|
3 | 3 | # SPDX-License-Identifier: Apache-2.0 |
4 | 4 |
|
5 | 5 | # This workflow will publish a Java project with Gradle |
6 | | -# For more information see: https://docs.github.com/en/actions/publishing-packages/publishing-java-packages-with-gradle |
7 | | -# Inspired by https://github.com/dzikoysk/reposilite/blob/main/.github/workflows/publish-release.yml |
| 6 | +# For maven build see: https://github.com/marketplace/actions/gradle-build-action |
| 7 | +# For maven publishing see: https://docs.github.com/en/actions/publishing-packages/publishing-java-packages-with-maven |
8 | 8 |
|
9 | 9 | name: Publish Release |
10 | 10 |
|
11 | | -on: workflow_dispatch |
| 11 | +# If input is empty we automatically bump the version |
| 12 | +on: |
| 13 | + workflow_dispatch: |
| 14 | + inputs: |
| 15 | + customversion: |
| 16 | + description: 'Custom version (optional)' |
| 17 | + required: false |
| 18 | + default: '' |
| 19 | + nextversion: |
| 20 | + description: 'Next version (optional)' |
| 21 | + required: false |
| 22 | + default: '' |
12 | 23 |
|
13 | 24 | jobs: |
14 | | - |
15 | | - github: |
| 25 | + publish-release: |
16 | 26 | runs-on: ubuntu-22.04 |
17 | 27 | permissions: |
18 | | - contents: write |
19 | | - outputs: |
20 | | - version: ${{ steps.version.outputs.version }} |
| 28 | + contents: write # needed for release creation |
21 | 29 | steps: |
22 | | - |
23 | | - - name: Checkout repository |
24 | | - uses: actions/checkout@v3 # TODO: with... bot? |
25 | | - with: |
26 | | - fetch-depth: 0 # Due to https://axion-release-plugin.readthedocs.io/en/latest/configuration/ci_servers/#github-actions |
27 | | - |
28 | | - - name: "Fetch git tags" # Required for axion-release-plugin |
29 | | - run: git fetch --tags |
30 | | - |
31 | | - - name: Set up JDK 17 |
32 | | - uses: actions/setup-java@v3 |
33 | | - with: |
34 | | - java-version: 17 |
35 | | - distribution: adopt |
36 | | - |
37 | | - - name: Validate Gradle wrapper |
38 | | - uses: gradle/wrapper-validation-action@v1.1.0 |
39 | | - |
40 | | - - name: Setup Gradle |
41 | | - uses: gradle/gradle-build-action@v2.7.0 |
42 | | - |
43 | | - - name: Release new version |
| 30 | + - name: Validate next version input # Exit when version has no -SNAPSHOT suffix |
| 31 | + if: github.event.inputs.nextversion != '' |
44 | 32 | run: | |
45 | | - git config user.name 'github-actions[bot]' |
46 | | - git config user.email 'github-actions[bot]@users.noreply.github.com' |
47 | | - ./gradlew release |
| 33 | + if [[ "${{ inputs.nextversion }}" != *-SNAPSHOT ]]; then exit 1; fi |
48 | 34 |
|
49 | | - - name: Show post-release version |
50 | | - run: ./gradlew currentVersion |
51 | | - |
52 | | - # The previous "Release new version" step increases the version. We need this version for the publishing job. The |
53 | | - # currentVersion command gets this value, which we store in the "version" variable for following jobs. |
54 | | - # The $GITHUB_OUTPUT is a github-magic "file", it is accessible with needs.github.outputs.[variable-name], in our |
55 | | - # case: needs.github.outputs.version |
56 | | - - name: Store version |
57 | | - id: version |
58 | | - run: echo "VERSION=$(./gradlew -q -Prelease.quiet currentVersion)" >> "$GITHUB_OUTPUT" |
59 | | - |
60 | | - maven: |
61 | | - runs-on: ubuntu-22.04 |
62 | | - needs: [ github ] |
63 | | - steps: |
| 35 | + - name: Releasing custom version |
| 36 | + if: github.event.inputs.customversion != '' |
| 37 | + run: echo "Releasing version ${{ github.event.inputs.customversion }}" |
64 | 38 |
|
65 | 39 | - name: Checkout repository |
66 | 40 | uses: actions/checkout@v3 |
67 | 41 | with: |
68 | | - fetch-depth: 0 # Due to https://axion-release-plugin.readthedocs.io/en/latest/configuration/ci_servers/#github-actions |
69 | | - ref: refs/tags/${{ needs.github.outputs.VERSION }} # Checkout the new created tag |
70 | | - |
71 | | - - name: "Fetch git tags" # Required for axion-release-plugin |
72 | | - run: git fetch --tags |
| 42 | + fetch-depth: 0 # required by previous_tag |
73 | 43 |
|
74 | 44 | - name: Set up JDK 17 |
75 | 45 | uses: actions/setup-java@v3 |
76 | 46 | with: |
77 | 47 | java-version: 17 |
78 | | - distribution: adopt |
79 | | - |
80 | | - - name: Validate Gradle wrapper |
81 | | - uses: gradle/wrapper-validation-action@v1.1.0 |
82 | | - |
83 | | - - name: Setup Gradle |
84 | | - uses: gradle/gradle-build-action@v2.7.0 |
| 48 | + distribution: temurin |
| 49 | + server-id: ossrh |
| 50 | + server-username: MAVEN_USERNAME |
| 51 | + server-password: MAVEN_PASSWORD |
| 52 | + gpg-private-key: ${{ secrets.SIGNING_KEY }} |
| 53 | + gpg-passphrase: MAVEN_GPG_PASSPHRASE |
| 54 | + |
| 55 | + - name: Apply wrapper permissions |
| 56 | + run: | |
| 57 | + chmod +x mvnw |
85 | 58 |
|
86 | | - - name: Publish to Maven Central |
87 | | - run: ./gradlew publish |
| 59 | + - name: Import GPG key |
| 60 | + uses: crazy-max/ghaction-import-gpg@v5 |
| 61 | + with: |
| 62 | + gpg_private_key: ${{ secrets.SCB_BOT_GPG_KEY }} |
| 63 | + passphrase: ${{ secrets.SCB_BOT_GPG_PASSPHRASE }} |
| 64 | + git_user_signingkey: true |
| 65 | + git_tag_gpgsign: true |
| 66 | + git_commit_gpgsign: true |
| 67 | + git_committer_name: SecureCodeBoxBot |
| 68 | + git_committer_email: securecodebox@iteratec.com |
| 69 | + |
| 70 | + # CASE: Version set |
| 71 | + - name: "[Custom version] Release & Publish" |
| 72 | + if: github.event.inputs.customversion != '' # input "customversion" not empty |
| 73 | + run: ./mvnw -B release:prepare release:perform -DreleaseVersion=${{ github.event.inputs.customversion }} -DdevelopmentVersion=${{ github.event.inputs.nextversion }} -P release |
| 74 | + env: |
| 75 | + GITHUB_TOKEN: ${{ secrets.SCB_BOT_USER_TOKEN }} |
| 76 | + MAVEN_USERNAME: ${{ secrets.MAVEN_USERNAME }} |
| 77 | + MAVEN_PASSWORD: ${{ secrets.MAVEN_PASSWORD }} |
| 78 | + MAVEN_GPG_PASSPHRASE: ${{ secrets.SIGNING_PASSWORD }} |
| 79 | + |
| 80 | + # CASE: NO Version set |
| 81 | + - name: "[Auto version] Release & Publish" |
| 82 | + if: github.event.inputs.customversion == '' # input "customversion" empty |
| 83 | + run: ./mvnw -B release:prepare release:perform -DdevelopmentVersion=${{ github.event.inputs.nextversion }} -P release |
88 | 84 | env: |
| 85 | + GITHUB_TOKEN: ${{ secrets.SCB_BOT_USER_TOKEN }} |
89 | 86 | MAVEN_USERNAME: ${{ secrets.MAVEN_USERNAME }} |
90 | 87 | MAVEN_PASSWORD: ${{ secrets.MAVEN_PASSWORD }} |
91 | | - SIGNING_KEY: ${{ secrets.SIGNING_KEY }} |
92 | | - SIGNING_PASSWORD: ${{ secrets.SIGNING_PASSWORD }} |
| 88 | + MAVEN_GPG_PASSPHRASE: ${{ secrets.SIGNING_PASSWORD }} |
| 89 | + |
| 90 | + # Required for creation of GitHub release |
| 91 | + - name: "Get previous tag" |
| 92 | + id: previous_tag |
| 93 | + uses: WyriHaximus/github-action-get-previous-tag@v1 |
| 94 | + |
| 95 | + # See https://github.com/marketplace/actions/gh-release |
| 96 | + - name: "Create GitHub Release" |
| 97 | + uses: softprops/action-gh-release@v1 |
| 98 | + with: |
| 99 | + token: ${{ github.token }} # could be replaced with personal access token |
| 100 | + tag_name: ${{ steps.previous_tag.outputs.tag }} |
| 101 | + generate_release_notes: true |
0 commit comments