-
Notifications
You must be signed in to change notification settings - Fork 10
147 lines (126 loc) · 5.26 KB
/
release.yml
File metadata and controls
147 lines (126 loc) · 5.26 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
---
name: Release Version
on:
workflow_dispatch:
inputs:
version:
description: 'Custom version (optional)'
required: false
type: string
concurrency:
group: release-${{ github.ref }}
cancel-in-progress: false
jobs:
release:
if: github.repository_owner == 'guacsec'
runs-on: ubuntu-latest
permissions:
contents: write
pull-requests: write
id-token: write
steps:
- name: Checkout
uses: actions/checkout@v6
- name: Set up Java 21
uses: actions/setup-java@v5
with:
java-version: '21'
distribution: 'temurin'
cache: 'maven'
gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }}
gpg-passphrase: GPG_PASSPHRASE
env:
GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
- name: Import GPG key for Maven
run: |
mkdir -p ~/.gnupg
echo "${{ secrets.GPG_PRIVATE_KEY }}" | gpg --batch --import
env:
GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
- name: Configure git
run: |
git config user.name "${{ github.actor }}"
git config user.email "${{ github.actor }}@users.noreply.github.com"
- name: get previous released annotated tag
id: last-release
run: |
echo "tag-name=$(git describe | awk -F '-' '{print $1}')" >> "$GITHUB_OUTPUT"
- name: Set version
if: github.event.inputs.version != ''
run: mvn -B versions:set -DnewVersion=${{ github.event.inputs.version }} -DgenerateBackupPoms=false
- name: Remove snapshot
if: github.event.inputs.version == ''
run: mvn -B versions:set -DremoveSnapshot -DgenerateBackupPoms=false
- name: Get version
id: get_version
run: |
echo "version=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)" >> "$GITHUB_OUTPUT"
- name: Check if Maven artifact version exists
id: check_maven
run: |
VERSION="${{ steps.get_version.outputs.version }}"
GROUP_ID="io.github.guacsec"
ARTIFACT_ID="trustify-da-java-client"
echo "Checking if Maven artifact $GROUP_ID:$ARTIFACT_ID:$VERSION exists..."
# Check Maven Central for the artifact
HTTP_CODE=$(curl -s -o /dev/null -w "%{http_code}" "https://repo1.maven.org/maven2/io/github/guacsec/trustify-da-java-client/$VERSION/trustify-da-java-client-$VERSION.pom")
if [ "$HTTP_CODE" = "200" ]; then
echo "maven_exists=true" >> $GITHUB_OUTPUT
echo "Maven artifact $GROUP_ID:$ARTIFACT_ID:$VERSION already exists, skipping Maven publish"
else
echo "maven_exists=false" >> $GITHUB_OUTPUT
echo "Maven artifact $GROUP_ID:$ARTIFACT_ID:$VERSION does not exist (HTTP $HTTP_CODE), will publish"
fi
continue-on-error: true
- name: Show artifact check results
run: |
echo "=== Artifact Check Results ==="
echo "Maven artifact exists: ${{ steps.check_maven.outputs.maven_exists }}"
echo "Will publish to Maven Central: ${{ steps.check_maven.outputs.maven_exists == 'false' }}"
- name: Compute Maven profiles
id: compute_profiles
run: |
PROFILES="prepare-deployment,gpg-sign"
if [ "${{ steps.check_maven.outputs.maven_exists }}" = "false" ]; then
PROFILES="${PROFILES},publish-maven"
fi
echo "profiles=$PROFILES" >> $GITHUB_OUTPUT
- name: Build and publish to Maven Central
if: steps.check_maven.outputs.maven_exists == 'false'
run: |
mvn -B deploy -P${{ steps.compute_profiles.outputs.profiles }} --settings .github/workflows/maven/settings.xml
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
MAVEN_GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
MAVEN_CENTRAL_USERNAME: ${{ secrets.MAVEN_CENTRAL_USERNAME }}
MAVEN_CENTRAL_TOKEN: ${{ secrets.MAVEN_CENTRAL_TOKEN }}
- name: Skip publishing - artifact already exists
if: steps.check_maven.outputs.maven_exists == 'true'
run: |
echo "Maven artifact already exists, skipping publish step"
echo "Maven exists: ${{ steps.check_maven.outputs.maven_exists }}"
- name: Create Release
id: create_release
uses: softprops/action-gh-release@v2
with:
name: Release ${{ github.event.inputs.version || steps.get_version.outputs.version }}
tag_name: v${{ github.event.inputs.version || steps.get_version.outputs.version }}
generate_release_notes: true
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Update to next version
if: success()
run: |
mvn -B release:update-versions
# Run the phase that triggers README.md update
mvn -B validate
- name: Create Pull Request with next version
id: cpr
uses: peter-evans/create-pull-request@v8
with:
commit-message: "build(release): update to next development version"
branch: chore/bump-version
title: "chore: bump to next development version"
signoff: true
body: |
This PR updates the project to the next development version after the release.