bnd-platform/.github/workflows/release.yml at 3df28cb40c929c553d0d771e6fab10be019c704a · stempler/bnd-platform · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
name: Release

on:
  workflow_dispatch:
    inputs:
      dryRun:
        type: boolean
        description: "Dry-Run"
        default: false

concurrency:
  # only run one publishing at a time to avoid conflicts
  group: publish-${{ github.ref }}

env:
  # renovate: datasource=npm depName=@semantic-release/changelog
  SEMANTIC_RELEASE_CHANGELOG_VERSION: 6.0.3

  # renovate: datasource=npm depName=@semantic-release/exec
  SEMANTIC_RELEASE_EXEC_VERSION: 7.1.0

  # renovate: datasource=npm depName=@semantic-release/git
  SEMANTIC_RELEASE_GIT_VERSION: 10.0.1

  # renovate: datasource=npm depName=conventional-changelog-conventionalcommits
  CONVENTIONAL_CHANGELOG_CONVENTIONALCOMMITS_VERSION: 9.1.0

jobs:
  release:
    # Only on main repository (don't release on forks)
    if: github.repository_owner == 'stempler'

    runs-on: ubuntu-latest

    outputs:
      release-published: ${{ steps.release.outputs.new_release_published }}
      release-version: ${{ steps.release.outputs.new_release_version }}

    steps:
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          # fetch-depth 0 is required to fetch all tags (and to determine the version based on tags)
          fetch-depth: 0
          # do not persist credentials because this clashes with semantic-release action
          # (because the @semantic-release/git attempts to use them but needs permissions to bypass protection)
          persist-credentials: false

      - uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
        with:
          distribution: temurin
          java-version: 17

      - name: Setup Gradle
        uses: gradle/actions/setup-gradle@ac638b010cf58a27ee6c972d7336334ccaf61c96 # v4.4.1

      - name: Setup NodeJs
        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version: 20

      - name: Test with Gradle
        run: ./gradlew clean check

        # https://github.com/marketplace/actions/junit-report-action
      - name: Publish Test Report
        uses: mikepenz/action-junit-report@a83fd2b5d58d4fc702e690c1ea688d702d28d281 # v5.6.1
        if: always() # always run even if the previous step fails
        with:
          report_paths: 'build/test-results/**/*.xml'
          require_tests: true # currently no tests present

          annotate_only: true
          detailed_summary: true
          fail_on_failure: true

      - name: Determine app token for release
        # Permissions needed
        #   contents: write
        #   issues: write
        #   pull-requests: write
        uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6
        id: app-token
        with:
          app-id: ${{ secrets.RELEASE_GITHUB_APP_ID }}
          private-key: "${{ secrets.RELEASE_GITHUB_PRIVATE_KEY }}"

      - name: Release
        id: release
        uses: cycjimmy/semantic-release-action@c4a2fa890676fc2db25ad0aacd8ab4a0f1f4c024 # v4.2.1
        env:
          GITHUB_TOKEN: ${{ steps.app-token.outputs.token }}
          RUNNER_DEBUG: 1

          # attempt for more verbose logging
          # see https://github.com/semantic-release/semantic-release/blob/master/docs/usage/configuration.md#debug
          DEBUG: "semantic-release:*"

          # For Gradle execution

          # CI marker
          CI: 'true'

          ORG_GRADLE_PROJECT_sonatypeUsername: ${{ secrets.SONATYPE_USERNAME }}
          ORG_GRADLE_PROJECT_sonatypePassword: ${{ secrets.SONATYPE_PASSWORD }}

          # in-memory key
          ORG_GRADLE_PROJECT_signingPassword: ${{ secrets.SONATYE_PGP_PASSWORD }}
          ORG_GRADLE_PROJECT_signingKey: ${{ secrets.SONATYE_PGP_PRIVATE_KEY }}

          GRADLE_PUBLISH_KEY: ${{ secrets.GRADLE_PUBLISH_KEY }}
          GRADLE_PUBLISH_SECRET: ${{ secrets.GRADLE_PUBLISH_SECRET }}
        with:
          dry_run: ${{ inputs.dryRun }}
          semantic_version: 24.2.6

          extra_plugins:
            "@semantic-release/changelog@\
                ${{ env.SEMANTIC_RELEASE_CHANGELOG_VERSION }} \
                @semantic-release/exec@\
                ${{ env.SEMANTIC_RELEASE_EXEC_VERSION }} \
                @semantic-release/git@\
                ${{ env.SEMANTIC_RELEASE_GIT_VERSION }} \
                conventional-changelog-conventionalcommits@\
                ${{ env.CONVENTIONAL_CHANGELOG_CONVENTIONALCOMMITS_VERSION }} \
                "