[ACS-9977]: [publish] automatic tag creation work #407
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Alfresco SDK CI | |
| on: | |
| pull_request: | |
| branches: | |
| - master | |
| - fix/** | |
| - feature/** | |
| push: | |
| branches: | |
| - master | |
| - fix/** | |
| - feature/** | |
| workflow_dispatch: | |
| env: | |
| MAVEN_USERNAME: ${{ secrets.NEXUS_USERNAME }} | |
| MAVEN_PASSWORD: ${{ secrets.NEXUS_PASSWORD }} | |
| MAVEN_CENTRAL_USERNAME: ${{ secrets.OSS_SONATYPE_USERNAME }} | |
| MAVEN_CENTRAL_PASSWORD: ${{ secrets.OSS_SONATYPE_PASSWORD }} | |
| GPG_SIGNING_PASSPHRASE: ${{ secrets.GPG_SIGNING_PASSPHRASE }} | |
| GIT_USERNAME: ${{ secrets.BOT_GITHUB_USERNAME }} | |
| GIT_PASSWORD: ${{ secrets.BOT_GITHUB_TOKEN }} | |
| GIT_EMAIL: ${{ secrets.BOT_GITHUB_EMAIL }} | |
| GITHUB_ACTIONS_DEPLOY_TIMEOUT: 90 | |
| jobs: | |
| pre_commit: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
| veracode_sca: | |
| name: "Veracode - Source Clear Scan (SCA)" | |
| runs-on: ubuntu-latest | |
| if: > | |
| github.ref_name == 'master' || | |
| github.event_name == 'pull_request' | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
| - uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
| - name: "Clean-up SNAPSHOT artifacts" | |
| run: find "${HOME}/.m2/repository/" -type d -name "*-SNAPSHOT*" | xargs -r -l rm -rf | |
| - uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
| continue-on-error: true | |
| with: | |
| srcclr-api-token: ${{ secrets.SRCCLR_API_TOKEN }} | |
| build: | |
| name: "Build application" | |
| runs-on: ubuntu-latest | |
| needs: [pre_commit] | |
| if: "!contains(github.event.head_commit.message, '[skip tests]')" | |
| env: | |
| MAVEN_CLI_OPTS: > | |
| -B -q -e -fae -V -DinstallAtEnd=true -U | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
| - name: "Build" | |
| run: mvn install -DskipTests=true -Dmaven.javadoc.skip=true -B -V | |
| - name: "Verify" | |
| run: mvn $MAVEN_CLI_OPTS verify -Dlogging.root.level=off -Dspring.main.banner-mode=off | |
| tests: | |
| name: ${{ matrix.name }} | |
| runs-on: ubuntu-latest | |
| needs: [build] | |
| if: > | |
| !(failure() || cancelled()) && | |
| !contains(github.event.head_commit.message, '[skip tests]') | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - name: "current version Java 17" | |
| java-version: 17 | |
| - name: "25.2 Enterprise Java 17" | |
| java-version: 17 | |
| suite: -Penterprise-252-tests | |
| - name: "25.2 Community Java 17" | |
| java-version: 17 | |
| suite: -Pcommunity-252-tests | |
| - name: "25.1 Enterprise Java 17" | |
| java-version: 17 | |
| suite: -Penterprise-251-tests | |
| - name: "25.1 Community Java 17" | |
| java-version: 17 | |
| suite: -Pcommunity-251-tests | |
| - name: "23.5 Enterprise Java 17" | |
| java-version: 17 | |
| suite: -Penterprise-235-tests | |
| - name: "23.4 Enterprise Java 17" | |
| java-version: 17 | |
| suite: -Penterprise-234-tests | |
| - name: "23.4 Community Java 17" | |
| java-version: 17 | |
| suite: -Pcommunity-234-tests | |
| - name: "23.3 Enterprise Java 17" | |
| java-version: 17 | |
| suite: -Penterprise-233-tests | |
| - name: "23.3 Community Java 17" | |
| java-version: 17 | |
| suite: -Pcommunity-233-tests | |
| - name: "23.2 Enterprise Java 17" | |
| java-version: 17 | |
| suite: -Penterprise-232-tests | |
| - name: "23.2 Community Java 17" | |
| java-version: 17 | |
| suite: -Pcommunity-232-tests | |
| - name: "23.1 Enterprise Java 17" | |
| java-version: 17 | |
| suite: -Penterprise-231-tests | |
| - name: "23.1 Community Java 17" | |
| java-version: 17 | |
| suite: -Pcommunity-231-tests | |
| - name: "7.4 Enterprise Java 17" | |
| java-version: 17 | |
| suite: -Penterprise-74-tests | |
| - name: "7.4 Community Java 17" | |
| java-version: 17 | |
| suite: -Pcommunity-74-tests | |
| - name: "7.4 Enterprise Java 11" | |
| java-version: 11 | |
| suite: -Penterprise-74-tests | |
| - name: "7.4 Community Java 11" | |
| java-version: 11 | |
| suite: -Pcommunity-74-tests | |
| - name: "7.3 Enterprise Java 17" | |
| java-version: 17 | |
| suite: -Penterprise-73-tests | |
| - name: "7.3 Community Java 17" | |
| java-version: 17 | |
| suite: -Pcommunity-73-tests | |
| - name: "7.3 Enterprise Java 11" | |
| java-version: 11 | |
| suite: -Penterprise-73-tests | |
| - name: "7.3 Community Java 11" | |
| java-version: 11 | |
| suite: -Pcommunity-73-tests | |
| - name: "7.2 Enterprise" | |
| java-version: 11 | |
| suite: -Penterprise-72-tests | |
| - name: "7.2 Community" | |
| java-version: 11 | |
| suite: -Pcommunity-72-tests | |
| - name: "7.1 Enterprise" | |
| java-version: 11 | |
| suite: -Penterprise-71-tests | |
| - name: "7.1 Community" | |
| java-version: 11 | |
| suite: -Pcommunity-71-tests | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
| - uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
| with: | |
| java-version: ${{ matrix.java-version }} | |
| - name: "Login to Docker Hub" | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKER_USERNAME }} | |
| password: ${{ secrets.DOCKER_PASSWORD }} | |
| - name: "Login to Quay.io" | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: quay.io | |
| username: ${{ secrets.QUAY_USERNAME }} | |
| password: ${{ secrets.QUAY_PASSWORD }} | |
| - name: "Build" | |
| run: mvn clean install -B ${{ matrix.suite }} | |
| publish: | |
| name: "Publish artifacts" | |
| runs-on: ubuntu-latest | |
| needs: [tests] | |
| if: > | |
| contains(github.event.head_commit.message, '[publish]') | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
| - uses: Alfresco/alfresco-build-tools/.github/actions/[email protected] | |
| - name: "Build" | |
| run: mvn install -DskipTests=true -Dmaven.javadoc.skip=true -B -V | |
| - name: Set up Maven Central credentials | |
| run: | | |
| mkdir -p ~/.m2 | |
| envsubst < ${{ github.workspace }}/.ci.settings.xml > ~/.m2/settings.xml | |
| env: | |
| MAVEN_CENTRAL_USERNAME: ${{ secrets.MAVEN_CENTRAL_USERNAME }} | |
| MAVEN_CENTRAL_PASSWORD: ${{ secrets.MAVEN_CENTRAL_PASSWORD }} | |
| - name: Import GPG key | |
| env: | |
| GPG_TTY: $(tty) | |
| run: | | |
| echo "${{ secrets.GPG_SIGNING_PRIVATE_KEY }}" | gpg --batch --import | |
| echo "use-agent" >> ~/.gnupg/gpg.conf | |
| echo "pinentry-mode loopback" >> ~/.gnupg/gpg.conf | |
| echo "allow-loopback-pinentry" >> ~/.gnupg/gpg-agent.conf | |
| gpg --batch --yes --pinentry-mode loopback --passphrase $GPG_SIGNING_PASSPHRASE --list-keys | |
| - name: Configure Git user | |
| run: | | |
| git config --global user.name "${GIT_USERNAME:-github-actions[bot]}" | |
| git config --global user.email "${GIT_EMAIL:-github-actions[bot]@users.noreply.github.com}" | |
| - name: "Publish" | |
| timeout-minutes: ${{ fromJSON(env.GITHUB_ACTIONS_DEPLOY_TIMEOUT) }} | |
| run: | | |
| mvn --batch-mode clean package gpg:sign central-publishing:publish release:prepare release:perform \ | |
| -DscmCommentPrefix="[maven-release-plugin][skip ci] " \ | |
| -Dusername=$GIT_USERNAME \ | |
| -Dpassword=$GIT_PASSWORD \ | |
| -Psdk-release \ | |
| -DskipTests=true \ | |
| -Dgpg.passphrase=$GPG_SIGNING_PASSPHRASE \ | |
| -DautoVersionSubmodules=true \ | |
| -DtagNameFormat=@{project.version} \ | |
| -B |