Release Github & Central #70
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release Github & Central | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| release_version: | |
| description: "Version to release (1.0.0, 1.0.1-RC)" | |
| required: true | |
| release_central: | |
| description: "Release to central" | |
| type: choice | |
| required: true | |
| default: "false" | |
| options: | |
| - "true" | |
| - "false" | |
| release_branch: | |
| description: "Branch to release from" | |
| default: "main" | |
| release_type: | |
| description: "Type of release may be GA, EA, Beta" | |
| type: choice | |
| required: true | |
| default: "GA" | |
| options: | |
| - Beta | |
| - EA | |
| - GA | |
| jobs: | |
| release_binder: | |
| runs-on: ubuntu-latest | |
| env: | |
| java_environment: zulu | |
| jre_version: 17 | |
| permissions: | |
| contents: write | |
| packages: write | |
| id-token: write | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ inputs.release_branch }} | |
| fetch-depth: 0 | |
| ssh-key: ${{ secrets.COMMIT_KEY }} | |
| - name: Retrieve secrets from Vault | |
| id: secrets | |
| uses: hashicorp/vault-action@v3 | |
| continue-on-error: true | |
| with: | |
| url: "${{ secrets.VAULT_ADDR }}" | |
| role: "cicd-workflows-secret-read-role" | |
| method: jwt | |
| path: jwt-github | |
| jwtGithubAudience: https://github.com/${{ github.repository_owner }} | |
| exportToken: true | |
| secrets: | |
| secret/data/tools/githubactions RE_BOT_PACKAGES_READ_ONLY_CLASSIC_USER | PACKAGES_READ_USER ; | |
| secret/data/tools/githubactions RE_BOT_PACKAGES_READ_ONLY_CLASSIC_TOKEN | PACKAGES_READ_TOKEN ; | |
| secret/data/tools/githubactions MAVEN_GPG_KEY_PASSPHRASE | MAVEN_GPG_KEY_PASSPHRASE ; | |
| secret/data/tools/githubactions MAVEN_GPG_KEY | MAVEN_GPG_KEY ; | |
| secret/data/tools/githubactions MAVEN_USERNAME | MAVEN_USERNAME ; | |
| secret/data/tools/githubactions MAVEN_PASSWORD | MAVEN_PASSWORD ; | |
| - name: Warn of Vault Login Failure | |
| if: steps.secrets.outcome != 'success' | |
| run: echo "Could not (${{steps.secrets.outcome}}) log into vault using cicd-workflows-secret-read-role. Has this repo been onboarded in maas-vault-configuration?"; exit 1 | |
| # Setup all secrets and env needed for the build | |
| - name: Set up JDK ${{ env.jre_version }} (${{env.java_environment}}) | |
| uses: actions/setup-java@v4 | |
| with: | |
| distribution: ${{ env.java_environment }} | |
| java-version: ${{ env.jre_version }} | |
| cache: "maven" | |
| - name: Import GPG key | |
| uses: crazy-max/ghaction-import-gpg@01dd5d3ca463c7f10f7f4f7b4f177225ac661ee4 #v6.1.0 | |
| with: | |
| gpg_private_key: ${{ steps.secrets.outputs.MAVEN_GPG_KEY }} | |
| passphrase: ${{ steps.secrets.outputs.MAVEN_GPG_KEY_PASSPHRASE }} | |
| - name: Add SSH Key for write access for commits | |
| uses: kielabokkie/ssh-key-and-known-hosts-action@v1 | |
| with: | |
| ssh-private-key: ${{ secrets.COMMIT_KEY }} | |
| ssh-host: github.com | |
| - name: Configure Git author | |
| run: | | |
| git config --local user.email "action@github.com" | |
| git config --local user.name "GitHub Action" | |
| - name: Pre-Release Check - Version | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| gh api --method GET /repos/${{github.repository}}/releases -f sort=updated -f direction=asc > releases.json | |
| release_version_exists=$(jq -r --arg RELEASE_VERSION ${{ inputs.release_version }} '.[].name|select(.|test($RELEASE_VERSION))' releases.json) | |
| if [[ ! -z "$release_version_exists" ]]; then | |
| echo "Version ${{ inputs.release_version }} has been previously released. Please change release version." | |
| exit 1 | |
| else | |
| echo "New version: ${{ inputs.release_version }} going to be released!" | |
| fi | |
| - name: Set Build Params | |
| run: | | |
| if echo "${{inputs.release_version}}" | grep -iP 'ea|rc'; then | |
| NEXT_DEV_REVISION="\${parsedVersion.majorVersion}.\${parsedVersion.minorVersion}.\${parsedVersion.incrementalVersion}" | |
| else | |
| NEXT_DEV_REVISION="\${next-revision}" | |
| fi | |
| export SKIP_FLAGS_NON_UNIT_TESTS="-Dcheckstyle.skip -Dpmd.skip -Dcpd.skip -Dfindbugs.skip -Dspotbugs.skip" | |
| echo "Calculated Params" | |
| echo "NEXT_DEV_REVISION=$NEXT_DEV_REVISION" | |
| echo "SKIP_FLAGS_NON_UNIT_TESTS=$SKIP_FLAGS_NON_UNIT_TESTS" >> $GITHUB_ENV | |
| echo "NEXT_DEV_REVISION=$NEXT_DEV_REVISION" >> $GITHUB_ENV | |
| echo "SKIP_FLAGS_ALL_TESTS=$SKIP_FLAGS_NON_UNIT_TESTS -DskipTests=true" >> $GITHUB_ENV | |
| - name: Release Version - Prepare | |
| run: >- | |
| mvn -B -U validate | |
| versions:set-property | |
| -Dproperty=revision | |
| -DnewVersion="${{ inputs.release_version }}" && | |
| mvn validate | |
| versions:set-property | |
| -Dproperty=changelist | |
| -DnewVersion="" | |
| - name: Deploy Artifacts (GH Packages) | |
| env: | |
| PACKAGES_READ_USER: ${{ steps.secrets.outputs.PACKAGES_READ_USER }} | |
| PACKAGES_READ_TOKEN: ${{ steps.secrets.outputs.PACKAGES_READ_TOKEN }} | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: >- | |
| mvn deploy -B -DreleaseTarget=github -s maven/settings.xml $SKIP_FLAGS_ALL_TESTS | |
| - name: Deploy Artifacts (Maven Central) | |
| env: | |
| PACKAGES_READ_USER: ${{ steps.secrets.outputs.PACKAGES_READ_USER }} | |
| PACKAGES_READ_TOKEN: ${{ steps.secrets.outputs.PACKAGES_READ_TOKEN }} | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: >- | |
| mvn deploy -B -DreleaseTarget=central -s maven/settings.xml $SKIP_FLAGS_ALL_TESTS | |
| - name: Release Version - Checkin | |
| run: >- | |
| mvn validate | |
| scm:checkin -B | |
| -DscmVersion=${{ inputs.release_branch }} | |
| -DscmVersionType=branch | |
| -Dmessage="[ci skip] prepare release ${{ inputs.release_version }}" && | |
| mvn scm:tag -B -Dtag=${{ inputs.release_version }} | |
| - name: Create GitHub Release | |
| uses: ncipollo/release-action@v1.14.0 | |
| with: | |
| tag: "${{ inputs.release_version }}" | |
| generateReleaseNotes: true | |
| makeLatest: true | |
| artifacts: "**/target/*.jar" | |
| - name: Next Development Version - Prepare and Checkin | |
| run: >- | |
| mvn -B -U validate build-helper:parse-version versions:set-property | |
| -Dproperty=revision | |
| -DnewVersion='${{ env.NEXT_DEV_REVISION}}' && | |
| mvn validate | |
| versions:set-property | |
| -Dproperty=changelist | |
| -DnewVersion="-SNAPSHOT" && | |
| mvn validate scm:checkin -B | |
| -DscmVersion=${{ inputs.release_branch }} | |
| -DscmVersionType=branch | |
| -Dmessage="[ci skip] prepare for next development iteration" | |
| - name: Upload Artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: build-artifacts | |
| path: | | |
| **/target/*.jar | |
| **/target/generated-docs/User-Guide.pdf |