ort/.github/workflows/release.yml at ff7d14a9ab75c2952efb0bb757074724d89daa75 · oss-review-toolkit/ort · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
name: Release

on:
  push:
    tags:
      - "[0-9]+.[0-9]+.[0-9]+"
  workflow_dispatch:
    inputs:
      tag:
        description: "Git tag to release from"
        required: true
        type: string

env:
  GRADLE_OPTS: -Dorg.gradle.daemon=false

jobs:
  publish:
    env:
      ORT_VERSION: ${{ inputs.tag || github.ref_name }}
    permissions:
      attestations: write
      contents: write
      id-token: write
    runs-on: ubuntu-24.04
    steps:
      - name: Checkout Repository
        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6
        with:
          ref: ${{ env.ORT_VERSION }}
          fetch-depth: 0
      - name: Setup Gradle
        uses: gradle/actions/setup-gradle@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2 # v5
        with:
          dependency-graph: generate-and-submit
      - name: Publish to Maven Central
        env:
          GITHUB_DEPENDENCY_GRAPH_REF: refs/heads/main
          ORG_GRADLE_PROJECT_mavenCentralUsername: ${{ secrets.MAVEN_CENTRAL_USERNAME }}
          ORG_GRADLE_PROJECT_mavenCentralPassword: ${{ secrets.MAVEN_CENTRAL_PASSWORD }}
          ORG_GRADLE_PROJECT_signAllPublications: true
          ORG_GRADLE_PROJECT_signingInMemoryKey: ${{ secrets.SIGNING_KEY }}
          ORG_GRADLE_PROJECT_signingInMemoryKeyPassword: ${{ secrets.SIGNING_PASSWORD }}
          SONATYPE_CONNECT_TIMEOUT_SECONDS: 300
        run: ./gradlew publishAndReleaseToMavenCentral
      - name: Build ORT Distributions
        env:
          ORG_GRADLE_PROJECT_signingInMemoryKey: ${{ secrets.SIGNING_KEY }}
          ORG_GRADLE_PROJECT_signingInMemoryKeyPassword: ${{ secrets.SIGNING_PASSWORD }}
        run: ./gradlew :cli:signDistTar :cli:signDistZip :cli-helper:signDistTar :cli-helper:signDistZip
      - name: Generate Release Notes
        run: ./gradlew -q printChangeLog > RELEASE_NOTES.md
      - name: Create GitHub Release
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: |
          gh release create $ORT_VERSION --notes-file RELEASE_NOTES.md \
              ./cli/build/distributions/ort-$ORT_VERSION.{tgz,zip}* \
              ./cli-helper/build/distributions/orth-$ORT_VERSION.{tgz,zip}*
      - name: Attest Build Provenance
        uses: actions/attest-build-provenance@977bb373ede98d70efdf65b84cb5f73e068dcc2a # v3
        with:
          subject-path: |
            ./cli/build/distributions/ort-${{ env.ORT_VERSION }}.tgz
            ./cli/build/distributions/ort-${{ env.ORT_VERSION }}.zip
            ./cli-helper/build/distributions/orth-${{ env.ORT_VERSION }}.tgz
            ./cli-helper/build/distributions/orth-${{ env.ORT_VERSION }}.zip