-
Notifications
You must be signed in to change notification settings - Fork 1
188 lines (161 loc) · 7.04 KB
/
createerelease.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
# Creates a release and uploads that. We don't upload the site - that's done in the master.yml workflow once it's merged.
# Since our build sometimes fails (because some tests occasionally fail for reasons not in our code) we make this robust:
# the irreversible actions are done only after all builds are done. That is the git push and the release to maven central.
# The copy to the Sonatype staging area is likely repeatable. That way you just have to restart the job if it fails,
# with no harm done and no traces in git.
name: Create Release
run-name: Create Release of ${{ github.ref_name }} , dryrun=${{ inputs.dryrun }}
on:
workflow_dispatch:
inputs:
dryrun:
type: boolean
description: 'Dry run? If given, the release will be built but dropped afterwards from OSSRH, and the git changes will not be pushed.'
default: false
jobs:
createrelease:
runs-on: ubuntu-latest
env:
SUBDIR: ${{ github.event.inputs.subdir }}
MVNCMD: mvn -B -ntp -s ${{ github.workspace }}/.github/settings-istrepo.xml -P nexus-staging
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 3
- name: print configuration
run: |
echo "MVNCMD: $MVNCMD"
echo "dryrun: ${{ github.event.inputs.dryrun }}"
- name: Set up JDK 11
uses: actions/setup-java@v3
with:
java-version: '11'
distribution: 'temurin'
maven-version: 3.8.7
cache: maven # somewhat doubtful, but let's see whether this creates problems.
- name: Dump event context for debugging
continue-on-error: true # Debugging output only, and this annoyingly fails when the commit messge has a (
run: |
echo '${{ github.event_name }} for ${{ github.ref_type }} ${{ github.ref_name }} or ${{ github.event.ref }}'
# https://docs.github.com/en/developers/webhooks-and-events/webhooks/webhook-events-and-payloads#push
echo 'github.event:'
echo '${{ toJSON(github.event) }}'
- name: Dump github context for debugging
continue-on-error: true # Debugging output only, and this annoyingly fails when the commit message has a (
run: |
echo '${{ toJSON(github) }}'
- name: Try to set a master password
run: |
MASTERPWD=$(openssl rand -base64 25)
echo "<settingsSecurity> <master>$(mvn --encrypt-master-password "$MASTERPWD")</master></settingsSecurity>" > $HOME/.m2/settings-security.xml
# echo "MASTERPWD=\"$MASTERPWD\"" >> $GITHUB_ENV
# The master password isn't actually used, but the maven-gpg-plugin complains otherwise.
- name: Git & Maven Status
run: |
$MVNCMD -version
git remote -v
git status --untracked-files --ignored
git log -3 --no-color --decorate
- name: Mvn Effective POM
run: $MVNCMD -N help:effective-pom
- name: Mvn Effective Settings
run: $MVNCMD -N help:effective-settings
- name: Import GPG key
env:
GPG_SECRET_KEYS: ${{ secrets.GPG_SECRET_KEYS }}
GPG_OWNERTRUST: ${{ secrets.GPG_OWNERTRUST }}
run: |
echo $GPG_SECRET_KEYS | base64 --decode | gpg --import --no-tty --batch --yes
echo $GPG_OWNERTRUST | base64 --decode | gpg --import-ownertrust --no-tty --batch --yes
gpg -v --refresh-keys
gpg --list-secret-keys --keyid-format LONG
- name: Configure git user for release commits
# specific to repository - we don't want that to be the same thing in a fork.
env:
X_RELEASE_USERNAME: ${{ vars.RELEASE_USERNAME }}
X_RELEASE_USEREMAIL: ${{ vars.RELEASE_USEREMAIL }}
run: |
git config --global user.email "${X_RELEASE_USERNAME}"
git config --global user.name "${X_RELEASE_USEREMAIL}"
- name: Check that we are on snapshot branch before creating the release
run: |
echo "Version: "
$MVNCMD help:evaluate -Dexpression=project.version -q -DforceStdout
$MVNCMD help:evaluate -Dexpression=project.version -q -DforceStdout | egrep -- '-SNAPSHOT$' > /dev/null || exit 1
# unfortunately, this would require a snapshot parent if just called from the command line, so we cannot use it: :-(
# mvn org.apache.maven.plugins:maven-enforcer-plugin:3.2.1:enforce -Drules=requireSnapshotVersion
- name: Dry run of release goals
env:
GPG_PASSPHRASE : ${{ secrets.GPG_PASSPHRASE }}
run: |
# export GPG_PASSPHRASE=$(mvn --encrypt-password "$(echo $GPG_PASSPHRASE_RAW | base64 --decode)")
$MVNCMD clean release:clean
$MVNCMD release:prepare -DdryRun=true -DpushChanges=false
$MVNCMD release:perform -DdryRun=true -DlocalCheckout=true -DdeployAtEnd=true
$MVNCMD clean release:clean
git clean -f -d -x
- name: Verify git is clean
run: |
git status --untracked-files --ignored
git log -3 --no-color --decorate
git clean -f -d
- name: Prepare release
env:
GPG_PASSPHRASE : ${{ secrets.GPG_PASSPHRASE }}
run: |
git clean -f -d -x
# we use -P allmodules to set the new versions here even in the modules that we want not pushed to maven central
# That is not done during mvn release:perform, so they aren't uploaded to maven central.
$MVNCMD -P allmodules clean release:clean release:prepare -DpushChanges=false
- name: Git status after prepare
run: |
git status --untracked-files --ignored
git log -3 --no-color --decorate
cat release.properties || true
- name: Perform release
env:
OSSRH_USER: ${{ secrets.OSSRH_USER }}
OSSRH_PASSWD: ${{ secrets.OSSRH_PASSWD }}
GPG_PASSPHRASE : ${{ secrets.GPG_PASSPHRASE }}
run: |
$MVNCMD release:perform -DlocalCheckout=true -DdeployAtEnd=true "-Dgoals=clean install package source:jar javadoc:jar deploy" "-Darguments=-DdeployAtEnd=true"
- name: Git Status after perform
if: always()
run: |
git status
git log -3 --no-color --decorate
- name: Git Status after perform, long
if: always()
run: |
git status --untracked-files --ignored
- name: Push changes
if: ${{ github.event.inputs.dryrun == 'false' }}
run: |
git push origin --follow-tags -v
- name: Release to maven central repository
if: ${{ github.event.inputs.dryrun == 'false' }}
env:
OSSRH_USER: ${{ secrets.OSSRH_USER }}
OSSRH_PASSWD: ${{ secrets.OSSRH_PASSWD }}
run: |
cd target/checkout
pwd
$MVNCMD nexus-staging:release
- name: Drop from OSSRH on dryrun
if: ${{ github.event.inputs.dryrun != 'false' }}
env:
OSSRH_USER: ${{ secrets.OSSRH_USER }}
OSSRH_PASSWD: ${{ secrets.OSSRH_PASSWD }}
run: |
cd target/checkout
pwd
$MVNCMD nexus-staging:drop
- name: List target files even if recipe fails
if: always()
run: |
pwd
ls -ld
ls -ld target
find . -type d -name target
ls -l ./target/checkout/target || true
ls -l ./target/checkout/commons/target || true