Skip to content

Commit

Permalink
Add release workflow (#7940)
Browse files Browse the repository at this point in the history
  • Loading branch information
barchetta authored Nov 3, 2023
1 parent d6f8abc commit 045cbd1
Show file tree
Hide file tree
Showing 3 changed files with 116 additions and 15 deletions.
66 changes: 66 additions & 0 deletions .github/workflows/release.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,66 @@
# Notes
# - cannot run on Windows, as we use shell scripts

name: "Release"

on:
push:
branches:
- 'release-*'
env:
JAVA_VERSION: '11'
JAVA_DISTRO: 'temurin'
MAVEN_HTTP_ARGS: '-Dmaven.wagon.httpconnectionManager.ttlSeconds=60 -Dmaven.wagon.http.retryHandler.count=3'

concurrency:
group: release-${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true

jobs:
copyright:
timeout-minutes: 10
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Set up JDK ${{ env.JAVA_VERSION }}
uses: actions/[email protected]
with:
distribution: ${{ env.JAVA_DISTRO }}
java-version: ${{ env.JAVA_VERSION }}
cache: maven
- name: Copyright
run: etc/scripts/copyright.sh
release:
timeout-minutes: 60
runs-on: ubuntu-20.04
environment: release
steps:
- uses: actions/checkout@v3
with:
token: ${{ secrets.SERVICE_ACCOUNT_TOKEN }}
fetch-depth: '0'
- name: Set up JDK ${{ env.JAVA_VERSION }}
uses: actions/[email protected]
with:
distribution: ${{ env.JAVA_DISTRO }}
java-version: ${{ env.JAVA_VERSION }}
cache: maven
- name: Release
env:
GPG_PASSPHRASE: ${{ secrets.HELIDON_GPG_PASSPHRASE }}
GPG_PRIVATE_KEY: ${{ secrets.HELIDON_GPG_PRIVATE_KEY }}
GPG_PUBLIC_KEY: ${{ secrets.HELIDON_GPG_PUBLIC_KEY }}
MAVEN_SETTINGS: ${{ secrets.MAVEN_SETTINGS }}
RELEASE_WORKFLOW: "true"
run: |
git config user.email "[email protected]"
git config user.name "Helidon Robot"
etc/scripts/release.sh release_build
- name: Upload Staged Artifacts
uses: actions/upload-artifact@v3
with:
name: io-helidon-artifacts-${{ github.ref_name }}
path: parent/target/nexus-staging/
retention-days: 90
46 changes: 38 additions & 8 deletions etc/scripts/pipeline-env.sh
Original file line number Diff line number Diff line change
Expand Up @@ -44,12 +44,16 @@ require_env() {
return 1
fi
}


MAVEN_OPTS="${MAVEN_OPTS} -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn"
MAVEN_OPTS="${MAVEN_OPTS} -Dorg.slf4j.simpleLogger.showDateTime=true"
MAVEN_OPTS="${MAVEN_OPTS} -Dorg.slf4j.simpleLogger.dateTimeFormat=HH:mm:ss,SSS"
MAVEN_ARGS="${MAVEN_ARGS} -B ${MAVEN_HTTP_ARGS}"

if [ -n "${JENKINS_HOME}" ] ; then
export JAVA_HOME="/tools/jdk11"
MAVEN_OPTS="${MAVEN_OPTS} -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn"
MAVEN_OPTS="${MAVEN_OPTS} -Dorg.slf4j.simpleLogger.showDateTime=true"
MAVEN_OPTS="${MAVEN_OPTS} -Dorg.slf4j.simpleLogger.dateTimeFormat=HH:mm:ss,SSS"
export MAVEN_OPTS
export PIPELINE="true"
export JAVA_HOME="/tools/jdk11.0.12"
export PATH="/tools/apache-maven-3.6.3/bin:${JAVA_HOME}/bin:/tools/node-v12/bin:${PATH}"
if [ -n "${GITHUB_SSH_KEY}" ] ; then
export GIT_SSH_COMMAND="ssh -i ${GITHUB_SSH_KEY}"
Expand All @@ -61,8 +65,6 @@ if [ -n "${JENKINS_HOME}" ] ; then
if [ -n "${NPM_CONFIG_REGISTRY}" ] ; then
MAVEN_ARGS="${MAVEN_ARGS} -Dnpm.download.root=${NPM_CONFIG_REGISTRY}/npm/-/"
fi
export MAVEN_ARGS

if [ -n "${https_proxy}" ] && [[ ! "${https_proxy}" =~ ^http:// ]] ; then
export https_proxy="http://${https_proxy}"
fi
Expand Down Expand Up @@ -96,4 +98,32 @@ if [ -n "${JENKINS_HOME}" ] ; then
GPG_KEYGRIP=$(gpg --with-keygrip -K | grep "Keygrip" | head -1 | awk '{print $3}')
/usr/lib/gnupg/gpg-preset-passphrase --preset "${GPG_KEYGRIP}" <<< "${GPG_PASSPHRASE}"
fi
fi
fi

if [ -n "${RELEASE_WORKFLOW}" ] ; then
if [ -n "${MAVEN_SETTINGS}" ] ; then
export MAVEN_SETTINGS_FILE="${HOME}/.m2/settings.xml"
echo "${MAVEN_SETTINGS}" > "${MAVEN_SETTINGS_FILE}"
MAVEN_ARGS="${MAVEN_ARGS} -s ${MAVEN_SETTINGS_FILE}"
fi
if [ -n "${GPG_PUBLIC_KEY}" ] ; then
tmpfile=$(mktemp /tmp/pub.XXXXXX.key)
echo "${GPG_PUBLIC_KEY}" > "${tmpfile}"
gpg --import --no-tty --batch "${tmpfile}"
rm "$tmpfile"
fi
if [ -n "${GPG_PRIVATE_KEY}" ] ; then
tmpfile=$(mktemp /tmp/pri.XXXXXX.key)
echo "${GPG_PRIVATE_KEY}" > "${tmpfile}"
gpg --allow-secret-key-import --import --no-tty --batch "${tmpfile}"
rm "$tmpfile"
fi
if [ -n "${GPG_PASSPHRASE}" ] ; then
echo "allow-preset-passphrase" >> ~/.gnupg/gpg-agent.conf
gpg-connect-agent reloadagent /bye
GPG_KEYGRIP=$(gpg --with-keygrip -K | grep "Keygrip" | head -1 | awk '{print $3}')
/usr/lib/gnupg/gpg-preset-passphrase --preset "${GPG_KEYGRIP}" <<< "${GPG_PASSPHRASE}"
fi
fi
export MAVEN_ARGS
export MAVEN_OPTS
19 changes: 12 additions & 7 deletions etc/scripts/release.sh
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
#!/bin/bash
#
# Copyright (c) 2018, 2020 Oracle and/or its affiliates.
# Copyright (c) 2018, 2023 Oracle and/or its affiliates.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
Expand Down Expand Up @@ -214,14 +214,19 @@ release_build(){
-DstagingDescription="${STAGING_DESC}"

# Create and push a git tag
local GIT_REMOTE=$(git config --get remote.origin.url | \
sed "s,https://\([^/]*\)/,git@\1:,")
git tag -f "${FULL_VERSION}"
if [ -n "${JENKINS_HOME}" ] ; then
# In Jenkins use SSH to access remote
local GIT_REMOTE=$(git config --get remote.origin.url | \
sed "s,https://\([^/]*\)/,git@\1:,")

git remote add release "${GIT_REMOTE}" > /dev/null 2>&1 || \
git remote set-url release "${GIT_REMOTE}"
git remote add release "${GIT_REMOTE}" > /dev/null 2>&1 || \
git remote set-url release "${GIT_REMOTE}"

git tag -f "${FULL_VERSION}"
git push --force release refs/tags/"${FULL_VERSION}":refs/tags/"${FULL_VERSION}"
git push --force release refs/tags/"${FULL_VERSION}":refs/tags/"${FULL_VERSION}"
else
git push --force origin refs/tags/"${FULL_VERSION}":refs/tags/"${FULL_VERSION}"
fi
}

# Invoke command
Expand Down

0 comments on commit 045cbd1

Please sign in to comment.