*.result, ','), 'cancelled')
      )
    steps:
      - name: Verify that there were no failures
        run: ${{ !contains(join(needs.*.result, ','), 'failure') }}