feat(release): Phase 5 — Goreleaser + Sigstore + perf gate #423
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Java CI | |
| # Lean Java CI — fast compile + unit-test gate on the Java reference side. | |
| # Pairs with go-parity.yml: this workflow proves the Java jar still builds | |
| # on every PR; go-parity.yml then uses the same build to diff against the | |
| # Go port. | |
| # | |
| # Heavier checks (jacoco coverage, SpotBugs, OWASP dependency-check) live | |
| # under workflow_dispatch via release-java.yml — they're not in the per-PR | |
| # loop because they slow the Go port's PRs without adding signal. | |
| # | |
| # Disappears in Phase 6 cutover along with the rest of the Java tree. | |
| on: | |
| push: | |
| branches: [main] | |
| pull_request: | |
| branches: [main] | |
| # NOTE: no `paths:` filter. The `build` job name is a required check | |
| # on main's branch protection, and a `paths:` filter would cause the | |
| # check to be skipped on PRs that don't touch Java — leaving the | |
| # required check stuck at "Waiting for status to be reported", which | |
| # blocks merge of every non-Java PR (e.g. PR #131 phase 5 release infra). | |
| # Java compile is ~1 minute; the cost is worth the always-on signal | |
| # until Phase 6 cutover deletes the Java tree entirely. | |
| permissions: read-all | |
| jobs: | |
| build: | |
| name: build | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4.2.2 | |
| with: | |
| fetch-depth: 0 | |
| - uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v4.7.1 | |
| with: | |
| distribution: 'temurin' | |
| java-version: '25' | |
| cache: 'maven' | |
| - name: Compile + unit tests (skip frontend) | |
| # -Dfrontend.skip=true so the npm step doesn't run — CI image | |
| # doesn't carry node 20 by default and the frontend is owned by | |
| # a separate workflow. -B (batch) + -ntp (no transfer progress) | |
| # for quiet logs. | |
| run: mvn -B -ntp -Dfrontend.skip=true verify | |
| - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v4.6.2 | |
| if: always() | |
| with: | |
| name: java-test-results | |
| path: target/surefire-reports/ |