Merge pull request #119 from xdev-software/develop #4
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | |
| on: | |
| push: | |
| branches: [ master ] | |
| env: | |
| PRIMARY_MAVEN_MODULE: ${{ github.event.repository.name }} | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| # DO NOT RESTORE CACHE for critical release steps to prevent a (extremely unlikely) scenario | |
| # where a supply chain attack could be achieved due to poisoned cache | |
| jobs: | |
| check-code: | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 30 | |
| steps: | |
| - uses: actions/checkout@v5 | |
| - name: Set up JDK | |
| uses: actions/setup-java@v5 | |
| with: | |
| java-version: '17' | |
| distribution: 'temurin' | |
| # Try to reuse existing cache from check-build | |
| - name: Try restore Maven Cache | |
| uses: actions/cache/restore@v4 | |
| with: | |
| path: ~/.m2/repository | |
| key: ${{ runner.os }}-mvn-build-${{ hashFiles('**/pom.xml') }} | |
| restore-keys: | | |
| ${{ runner.os }}-mvn-build- | |
| - name: Build with Maven | |
| run: ./mvnw -B clean package -Pproduction -T2C | |
| - name: Check for uncommited changes | |
| run: | | |
| if [[ "$(git status --porcelain)" != "" ]]; then | |
| echo ---------------------------------------- | |
| echo git status | |
| echo ---------------------------------------- | |
| git status | |
| echo ---------------------------------------- | |
| echo git diff | |
| echo ---------------------------------------- | |
| git diff | |
| echo ---------------------------------------- | |
| echo Troubleshooting | |
| echo ---------------------------------------- | |
| echo "::error::Unstaged changes detected. Locally try running: git clean -ffdx && ./mvnw -B clean package -Pproduction" | |
| exit 1 | |
| fi | |
| prepare-release: | |
| runs-on: ubuntu-latest | |
| needs: [check-code] | |
| timeout-minutes: 10 | |
| outputs: | |
| upload_url: ${{ steps.create-release.outputs.upload_url }} | |
| steps: | |
| - uses: actions/checkout@v5 | |
| - name: Configure Git | |
| run: | | |
| git config --global user.email "[email protected]" | |
| git config --global user.name "GitHub Actions" | |
| - name: Un-SNAP | |
| run: ./mvnw -B versions:set -DremoveSnapshot -DprocessAllModules -DgenerateBackupPoms=false | |
| - name: Get version | |
| id: version | |
| run: | | |
| version=$(../mvnw help:evaluate -Dexpression=project.version -q -DforceStdout) | |
| echo "release=$version" >> $GITHUB_OUTPUT | |
| echo "releasenumber=${version//[!0-9]/}" >> $GITHUB_OUTPUT | |
| working-directory: ${{ env.PRIMARY_MAVEN_MODULE }} | |
| - name: Commit and Push | |
| run: | | |
| git add -A | |
| git commit -m "Release ${{ steps.version.outputs.release }}" | |
| git push origin | |
| git tag v${{ steps.version.outputs.release }} | |
| git push origin --tags | |
| - name: Create Release | |
| id: create-release | |
| uses: shogo82148/actions-create-release@7b89596097b26731bda0852f1504f813499079ee # v1 | |
| with: | |
| tag_name: v${{ steps.version.outputs.release }} | |
| release_name: v${{ steps.version.outputs.release }} | |
| commitish: master | |
| body: | | |
| ## [Changelog](https://github.com/${{ github.repository }}/blob/develop/CHANGELOG.md#${{ steps.version.outputs.releasenumber }}) | |
| See [Changelog#v${{ steps.version.outputs.release }}](https://github.com/${{ github.repository }}/blob/develop/CHANGELOG.md#${{ steps.version.outputs.releasenumber }}) for more information. | |
| ## Installation | |
| Add the following lines to your pom: | |
| ```XML | |
| <dependency> | |
| <groupId>software.xdev</groupId> | |
| <artifactId>${{ env.PRIMARY_MAVEN_MODULE }}</artifactId> | |
| <version>${{ steps.version.outputs.release }}</version> | |
| </dependency> | |
| ``` | |
| ### Additional notes | |
| * [Spring-Boot] You may have to include ``software/xdev`` inside [``vaadin.allowed-packages``](https://vaadin.com/docs/latest/integrations/spring/configuration#configure-the-scanning-of-packages) | |
| publish-maven: | |
| runs-on: ubuntu-latest | |
| needs: [prepare-release] | |
| timeout-minutes: 60 | |
| steps: | |
| - uses: actions/checkout@v5 | |
| - name: Init Git and pull | |
| run: | | |
| git config --global user.email "[email protected]" | |
| git config --global user.name "GitHub Actions" | |
| git pull | |
| - name: Set up JDK | |
| uses: actions/setup-java@v5 | |
| with: # running setup-java overwrites the settings.xml | |
| distribution: 'temurin' | |
| java-version: '17' | |
| server-id: github-central | |
| server-password: PACKAGES_CENTRAL_TOKEN | |
| gpg-passphrase: MAVEN_GPG_PASSPHRASE | |
| gpg-private-key: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }} # Only import once | |
| - name: Publish to GitHub Packages Central | |
| run: ../mvnw -B deploy -P publish -DskipTests -DaltDeploymentRepository=github-central::https://maven.pkg.github.com/xdev-software/central | |
| working-directory: ${{ env.PRIMARY_MAVEN_MODULE }} | |
| env: | |
| PACKAGES_CENTRAL_TOKEN: ${{ secrets.PACKAGES_CENTRAL_TOKEN }} | |
| MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }} | |
| - name: Set up JDK | |
| uses: actions/setup-java@v5 | |
| with: # running setup-java again overwrites the settings.xml | |
| distribution: 'temurin' | |
| java-version: '17' | |
| server-id: sonatype-central-portal | |
| server-username: MAVEN_CENTRAL_USERNAME | |
| server-password: MAVEN_CENTRAL_TOKEN | |
| gpg-passphrase: MAVEN_GPG_PASSPHRASE | |
| - name: Publish to Central Portal | |
| run: ../mvnw -B deploy -P publish,publish-sonatype-central-portal -DskipTests | |
| env: | |
| MAVEN_CENTRAL_USERNAME: ${{ secrets.SONATYPE_MAVEN_CENTRAL_PORTAL_USERNAME }} | |
| MAVEN_CENTRAL_TOKEN: ${{ secrets.SONATYPE_MAVEN_CENTRAL_PORTAL_TOKEN }} | |
| MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }} | |
| working-directory: ${{ env.PRIMARY_MAVEN_MODULE }} | |
| publish-pages: | |
| runs-on: ubuntu-latest | |
| needs: [prepare-release] | |
| timeout-minutes: 15 | |
| steps: | |
| - uses: actions/checkout@v5 | |
| - name: Init Git and pull | |
| run: | | |
| git config --global user.email "[email protected]" | |
| git config --global user.name "GitHub Actions" | |
| git pull | |
| - name: Setup - Java | |
| uses: actions/setup-java@v5 | |
| with: | |
| java-version: '17' | |
| distribution: 'temurin' | |
| # Try to reuse existing cache from check-build | |
| - name: Try restore Maven Cache | |
| uses: actions/cache/restore@v4 | |
| with: | |
| path: ~/.m2/repository | |
| key: ${{ runner.os }}-mvn-build-${{ hashFiles('**/pom.xml') }} | |
| restore-keys: | | |
| ${{ runner.os }}-mvn-build- | |
| - name: Build site | |
| run: ../mvnw -B compile site -DskipTests -T2C | |
| working-directory: ${{ env.PRIMARY_MAVEN_MODULE }} | |
| - name: Deploy to Github pages | |
| uses: peaceiris/actions-gh-pages@4f9cc6602d3f66b9c108549d475ec49e8ef4d45e # v4 | |
| with: | |
| github_token: ${{ secrets.GITHUB_TOKEN }} | |
| publish_dir: ./${{ env.PRIMARY_MAVEN_MODULE }}/target/site | |
| force_orphan: true | |
| after-release: | |
| runs-on: ubuntu-latest | |
| needs: [publish-maven] | |
| timeout-minutes: 10 | |
| steps: | |
| - uses: actions/checkout@v5 | |
| - name: Init Git and pull | |
| run: | | |
| git config --global user.email "[email protected]" | |
| git config --global user.name "GitHub Actions" | |
| git pull | |
| - name: Inc Version and SNAP | |
| run: ./mvnw -B versions:set -DnextSnapshot -DprocessAllModules -DgenerateBackupPoms=false | |
| - name: Git Commit and Push | |
| run: | | |
| git add -A | |
| git commit -m "Preparing for next development iteration" | |
| git push origin | |
| - name: pull-request | |
| env: | |
| GH_TOKEN: ${{ github.token }} | |
| run: | | |
| gh_pr_up() { | |
| gh pr create "$@" || gh pr edit "$@" | |
| } | |
| gh_pr_up -B "develop" \ | |
| --title "Sync back" \ | |
| --body "An automated PR to sync changes back" |