-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathmvn-release-prepare-perform.yaml
More file actions
101 lines (90 loc) · 3.9 KB
/
mvn-release-prepare-perform.yaml
File metadata and controls
101 lines (90 loc) · 3.9 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
name: 'Workflow: Maven Release: Prepare and Perform'
run-name: 'Workflow Run: Maven Release: Prepare and Perform'
on:
workflow_dispatch:
inputs:
dryRun:
default: true
description: 'Dry run?'
type: 'boolean'
mvnDebug:
default: false
description: 'Debug?'
type: 'boolean'
mvnTransferLogging:
default: false
description: 'Log Maven artifact transfers?'
type: 'boolean'
jobs:
job-mvn-release-prepare-perform:
name: 'Job: Maven Release: Prepare and Perform'
permissions:
contents: 'read'
runs-on: 'ubuntu-latest'
steps:
- id: 'checkout'
name: 'Step: Check Out Project'
uses: 'actions/checkout@v4'
with:
fetch-depth: 1
persist-credentials: false
- id: 'setup-java'
name: 'Step: Set Up Java and Maven'
uses: 'actions/setup-java@v4'
with:
cache: 'maven'
distribution: 'temurin'
gpg-passphrase: 'GPG_PASSPHRASE'
gpg-private-key: '${{ secrets.GPG_PRIVATE_KEY }}'
java-version: '24'
mvn-toolchain-id: 'Temurin 24'
mvn-toolchain-vendor: 'openjdk' # see ../../pom.xml
server-id: 'central.sonatype.com'
server-password: 'CENTRAL_SONATYPE_COM_PASSWORD'
server-username: 'CENTRAL_SONATYPE_COM_USERNAME'
- id: 'setup-askpass'
name: 'Step: Set Up GIT_ASKPASS'
run: |
install -m 700 /dev/null "${RUNNER_TEMP}/.askpass" # atomically create empty file with appropriate permissions
cat >> "${RUNNER_TEMP}/.askpass" <<<'#!/bin/bash
case "${1}" in
Username*) exec echo x-access-token ;;
Password*) exec echo "${PUSH_TOKEN}" ;;
esac'
- id: 'setup-gpg'
name: 'Step: Set Up GPG'
run: |
echo 'pinentry-mode loopback' >> ~/.gnupg/gpg.conf
- id: 'mvn-release-prepare'
name: 'Step: Maven Release: Prepare, Perform and Publish Site'
env:
CENTRAL_SONATYPE_COM_PASSWORD: '${{ secrets.CENTRAL_SONATYPE_COM_PASSWORD }}'
CENTRAL_SONATYPE_COM_USERNAME: '${{ secrets.CENTRAL_SONATYPE_COM_USERNAME }}'
DRY_RUN: '${{ inputs.dryRun }}'
GIT_ASKPASS: '${{ runner.temp }}/.askpass'
GPG_PASSPHRASE: '${{ secrets.GPG_PASSPHRASE }}'
MVN_DEBUG: ${{ inputs.mvnDebug && '--debug' || '' }}
MVN_TRANSFER_LOGGING: ${{ inputs.mvnTransferLogging && '' || '--no-transfer-progress' }}
PUSH_TOKEN : '${{ secrets.PUSH_TOKEN }}' # critical; see ${GIT_ASKPASS} file
SCM_GIT_HTTPS_URL: 'scm:git:${{ github.server_url }}/${{ github.repository }}.git'
shell: 'bash -e {0}'
run: >
git config --global user.email 'ci@microbean.org'
git config --global user.name 'microbean'
echo "::group::Running mvn prepare"
./mvnw --batch-mode ${MVN_DEBUG} --errors ${MVN_TRANSFER_LOGGING} release:prepare
-DdryRun="${DRY_RUN}"
-Darguments="${MVN_TRANSFER_LOGGING}"
-Dscm.url="${SCM_GIT_HTTPS_URL}"
scm_tag="$(grep '^scm.tag=' release.properties | cut -f 2 -d =)"
echo "Prepared ${scm_tag}" >> "${GITHUB_STEP_SUMMARY}"
echo "scm_tag=${scm_tag}" >> "${GITHUB_OUTPUT}"
echo "::endgroup::"
echo "::group::Running mvn perform"
./mvnw --batch-mode ${MVN_DEBUG} --errors ${MVN_TRANSFER_LOGGING} release:perform
-Darguments="${MVN_TRANSFER_LOGGING} -Dscmpublish.dryRun=${DRY_RUN} -Dscmpublish.pubScmUrl=${SCM_GIT_HTTPS_URL} -DskipTests -DautoPublish=true -DwaitUntil=published"
-DdryRun="${DRY_RUN}"
-Dgoals="process-classes,post-site,scm-publish:publish-scm,deploy"
-Dscm.url="${SCM_GIT_HTTPS_URL}"
echo "Released ${scm_tag} successfully" >> "${GITHUB_STEP_SUMMARY}";
echo "::endgroup::"