Skip to content

Workflow Run: Maven Release: Prepare and Perform #37

Workflow Run: Maven Release: Prepare and Perform

Workflow Run: Maven Release: Prepare and Perform #37

name: 'Workflow: Maven Release: Prepare and Perform'
run-name: 'Workflow Run: Maven Release: Prepare and Perform'
on:
workflow_dispatch:
inputs:
dryRun:
default: true
description: 'Dry run?'
type: 'boolean'
mvnDebug:
default: false
description: 'Debug?'
type: 'boolean'
jobs:
job-mvn-release-prepare:
name: 'Job: Maven Release: Prepare'
permissions:
contents: 'read'
runs-on: 'ubuntu-latest'
steps:
- id: 'checkout'
name: 'Step: Checkout'
uses: 'actions/checkout@v4'
with:
fetch-depth: 1
persist-credentials: false
- id: 'setup-java'
name: 'Step: Set Up Java and Maven'
uses: 'actions/setup-java@v3'
with:
cache: 'maven'
distribution: 'temurin'
java-version: '11'
mvn-toolchain-id: 'Temurin 11'
mvn-toolchain-vendor: 'openjdk' # see ../../pom.xml
- id: 'setup-askpass'
name: 'Step: Set Up GIT_ASKPASS'
run: |
install -m 700 /dev/null "${RUNNER_TEMP}/.askpass" # atomically create empty file with appropriate permissions
cat >> "${RUNNER_TEMP}/.askpass" <<<'#!/bin/bash
case "${1}" in
Username*) exec echo x-access-token ;;
Password*) exec echo "${PUSH_TOKEN}" ;;
esac'
- id: 'mvn-release-prepare'
name: 'Step: Maven Release: Prepare'
env:
DRY_RUN: '${{ inputs.dryRun }}'
GIT_ASKPASS: '${{ runner.temp }}/.askpass'
GIT_CURL_VERBOSE: ${{ inputs.mvnDebug && 1 || 0 }}
MVN_DEBUG: ${{ inputs.mvnDebug && '-X' || '' }}
PUSH_TOKEN : '${{ secrets.PUSH_TOKEN }}' # critical; see ${GIT_ASKPASS} file
SCM_GIT_HTTPS_URL: 'scm:git:${{ github.server_url }}/${{ github.repository }}.git'
run: |
mvn ${MVN_DEBUG} -e --batch-mode dependency:go-offline -Dsilent=true # help the cache
git config --global user.email '[email protected]'
git config --global user.name 'microbean'
mvn ${MVN_DEBUG} -e --batch-mode release:prepare -DdryRun="${DRY_RUN}" -Dscm.url="${SCM_GIT_HTTPS_URL}"
- id: 'upload-release-properties'
name: 'Step: Upload release.properties'
uses: 'actions/upload-artifact@v3'
with:
name: 'release-properties'
path: |
release.properties
job-mvn-release-perform:
name: 'Job: Maven Release: Perform'
needs: 'job-mvn-release-prepare'
permissions:
contents: 'read'
runs-on: 'ubuntu-latest'
steps:
- id: 'checkout' # really shouldn't be needed, but setup-java requires the pom.xml to restore the cache. Ugh!
name: 'Step: Checkout'
uses: 'actions/checkout@v4'
with:
fetch-depth: 1
persist-credentials: false
sparse-checkout: |
pom.xml
sparse-checkout-cone-mode: false
- id: 'setup-java'
name: 'Step: Set Up Java and Maven'
uses: 'actions/setup-java@v3'
with:
cache: 'maven'
distribution: 'temurin'
gpg-passphrase: 'GPG_PASSPHRASE'
gpg-private-key: '${{ secrets.GPG_PRIVATE_KEY }}'
java-version: '11'
mvn-toolchain-id: 'Temurin 11'
mvn-toolchain-vendor: 'openjdk' # see ../../pom.xml
server-id: 'sonatype-oss-repository-hosting' # see https://github.com/microbean/microbean-parent/blob/master/pom.xml#L38
server-password: 'SONATYPE_OSSRH_PASSWORD'
server-username: 'SONATYPE_OSSRH_USERNAME'
- id: 'setup-gpg'
name: 'Step: Set Up GPG'
run: |
echo 'pinentry-mode loopback' >> ~/.gnupg/gpg.conf
- id: 'download-release-properties'
name: 'Step: Download release.properties'
uses: 'actions/download-artifact@v3'
with:
name: 'release-properties'
path: '.'
- id: 'mvn-release-perform'
name: 'Step: Maven Release: Perform'
env:
DRY_RUN: '${{ inputs.dryRun }}'
GIT_CURL_VERBOSE: ${{ inputs.mvnDebug && 1 || 0 }}
GPG_PASSPHRASE: '${{ secrets.GPG_PASSPHRASE }}'
MVN_DEBUG: ${{ inputs.mvnDebug && '-X' || '' }}
SCM_GIT_HTTPS_URL: 'scm:git:${{ github.server_url }}/${{ github.repository }}.git'
SONATYPE_OSSRH_PASSWORD: '${{ secrets.SONATYPE_OSSRH_PASSWORD }}'
SONATYPE_OSSRH_USERNAME: '${{ secrets.SONATYPE_OSSRH_USERNAME }}'
run: |
git config --global user.email '[email protected]'
git config --global user.name 'microbean'
mvn ${MVN_DEBUG} -e --batch-mode release:perform -DdryRun="${DRY_RUN}" -Dgoals="deploy,post-site" -Darguments="-e -DskipRemoteStaging=true -DskipTests=true"
- id: 'upload-nexus-staging'
if: 'inputs.dryRun != true'
name: 'Step: Upload Nexus Staging Directory'
uses: 'actions/upload-artifact@v3'
with:
if-no-files-found: 'error' # for now
name: 'nexus-staging'
path: |
target/checkout/target/nexus-staging/
- id: 'upload-site'
if: 'inputs.dryRun != true'
name: 'Step: Upload Site Directory'
uses: 'actions/upload-artifact@v3'
with:
if-no-files-found: 'error'
name: 'site'
path: |
target/checkout/target/site
job-mvn-nexus-staging-open:
if: 'inputs.dryRun != true'
name: 'Job: Maven Nexus Staging: Open Staging Repository'
needs: 'job-mvn-release-perform'
outputs:
repositoryId: '${{ steps.mvn-nexus-staging-rc-open.outputs.sonatypeOssRhStagingRepositoryId }}'
permissions:
contents: 'read'
runs-on: 'ubuntu-latest'
steps:
- id: 'checkout' # really shouldn't be needed, but setup-java requires the pom.xml to restore the cache. Ugh!
name: 'Step: Checkout'
uses: 'actions/checkout@v4'
with:
fetch-depth: 1
persist-credentials: false
sparse-checkout: |
pom.xml
sparse-checkout-cone-mode: false
- id: 'setup-java'
name: 'Step: Set Up Java and Maven'
uses: 'actions/setup-java@v3'
with:
cache: 'maven'
distribution: 'temurin'
java-version: '11'
mvn-toolchain-id: 'Temurin 11'
mvn-toolchain-vendor: 'openjdk' # see ../../pom.xml
server-id: 'sonatype-oss-repository-hosting' # see https://github.com/microbean/microbean-parent/blob/master/pom.xml#L38
server-password: 'SONATYPE_OSSRH_PASSWORD'
server-username: 'SONATYPE_OSSRH_USERNAME'
- id: 'download-nexus-staging'
name: 'Step: Download Nexus Staging Directory'
uses: 'actions/download-artifact@v3'
with:
name: 'nexus-staging'
path: 'target/nexus-staging/'
- id: 'mvn-nexus-staging-rc-open'
name: 'Step: Maven Nexus Staging: Open Staging Repository'
env:
MVN_DEBUG: ${{ inputs.mvnDebug && '-X' || '' }}
SONATYPE_OSSRH_PASSWORD: '${{ secrets.SONATYPE_OSSRH_PASSWORD }}'
SONATYPE_OSSRH_STAGING_PROFILE_ID: '${{ vars.SONATYPE_OSSRH_STAGING_PROFILE_ID }}'
SONATYPE_OSSRH_USERNAME: '${{ secrets.SONATYPE_OSSRH_USERNAME }}'
run: |
mvn ${MVN_DEBUG} -e --batch-mode nexus-staging:rc-open -DstagingProfileId="${SONATYPE_OSSRH_STAGING_PROFILE_ID}" -DopenedRepositoryMessageFormat="sonatypeOssRhStagingRepositoryId=%s" | awk '/sonatypeOssRhStagingRepositoryId/ { print $2 }' >> "${GITHUB_OUTPUT}"
job-mvn-nexus-staging-deploy-staged:
if: 'inputs.dryRun != true'
name: 'Job: Maven Nexus Staging: Deploy Staged'
needs: 'job-mvn-nexus-staging-open'
permissions:
contents: 'read'
runs-on: 'ubuntu-latest'
steps:
- id: 'checkout' # really shouldn't be needed, but setup-java requires the pom.xml to restore the cache. Ugh!
name: 'Step: Checkout'
uses: 'actions/checkout@v4'
with:
fetch-depth: 1
persist-credentials: false
sparse-checkout: |
pom.xml
sparse-checkout-cone-mode: false
- id: 'setup-java'
name: 'Step: Set Up Java and Maven'
uses: 'actions/setup-java@v3'
with:
cache: 'maven'
distribution: 'temurin'
java-version: '11'
mvn-toolchain-id: 'Temurin 11'
mvn-toolchain-vendor: 'openjdk' # see ../../pom.xml
server-id: 'sonatype-oss-repository-hosting' # see https://github.com/microbean/microbean-parent/blob/master/pom.xml#L38
server-password: 'SONATYPE_OSSRH_PASSWORD'
server-username: 'SONATYPE_OSSRH_USERNAME'
- id: 'download-nexus-staging'
name: 'Step: Download Nexus Staging Directory'
uses: 'actions/download-artifact@v3'
with:
name: 'nexus-staging'
path: 'target/nexus-staging/'
- id: 'mvn-nexus-staging-deploy-staged'
name: 'Step: Maven Nexus Staging: Deploy Staged'
env:
MVN_DEBUG: ${{ inputs.mvnDebug && '-X' || '' }}
SONATYPE_OSSRH_PASSWORD: '${{ secrets.SONATYPE_OSSRH_PASSWORD }}'
SONATYPE_OSSRH_USERNAME: '${{ secrets.SONATYPE_OSSRH_USERNAME }}'
SONATYPE_OSSRH_STAGING_REPOSITORY_ID: '${{ needs.job-mvn-nexus-staging-open.outputs.repositoryId }}'
run: |
ls -alR
echo "repo id: ${SONATYPE_OSSRH_STAGING_PROFILE_ID}"
mvn ${MVN_DEBUG} -e --batch-mode nexus-staging:deploy-staged -DstagingRepositoryId="${SONATYPE_OSSRH_STAGING_REPOSITORY_ID}" -DskipStagingRepositoryClose=true -DaltStagingDirectory="target/nexus-staging"
job-mvn-nexus-staging-close:
if: 'inputs.dryRun != true'
name: 'Job: Maven Nexus Staging: Close'
needs: 'job-mvn-nexus-staging-deploy-staged'
permissions:
contents: 'read'
runs-on: 'ubuntu-latest'
steps:
- id: 'checkout' # really shouldn't be needed, but setup-java requires the pom.xml to restore the cache. Ugh!
name: 'Step: Checkout'
uses: 'actions/checkout@v4'
with:
fetch-depth: 1
persist-credentials: false
sparse-checkout: |
pom.xml
sparse-checkout-cone-mode: false
- id: 'setup-java'
name: 'Step: Set Up Java and Maven'
uses: 'actions/setup-java@v3'
with:
cache: 'maven'
distribution: 'temurin'
java-version: '11'
mvn-toolchain-id: 'Temurin 11'
mvn-toolchain-vendor: 'openjdk' # see ../../pom.xml
server-id: 'sonatype-oss-repository-hosting' # see https://github.com/microbean/microbean-parent/blob/master/pom.xml#L38
server-password: 'SONATYPE_OSSRH_PASSWORD'
server-username: 'SONATYPE_OSSRH_USERNAME'
- id: 'download-nexus-staging'
name: 'Step: Download Nexus Staging Directory'
uses: 'actions/download-artifact@v3'
with:
name: 'nexus-staging'
path: 'target/nexus-staging/'
- id: 'mvn-nexus-staging-close'
name: 'Step: Maven Nexus Staging: Close'
env:
MVN_DEBUG: ${{ inputs.mvnDebug && '-X' || '' }}
SONATYPE_OSSRH_PASSWORD: '${{ secrets.SONATYPE_OSSRH_PASSWORD }}'
SONATYPE_OSSRH_USERNAME: '${{ secrets.SONATYPE_OSSRH_USERNAME }}'
run: |
ls -alR
mvn ${MVN_DEBUG} -e --batch-mode nexus-staging:close -DautoReleaseOnClose=false
job-mvn-nexus-staging-release:
if: 'inputs.dryRun != true'
name: 'Job: Maven Nexus Staging: Release'
needs: 'job-mvn-nexus-staging-close'
permissions:
contents: 'read'
runs-on: 'ubuntu-latest'
steps:
- id: 'checkout' # really shouldn't be needed, but setup-java requires the pom.xml to restore the cache. Ugh!
name: 'Step: Checkout'
uses: 'actions/checkout@v4'
with:
fetch-depth: 1
persist-credentials: false
sparse-checkout: |
pom.xml
sparse-checkout-cone-mode: false
- id: 'setup-java'
name: 'Step: Set Up Java and Maven'
uses: 'actions/setup-java@v3'
with:
cache: 'maven'
distribution: 'temurin'
java-version: '11'
mvn-toolchain-id: 'Temurin 11'
mvn-toolchain-vendor: 'openjdk' # see ../../pom.xml
server-id: 'sonatype-oss-repository-hosting' # see https://github.com/microbean/microbean-parent/blob/master/pom.xml#L38
server-password: 'SONATYPE_OSSRH_PASSWORD'
server-username: 'SONATYPE_OSSRH_USERNAME'
- id: 'download-nexus-staging'
name: 'Step: Download Nexus Staging Directory'
uses: 'actions/download-artifact@v3'
with:
name: 'nexus-staging'
path: 'target/nexus-staging/'
- id: 'mvn-nexus-staging-release'
name: 'Step: Maven Nexus Staging: Release'
env:
MVN_DEBUG: ${{ inputs.mvnDebug && '-X' || '' }}
SONATYPE_OSSRH_PASSWORD: '${{ secrets.SONATYPE_OSSRH_PASSWORD }}'
SONATYPE_OSSRH_USERNAME: '${{ secrets.SONATYPE_OSSRH_USERNAME }}'
run: |
# mvn ${MVN_DEBUG} -e --batch-mode nexus-staging:release
ls -alR .
job-mvn-scmpublish-publish:
if: 'inputs.dryRun != true'
name: 'Job: Maven SCM Publish: Publish'
needs: 'job-mvn-nexus-staging-release'
permissions:
contents: 'read'
runs-on: 'ubuntu-latest'
steps:
- id: 'checkout' # really shouldn't be needed, but setup-java requires the pom.xml to restore the cache. Ugh!
name: 'Step: Checkout'
uses: 'actions/checkout@v4'
with:
fetch-depth: 1
persist-credentials: false
sparse-checkout: |
pom.xml
sparse-checkout-cone-mode: false
- id: 'setup-java'
name: 'Step: Set Up Java and Maven'
uses: 'actions/setup-java@v3'
with:
cache: 'maven'
distribution: 'temurin'
java-version: '11'
mvn-toolchain-id: 'Temurin 11'
mvn-toolchain-vendor: 'openjdk' # see ../../pom.xml
- id: 'setup-askpass'
name: 'Step: Set Up GIT_ASKPASS'
run: |
install -m 700 /dev/null "${RUNNER_TEMP}/.askpass" # atomically create empty file with appropriate permissions
cat >> "${RUNNER_TEMP}/.askpass" <<<'#!/bin/bash
case "${1}" in
Username*) exec echo x-access-token ;;
Password*) exec echo "${PUSH_TOKEN}" ;;
esac'
- id: 'download-site'
name: 'Step: Download Site Directory'
uses: 'actions/download-artifact@v3'
with:
name: 'site'
path: 'target/staging'
- id: 'mvn-scmpublish-publish'
name: 'Step: Maven SCM Publish: Publish'
env:
GIT_ASKPASS: '${{ runner.temp }}/.askpass'
GIT_CURL_VERBOSE: ${{ inputs.mvnDebug && 1 || 0 }}
MVN_DEBUG: ${{ inputs.mvnDebug && '-X' || '' }}
PUSH_TOKEN : '${{ secrets.PUSH_TOKEN }}' # critical; see ${GIT_ASKPASS} file
SCM_GIT_HTTPS_URL: 'scm:git:${{ github.server_url }}/${{ github.repository }}.git'
run: |
git config --global user.email '[email protected]'
git config --global user.name 'microbean'
mvn ${MVN_DEBUG} -e --batch-mode scm-publish:publish-scm -Dscmpublish.pubScmUrl="${SCM_GIT_HTTPS_URL}" -Dscmpublish.content=target/staging