-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathgithub-maven-deploy.yml
235 lines (211 loc) · 9.19 KB
/
github-maven-deploy.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
version: 2.1
description: |
Simplify common tasks for releasing a github project to Maven Central through OSS Sonatype.
Replace `YOUR_GLOBAL_CONTEXT` with your actual CircleCI context that contains environment variables.
Source: https://github.com/bbottema-circleci/circleci-orbs
See detailed setup instructions and requirements here from the original blog post:
http://www.bennybottema.com/2019/02/20/automating-your-github-library-releases-to-maven-central/
The following environmental variables are expected by this Orb, of which only GITHUB_COMMIT_KEY is unique for each project:
- GITHUB_COMMIT_KEY: base64 private SSH key, matching the public key in your Github project
(the following can be defined once per Github user and reused by referencing a 'context')
- GITHUB_USERNAME: Your Github username
- GITHUB_EMAIL: Your Github email
- GITHUB_FINGERPRINTS: Base64 fingerprint in all algorithms, as published by Github so SSH can trust this host
- GPG_PASSPHRASE: Password used for signing artifacts with GPG
- SECRING_GPG_ASC_BASE64: Base64 GPG ASCII keyring
- SERVER_OSSRH_USERNAME: OSS Sonatype username
- SERVER_OSSRH_PASSWORD: OSS Sonatype password
This works for simple projects, but also projects with custom artifacts like a multimodular project
examples:
standard_flow:
description: |
Standard Github Maven project release to Maven Central
mvn-build-test-command: &mvn-build-test-command
mvn-build-test-command: mvn verify -Dmaven.javadoc.skip=true -Djacoco.skip=true -Dlicense.skip=true
# OPTIONAL, useful if you have custom artifacts (or multimodular project)
mvn-collect-artifacts-command: &mvn-collect-artifacts-command
mvn-collect-artifacts-command: |
...
cp x artifacts/...
cp y artifacts/...
cp z artifacts/...
mvn-deploy-command: &mvn-deploy-command
mvn-deploy-command: |
mvn -s .circleci/maven-release-settings.xml clean deploy -DdeployAtEnd=true -DperformRelease=true -DskipTests -Dspotbugs.skip=true -Denforcer.skip=true -Djacoco.skip=true
mvn license:remove # Include this line if you use the license maven plugin
context: YOUR_GLOBAL_CONTEXT
workflows:
workflow:
jobs:
- github-maven-deploy/build-and-test:
<<: *mvn-build-test-command
<<: *mvn-collect-artifacts-command #OPTIONAL
filters: # OPTIONAL: standard CircleCI syntax; trigger only on a specific branch
branches:
only: master
- github-maven-deploy/approve-deploy-patch-version:
type: approval
requires:
- github-maven-deploy/build-and-test
- github-maven-deploy/approve-deploy-minor-version:
type: approval
requires:
- github-maven-deploy/build-and-test
- github-maven-deploy/approve-deploy-major-version:
type: approval
requires:
- github-maven-deploy/build-and-test
- github-maven-deploy/approve-deploy-as-is-version:
type: approval
requires:
- github-maven-deploy/build-and-test
- github-maven-deploy/deploy-patch-version:
requires:
- github-maven-deploy/approve-deploy-patch-version
<<: *mvn-deploy-command
- github-maven-deploy/deploy-minor-version:
requires:
- github-maven-deploy/approve-deploy-minor-version
<<: *mvn-deploy-command
- github-maven-deploy/deploy-major-version:
requires:
- github-maven-deploy/approve-deploy-major-version
<<: *mvn-deploy-command
- github-maven-deploy/deploy-as-is-version:
requires:
- github-maven-deploy/approve-deploy-as-is-version
<<: *mvn-deploy-command
usage:
version: 2.1
orbs:
github-maven-deploy: github-maven-deploy/[email protected]
executors:
maven-executor:
docker:
- image: cimg/openjdk:8.0.402
deploy-defaults: &JOB_DEPLOY_DEFAULTS
parameters:
executor:
type: executor
default: maven-executor
mvn-deploy-command:
type: string
default: echo "mvn-deploy-command not provided" 1>&2 && exit 1
executor: <<parameters.executor>>
jobs:
build-and-test:
parameters:
executor:
type: executor
default: maven-executor
mvn-build-test-command:
type: string
default: echo "mvn-build-test-command not provided" 1>&2 && exit 1
mvn-collect-artifacts-command:
type: string
default: echo "mvn-collect-artifacts-command not provided, proceeding without..."
executor: <<parameters.executor>>
steps:
- checkout
- restore_cache:
key: maven-github-release-{{ checksum ".circleci/config.yml" }}
- run:
name: Build and test script
command: << parameters.mvn-build-test-command >>
- persist_to_workspace:
root: .
paths:
- .
- run:
name: Optional collect artifacts script
shell: /bin/bash -eo pipefail -O globstar
command: << parameters.mvn-collect-artifacts-command >>
- store_artifacts:
path: artifacts
- store_test_results:
path: artifacts/junit
deploy-patch-version:
<<: *JOB_DEPLOY_DEFAULTS
steps:
- deploy-project:
internal_versioncommand: mvn build-helper:parse-version versions:set -DnewVersion=\${parsedVersion.majorVersion}.\${parsedVersion.minorVersion}.\${parsedVersion.nextIncrementalVersion} versions:commit
mvn-deploy-command: << parameters.mvn-deploy-command >>
deploy-minor-version:
<<: *JOB_DEPLOY_DEFAULTS
steps:
- deploy-project:
internal_versioncommand: mvn build-helper:parse-version versions:set -DnewVersion=\${parsedVersion.majorVersion}.\${parsedVersion.nextMinorVersion}.0 versions:commit
mvn-deploy-command: << parameters.mvn-deploy-command >>
deploy-major-version:
<<: *JOB_DEPLOY_DEFAULTS
steps:
- deploy-project:
internal_versioncommand: mvn build-helper:parse-version versions:set -DnewVersion=\${parsedVersion.nextMajorVersion}.0.0 versions:commit
mvn-deploy-command: << parameters.mvn-deploy-command >>
deploy-as-is-version:
<<: *JOB_DEPLOY_DEFAULTS
steps:
- deploy-project:
internal_versioncommand: echo "leaving project version as-is..."
mvn-deploy-command: << parameters.mvn-deploy-command >>
new_version: false
commands:
configure-gpg:
steps:
- run:
name: Configure GPG private key for signing project artifacts in OSS Sonatype
command: |
echo $SECRING_GPG_ASC_BASE64 | base64 --decode | gpg --batch --no-tty --import --yes
configure-git:
steps:
- run:
name: Configure GIT with host fingerprint, user info and SSH key for pushing
command: |
mkdir -p ~/.ssh
echo "Adding github.com as known host..."
echo " $HOME/.ssh/known_hosts"
echo $GITHUB_FINGERPRINTS | base64 --decode >> ~/.ssh/known_hosts
echo "Setting private SSH key for pushing new version to repo..."
echo $GITHUB_COMMIT_KEY | base64 --decode >> ~/.ssh/id_rsa
chmod 400 ~/.ssh/id_rsa # prevents "UNPROTECTED PRIVATE KEY FILE" error
echo "Setting git username and email..."
git config user.name "$GITHUB_USERNAME"
git config user.email "$GITHUB_EMAIL"
deploy-project:
parameters:
mvn-deploy-command:
type: string
internal_versioncommand:
type: string
new_version:
default: true
type: boolean
steps:
- attach_workspace:
at: .
- restore_cache:
key: maven-github-release-{{ checksum ".circleci/config.yml" }}
- configure-gpg
- configure-git
- run:
name: Release new version to Maven Central and push new project version to repo
command: |
echo "Starting new release..."
<< parameters.internal_versioncommand >>
MVN_VERSION=$(mvn -q -Dexec.executable="echo" -Dexec.args='${project.version}' --non-recursive exec:exec)
echo "Releasing version ${MVN_VERSION}..."
<< parameters.mvn-deploy-command >>
if [[ << parameters.new_version >> = true ]]; then
echo "Pushing new version and tag..."
git commit -am "released ${MVN_VERSION} [skip ci]"
git tag -a ${MVN_VERSION} -m "Release ${MVN_VERSION}"
ssh-agent sh -c 'ssh-add ~/.ssh/id_rsa; git push $CIRCLE_REPOSITORY_URL'
ssh-agent sh -c 'ssh-add ~/.ssh/id_rsa; git push origin --tags'
else
echo "Version ${MVN_VERSION} released as-is, skipping version change and tag..."
fi
echo "Successfully released ${MVN_VERSION}"
- save_cache:
paths:
- ~/.m2
key: maven-github-release-{{ checksum ".circleci/config.yml" }}