Skip to content
Stage

build: replace secrets.STAGING_PAT and secrets.DEPLOY_KEY with secrets.GITHUB_TOKEN #140

Sign in to view logs

build: replace secrets.STAGING_PAT and secrets.DEPLOY_KEY with secrets.GITHUB_TOKEN

build: replace secrets.STAGING_PAT and secrets.DEPLOY_KEY with secrets.GITHUB_TOKEN #140

Workflow file for this run

.github/workflows/stage.yml at d9b576c
---
name: Stage
on:
pull_request_target:
types:
- closed
branches:
- main
paths:
- "src/main/**"
- "pom.xml"
- ".github/workflows/**"
jobs:
deploy:
runs-on: ubuntu-latest
name: Deploy snapshot
env:
RUN_PYTHON_BIN: ${{ vars.RUN_PYTHON_BIN }}
if: github.repository_owner == 'guacsec' && github.event.pull_request.merged == true && !startsWith(github.head_ref, 'release/')
outputs:
project_version: ${{ steps.project.outputs.version }}
steps:
- name: Checkout sources
uses: actions/checkout@v3
- name: Setup Java 17
uses: actions/setup-java@v4
with:
distribution: temurin
java-version: 17
cache: maven
- name: Get pom specs
id: project
run: |
echo "version=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)" >> "$GITHUB_OUTPUT"
- name: Deploy snapshot to GitHub
if: |
contains(steps.project.outputs.version, 'SNAPSHOT') &&
github.repository == 'guacsec/trustify-da-java-client'
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: mvn deploy -Pprepare-deployment,deploy-github -B -ff -DskipTests=true -Dskip.junit_platform=true
release:
runs-on: ubuntu-latest
name: Release snapshot
environment: staging
needs: deploy
if: |
contains(needs.deploy.outputs.project_version, 'SNAPSHOT') &&
github.repository_owner == 'guacsec' && github.event.pull_request.merged == true && !startsWith(github.head_ref, 'release/')
steps:
- name: Check for existing ${{ needs.deploy.outputs.project_version }} release
id: existing_release
uses: actions/github-script@v7
env:
PROJECT_VERSION: ${{ needs.deploy.outputs.project_version }}
continue-on-error: true
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
const repo = context.repo;
const tag = process.env.PROJECT_VERSION;
try {
const response = await github.rest.repos.getReleaseByTag({
owner: repo.owner,
repo: repo.repo,
tag: tag
});
core.setOutput('id', response.data.id);
} catch (error) {
if (error.status === 404) {
core.info(`Release for tag '${tag}' not found.`);
} else {
throw error;
}
}
- name: Checkout sources
uses: actions/checkout@v3
- name: Delete ${{ needs.deploy.outputs.project_version }} release if exists
if: ${{ steps.existing_release.outputs.id }}
uses: actions/github-script@v6
env:
RELEASE_ID: ${{ steps.existing_release.outputs.id }}
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
const repo = context.repo;
const releaseId = process.env.RELEASE_ID;
try {
console.log(`Deleting release ID: ${releaseId}`);
await github.rest.repos.deleteRelease({
owner: repo.owner,
repo: repo.repo,
release_id: releaseId
});
console.log(`Deleted release ID: ${releaseId}`);
} catch (error) {
if (error.status === 404) {
console.log(`Release ID: ${releaseId} not found. Skipping deletion.`);
} else {
throw error;
}
}
- name: Delete ${{ needs.deploy.outputs.project_version }} tag if exists
continue-on-error: true
run: git push --delete origin ${{ needs.deploy.outputs.project_version }}
# Workaround for GitHub release cache issue — avoids ghost "draft" releases
- name: Sleep to allow release deletion to propagate
run: sleep 5
- name: Create new ${{ needs.deploy.outputs.project_version }} release
uses: actions/github-script@v7
env:
PROJECT_VERSION: ${{ needs.deploy.outputs.project_version }}
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
const repo = context.repo;
const tag = process.env.PROJECT_VERSION;
console.log(`Creating release for tag: ${tag}`);
const response = await github.rest.repos.createRelease({
owner: repo.owner,
repo: repo.repo,
tag_name: tag,
name: tag,
draft: false,
prerelease: true,
generate_release_notes: true,
make_latest: 'false',
});
console.log(`Release created: ${response.data.html_url}`);