chore(deps): update all non-major dependencies (#129) #76
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build & Release | |
on: | |
workflow_dispatch: | |
push: | |
branches: | |
- main | |
- next | |
paths: | |
- '**/src/**' | |
- '**/pom.xml' | |
- 'pom.xml' | |
concurrency: | |
group: ci-main | |
permissions: | |
contents: read | |
jobs: | |
build: | |
name: Build & Release | |
runs-on: ubuntu-latest | |
permissions: | |
# used by cycjimmy/semantic-release-action | |
contents: write | |
issues: write | |
pull-requests: write | |
packages: write | |
# used by aws-actions/configure-aws-credentials | |
id-token: write | |
outputs: | |
new-release-published: ${{ steps.semantic-release.outputs.new_release_published }} | |
new-release-version: ${{ steps.semantic-release.outputs.new_release_version }} | |
steps: | |
- uses: actions/[email protected] | |
with: | |
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis | |
- name: Set up JDK 11 | |
uses: actions/[email protected] | |
with: | |
java-version: '11' | |
distribution: 'temurin' | |
cache: 'maven' | |
- name: Setup Node 20 | |
uses: actions/[email protected] | |
with: | |
node-version: 20 | |
cache: 'yarn' | |
cache-dependency-path: integration-tests/infrastructure/yarn.lock | |
- name: Setup Terraform | |
uses: hashicorp/[email protected] | |
with: | |
terraform_version: 1.5.7 | |
terraform_wrapper: false | |
- name: Setup AWS Credentials for Infrastructure | |
uses: aws-actions/[email protected] | |
with: | |
aws-region: eu-central-1 | |
role-to-assume: arn:aws:iam::956243129466:role/github-deployer | |
- name: Synth Infrastructure for Integration Tests | |
working-directory: integration-tests/infrastructure | |
run: | | |
yarn install --frozen-lockfile | |
yarn run synth | |
- id: apply-infrastructure | |
name: Apply Infrastructure for Integration Tests | |
working-directory: integration-tests/infrastructure/cdktf.out/stacks/feign-aws-sigv4-integration-tests | |
run: | | |
terraform init | |
terraform apply -auto-approve | |
echo "integration-test-role-arn=$(terraform output -raw integration-test-role-arn)" >> $GITHUB_OUTPUT | |
echo "api-gateway-url=$(terraform output -raw api-gateway-url)" >> $GITHUB_OUTPUT | |
- name: Setup AWS Credentials for Integration Tests | |
uses: aws-actions/[email protected] | |
with: | |
aws-region: eu-central-1 | |
role-to-assume: ${{ steps.apply-infrastructure.outputs.integration-test-role-arn }} | |
- id: run-tests | |
name: Run Tests | |
run: | | |
mvn -B -ntp clean install failsafe:integration-test failsafe:verify -DapiGatewayUrl=${{ steps.apply-infrastructure.outputs.api-gateway-url }} | |
- name: Setup AWS Credentials for Infrastructure | |
uses: aws-actions/[email protected] | |
if: always() | |
with: | |
aws-region: eu-central-1 | |
role-to-assume: arn:aws:iam::956243129466:role/github-deployer | |
- name: Destroy Infrastructure for Integration Tests | |
if: always() | |
working-directory: integration-tests/infrastructure/cdktf.out/stacks/feign-aws-sigv4-integration-tests | |
run: | | |
terraform destroy -auto-approve | |
- name: Import GPG key | |
uses: crazy-max/[email protected] | |
if: steps.run-tests.outcome == 'success' | |
with: | |
gpg_private_key: ${{ secrets.OSSRH_GPG_SECRET_KEY }} | |
passphrase: ${{ secrets.OSSRH_GPG_SECRET_KEY_PASSWORD }} | |
- id: semantic-release | |
name: Create new release | |
uses: cycjimmy/[email protected] | |
if: steps.run-tests.outcome == 'success' | |
with: | |
extra_plugins: | | |
@semantic-release/git | |
@semantic-release/exec | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
OSSRH_GPG_SECRET_KEY_PASSWORD: ${{ secrets.OSSRH_GPG_SECRET_KEY_PASSWORD }} | |
publish-maven-central: | |
name: Publish to Maven Central | |
runs-on: ubuntu-latest | |
needs: build | |
if: needs.build.outputs.new-release-published == 'true' | |
steps: | |
- uses: actions/[email protected] | |
- name: Set up JDK 11 | |
uses: actions/[email protected] | |
with: | |
java-version: '11' | |
distribution: 'temurin' | |
cache: 'maven' | |
server-id: ossrh | |
server-username: MAVEN_USERNAME | |
server-password: MAVEN_PASSWORD | |
- name: Import GPG key | |
uses: crazy-max/[email protected] | |
with: | |
gpg_private_key: ${{ secrets.OSSRH_GPG_SECRET_KEY }} | |
passphrase: ${{ secrets.OSSRH_GPG_SECRET_KEY_PASSWORD }} | |
- name: Publish package | |
run: | | |
mvn -B -ntp versions:set -DgenerateBackupPoms=false -DnewVersion=${{ needs.build.outputs.new-release-version }} | |
mvn -B -ntp -Psign-with-gpg -Ppublish-ossrh clean deploy -DskipTests -Dgpg.passphrase=${{ secrets.OSSRH_GPG_SECRET_KEY_PASSWORD }} | |
env: | |
MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }} | |
MAVEN_PASSWORD: ${{ secrets.OSSRH_TOKEN }} |