[skip ci] - pre release workflow

jdaugherty · jdaugherty · commit 39fba6e23c6b · 2024-12-19T18:57:39.000-05:00
diff --git a/.github/workflows/gradle.yml b/.github/workflows/gradle.yml
@@ -11,6 +11,8 @@ on:
   workflow_dispatch:
 jobs:
   build:
+    outputs:
+      found_skip_publish: ${{ steps.check_prevent_property.outputs.value }}
     permissions:
       contents: read  #  to fetch code (actions/checkout)
     strategy:
@@ -21,6 +23,14 @@ jobs:
     steps:
       - name: "📥 Checkout repository"
         uses: actions/checkout@v4
+      - name: "🔍 Check if we should skip publish"
+        id: check_prevent_property
+        run: |
+          if grep -q '^preventSnapshotPublish=true' gradle.properties; then
+            echo "value=true" >> $GITHUB_OUTPUT
+          else
+            echo "value=false" >> $GITHUB_OUTPUT
+          fi
       - name: "☕️ Setup JDK"
         uses: actions/setup-java@v4
         with:
@@ -37,7 +47,7 @@ jobs:
           DEVELOCITY_BUILD_CACHE_NODE_KEY: ${{ secrets.GRADLE_ENTERPRISE_BUILD_CACHE_NODE_KEY }}
         run: ./gradlew build assemble groovydoc
   publish:
-    if: github.event_name == 'push'
+    if: github.event_name == 'push' && needs.build.outputs.found_skip_publish != 'true'
     needs: build
     permissions:
       contents: read # limit to read access
@@ -66,7 +76,7 @@ jobs:
           -Dorg.gradle.internal.publish.checksums.insecure=true
           publish
   docs:
-    if: github.event_name == 'push'
+    if: github.event_name == 'push' && needs.build.outputs.found_skip_publish != 'true'
     needs: publish
     runs-on: ubuntu-latest
     permissions:
diff --git a/.github/workflows/pre-release.yml b/.github/workflows/pre-release.yml
@@ -0,0 +1,79 @@
+name: "🖨️ Pre Release"
+on:
+  workflow_dispatch:
+    inputs:
+      targetVersion:
+        description: 'Expected Release Version'
+        required: true
+env:
+  GIT_USER_NAME: 'grails-build'
+  GIT_USER_EMAIL: 'grails-build@users.noreply.github.com'
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      packages: write
+    steps:
+#      - name: "💥 Purge Existing Builds - org.grails.grails-gsp"
+#        run: |
+#          curl -L \
+#          -X DELETE \
+#          -H "Accept: application/vnd.github+json" \
+#          -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
+#          -H "X-GitHub-Api-Version: 2022-11-28" \
+#          https://api.github.com/orgs/${{ github.repository_owner }}/packages/maven/org.grails.grails-gsp || true
+      - name: "📥 Checkout repository"
+        uses: actions/checkout@v4
+      - name: "🛑 Set Prevent Snapshot Publishing Flag"
+        run: |
+          sed -i "s/^preventSnapshotPublish.*$/preventSnapshotPublish\=true/" gradle.properties
+      - name: "📩 Commit flag to prevent snapshot publishing"
+        run: |
+          git config user.name "${{ env.GIT_USER_NAME }}"
+          git config user.email "${{ env.GIT_USER_EMAIL }}"
+          git add gradle.properties
+          if ! git diff --cached --quiet; then
+            git commit -m "[skip ci] Pre Release - ${{ github.event.inputs.targetVersion }} - Preventing Snapshot Publishing"
+            git push origin HEAD
+          else
+            echo "Publishing already disabled."
+          fi
+      - name: "☕️ Setup JDK"
+        uses: actions/setup-java@v4
+        with:
+          distribution: 'liberica'
+          java-version: '17'
+      - name: "🐘 Setup Gradle"
+        uses: gradle/actions/setup-gradle@v4
+        with:
+          develocity-access-key: ${{ secrets.DEVELOCITY_ACCESS_KEY }}
+      - name: "⚙ Set version to ${{ github.event.inputs.targetVersion }}"
+        run: |
+          sed -i "s/^projectVersion.*$/projectVersion\=${{ github.event.inputs.targetVersion }}/" gradle.properties
+          cat gradle.properties
+      - name: "🧩 Run Assemble"
+        if: success()
+        run: ./gradlew assemble
+        env:
+          DEVELOCITY_BUILD_CACHE_NODE_USER: ${{ secrets.GRADLE_ENTERPRISE_BUILD_CACHE_NODE_USER }}
+          DEVELOCITY_BUILD_CACHE_NODE_KEY: ${{ secrets.GRADLE_ENTERPRISE_BUILD_CACHE_NODE_KEY }}
+      - name: "🔐 Generate key file for artifact signing"
+        env:
+          SECRING_FILE: ${{ secrets.SECRING_FILE }}
+        run: echo $SECRING_FILE | base64 -d > ${{ github.workspace }}/secring.gpg
+      - name: "📤 Publish to GitHub Packages"
+        id: publish
+        env:
+          DEVELOCITY_BUILD_CACHE_NODE_USER: ${{ secrets.GRADLE_ENTERPRISE_BUILD_CACHE_NODE_USER }}
+          DEVELOCITY_BUILD_CACHE_NODE_KEY: ${{ secrets.GRADLE_ENTERPRISE_BUILD_CACHE_NODE_KEY }}
+          GITHUB_USERNAME: ${{ secrets.GITHUB_ACTOR }}
+          GITHUB_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_PUBLISH: 'true'
+          SIGNING_KEY: ${{ secrets.SIGNING_KEY }}
+          SIGNING_PASSPHRASE: ${{ secrets.SIGNING_PASSPHRASE }}
+          SECRING_FILE: ${{ secrets.SECRING_FILE }}
+        run: >
+          ./gradlew
+          -Psigning.secretKeyRingFile=${{ github.workspace }}/secring.gpg 
+          publish
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -16,8 +16,30 @@ jobs:
       GIT_USER_NAME: 'grails-build'
       GIT_USER_EMAIL: 'grails-build@users.noreply.github.com'
     steps:
+#      - name: "💥 Purge Existing Builds - org.grails.plugins.gsp"
+#        run: |
+#          curl -L \
+#          -X DELETE \
+#          -H "Accept: application/vnd.github+json" \
+#          -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
+#          -H "X-GitHub-Api-Version: 2022-11-28" \
+#          https://api.github.com/orgs/${{ github.repository_owner }}/packages/maven/org.grails.plugins.gsp || true
       - name: "📥 Checkout repository"
         uses: actions/checkout@v4
+      - name: "⎌ Revert Prevent Snapshot Publishing Flag"
+        run: |
+          sed -i "s/^preventSnapshotPublish.*$/preventSnapshotPublish\=false/" gradle.properties
+      - name: "📩 Commit flag to allow snapshot publishing"
+        run: |
+          git config user.name "${{ env.GIT_USER_NAME }}"
+          git config user.email "${{ env.GIT_USER_EMAIL }}"
+          git add gradle.properties
+          if ! git diff --cached --quiet; then
+            git commit -m "[skip ci] Restore Snapshot Publishing"
+            git push origin HEAD
+          else
+            echo "Publishing already enabled."
+          fi
       - name: "☕️ Setup JDK"
         uses: actions/setup-java@v4
         with:
diff --git a/build.gradle b/build.gradle
@@ -16,9 +16,11 @@ apply plugin: 'idea'
 ext {
     isJava8Compatible = org.gradle.api.JavaVersion.current().isJava8Compatible()
     grailsVersion = project.projectVersion
-    isBuildSnapshot = grailsVersion.endsWith("-SNAPSHOT")
-    isReleaseVersion = !isBuildSnapshot
     isCiBuild = System.getenv().get("CI") as Boolean
+    isGitHubRepoPublish = System.getenv("GITHUB_PUBLISH") == 'true'
+    isGrailsRepoPublish = grailsVersion.endsWith("-SNAPSHOT") && !isGitHubRepoPublish
+    isReleaseVersion = !isGrailsRepoPublish && !isGitHubRepoPublish
+
     springLoadedCommonOptions = "-Xverify:none -Dspringloaded.synchronize=true -Djdk.reflect.allowGetCallerClass=true"
 
     nexusUsername = System.getenv("SONATYPE_USERNAME") ?: project.hasProperty("sonatypeOssUsername") ? project.sonatypeOssUsername : ''
@@ -217,17 +219,27 @@ subprojects { subproject ->
             }
         }
         publishing {
-
-            if (isBuildSnapshot) {
+            if (isGrailsRepoPublish || isGitHubRepoPublish) {
                 repositories {
                     maven {
                         credentials {
-                            def u = subproject.hasProperty("artifactoryPublishUsername") ? subproject.getProperty('artifactoryPublishUsername') : System.getenv("ARTIFACTORY_USERNAME")
-                            def p = subproject.hasProperty("artifactoryPublishPassword") ? subproject.getProperty('artifactoryPublishPassword') : System.getenv("ARTIFACTORY_PASSWORD")
-                            username = u
-                            password = p
+                            if (isGrailsRepoPublish) {
+                                def u = subproject.hasProperty("artifactoryPublishUsername") ? subproject.getProperty('artifactoryPublishUsername') : System.getenv("ARTIFACTORY_USERNAME")
+                                def p = subproject.hasProperty("artifactoryPublishPassword") ? subproject.getProperty('artifactoryPublishPassword') : System.getenv("ARTIFACTORY_PASSWORD")
+                                username = u
+                                password = p
+                            } else {
+                                def u = System.getenv('GITHUB_USERNAME') ?: ''
+                                def p = System.getenv('GITHUB_PASSWORD') ?: ''
+                                username = u
+                                password = p
+                            }
+                        }
+                        if (isGrailsRepoPublish) {
+                            url "https://repo.grails.org/grails/libs-snapshots-local"
+                        } else {
+                            url 'https://maven.pkg.github.com/grails/grails-core'
                         }
-                        url "https://repo.grails.org/grails/libs-snapshots-local"
                     }
                 }
             }
@@ -272,18 +284,20 @@ subprojects { subproject ->
 
         afterEvaluate {
             signing {
-                required { isReleaseVersion && gradle.taskGraph.hasTask("publish") }
+                required { (isReleaseVersion || isGitHubRepoPublish) && gradle.taskGraph.hasTask("publish") }
                 sign publishing.publications.maven
             }
         }
 
         tasks.withType(Sign) {
-            onlyIf { isReleaseVersion }
+            onlyIf { isReleaseVersion || isGitHubRepoPublish }
         }
 
         //do not generate extra load on Nexus with new staging repository if signing fails
-        tasks.withType(io.github.gradlenexus.publishplugin.InitializeNexusStagingRepository).configureEach {
-            shouldRunAfter(tasks.withType(Sign))
+        if (isReleaseVersion) {
+            tasks.withType(io.github.gradlenexus.publishplugin.InitializeNexusStagingRepository).configureEach {
+                shouldRunAfter(tasks.withType(Sign))
+            }
         }
     }
 
diff --git a/gradle.properties b/gradle.properties
@@ -79,4 +79,8 @@ spock.version=2.3-groovy-4.0
 spotbugs-annotations.version=4.8.6
 spring-boot.version=3.4.0
 springloaded.version=1.2.8.RELEASE
-views-json-testing-support.version=4.0.0-SNAPSHOT
+views-json-testing-support.version=4.0.0-SNAPSHOT
+
+# Set when we are temporarily releasing, should be false unless we want to prevent
+# snapshot or documentation publishes.
+preventSnapshotPublish=false
