Workflow Run: Maven Release: Prepare and Perform #33
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: 'Workflow: Maven Release: Prepare and Perform' | |
| run-name: 'Workflow Run: Maven Release: Prepare and Perform' | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| autoReleaseAfterClose: | |
| default: false | |
| description: 'Automatically release staging repository?' | |
| type: 'boolean' | |
| dryRun: | |
| default: true | |
| description: 'Dry run?' | |
| type: 'boolean' | |
| mvnDebug: | |
| default: false | |
| description: 'Debug?' | |
| type: 'boolean' | |
| jobs: | |
| job-mvn-release-prepare: | |
| name: 'Job: Maven Release: Prepare' | |
| permissions: | |
| contents: 'read' | |
| runs-on: 'ubuntu-latest' | |
| steps: | |
| - id: 'checkout' | |
| name: 'Step: Checkout' | |
| uses: 'actions/checkout@v4' | |
| with: | |
| fetch-depth: 1 | |
| persist-credentials: false | |
| - id: 'setup-java' | |
| name: 'Step: Set Up Java and Maven' | |
| uses: 'actions/setup-java@v3' | |
| with: | |
| cache: 'maven' | |
| distribution: 'temurin' | |
| java-version: '11' | |
| mvn-toolchain-id: 'Temurin 11' | |
| mvn-toolchain-vendor: 'openjdk' # see ../../pom.xml | |
| - id: 'setup-askpass' | |
| name: 'Step: Set Up GIT_ASKPASS' | |
| run: | | |
| install -m 700 /dev/null "${RUNNER_TEMP}/.askpass" # atomically create empty file with appropriate permissions | |
| cat >> "${RUNNER_TEMP}/.askpass" <<<'#!/bin/bash | |
| case "${1}" in | |
| Username*) exec echo x-access-token ;; | |
| Password*) exec echo "${PUSH_TOKEN}" ;; | |
| esac' | |
| - id: 'mvn-release-prepare' | |
| name: 'Step: Maven Release: Prepare' | |
| env: | |
| DRY_RUN: '${{ inputs.dryRun }}' | |
| GIT_ASKPASS: '${{ runner.temp }}/.askpass' | |
| GIT_CURL_VERBOSE: ${{ inputs.mvnDebug && 1 || 0 }} | |
| MVN_DEBUG: ${{ inputs.mvnDebug && '-X' || '' }} | |
| PUSH_TOKEN : '${{ secrets.PUSH_TOKEN }}' # critical; see ${GIT_ASKPASS} file | |
| SCM_GIT_HTTPS_URL: 'scm:git:${{ github.server_url }}/${{ github.repository }}.git' | |
| run: | | |
| mvn ${MVN_DEBUG} -e --batch-mode dependency:go-offline -Dsilent=true # help the cache | |
| git config --global user.email '[email protected]' | |
| git config --global user.name 'microbean' | |
| mvn ${MVN_DEBUG} -e --batch-mode release:prepare -DdryRun="${DRY_RUN}" -Dscm.url="${SCM_GIT_HTTPS_URL}" | |
| - id: 'upload-release-properties' | |
| name: 'Step: Upload release.properties' | |
| uses: 'actions/upload-artifact@v3' | |
| with: | |
| name: 'release-properties' | |
| path: | | |
| release.properties | |
| job-mvn-release-perform: | |
| name: 'Job: Maven Release: Perform' | |
| needs: 'job-mvn-release-prepare' | |
| permissions: | |
| contents: 'read' | |
| runs-on: 'ubuntu-latest' | |
| steps: | |
| - id: 'checkout' # really shouldn't be needed, but setup-java requires the pom.xml to restore the cache. Ugh! | |
| name: 'Step: Checkout' | |
| uses: 'actions/checkout@v4' | |
| with: | |
| fetch-depth: 1 | |
| persist-credentials: false | |
| sparse-checkout: | | |
| pom.xml | |
| sparse-checkout-cone-mode: false | |
| - id: 'setup-java' | |
| name: 'Step: Set Up Java and Maven' | |
| uses: 'actions/setup-java@v3' | |
| with: | |
| cache: 'maven' | |
| distribution: 'temurin' | |
| gpg-passphrase: 'GPG_PASSPHRASE' | |
| gpg-private-key: '${{ secrets.GPG_PRIVATE_KEY }}' | |
| java-version: '11' | |
| mvn-toolchain-id: 'Temurin 11' | |
| mvn-toolchain-vendor: 'openjdk' # see ../../pom.xml | |
| server-id: 'sonatype-oss-repository-hosting' # see https://github.com/microbean/microbean-parent/blob/master/pom.xml#L38 | |
| server-password: 'SONATYPE_OSSRH_PASSWORD' | |
| server-username: 'SONATYPE_OSSRH_USERNAME' | |
| - id: 'setup-gpg' | |
| name: 'Step: Set Up GPG' | |
| run: | | |
| echo 'pinentry-mode loopback' >> ~/.gnupg/gpg.conf | |
| - id: 'download-release-properties' | |
| name: 'Step: Download release.properties' | |
| uses: 'actions/download-artifact@v3' | |
| with: | |
| name: 'release-properties' | |
| path: '.' | |
| - id: 'mvn-release-perform' | |
| name: 'Step: Maven Release: Perform' | |
| env: | |
| AUTO_RELEASE_AFTER_CLOSE: '${{ inputs.autoReleaseAfterClose }}' | |
| DRY_RUN: '${{ inputs.dryRun }}' | |
| GIT_CURL_VERBOSE: ${{ inputs.mvnDebug && 1 || 0 }} | |
| GPG_PASSPHRASE: '${{ secrets.GPG_PASSPHRASE }}' | |
| MVN_DEBUG: ${{ inputs.mvnDebug && '-X' || '' }} | |
| SCM_GIT_HTTPS_URL: 'scm:git:${{ github.server_url }}/${{ github.repository }}.git' | |
| SONATYPE_OSSRH_PASSWORD: '${{ secrets.SONATYPE_OSSRH_PASSWORD }}' | |
| SONATYPE_OSSRH_USERNAME: '${{ secrets.SONATYPE_OSSRH_USERNAME }}' | |
| run: | | |
| git config --global user.email '[email protected]' | |
| git config --global user.name 'microbean' | |
| mvn ${MVN_DEBUG} -e --batch-mode release:perform -DdryRun="${DRY_RUN}" -Dgoals="deploy,post-site" -Darguments="-e -DautoReleaseAfterClose=${AUTO_RELEASE_AFTER_CLOSE} -DskipTests=true" | |
| # mvn ${MVN_DEBUG} -e --batch-mode nexus-staging:release | |
| - id: 'upload-nexus-staging' | |
| if: 'inputs.dryRun != true' | |
| name: 'Step: Upload Nexus Staging Directory' | |
| uses: 'actions/upload-artifact@v3' | |
| with: | |
| if-no-files-found: 'error' # for now | |
| name: 'nexus-staging' | |
| path: | | |
| target/checkout/target/nexus-staging/staging | |
| - id: 'upload-site' | |
| if: 'inputs.dryRun != true' | |
| name: 'Step: Upload Site Directory' | |
| uses: 'actions/upload-artifact@v3' | |
| with: | |
| if-no-files-found: 'error' | |
| name: 'site' | |
| path: | | |
| target/checkout/target/site | |
| job-mvn-nexus-staging-release: | |
| if: 'inputs.dryRun != true' | |
| name: 'Job: Maven Nexus Staging: Release' | |
| needs: 'job-mvn-release-perform' | |
| permissions: | |
| contents: 'read' | |
| runs-on: 'ubuntu-latest' | |
| steps: | |
| - id: 'checkout' # really shouldn't be needed, but setup-java requires the pom.xml to restore the cache. Ugh! | |
| name: 'Step: Checkout' | |
| uses: 'actions/checkout@v4' | |
| with: | |
| fetch-depth: 1 | |
| persist-credentials: false | |
| sparse-checkout: | | |
| pom.xml | |
| sparse-checkout-cone-mode: false | |
| - id: 'setup-java' | |
| name: 'Step: Set Up Java and Maven' | |
| uses: 'actions/setup-java@v3' | |
| with: | |
| cache: 'maven' | |
| distribution: 'temurin' | |
| java-version: '11' | |
| mvn-toolchain-id: 'Temurin 11' | |
| mvn-toolchain-vendor: 'openjdk' # see ../../pom.xml | |
| server-id: 'sonatype-oss-repository-hosting' # see https://github.com/microbean/microbean-parent/blob/master/pom.xml#L38 | |
| server-password: 'SONATYPE_OSSRH_PASSWORD' | |
| server-username: 'SONATYPE_OSSRH_USERNAME' | |
| - id: 'download-nexus-staging' | |
| name: 'Step: Download Nexus Staging Directory' | |
| uses: 'actions/download-artifact@v3' | |
| with: | |
| name: 'nexus-staging' | |
| path: 'target/nexus-staging/staging' | |
| - id: 'mvn-nexus-staging-release' | |
| name: 'Step: Maven Nexus Staging: Release' | |
| env: | |
| MVN_DEBUG: ${{ inputs.mvnDebug && '-X' || '' }} | |
| SONATYPE_OSSRH_PASSWORD: '${{ secrets.SONATYPE_OSSRH_PASSWORD }}' | |
| SONATYPE_OSSRH_USERNAME: '${{ secrets.SONATYPE_OSSRH_USERNAME }}' | |
| run: | | |
| ls -alR . | |
| job-mvn-scmpublish-publish: | |
| if: 'inputs.dryRun != true' | |
| name: 'Job: Maven SCM Publish: Publish' | |
| needs: 'job-mvn-nexus-staging-release' | |
| permissions: | |
| contents: 'read' | |
| runs-on: 'ubuntu-latest' | |
| steps: | |
| - id: 'checkout' # really shouldn't be needed, but setup-java requires the pom.xml to restore the cache. Ugh! | |
| name: 'Step: Checkout' | |
| uses: 'actions/checkout@v4' | |
| with: | |
| fetch-depth: 1 | |
| persist-credentials: false | |
| sparse-checkout: | | |
| pom.xml | |
| sparse-checkout-cone-mode: false | |
| - id: 'setup-java' | |
| name: 'Step: Set Up Java and Maven' | |
| uses: 'actions/setup-java@v3' | |
| with: | |
| cache: 'maven' | |
| distribution: 'temurin' | |
| java-version: '11' | |
| mvn-toolchain-id: 'Temurin 11' | |
| mvn-toolchain-vendor: 'openjdk' # see ../../pom.xml | |
| - id: 'setup-askpass' | |
| name: 'Step: Set Up GIT_ASKPASS' | |
| run: | | |
| install -m 700 /dev/null "${RUNNER_TEMP}/.askpass" # atomically create empty file with appropriate permissions | |
| cat >> "${RUNNER_TEMP}/.askpass" <<<'#!/bin/bash | |
| case "${1}" in | |
| Username*) exec echo x-access-token ;; | |
| Password*) exec echo "${PUSH_TOKEN}" ;; | |
| esac' | |
| - id: 'download-site' | |
| name: 'Step: Download Site Directory' | |
| uses: 'actions/download-artifact@v3' | |
| with: | |
| name: 'site' | |
| path: 'target/staging' | |
| - id: 'mvn-scmpublish-publish' | |
| name: 'Step: Maven SCM Publish: Publish' | |
| env: | |
| GIT_ASKPASS: '${{ runner.temp }}/.askpass' | |
| GIT_CURL_VERBOSE: ${{ inputs.mvnDebug && 1 || 0 }} | |
| MVN_DEBUG: ${{ inputs.mvnDebug && '-X' || '' }} | |
| PUSH_TOKEN : '${{ secrets.PUSH_TOKEN }}' # critical; see ${GIT_ASKPASS} file | |
| SCM_GIT_HTTPS_URL: 'scm:git:${{ github.server_url }}/${{ github.repository }}.git' | |
| run: | | |
| git config --global user.email '[email protected]' | |
| git config --global user.name 'microbean' | |
| mvn ${MVN_DEBUG} -e --batch-mode scm-publish:publish-scm -Dscmpublish.pubScmUrl="${SCM_GIT_HTTPS_URL}" -Dscmpublish.content=target/staging |