1414 workflow_dispatch :
1515
1616env :
17- PREVIEW_TASK : publishSnapshotPublicationToSonatypeSnapshotRepository
18- PUBLISH_TASK : publishMavenCentralReleasePublicationToSonatypeRepository
17+ PREVIEW_TASK : publishToSonatype
18+ PUBLISH_TASK : publishToSonatype closeAndReleaseSonatypeStagingRepository
19+ JAVA_VERSION : 21
20+ JAVA_DISTRIBUTION : ' temurin'
1921
2022permissions :
2123 contents : write
@@ -26,24 +28,27 @@ jobs:
2628 environment :
2729 name : maven_central_snapshot
2830 runs-on : ubuntu-latest
31+ needs : validate-package-contents
2932 steps :
3033 - uses : actions/checkout@v4
3134 - name : Set up JDK
3235 uses : actions/setup-java@v4
3336 with :
34- java-version : 21
35- distribution : ' temurin '
37+ java-version : ${{ env.JAVA_VERSION }}
38+ distribution : ${{ env.JAVA_DISTRIBUTION}}
3639 cache : gradle
37- - name : Easy detect-secrets
38- uses :
RobertFischer/[email protected] 40+ - name : Detect secrets
41+ run : |
42+ pip install detect-secrets
43+ git ls-files -z | xargs -0 detect-secrets-hook --baseline .secrets.baseline
3944name : Download File
40- run : .\Scripts \decodeAndWrite.ps1 -encodedValue $env:ENCODED_VALUE -outputPath $env:OUTPUT_PATH
45+ run : .\scripts \decodeAndWrite.ps1 -encodedValue $env:ENCODED_VALUE -outputPath $env:OUTPUT_PATH
4146 shell : pwsh
4247 env :
4348 ENCODED_VALUE : ${{ secrets.LOCAL_PROPERTIES }}
4449 OUTPUT_PATH : ' .\local.properties'
4550 - name : Download File
46- run : .\Scripts \decodeAndWrite.ps1 -encodedValue $env:ENCODED_VALUE -outputPath $env:OUTPUT_PATH
51+ run : .\scripts \decodeAndWrite.ps1 -encodedValue $env:ENCODED_VALUE -outputPath $env:OUTPUT_PATH
4752 shell : pwsh
4853 env :
4954 ENCODED_VALUE : ${{ secrets.SECRING_GPG }}
@@ -58,32 +63,35 @@ jobs:
5863 environment :
5964 name : maven_central_release
6065 runs-on : ubuntu-latest
66+ needs : validate-package-contents
6167 steps :
6268 - uses : actions/checkout@v4
6369 - name : Set up JDK
6470 uses : actions/setup-java@v4
6571 with :
66- java-version : 21
67- distribution : ' temurin '
72+ java-version : ${{ env.JAVA_VERSION }}
73+ distribution : ${{ env.JAVA_DISTRIBUTION}}
6874 cache : gradle
69- - name : Easy detect-secrets
70- uses :
RobertFischer/[email protected] 75+ - name : Detect secrets
76+ run : |
77+ pip install detect-secrets
78+ git ls-files -z | xargs -0 detect-secrets-hook --baseline .secrets.baseline
7179name : Download File
72- run : .\Scripts \decodeAndWrite.ps1 -encodedValue $env:ENCODED_VALUE -outputPath $env:OUTPUT_PATH
80+ run : .\scripts \decodeAndWrite.ps1 -encodedValue $env:ENCODED_VALUE -outputPath $env:OUTPUT_PATH
7381 shell : pwsh
7482 env :
7583 ENCODED_VALUE : ${{ secrets.LOCAL_PROPERTIES }}
7684 OUTPUT_PATH : ' .\local.properties'
7785 - name : Download File
78- run : .\Scripts \decodeAndWrite.ps1 -encodedValue $env:ENCODED_VALUE -outputPath $env:OUTPUT_PATH
86+ run : .\scripts \decodeAndWrite.ps1 -encodedValue $env:ENCODED_VALUE -outputPath $env:OUTPUT_PATH
7987 shell : pwsh
8088 env :
8189 ENCODED_VALUE : ${{ secrets.SECRING_GPG }}
8290 OUTPUT_PATH : ' .\secring.gpg'
8391 - name : Grant execute permission for gradlew
8492 run : chmod +x gradlew
8593 - name : Publish
86- run : ./gradlew $PUBLISH_TASK
94+ run : ./gradlew $PUBLISH_TASK -PmavenCentralSnapshotArtifactSuffix=""
8795 - name : Upload Build Artifact
8896 uses : actions/upload-artifact@v4
8997 with :
@@ -98,11 +106,54 @@ jobs:
98106 settings.gradle
99107 gradle.properties
100108 **/gradle/**
101- Scripts /**
109+ scripts /**
102110name : GitHub Release
103111 uses : softprops/action-gh-release@v2
104112 with :
105113 token : ${{ secrets.GITHUB_TOKEN }}
106114 fail_on_unmatched_files : true
107115 files : |
108116 build/**/*.jar
117+
118+ validate-package-contents :
119+ runs-on : ubuntu-latest
120+ environment : ${{ contains(github.ref, 'refs/tags/v') && 'maven_central_release' || 'maven_central_snapshot' }}
121+ defaults :
122+ run :
123+ working-directory : ./
124+ steps :
125+ - uses : actions/checkout@v4
126+ - name : Setup JDK
127+ uses : actions/setup-java@v4
128+ with :
129+ java-version : ${{ env.JAVA_VERSION }}
130+ distribution : ${{ env.JAVA_DISTRIBUTION}}
131+ cache : gradle
132+ - name : Download file
133+ run : .\scripts\decodeAndWrite.ps1 -encodedValue $env:ENCODED_VALUE -outputPath $env:OUTPUT_PATH
134+ shell : pwsh
135+ env :
136+ ENCODED_VALUE : ${{ secrets.LOCAL_PROPERTIES }}
137+ OUTPUT_PATH : ' local.properties'
138+ - name : Download file
139+ run : .\scripts\decodeAndWrite.ps1 -encodedValue $env:ENCODED_VALUE -outputPath $env:OUTPUT_PATH
140+ shell : pwsh
141+ env :
142+ ENCODED_VALUE : ${{ secrets.SECRING_GPG }}
143+ OUTPUT_PATH : ' .\secring.gpg'
144+ - name : Publish to local Maven cache for validation
145+ run : ./gradlew --no-daemon publishToMavenLocal
146+ - name : Get current SNAPSHOT version
147+ shell : pwsh
148+ run : |
149+ $contents = Get-Content gradle.properties -Raw
150+ $major = $contents | Select-String -Pattern 'mavenMajorVersion\s+= ([0-9]+)' | ForEach-Object { $_.Matches.Groups[1].Value }
151+ $minor = $contents | Select-String -Pattern 'mavenMinorVersion\s+= ([0-9]+)' | ForEach-Object { $_.Matches.Groups[1].Value }
152+ $patch = $contents | Select-String -Pattern 'mavenPatchVersion\s+= ([0-9]+)' | ForEach-Object { $_.Matches.Groups[1].Value }
153+ $version = "$major.$minor.$patch-SNAPSHOT"
154+ echo "Current version is $version"
155+ echo "PACKAGE_VERSION=$version" >> $Env:GITHUB_ENV
156+ name : Inspect contents of local Maven cache
157+ shell : pwsh
158+ run : |
159+ .\scripts\validatePackageContents.ps1 -ArtifactId msgraph-sdk-java -Version $env:PACKAGE_VERSION
0 commit comments