7.0.0-M4 #38
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Licensed to the Apache Software Foundation (ASF) under one or more | |
| # contributor license agreements. See the NOTICE file distributed with | |
| # this work for additional information regarding copyright ownership. | |
| # The ASF licenses this file to You under the Apache License, Version 2.0 | |
| # (the "License"); you may not use this file except in compliance with | |
| # the License. You may obtain a copy of the License at | |
| # | |
| # https://www.apache.org/licenses/LICENSE-2.0 | |
| # | |
| # Unless required by applicable law or agreed to in writing, software | |
| # distributed under the License is distributed on an "AS IS" BASIS, | |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
| # See the License for the specific language governing permissions and | |
| # limitations under the License. | |
| name: "Release" | |
| on: | |
| release: | |
| types: [published] | |
| permissions: | |
| contents: write | |
| packages: read | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| jobs: | |
| publish: | |
| name: "Stage Jar Files" | |
| permissions: | |
| packages: read # pre-release workflow | |
| contents: write # to create release | |
| issues: write # to modify milestones | |
| runs-on: ubuntu-24.04 | |
| outputs: | |
| release_version: ${{ steps.release_version.outputs.value }} | |
| extract_repository_name: ${{ steps.extract_repository_name.outputs.repository_name }} | |
| steps: | |
| - name: "π Store the current release version" | |
| id: release_version | |
| run: | | |
| export RELEASE_VERSION="${GITHUB_REF:11}" | |
| echo "Found Release Version: ${RELEASE_VERSION}" | |
| echo "value=${RELEASE_VERSION}" >> $GITHUB_OUTPUT | |
| - name: "Output Agent IP" # in the event RAO blocks this agent, this can be used to debug it | |
| run: curl -s https://api.ipify.org | |
| - name: "Extract repository name" | |
| id: extract_repository_name | |
| run: | | |
| echo "repository_name=${GITHUB_REPOSITORY##*/}" >> $GITHUB_OUTPUT | |
| - name: "π₯ Checkout repository" | |
| uses: actions/checkout@v4 | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| ref: v${{ steps.release_version.outputs.value }} | |
| - name: 'Ensure Common Build Date' # to ensure a reproducible build | |
| run: echo "SOURCE_DATE_EPOCH=$(git log -1 --pretty=%ct)" >> "$GITHUB_ENV" | |
| - name: "Ensure source files use common date" | |
| run: | | |
| find . -depth \( -type f -o -type d \) -exec touch -d "@${SOURCE_DATE_EPOCH}" {} + | |
| - name: 'π Set up GPG' | |
| run: | | |
| echo "${{ secrets.GRAILS_GPG_KEY }}" | gpg --batch --import | |
| gpg --list-keys | |
| env: | |
| GPG_KEY_ID: ${{ secrets.GPG_KEY_ID }} | |
| - name: "βοΈ Setup JDK" | |
| uses: actions/setup-java@v4 | |
| with: | |
| distribution: liberica | |
| java-version: '17.0.15' # this must be a specific version for reproducible builds | |
| - name: "π Setup Gradle" | |
| uses: gradle/actions/setup-gradle@v4 | |
| with: | |
| develocity-access-key: ${{ secrets.GRAILS_DEVELOCITY_ACCESS_KEY }} | |
| - name: "βοΈ Run pre-release" | |
| uses: apache/grails-github-actions/pre-release@asf | |
| env: | |
| RELEASE_VERSION: ${{ steps.release_version.outputs.value }} | |
| - name: "π€ Publish to staging repository" | |
| env: | |
| GRAILS_PUBLISH_RELEASE: 'true' | |
| NEXUS_PUBLISH_USERNAME: ${{ secrets.NEXUS_STAGE_DEPLOYER_USER }} | |
| NEXUS_PUBLISH_PASSWORD: ${{ secrets.NEXUS_STAGE_DEPLOYER_PW }} | |
| NEXUS_PUBLISH_URL: 'https://repository.apache.org/service/local/' | |
| NEXUS_PUBLISH_STAGING_PROFILE_ID: ${{ secrets.STAGING_PROFILE_ID }} | |
| NEXUS_PUBLISH_DESCRIPTION: '${{ steps.extract_repository_name.outputs.repository_name }}:${{ steps.release_version.outputs.value }}' | |
| SIGNING_KEY: ${{ secrets.GPG_KEY_ID }} | |
| run: > | |
| ./gradlew | |
| publishToSonatype | |
| closeSonatypeStagingRepository | |
| aggregateChecksums | |
| aggregatePublishedArtifacts | |
| - name: "Upload checksums" | |
| uses: softprops/action-gh-release@da05d552573ad5aba039eaac05058a918a7bf631 | |
| with: | |
| files: build/CHECKSUMS.txt | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: "Upload published artifacts" | |
| uses: softprops/action-gh-release@da05d552573ad5aba039eaac05058a918a7bf631 | |
| with: | |
| files: build/PUBLISHED_ARTIFACTS.txt | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: "Generate Build Date file" | |
| run: echo "$SOURCE_DATE_EPOCH" >> build/BUILD_DATE.txt | |
| - name: "Upload Build Date file" | |
| uses: softprops/action-gh-release@da05d552573ad5aba039eaac05058a918a7bf631 | |
| with: | |
| files: build/BUILD_DATE.txt | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| source: | |
| # to ensure we never publish any build artifacts, run the source distribution as a separate build workflow | |
| environment: source | |
| name: "Source Distribution" | |
| needs: publish | |
| permissions: | |
| contents: write | |
| runs-on: ubuntu-latest | |
| outputs: | |
| extract_repository_name: ${{ steps.extract_repository_name.outputs.repository_name }} | |
| steps: | |
| - name: "Extract repository name" | |
| id: extract_repository_name | |
| run: | | |
| echo "repository_name=${GITHUB_REPOSITORY##*/}" >> $GITHUB_OUTPUT | |
| - name: "π₯ Checkout repository" | |
| uses: actions/checkout@v4 | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| ref: ${{ github.ref_name }} | |
| path: ${{ steps.extract_repository_name.outputs.repository_name }} | |
| - name: "ποΈ Remove unnecessary files" | |
| run: | | |
| rm -f ${{ steps.extract_repository_name.outputs.repository_name }}/gradle/wrapper/gradle-wrapper.jar | |
| rm -f ${{ steps.extract_repository_name.outputs.repository_name }}/gradle/wrapper/gradle-wrapper.properties | |
| rm -f ${{ steps.extract_repository_name.outputs.repository_name }}/gradlew | |
| rm -f ${{ steps.extract_repository_name.outputs.repository_name }}/gradlew.bat | |
| rm -f ${{ steps.extract_repository_name.outputs.repository_name }}/.asf.yaml | |
| - name: "Download CHECKSUMS.txt and rename to CHECKSUMS" | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| cd ${{ steps.extract_repository_name.outputs.repository_name }} | |
| release_url=$(gh release view ${{ github.ref_name }} --json assets --repo ${{ github.repository }} --jq '.assets[] | select(.name == "CHECKSUMS.txt") | .url') | |
| curl -L -H "Authorization: token $GH_TOKEN" -o CHECKSUMS "$release_url" | |
| - name: "Download PUBLISHED_ARTIFACTS.txt and rename to PUBLISHED_ARTIFACTS" | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| cd ${{ steps.extract_repository_name.outputs.repository_name }} | |
| release_url=$(gh release view ${{ github.ref_name }} --json assets --repo ${{ github.repository }} --jq '.assets[] | select(.name == "PUBLISHED_ARTIFACTS.txt") | .url') | |
| curl -L -H "Authorization: token $GH_TOKEN" -o PUBLISHED_ARTIFACTS "$release_url" | |
| - name: "Download BUILD_DATE.txt and rename to BUILD_DATE" | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| cd ${{ steps.extract_repository_name.outputs.repository_name }} | |
| release_url=$(gh release view ${{ github.ref_name }} --json assets --repo ${{ github.repository }} --jq '.assets[] | select(.name == "BUILD_DATE.txt") | .url') | |
| curl -L -H "Authorization: token $GH_TOKEN" -o BUILD_DATE "$release_url" | |
| - name: "Ensure source files use common date" | |
| run: | | |
| SOURCE_DATE_EPOCH=$(cat ${{ steps.extract_repository_name.outputs.repository_name }}/BUILD_DATE) | |
| find . -depth \( -type f -o -type d \) -exec touch -d "@${SOURCE_DATE_EPOCH}" {} + | |
| - name: "π¦ Create source distribution ZIP" | |
| run: | | |
| version="${{ github.ref_name }}" | |
| version="${version#v}" # Strip 'v' prefix | |
| zip -r "apache-${{ steps.extract_repository_name.outputs.repository_name }}-${version}-incubating-src.zip" ${{ steps.extract_repository_name.outputs.repository_name }} -x '${{ steps.extract_repository_name.outputs.repository_name }}/.git/*' -x '${{ steps.extract_repository_name.outputs.repository_name }}/.github/*' | |
| - name: 'π Set up GPG' | |
| run: | | |
| echo "${{ secrets.GRAILS_GPG_KEY }}" | gpg --batch --import | |
| gpg --list-keys | |
| env: | |
| GPG_KEY_ID: ${{ secrets.GPG_KEY_ID }} | |
| - name: "π Sign source distribution ZIP" | |
| env: | |
| GPG_KEY_ID: ${{ secrets.GPG_KEY_ID }} | |
| run: | | |
| version="${{ github.ref_name }}" | |
| version="${version#v}" # Strip 'v' prefix | |
| gpg --default-key "${GPG_KEY_ID}" --batch --yes --pinentry-mode loopback --armor --detach-sign apache-${{ steps.extract_repository_name.outputs.repository_name }}-${version}-incubating-src.zip | |
| - name: "π¦ Create source distribution checksum" | |
| run: | | |
| version="${{ github.ref_name }}" | |
| version="${version#v}" # Strip 'v' prefix | |
| sha512sum apache-${{ steps.extract_repository_name.outputs.repository_name }}-${version}-incubating-src.zip > "apache-${{ steps.extract_repository_name.outputs.repository_name }}-${version}-incubating-src.zip.sha512" | |
| - name: "π Upload ZIP and Signature to GitHub Release" | |
| uses: softprops/action-gh-release@da05d552573ad5aba039eaac05058a918a7bf631 | |
| with: | |
| tag_name: ${{ github.ref_name }} | |
| files: | | |
| apache-${{ steps.extract_repository_name.outputs.repository_name }}-*-incubating-src.zip | |
| apache-${{ steps.extract_repository_name.outputs.repository_name }}-*-incubating-src.zip.sha512 | |
| apache-${{ steps.extract_repository_name.outputs.repository_name }}-*-incubating-src.zip.asc | |
| - name: "Remove CHECKSUMS.txt asset from release" | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| set -e | |
| cd ${{ steps.extract_repository_name.outputs.repository_name }} | |
| gh release --repo ${{ github.repository }} delete-asset ${{ github.ref_name }} CHECKSUMS.txt --yes | |
| - name: "Remove BUILD_DATE.txt asset from release" | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| set -e | |
| cd ${{ steps.extract_repository_name.outputs.repository_name }} | |
| gh release --repo ${{ github.repository }} delete-asset ${{ github.ref_name }} BUILD_DATE.txt --yes | |
| - name: "Remove PUBLISHED_ARTIFACTS.txt asset from release" | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| set -e | |
| cd ${{ steps.extract_repository_name.outputs.repository_name }} | |
| gh release --repo ${{ github.repository }} delete-asset ${{ github.ref_name }} PUBLISHED_ARTIFACTS.txt --yes | |
| release: | |
| name: "Close Release" | |
| environment: release | |
| needs: [publish, source, docs] | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| issues: write | |
| steps: | |
| - name: "π₯ Checkout repository" | |
| uses: actions/checkout@v4 | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| ref: v${{ needs.publish.outputs.release_version }} | |
| - name: "βοΈ Setup JDK" | |
| uses: actions/setup-java@v4 | |
| with: | |
| distribution: liberica | |
| java-version: '17.0.15' | |
| - name: "π Setup Gradle" | |
| uses: gradle/actions/setup-gradle@v4 | |
| with: | |
| develocity-access-key: ${{ secrets.GRAILS_DEVELOCITY_ACCESS_KEY }} | |
| - name: "βοΈ Run post-release" | |
| uses: apache/grails-github-actions/post-release@asf | |
| docs: | |
| environment: docs | |
| name: "Publish Documentation" | |
| needs: [publish, source] | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write # required for gradle.properties revert | |
| issues: write # required for milestone closing | |
| steps: | |
| - name: "π₯ Checkout repository" | |
| uses: actions/checkout@v4 | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| ref: v${{ needs.publish.outputs.release_version }} | |
| - name: "βοΈ Setup JDK" | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: '17.0.15' | |
| distribution: liberica | |
| - name: "π Setup Gradle" | |
| uses: gradle/actions/setup-gradle@v4 | |
| with: | |
| develocity-access-key: ${{ secrets.GRAILS_DEVELOCITY_ACCESS_KEY }} | |
| - name: "π¨ Build Documentation" | |
| run: ./gradlew aggregateDocs | |
| env: | |
| GRAILS_PUBLISH_RELEASE: 'true' | |
| - name: "π Publish to Github Pages" | |
| uses: apache/grails-github-actions/deploy-github-pages@asf | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| GRADLE_PUBLISH_RELEASE: 'true' | |
| SOURCE_FOLDER: build/docs | |
| VERSION: ${{ needs.publish.outputs.release_version }} |