-
Notifications
You must be signed in to change notification settings - Fork 1
173 lines (148 loc) · 6.35 KB
/
createereleasenodeploy.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
name: Create Release w/o deploy
run-name: Create Release w/o deploy of ${{ github.ref_name }} , dryrun=${{ inputs.dryrun }}
on:
workflow_dispatch:
inputs:
dryrun:
type: boolean
description: 'Dry run? If given, the release will be built but dropped afterwards from OSSRH, and the git changes will not be pushed.'
default: false
jobs:
createreleasenodeploy:
runs-on: ubuntu-latest
env:
SUBDIR: ${{ github.event.inputs.subdir }}
MVNCMD: mvn -B -ntp -Dmaven.deploy.skip=true
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GITHUB_ACTOR: ${{ github.actor }}
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 3
- name: print configuration
run: |
echo "MVNCMD: $MVNCMD"
echo "dryrun: ${{ github.event.inputs.dryrun }}"
- name: Set up JDK 11
uses: actions/setup-java@v4
with:
java-version: '11'
distribution: 'temurin'
cache: maven
server-id: central
server-username: OSSRH_USER
server-password: OSSRH_PASSWD
# gpg-private-key: ${{ secrets.GPG_SECRET_KEYS }}
gpg-passphrase: GPG_PASSPHRASE
- name: Dump settings
run: cat $HOME/.m2/settings.xml
- name: Dump event context for debugging
continue-on-error: true # Debugging output only, and this annoyingly fails when the commit messge has a (
run: |
echo '${{ github.event_name }} for ${{ github.ref_type }} ${{ github.ref_name }} or ${{ github.event.ref }}'
# https://docs.github.com/en/developers/webhooks-and-events/webhooks/webhook-events-and-payloads#push
echo 'github.event:'
echo '${{ toJSON(github.event) }}'
- name: Dump github context for debugging
continue-on-error: true # Debugging output only, and this annoyingly fails when the commit message has a (
run: |
echo '${{ toJSON(github) }}'
- name: Try to set a master password
run: |
MASTERPWD=$(openssl rand -base64 25)
echo "<settingsSecurity> <master>$(mvn --encrypt-master-password "$MASTERPWD")</master></settingsSecurity>" > $HOME/.m2/settings-security.xml
# echo "MASTERPWD=\"$MASTERPWD\"" >> $GITHUB_ENV
# The master password isn't actually used, but the maven-gpg-plugin complains otherwise.
- name: Git & Maven Status
run: |
$MVNCMD -version
git remote -v
git status --untracked-files --ignored
git log -3 --no-color --decorate
$MVNCMD -version
find . -name 'settings*xml'
find /home/runner/work/ -name 'settings*xml'
- name: Mvn Effective POM
run: $MVNCMD -N help:effective-pom
- name: Mvn Effective Settings
run: $MVNCMD -N help:effective-settings
- name: Import GPG key
env:
GPG_SECRET_KEYS: ${{ secrets.GPG_SECRET_KEYS }}
GPG_OWNERTRUST: ${{ secrets.GPG_OWNERTRUST }}
run: |
echo $GPG_SECRET_KEYS | base64 --decode | gpg --import --no-tty --batch --yes
echo $GPG_OWNERTRUST | base64 --decode | gpg --import-ownertrust --no-tty --batch --yes
gpg -v --refresh-keys
gpg --list-secret-keys --keyid-format LONG
- name: Configure git user for release commits
# specific to repository - we don't want that to be the same thing in a fork.
env:
X_RELEASE_USERNAME: ${{ vars.RELEASE_USERNAME }}
X_RELEASE_USEREMAIL: ${{ vars.RELEASE_USEREMAIL }}
run: |
git config --global user.email "${X_RELEASE_USERNAME}"
git config --global user.name "${X_RELEASE_USEREMAIL}"
- name: Check that we are on snapshot branch before creating the release
run: |
echo "Version: "
$MVNCMD help:evaluate -Dexpression=project.version -q -DforceStdout
$MVNCMD help:evaluate -Dexpression=project.version -q -DforceStdout | egrep -- '-SNAPSHOT$' > /dev/null || exit 1
# unfortunately, this would require a snapshot parent if just called from the command line, so we cannot use it: :-(
# mvn org.apache.maven.plugins:maven-enforcer-plugin:3.2.1:enforce -Drules=requireSnapshotVersion
- name: Dry run of release goals
env:
GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
run: |
# export GPG_PASSPHRASE=$(mvn --encrypt-password "$(echo $GPG_PASSPHRASE_RAW | base64 --decode)")
$MVNCMD clean release:clean
$MVNCMD release:prepare -DdryRun=true -DpushChanges=false
$MVNCMD release:perform -DdryRun=true -DlocalCheckout=true -DdeployAtEnd=true
$MVNCMD clean release:clean
git clean -f -d -x
- name: Verify git is clean
run: |
git status --untracked-files --ignored
git log -3 --no-color --decorate
git clean -f -d
- name: Prepare release
env:
GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
run: |
git clean -f -d -x
$MVNCMD clean release:clean release:prepare -DpushChanges=false
- name: Git status after prepare
run: |
git status --untracked-files --ignored
git log -3 --no-color --decorate
cat release.properties || true
# create a release without deploying it since we still have trouble with maven central
- name: Perform release w/o deploy
env:
OSSRH_USER: ${{ secrets.OSSRH_USER }}
OSSRH_PASSWD: ${{ secrets.OSSRH_PASSWD }}
GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
run: |
$MVNCMD release:perform -DlocalCheckout=true -Darguments=-Dmaven.deploy.skip=true -Dgoals=install
- name: Git Status after perform
if: always()
run: |
git status
git log -3 --no-color --decorate
- name: Git Status after perform, long
if: always()
run: |
git status --untracked-files --ignored
- name: Push changes
if: ${{ github.event.inputs.dryrun == 'false' }}
run: |
git push origin --follow-tags -v
- name: List target files even if recipe fails
if: always()
run: |
pwd
ls -ld
ls -ld target
find . -type d -name target
ls -l ./target/checkout/target || true
ls -l ./target/checkout/commons/target || true