JVMCBC-1638 Publish via GitHub Actions

dnault · dnault · commit a6d19ed39e0d · 2025-05-28T01:11:02.000Z
Modifications ------------- Add GitHub Actions for publishing snapshots and releases. Automatically publish a snapshot when something is pushed to master. The release action is initiated by a human who specifies an existing tag to release. Use maven-enforcer-plugin to require: - Release version does not have -SNAPSHOT suffix - Snapshot version DOES have -SNAPSHOT suffix - Either the `snapshot` or `release` profile is active when deploying. - When deploying, it is an error to specify an unrecognized profile. Change-Id: I98603f41bd3eaebcaec0ca118f5db0dbeb7ab8a3 Reviewed-on: https://review.couchbase.org/c/couchbase-jvm-clients/+/227011 Reviewed-by: Michael Reiche <michael.reiche@couchbase.com> Tested-by: David Nault <david.nault@couchbase.com>
diff --git a/.github/scripts/deploy.sh b/.github/scripts/deploy.sh
@@ -0,0 +1,27 @@
+#!/bin/sh
+
+# CI script for publishing to Maven Central.
+
+if [ $# -ne 1 ]; then
+  echo 1>&2 "$0: requires exactly one argument, the Maven profile (snapshot or release)"
+  exit 2
+fi
+
+MAVEN_PROFILE=$1
+
+set -e
+set -x
+
+./mvnw --batch-mode --file protostellar/pom.xml clean install
+./mvnw --batch-mode --file tracing-opentelemetry-deps/pom.xml clean install
+./mvnw --batch-mode --file core-io-deps/pom.xml clean install
+
+# Improper shading should have been caught during PR verification, but let's double check.
+./mvnw --batch-mode --file core-io/pom.xml install -Dmaven.test.skip=true -Dmaven.javadoc.skip=true
+cd core-io ; ./shade-check.sh ; cd ..
+./mvnw --batch-mode --file java-client/pom.xml install -Dmaven.test.skip=true -Dmaven.javadoc.skip=true
+./mvnw --batch-mode --file tracing-opentelemetry/pom.xml install -Dmaven.test.skip=true -Dmaven.javadoc.skip=true
+cd tracing-opentelemetry ; ./shade-check.sh ; cd ..
+
+./mvnw --batch-mode --settings deploy-settings.xml deploy -Dgpg.signer=bc -Dsurefire.rerunFailingTestsCount=1 --activate-profiles ${MAVEN_PROFILE}
+./mvnw --batch-mode --settings deploy-settings.xml clean deploy -Dgpg.signer=bc -Dmaven.test.skip=true --activate-profiles ${MAVEN_PROFILE},scala-2.13 --projects scala-implicits,scala-client
diff --git a/.github/workflows/deploy-release.yml b/.github/workflows/deploy-release.yml
@@ -0,0 +1,37 @@
+name: Maven Deploy Release
+
+on:
+  workflow_dispatch:
+    inputs:
+      tag:
+        type: string
+        description: Tag to release. Must already exist.
+        required: true
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          ref: ${{ inputs.tag }}
+
+      - name: Verify the ref is actually a tag
+        run: git tag --list | grep --line-regexp ${{ inputs.tag }}
+
+      - name: Set up JDK 21
+        uses: actions/setup-java@v4
+        with:
+          java-version: '21'
+          distribution: 'temurin'
+
+      - name: Build and deploy to Maven Central
+        run: .github/scripts/deploy.sh release
+        env:
+          MAVEN_USERNAME: ${{ vars.MAVEN_USERNAME }}
+          MAVEN_PASSWORD: ${{ secrets.MAVEN_PASSWORD }}
+          MAVEN_GPG_KEY: ${{ secrets.SDK_ROBOT_GPG_PRIVATE_KEY }}
+          MAVEN_GPG_PASSPHRASE: ''
diff --git a/.github/workflows/deploy-snapshot.yml b/.github/workflows/deploy-snapshot.yml
@@ -0,0 +1,41 @@
+name: Maven Deploy Snapshot
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+
+on:
+  push:
+    branches:
+      - master
+    paths-ignore:
+      - '.gitignore'
+      - '.editorconfig'
+      - '.scalafmt.conf'
+      - '*-fit-*/**'
+      - '*-examples/**'
+      - 'test-utils/**'
+      - 'Jenkinsfile'
+      - '*.md'
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up JDK 21
+        uses: actions/setup-java@v4
+        with:
+          java-version: '21'
+          distribution: 'temurin'
+
+      - name: Build and deploy to Maven Central
+        run: .github/scripts/deploy.sh snapshot
+        env:
+          MAVEN_USERNAME: ${{ vars.MAVEN_USERNAME }}
+          MAVEN_PASSWORD: ${{ secrets.MAVEN_PASSWORD }}
+          MAVEN_GPG_KEY: ${{ secrets.SDK_ROBOT_GPG_PRIVATE_KEY }}
+          MAVEN_GPG_PASSPHRASE: ''
diff --git a/deploy-settings.xml b/deploy-settings.xml
@@ -0,0 +1,11 @@
+<!-- This is a Maven settings.xml file for publishing to Maven Central
+     using credentials stored in environment variables. -->
+<settings>
+    <servers>
+        <server>
+            <id>central</id>
+            <username>${env.MAVEN_USERNAME}</username>
+            <password>${env.MAVEN_PASSWORD}</password>
+        </server>
+    </servers>
+</settings>
diff --git a/pom.xml b/pom.xml
@@ -253,6 +253,11 @@
                         <autoReleaseAfterClose>true</autoReleaseAfterClose>
                     </configuration>
                 </plugin>
+                <plugin>
+                    <groupId>org.apache.maven.plugins</groupId>
+                    <artifactId>maven-enforcer-plugin</artifactId>
+                    <version>3.5.0</version>
+                </plugin>
             </plugins>
         </pluginManagement>
 
@@ -360,6 +365,34 @@
                     <executable>java</executable>
                 </configuration>
             </plugin>
+
+            <!-- Require profile `snapshot` or `release` when deploying.
+                 Having explicit profiles (instead of relying on deploy plugin's
+                 automatic snapshot/release routing) prevents the "on push"
+                 snapshot publish action from accidentally publishing a release version. -->
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-enforcer-plugin</artifactId>
+                <executions>
+                    <execution>
+                        <id>enforce-deploy-has-active-profile</id>
+                        <phase>deploy</phase>
+                        <goals>
+                            <goal>enforce</goal>
+                        </goals>
+                        <configuration>
+                            <rules>
+                                <requireProfileIdsExist/>
+                                <requireActiveProfile>
+                                    <profiles>snapshot,release</profiles>
+                                    <all>false</all>
+                                </requireActiveProfile>
+                            </rules>
+                            <fail>true</fail>
+                        </configuration>
+                    </execution>
+                </executions>
+            </plugin>
         </plugins>
     </build>
 
@@ -416,6 +449,56 @@
                             </execution>
                         </executions>
                     </plugin>
+                    <plugin>
+                        <groupId>org.apache.maven.plugins</groupId>
+                        <artifactId>maven-enforcer-plugin</artifactId>
+                        <executions>
+                            <execution>
+                                <id>enforce-release</id>
+                                <goals>
+                                    <goal>enforce</goal>
+                                </goals>
+                                <configuration>
+                                    <rules>
+                                        <requireReleaseVersion>
+                                            <message>Not a release version (remove -SNAPSHOT suffix!)</message>
+                                        </requireReleaseVersion>
+                                        <requireReleaseDeps>
+                                            <message>Can't release with snapshot dependencies!</message>
+                                        </requireReleaseDeps>
+                                    </rules>
+                                    <fail>true</fail>
+                                </configuration>
+                            </execution>
+                        </executions>
+                    </plugin>
+                </plugins>
+            </build>
+        </profile>
+        <profile>
+            <id>snapshot</id>
+            <build>
+                <plugins>
+                    <plugin>
+                        <groupId>org.apache.maven.plugins</groupId>
+                        <artifactId>maven-enforcer-plugin</artifactId>
+                        <executions>
+                            <execution>
+                                <id>enforce-snapshot</id>
+                                <goals>
+                                    <goal>enforce</goal>
+                                </goals>
+                                <configuration>
+                                    <rules>
+                                        <requireSnapshotVersion>
+                                            <message>Not a SNAPSHOT version!</message>
+                                        </requireSnapshotVersion>
+                                    </rules>
+                                    <fail>true</fail>
+                                </configuration>
+                            </execution>
+                        </executions>
+                    </plugin>
                 </plugins>
             </build>
         </profile>
