Update version during release for all project modules (#1348)

KochTobi · web-flow · commit ecebc5349d7b · 2025-11-11T16:32:22.000+01:00
Fixes the CI build.
As the project structure changed and the bom module does not have the datamanager module as a parent, we need to modify the version bumping. In addition to that the snapshots are now deployed when PRs against main are opened (ncluding hotfix prs so they can be tested before merging)
distributionManagement is provided for the bom module as it is not inherited.
diff --git a/.github/workflows/build_package.yml b/.github/workflows/build_package.yml
@@ -4,9 +4,6 @@ on:
   push:
     branches:
       - '**'
-  pull_request:
-    # The branches below must be a subset of the branches above
-    branches: [ main, master ]
 
 jobs:
   package:
@@ -28,4 +25,4 @@ jobs:
           restore-keys: |
             ${{ runner.os }}-maven-
       - name: Run mvn package
-        run: VAADIN_OFFLINE_KEY=${{ secrets.VAADIN_SERVER_23_2 }} mvn -B package --file pom.xml
+        run: mvn -B package --file pom.xml
diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml
@@ -45,7 +45,7 @@ jobs:
           git config --global user.name "JohnnyQ5"
 
       - name: Set version in Maven project
-        run: mvn versions:set -DnewVersion=${{ github.event.inputs.versionTag }}
+        run: mvn versions:set -DnewVersion=${{ github.event.inputs.versionTag }} -DprocessAllModules
 
       - name: Build with Maven
         run: VAADIN_OFFLINE_KEY=${{ secrets.VAADIN_SERVER_23_2 }} mvn -B package -Pproduction -Dvaadin.force.production.build=true --file pom.xml
@@ -86,7 +86,7 @@ jobs:
           subject-path: "**/target/*.jar"
 
       - name: Publish artefact to QBiC Nexus Repository
-        run: VAADIN_OFFLINE_KEY=${{ secrets.VAADIN_SERVER_23_2 }} mvn --quiet --settings $GITHUB_WORKSPACE/.github.settings.xml -Pproduction -DskipTests -Dvaadin.force.production.build=true deploy
+        run: mvn --quiet --settings $GITHUB_WORKSPACE/.github.settings.xml -Pproduction -DskipTests -Dvaadin.force.production.build=true deploy
         env:
           MAVEN_REPO_USERNAME: ${{ secrets.NEXUS_USERNAME }}
           MAVEN_REPO_PASSWORD: ${{ secrets.NEXUS_PASSWORD }}
diff --git a/.github/workflows/nexus-publish-snapshots.yml b/.github/workflows/nexus-publish-snapshots.yml
@@ -8,6 +8,9 @@ on:
   push:
     branches:
       - development
+  pull_request:
+    branches:
+      - main
 permissions:
   id-token: write # This is required for requesting the JWT
   contents: read # This is required for actions/checkout
@@ -46,10 +49,10 @@ jobs:
         run: mvn versions:set -DremoveSnapshot
       # Set the SNAPSHOT for this build and deployment
       - name: Set version in Maven project
-        run: mvn versions:set -DnewVersion='${project.version}-SNAPSHOT'
+        run: mvn versions:set -DnewVersion='${project.version}-SNAPSHOT' -DprocessAllModules
 
       - name: Build with Maven
-        run: VAADIN_OFFLINE_KEY=${{ secrets.VAADIN_SERVER_23_2 }} mvn -B package -Pproduction -Dvaadin.force.production.build=true --file pom.xml
+        run: mvn -B package -Pproduction -Dvaadin.force.production.build=true --file pom.xml
 
       # Generate provenance (SLSA attestation) for all JARs
       - name: Generate SLSA build provenance
@@ -58,7 +61,7 @@ jobs:
           subject-path: "**/target/*.jar"
 
       - name: Publish artefact to QBiC Nexus Repository
-        run: VAADIN_OFFLINE_KEY=${{ secrets.VAADIN_SERVER_23_2 }} mvn --quiet --settings $GITHUB_WORKSPACE/.github.settings.xml -Pproduction -Dvaadin.force.production.build=true -DskipTests deploy
+        run: mvn --quiet --settings $GITHUB_WORKSPACE/.github.settings.xml -Pproduction -Dvaadin.force.production.build=true -DskipTests deploy
         env:
           MAVEN_REPO_USERNAME: ${{ secrets.NEXUS_USERNAME }}
           MAVEN_REPO_PASSWORD: ${{ secrets.NEXUS_PASSWORD }}
diff --git a/.github/workflows/run_tests.yml b/.github/workflows/run_tests.yml
@@ -4,9 +4,6 @@ on:
   push:
     branches:
       - '**'
-  pull_request:
-    # The branches below must be a subset of the branches above
-    branches: [ main, master ]
 permissions:
   id-token: write # This is required for requesting the JWT
   contents: read # This is required for actions/checkout
diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml
@@ -10,13 +10,23 @@ on:
     branches:
       - development
       - main
+permissions:
+  id-token: write # This is required for requesting the JWT
+  contents: read # This is required for actions/checkout
 jobs:
   sonarcloud:
     runs-on: ubuntu-latest
 
     steps:
       - name: Checkout repository
         uses: actions/checkout@v5
+      - name: Debug OIDC (get a token)
+        uses: actions/github-script@v7
+        with:
+          script: |
+            const token = await core.getIDToken('sigstore'); // audience example
+            core.setSecret(token);
+            console.log('OIDC token acquired. Length:', token.length);
       - name: Set up JDK 21
         uses: actions/setup-java@v5
         with:
diff --git a/datamanager-bom/pom.xml b/datamanager-bom/pom.xml
@@ -21,6 +21,20 @@
     <sonar.host.url>https://sonarcloud.io</sonar.host.url>
   </properties>
 
+  <distributionManagement>
+    <repository>
+      <uniqueVersion>true</uniqueVersion>
+      <id>nexus-releases</id>
+      <name>QBiC Releases</name>
+      <url>https://qbic-repo.qbic.uni-tuebingen.de/repository/maven-releases</url>
+    </repository>
+    <snapshotRepository>
+      <uniqueVersion>false</uniqueVersion>
+      <id>nexus-snapshots</id>
+      <name>QBiC Snapshots</name>
+      <url>https://qbic-repo.qbic.uni-tuebingen.de/repository/maven-snapshots</url>
+    </snapshotRepository>
+  </distributionManagement>
 
   <dependencyManagement>
     <dependencies>
