-
Notifications
You must be signed in to change notification settings - Fork 1
167 lines (143 loc) · 6.36 KB
/
createerelease2.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
# Creates a release and uploads that. We don't upload the site - that's done in the master.yml workflow once it's merged.
# See also https://docs.github.com/en/actions/publishing-packages/publishing-java-packages-with-maven
# https://github.com/actions/setup-java
# https://github.com/actions/setup-java/blob/main/docs/advanced-usage.md?tab=readme-ov-file#Publishing-using-Apache-Maven
# https://central.sonatype.org/publish-ea/publish-ea-guide/
name: Create Release 2
run-name: Create Release 2 for ${{ github.ref_name }}
on:
workflow_dispatch:
jobs:
createrelease:
runs-on: ubuntu-latest
env:
SUBDIR: ${{ github.event.inputs.subdir }}
MVNCMD: mvn -B -ntp -P release
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GITHUB_ACTOR: ${{ github.actor }}
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 3
- name: Set up JDK 11
uses: actions/setup-java@v4
with:
java-version: '11'
distribution: 'temurin'
cache: maven
server-id: central
server-username: MAVEN_USERNAME
server-password: MAVEN_CENTRAL_TOKEN
# gpg-private-key: ${{ secrets.GPG_SECRET_KEYS }}
gpg-passphrase: GPG_PASSPHRASE
- name: Try to set a master password
run: |
MASTERPWD=$(openssl rand -base64 25)
echo "<settingsSecurity> <master>$(mvn --encrypt-master-password "$MASTERPWD")</master></settingsSecurity>" > $HOME/.m2/settings-security.xml
# echo "MASTERPWD=\"$MASTERPWD\"" >> $GITHUB_ENV
# The master password isn't actually used, but the maven-gpg-plugin complains otherwise.
- name: Git & Maven Status
run: |
$MVNCMD -version
git remote -v
git status --untracked-files --ignored
git log -3 --no-color --decorate
- name: Import GPG key
env:
GPG_SECRET_KEYS: ${{ secrets.GPG_SECRET_KEYS }}
GPG_OWNERTRUST: ${{ secrets.GPG_OWNERTRUST }}
run: |
echo $GPG_SECRET_KEYS | base64 --decode | gpg --import --no-tty --batch --yes
echo $GPG_OWNERTRUST | base64 --decode | gpg --import-ownertrust --no-tty --batch --yes
gpg -v --refresh-keys
gpg --list-secret-keys --keyid-format LONG
- name: Configure git user for release commits
# specific to repository - we don't want that to be the same thing in a fork.
env:
X_RELEASE_USERNAME: ${{ vars.RELEASE_USERNAME }}
X_RELEASE_USEREMAIL: ${{ vars.RELEASE_USEREMAIL }}
run: |
git config --global user.email "${X_RELEASE_USERNAME}"
git config --global user.name "${X_RELEASE_USEREMAIL}"
- name: Check that we are on snapshot branch before creating the release
run: |
echo "Version: "
$MVNCMD help:evaluate -Dexpression=project.version -q -DforceStdout
$MVNCMD help:evaluate -Dexpression=project.version -q -DforceStdout | egrep -- '-SNAPSHOT$' > /dev/null || exit 1
# unfortunately, this would require a snapshot parent if just called from the command line, so we cannot use it: :-(
# mvn org.apache.maven.plugins:maven-enforcer-plugin:3.2.1:enforce -Drules=requireSnapshotVersion
- name: Dry run of release goals
env:
GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
run: |
# export GPG_PASSPHRASE=$(mvn --encrypt-password "$(echo $GPG_PASSPHRASE_RAW | base64 --decode)")
$MVNCMD clean release:clean
$MVNCMD release:prepare -DdryRun=true -DpushChanges=false
$MVNCMD release:perform -DdryRun=true -DlocalCheckout=true -DdeployAtEnd=true -DreleaseProfiles=release
$MVNCMD clean release:clean
git clean -f -d -x
- name: Verify git is clean
run: |
git status --untracked-files --ignored
git log -3 --no-color --decorate
git clean -f -d
- name: Prepare release
env:
MAVEN_USERNAME: ${{ secrets.OSS_SONATYPE_USERNAME }}
MAVEN_CENTRAL_TOKEN: ${{ secrets.OSS_SONATYPE_PASSWORD }}
GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
run: |
git clean -f -d -x
$MVNCMD clean release:clean release:prepare
- name: Git status after prepare
run: |
git status --untracked-files --ignored
git log -3 --no-color --decorate
cat release.properties || true
- name: Perform release
env:
MAVEN_USERNAME: ${{ secrets.OSS_SONATYPE_USERNAME }}
MAVEN_CENTRAL_TOKEN: ${{ secrets.OSS_SONATYPE_PASSWORD }}
GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
run: |
$MVNCMD -X release:perform -DdeployAtEnd=true "-Darguments=-DdeployAtEnd=true" "-DreleaseProfiles=release" "-Dgoals=clean install package source:jar javadoc:jar deploy"
- name: Dump settings
if: always()
run: cat $HOME/.m2/settings.xml
- name: Dump event context for debugging
if: always()
continue-on-error: true # Debugging output only, and this annoyingly fails when the commit messge has a (
run: |
echo '${{ github.event_name }} for ${{ github.ref_type }} ${{ github.ref_name }} or ${{ github.event.ref }}'
# https://docs.github.com/en/developers/webhooks-and-events/webhooks/webhook-events-and-payloads#push
echo 'github.event:'
echo '${{ toJSON(github.event) }}'
- name: Dump github context for debugging
if: always()
continue-on-error: true # Debugging output only, and this annoyingly fails when the commit message has a (
run: |
echo '${{ toJSON(github) }}'
- name: Mvn Effective POM
if: always()
run: $MVNCMD -N help:effective-pom
- name: Mvn Effective Settings
if: always()
run: $MVNCMD -N help:effective-settings
- name: Git Status after perform
if: always()
run: |
git status
git log -3 --no-color --decorate
- name: Git Status after perform, long
if: always()
run: |
git status --untracked-files --ignored
- name: List target files even if recipe fails
if: always()
run: |
pwd
ls -ld
ls -ld target
find . -type d -name target
ls -l ./target/checkout/target || true
ls -l ./target/checkout/commons/target || true