Skip to content

Workflow Run: Maven Release: Prepare and Perform #27

Workflow Run: Maven Release: Prepare and Perform

Workflow Run: Maven Release: Prepare and Perform #27

name: 'Workflow: Maven Release: Prepare and Perform'
run-name: 'Workflow Run: Maven Release: Prepare and Perform'
on:
workflow_dispatch:
inputs:
dryRun:
default: true
description: 'Dry run?'
type: 'boolean'
mvnDebug:
default: false
description: 'Debug?'
type: 'boolean'
jobs:
job-mvn-release-prepare:
name: 'Job: Maven Release: Prepare'
permissions:
contents: 'read'
runs-on: 'ubuntu-latest'
steps:
- id: 'checkout'
name: 'Step: Checkout'
uses: 'actions/checkout@v4'
with:
fetch-depth: 1
persist-credentials: false
- id: 'setup-java'
name: 'Step: Set Up Java and Maven'
uses: 'actions/setup-java@v3'
with:
cache: 'maven'
distribution: 'temurin'
java-version: '11'
mvn-toolchain-id: 'Temurin 11'
mvn-toolchain-vendor: 'openjdk' # see ../../pom.xml
- id: 'setup-askpass'
name: 'Step: Set Up GIT_ASKPASS'
run: |
install -m 700 /dev/null "${RUNNER_TEMP}/.askpass" # atomically create empty file with appropriate permissions
cat >> "${RUNNER_TEMP}/.askpass" <<<'#!/bin/bash
case "${1}" in
Username*) exec echo x-access-token ;;
Password*) exec echo "${PUSH_TOKEN}" ;;
esac'
- id: 'mvn-release-prepare'
name: 'Step: Maven Release: Prepare'
env:
DRY_RUN: '${{ inputs.dryRun }}'
GIT_ASKPASS: '${{ runner.temp }}/.askpass'
GIT_CURL_VERBOSE: ${{ inputs.mvnDebug && 1 || 0 }}
MVN_DEBUG: ${{ inputs.mvnDebug && '-X' || '' }}
PUSH_TOKEN : '${{ secrets.PUSH_TOKEN }}' # critical; see ${GIT_ASKPASS} file
SCM_GIT_HTTPS_URL: 'scm:git:${{ github.server_url }}/${{ github.repository }}.git'
run: |
git config --global user.email '[email protected]'
git config --global user.name 'microbean'
mvn ${MVN_DEBUG} -e --batch-mode release:prepare -DdryRun="${DRY_RUN}" -Dscm.url="${SCM_GIT_HTTPS_URL}"
- id: 'upload-release-properties'
name: 'Step: Upload release.properties'
uses: 'actions/upload-artifact@v3'
with:
name: 'release-properties'
path: |
release.properties
job-mvn-release-perform:
name: 'Job: Maven Release: Perform'
needs: 'job-mvn-release-prepare'
permissions:
contents: 'read'
runs-on: 'ubuntu-latest'
steps:
- id: 'checkout' # really shouldn't be needed, but setup-java requires the pom.xml to restore the cache. Ugh!
name: 'Step: Checkout'
uses: 'actions/checkout@v4'
with:
fetch-depth: 1
persist-credentials: false
sparse-checkout: |
pom.xml
sparse-checkout-cone-mode: false
- id: 'setup-java'
name: 'Step: Set Up Java and Maven'
uses: 'actions/setup-java@v3'
with:
cache: 'maven'
distribution: 'temurin'
gpg-passphrase: 'GPG_PASSPHRASE'
gpg-private-key: '${{ secrets.GPG_PRIVATE_KEY }}'
java-version: '11'
mvn-toolchain-id: 'Temurin 11'
mvn-toolchain-vendor: 'openjdk' # see ../../pom.xml
server-id: 'sonatype-oss-repository-hosting' # see https://github.com/microbean/microbean-parent/blob/master/pom.xml#L38
server-password: 'SONATYPE_OSSRH_PASSWORD'
server-username: 'SONATYPE_OSSRH_USERNAME'
- id: 'setup-gpg'
name: 'Step: Set Up GPG'
run: |
echo 'pinentry-mode loopback' >> ~/.gnupg/gpg.conf
- id: 'download-release-properties'
name: 'Step: Download release.properties'
uses: 'actions/download-artifact@v3'
with:
name: 'release-properties'
path: '.'
- id: 'mvn-release-perform'
name: 'Step: Maven Release: Perform'
env:
DRY_RUN: '${{ inputs.dryRun }}'
GIT_CURL_VERBOSE: ${{ inputs.mvnDebug && 1 || 0 }}
GPG_PASSPHRASE: '${{ secrets.GPG_PASSPHRASE }}'
MVN_DEBUG: ${{ inputs.mvnDebug && '-X' || '' }}
SCM_GIT_HTTPS_URL: 'scm:git:${{ github.server_url }}/${{ github.repository }}.git'
SONATYPE_OSSRH_PASSWORD: '${{ secrets.SONATYPE_OSSRH_PASSWORD }}'
SONATYPE_OSSRH_USERNAME: '${{ secrets.SONATYPE_OSSRH_USERNAME }}'
run: |
git config --global user.email '[email protected]'
git config --global user.name 'microbean'
mvn ${MVN_DEBUG} -e --batch-mode release:perform -DdryRun="${DRY_RUN}" -Dgoals="deploy,post-site" -Darguments="-e -DautoReleaseAfterClose=false"
- id: 'upload-site'
if: 'inputs.dryRun != true'
name: 'Step: Upload Site Directory'
uses: 'actions/upload-artifact@v3'
with:
if-no-files-found: 'error'
name: 'site'
path: |
target/checkout/target/site
job-mvn-scmpublish-publish:
if: 'inputs.dryRun != true'
name: 'Job: Maven SCM Publish: Publish'
needs: 'job-mvn-release-perform'
permissions:
contents: 'read'
runs-on: 'ubuntu-latest'
steps:
- id: 'checkout' # really shouldn't be needed, but setup-java requires the pom.xml to restore the cache. Ugh!
name: 'Step: Checkout'
uses: 'actions/checkout@v4'
with:
fetch-depth: 1
persist-credentials: false
sparse-checkout: |
pom.xml
sparse-checkout-cone-mode: false
- id: 'setup-java'
name: 'Step: Set Up Java and Maven'
uses: 'actions/setup-java@v3'
with:
cache: 'maven'
distribution: 'temurin'
java-version: '11'
mvn-toolchain-id: 'Temurin 11'
mvn-toolchain-vendor: 'openjdk' # see ../../pom.xml
- id: 'setup-askpass'
name: 'Step: Set Up GIT_ASKPASS'
run: |
install -m 700 /dev/null "${RUNNER_TEMP}/.askpass" # atomically create empty file with appropriate permissions
cat >> "${RUNNER_TEMP}/.askpass" <<<'#!/bin/bash
case "${1}" in
Username*) exec echo x-access-token ;;
Password*) exec echo "${PUSH_TOKEN}" ;;
esac'
- id: 'download-site'
name: 'Step: Download Site Directory'
uses: 'actions/download-artifact@v3'
with:
name: 'site'
path: 'target/staging'
- id: 'mvn-scmpublish-publish'
name: 'Step: Maven SCM Publish: Publish'
env:
GIT_ASKPASS: '${{ runner.temp }}/.askpass'
GIT_CURL_VERBOSE: ${{ inputs.mvnDebug && 1 || 0 }}
MVN_DEBUG: ${{ inputs.mvnDebug && '-X' || '' }}
PUSH_TOKEN : '${{ secrets.PUSH_TOKEN }}' # critical; see ${GIT_ASKPASS} file
SCM_GIT_HTTPS_URL: 'scm:git:${{ github.server_url }}/${{ github.repository }}.git'
run: |
mvn ${MVN_DEBUG} -e --batch-mode scm-publish:publish-scm -Dscmpublish.pubScmUrl="${SCM_GIT_HTTPS_URL}"