Workflow Run: Maven Release: Prepare and Perform #40
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: 'Workflow: Maven Release: Prepare and Perform' | |
| run-name: 'Workflow Run: Maven Release: Prepare and Perform' | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| dryRun: | |
| default: true | |
| description: 'Dry run?' | |
| type: 'boolean' | |
| mvnDebug: | |
| default: false | |
| description: 'Debug?' | |
| type: 'boolean' | |
| jobs: | |
| job-mvn-release-prepare: | |
| name: 'Job: Maven Release: Prepare' | |
| permissions: | |
| contents: 'read' | |
| runs-on: 'ubuntu-latest' | |
| steps: | |
| - id: 'checkout' | |
| name: 'Step: Checkout' | |
| uses: 'actions/checkout@v4' | |
| with: | |
| fetch-depth: 1 | |
| persist-credentials: false | |
| - id: 'setup-java' | |
| name: 'Step: Set Up Java and Maven' | |
| uses: 'actions/setup-java@v3' | |
| with: | |
| cache: 'maven' | |
| distribution: 'temurin' | |
| java-version: '11' | |
| mvn-toolchain-id: 'Temurin 11' | |
| mvn-toolchain-vendor: 'openjdk' # see ../../pom.xml | |
| - id: 'setup-askpass' | |
| name: 'Step: Set Up GIT_ASKPASS' | |
| run: | | |
| install -m 700 /dev/null "${RUNNER_TEMP}/.askpass" # atomically create empty file with appropriate permissions | |
| cat >> "${RUNNER_TEMP}/.askpass" <<<'#!/bin/bash | |
| case "${1}" in | |
| Username*) exec echo x-access-token ;; | |
| Password*) exec echo "${PUSH_TOKEN}" ;; | |
| esac' | |
| - id: 'mvn-release-prepare' | |
| name: 'Step: Maven Release: Prepare' | |
| env: | |
| DRY_RUN: '${{ inputs.dryRun }}' | |
| GIT_ASKPASS: '${{ runner.temp }}/.askpass' | |
| GIT_CURL_VERBOSE: ${{ inputs.mvnDebug && 1 || 0 }} | |
| MVN_DEBUG: ${{ inputs.mvnDebug && '-X' || '' }} | |
| PUSH_TOKEN : '${{ secrets.PUSH_TOKEN }}' # critical; see ${GIT_ASKPASS} file | |
| SCM_GIT_HTTPS_URL: 'scm:git:${{ github.server_url }}/${{ github.repository }}.git' | |
| run: | | |
| mvn ${MVN_DEBUG} -e --batch-mode dependency:go-offline -Dsilent=true # help the cache | |
| git config --global user.email '[email protected]' | |
| git config --global user.name 'microbean' | |
| mvn ${MVN_DEBUG} -e --batch-mode release:prepare -DdryRun="${DRY_RUN}" -Dscm.url="${SCM_GIT_HTTPS_URL}" | |
| - id: 'upload-release-properties' | |
| name: 'Step: Upload release.properties' | |
| uses: 'actions/upload-artifact@v3' | |
| with: | |
| name: 'release-properties' | |
| path: | | |
| release.properties | |
| job-mvn-release-perform: | |
| name: 'Job: Maven Release: Perform' | |
| needs: 'job-mvn-release-prepare' | |
| permissions: | |
| contents: 'read' | |
| runs-on: 'ubuntu-latest' | |
| steps: | |
| - id: 'checkout' # really shouldn't be needed, but setup-java requires the pom.xml to restore the cache. Ugh! | |
| name: 'Step: Checkout' | |
| uses: 'actions/checkout@v4' | |
| with: | |
| fetch-depth: 1 | |
| persist-credentials: false | |
| sparse-checkout: | | |
| pom.xml | |
| sparse-checkout-cone-mode: false | |
| - id: 'setup-java' | |
| name: 'Step: Set Up Java and Maven' | |
| uses: 'actions/setup-java@v3' | |
| with: | |
| cache: 'maven' | |
| distribution: 'temurin' | |
| gpg-passphrase: 'GPG_PASSPHRASE' | |
| gpg-private-key: '${{ secrets.GPG_PRIVATE_KEY }}' | |
| java-version: '11' | |
| mvn-toolchain-id: 'Temurin 11' | |
| mvn-toolchain-vendor: 'openjdk' # see ../../pom.xml | |
| server-id: 'sonatype-oss-repository-hosting' # see https://github.com/microbean/microbean-parent/blob/master/pom.xml#L38 | |
| server-password: 'SONATYPE_OSSRH_PASSWORD' | |
| server-username: 'SONATYPE_OSSRH_USERNAME' | |
| - id: 'setup-gpg' | |
| name: 'Step: Set Up GPG' | |
| run: | | |
| echo 'pinentry-mode loopback' >> ~/.gnupg/gpg.conf | |
| - id: 'download-release-properties' | |
| name: 'Step: Download release.properties' | |
| uses: 'actions/download-artifact@v3' | |
| with: | |
| name: 'release-properties' | |
| path: '.' | |
| - id: 'mvn-release-perform' | |
| name: 'Step: Maven Release: Perform' | |
| env: | |
| DRY_RUN: '${{ inputs.dryRun }}' | |
| GIT_CURL_VERBOSE: ${{ inputs.mvnDebug && 1 || 0 }} | |
| GPG_PASSPHRASE: '${{ secrets.GPG_PASSPHRASE }}' | |
| MVN_DEBUG: ${{ inputs.mvnDebug && '-X' || '' }} | |
| SCM_GIT_HTTPS_URL: 'scm:git:${{ github.server_url }}/${{ github.repository }}.git' | |
| SONATYPE_OSSRH_PASSWORD: '${{ secrets.SONATYPE_OSSRH_PASSWORD }}' | |
| SONATYPE_OSSRH_USERNAME: '${{ secrets.SONATYPE_OSSRH_USERNAME }}' | |
| run: | | |
| git config --global user.email '[email protected]' | |
| git config --global user.name 'microbean' | |
| mvn ${MVN_DEBUG} -e --batch-mode release:perform -DdryRun="${DRY_RUN}" -Dgoals="deploy,post-site" -Darguments="-e -DskipStaging=true -DskipTests=true" | |
| - id: 'upload-nexus-staging' | |
| if: 'inputs.dryRun != true' | |
| name: 'Step: Upload Nexus Staging Directory' | |
| uses: 'actions/upload-artifact@v3' | |
| with: | |
| if-no-files-found: 'error' # for now | |
| name: 'nexus-staging' | |
| path: | | |
| target/checkout/target/nexus-staging/ | |
| - id: 'upload-site' | |
| if: 'inputs.dryRun != true' | |
| name: 'Step: Upload Site Directory' | |
| uses: 'actions/upload-artifact@v3' | |
| with: | |
| if-no-files-found: 'error' | |
| name: 'site' | |
| path: | | |
| target/checkout/target/site | |
| job-mvn-nexus-staging-open: | |
| if: 'inputs.dryRun != true' | |
| name: 'Job: Maven Nexus Staging: Open Staging Repository' | |
| needs: 'job-mvn-release-perform' | |
| outputs: | |
| repositoryId: '${{ steps.mvn-nexus-staging-rc-open.outputs.sonatypeOssRhStagingRepositoryId }}' | |
| permissions: | |
| contents: 'read' | |
| runs-on: 'ubuntu-latest' | |
| steps: | |
| - id: 'checkout' # really shouldn't be needed, but setup-java requires the pom.xml to restore the cache. Ugh! | |
| name: 'Step: Checkout' | |
| uses: 'actions/checkout@v4' | |
| with: | |
| fetch-depth: 1 | |
| persist-credentials: false | |
| sparse-checkout: | | |
| pom.xml | |
| sparse-checkout-cone-mode: false | |
| - id: 'setup-java' | |
| name: 'Step: Set Up Java and Maven' | |
| uses: 'actions/setup-java@v3' | |
| with: | |
| cache: 'maven' | |
| distribution: 'temurin' | |
| java-version: '11' | |
| mvn-toolchain-id: 'Temurin 11' | |
| mvn-toolchain-vendor: 'openjdk' # see ../../pom.xml | |
| server-id: 'sonatype-oss-repository-hosting' # see https://github.com/microbean/microbean-parent/blob/master/pom.xml#L38 | |
| server-password: 'SONATYPE_OSSRH_PASSWORD' | |
| server-username: 'SONATYPE_OSSRH_USERNAME' | |
| - id: 'mvn-nexus-staging-rc-open' | |
| name: 'Step: Maven Nexus Staging: Open Staging Repository' | |
| env: | |
| MVN_DEBUG: ${{ inputs.mvnDebug && '-X' || '' }} | |
| SONATYPE_OSSRH_PASSWORD: '${{ secrets.SONATYPE_OSSRH_PASSWORD }}' | |
| SONATYPE_OSSRH_STAGING_PROFILE_ID: '${{ vars.SONATYPE_OSSRH_STAGING_PROFILE_ID }}' | |
| SONATYPE_OSSRH_USERNAME: '${{ secrets.SONATYPE_OSSRH_USERNAME }}' | |
| run: | | |
| mvn ${MVN_DEBUG} -e --batch-mode nexus-staging:rc-open -DstagingProfileId="${SONATYPE_OSSRH_STAGING_PROFILE_ID}" -DopenedRepositoryMessageFormat="sonatypeOssRhStagingRepositoryId=%s" | awk '/sonatypeOssRhStagingRepositoryId/ { print $2 }' >> "${GITHUB_OUTPUT}" | |
| job-mvn-nexus-staging-deploy-staged: | |
| if: 'inputs.dryRun != true' | |
| name: 'Job: Maven Nexus Staging: Deploy Staged' | |
| needs: 'job-mvn-nexus-staging-open' | |
| permissions: | |
| contents: 'read' | |
| runs-on: 'ubuntu-latest' | |
| steps: | |
| - id: 'checkout' # really shouldn't be needed, but setup-java requires the pom.xml to restore the cache. Ugh! | |
| name: 'Step: Checkout' | |
| uses: 'actions/checkout@v4' | |
| with: | |
| fetch-depth: 1 | |
| persist-credentials: false | |
| sparse-checkout: | | |
| pom.xml | |
| sparse-checkout-cone-mode: false | |
| - id: 'setup-java' | |
| name: 'Step: Set Up Java and Maven' | |
| uses: 'actions/setup-java@v3' | |
| with: | |
| cache: 'maven' | |
| distribution: 'temurin' | |
| java-version: '11' | |
| mvn-toolchain-id: 'Temurin 11' | |
| mvn-toolchain-vendor: 'openjdk' # see ../../pom.xml | |
| server-id: 'sonatype-oss-repository-hosting' # see https://github.com/microbean/microbean-parent/blob/master/pom.xml#L38 | |
| server-password: 'SONATYPE_OSSRH_PASSWORD' | |
| server-username: 'SONATYPE_OSSRH_USERNAME' | |
| - id: 'download-nexus-staging' | |
| name: 'Step: Download Nexus Staging Directory' | |
| uses: 'actions/download-artifact@v3' | |
| with: | |
| name: 'nexus-staging' | |
| path: 'target/nexus-staging/deferred' # "deferred" turns out to be hard coded?! | |
| - id: 'mvn-nexus-staging-deploy-staged' | |
| name: 'Step: Maven Nexus Staging: Deploy Staged' | |
| env: | |
| MVN_DEBUG: ${{ inputs.mvnDebug && '-X' || '' }} | |
| SONATYPE_OSSRH_PASSWORD: '${{ secrets.SONATYPE_OSSRH_PASSWORD }}' | |
| SONATYPE_OSSRH_USERNAME: '${{ secrets.SONATYPE_OSSRH_USERNAME }}' | |
| SONATYPE_OSSRH_STAGING_REPOSITORY_ID: '${{ needs.job-mvn-nexus-staging-open.outputs.repositoryId }}' | |
| run: | | |
| ls -alR | |
| echo "repo id: ${SONATYPE_OSSRH_STAGING_REPOSITORY_ID}" | |
| mvn ${MVN_DEBUG} -e --batch-mode nexus-staging:deploy-staged -DstagingRepositoryId="${SONATYPE_OSSRH_STAGING_REPOSITORY_ID}" -DskipStagingRepositoryClose=true | |
| job-mvn-nexus-staging-close: | |
| if: 'inputs.dryRun != true' | |
| name: 'Job: Maven Nexus Staging: Close' | |
| needs: 'job-mvn-nexus-staging-deploy-staged' | |
| permissions: | |
| contents: 'read' | |
| runs-on: 'ubuntu-latest' | |
| steps: | |
| - id: 'checkout' # really shouldn't be needed, but setup-java requires the pom.xml to restore the cache. Ugh! | |
| name: 'Step: Checkout' | |
| uses: 'actions/checkout@v4' | |
| with: | |
| fetch-depth: 1 | |
| persist-credentials: false | |
| sparse-checkout: | | |
| pom.xml | |
| sparse-checkout-cone-mode: false | |
| - id: 'setup-java' | |
| name: 'Step: Set Up Java and Maven' | |
| uses: 'actions/setup-java@v3' | |
| with: | |
| cache: 'maven' | |
| distribution: 'temurin' | |
| java-version: '11' | |
| mvn-toolchain-id: 'Temurin 11' | |
| mvn-toolchain-vendor: 'openjdk' # see ../../pom.xml | |
| server-id: 'sonatype-oss-repository-hosting' # see https://github.com/microbean/microbean-parent/blob/master/pom.xml#L38 | |
| server-password: 'SONATYPE_OSSRH_PASSWORD' | |
| server-username: 'SONATYPE_OSSRH_USERNAME' | |
| - id: 'download-nexus-staging' | |
| name: 'Step: Download Nexus Staging Directory' | |
| uses: 'actions/download-artifact@v3' | |
| with: | |
| name: 'nexus-staging' | |
| path: 'target/nexus-staging/staging' | |
| - id: 'mvn-nexus-staging-close' | |
| name: 'Step: Maven Nexus Staging: Close' | |
| env: | |
| MVN_DEBUG: ${{ inputs.mvnDebug && '-X' || '' }} | |
| SONATYPE_OSSRH_PASSWORD: '${{ secrets.SONATYPE_OSSRH_PASSWORD }}' | |
| SONATYPE_OSSRH_USERNAME: '${{ secrets.SONATYPE_OSSRH_USERNAME }}' | |
| run: | | |
| ls -alR | |
| mvn ${MVN_DEBUG} -e --batch-mode nexus-staging:close -DautoReleaseOnClose=false | |
| job-mvn-nexus-staging-release: | |
| if: 'inputs.dryRun != true' | |
| name: 'Job: Maven Nexus Staging: Release' | |
| needs: 'job-mvn-nexus-staging-close' | |
| permissions: | |
| contents: 'read' | |
| runs-on: 'ubuntu-latest' | |
| steps: | |
| - id: 'checkout' # really shouldn't be needed, but setup-java requires the pom.xml to restore the cache. Ugh! | |
| name: 'Step: Checkout' | |
| uses: 'actions/checkout@v4' | |
| with: | |
| fetch-depth: 1 | |
| persist-credentials: false | |
| sparse-checkout: | | |
| pom.xml | |
| sparse-checkout-cone-mode: false | |
| - id: 'setup-java' | |
| name: 'Step: Set Up Java and Maven' | |
| uses: 'actions/setup-java@v3' | |
| with: | |
| cache: 'maven' | |
| distribution: 'temurin' | |
| java-version: '11' | |
| mvn-toolchain-id: 'Temurin 11' | |
| mvn-toolchain-vendor: 'openjdk' # see ../../pom.xml | |
| server-id: 'sonatype-oss-repository-hosting' # see https://github.com/microbean/microbean-parent/blob/master/pom.xml#L38 | |
| server-password: 'SONATYPE_OSSRH_PASSWORD' | |
| server-username: 'SONATYPE_OSSRH_USERNAME' | |
| - id: 'download-nexus-staging' | |
| name: 'Step: Download Nexus Staging Directory' | |
| uses: 'actions/download-artifact@v3' | |
| with: | |
| name: 'nexus-staging' | |
| path: 'target/nexus-staging/' | |
| - id: 'mvn-nexus-staging-release' | |
| name: 'Step: Maven Nexus Staging: Release' | |
| env: | |
| MVN_DEBUG: ${{ inputs.mvnDebug && '-X' || '' }} | |
| SONATYPE_OSSRH_PASSWORD: '${{ secrets.SONATYPE_OSSRH_PASSWORD }}' | |
| SONATYPE_OSSRH_USERNAME: '${{ secrets.SONATYPE_OSSRH_USERNAME }}' | |
| run: | | |
| # mvn ${MVN_DEBUG} -e --batch-mode nexus-staging:release | |
| ls -alR . | |
| job-mvn-scmpublish-publish: | |
| if: 'inputs.dryRun != true' | |
| name: 'Job: Maven SCM Publish: Publish' | |
| needs: 'job-mvn-nexus-staging-release' | |
| permissions: | |
| contents: 'read' | |
| runs-on: 'ubuntu-latest' | |
| steps: | |
| - id: 'checkout' # really shouldn't be needed, but setup-java requires the pom.xml to restore the cache. Ugh! | |
| name: 'Step: Checkout' | |
| uses: 'actions/checkout@v4' | |
| with: | |
| fetch-depth: 1 | |
| persist-credentials: false | |
| sparse-checkout: | | |
| pom.xml | |
| sparse-checkout-cone-mode: false | |
| - id: 'setup-java' | |
| name: 'Step: Set Up Java and Maven' | |
| uses: 'actions/setup-java@v3' | |
| with: | |
| cache: 'maven' | |
| distribution: 'temurin' | |
| java-version: '11' | |
| mvn-toolchain-id: 'Temurin 11' | |
| mvn-toolchain-vendor: 'openjdk' # see ../../pom.xml | |
| - id: 'setup-askpass' | |
| name: 'Step: Set Up GIT_ASKPASS' | |
| run: | | |
| install -m 700 /dev/null "${RUNNER_TEMP}/.askpass" # atomically create empty file with appropriate permissions | |
| cat >> "${RUNNER_TEMP}/.askpass" <<<'#!/bin/bash | |
| case "${1}" in | |
| Username*) exec echo x-access-token ;; | |
| Password*) exec echo "${PUSH_TOKEN}" ;; | |
| esac' | |
| - id: 'download-site' | |
| name: 'Step: Download Site Directory' | |
| uses: 'actions/download-artifact@v3' | |
| with: | |
| name: 'site' | |
| path: 'target/staging' | |
| - id: 'mvn-scmpublish-publish' | |
| name: 'Step: Maven SCM Publish: Publish' | |
| env: | |
| GIT_ASKPASS: '${{ runner.temp }}/.askpass' | |
| GIT_CURL_VERBOSE: ${{ inputs.mvnDebug && 1 || 0 }} | |
| MVN_DEBUG: ${{ inputs.mvnDebug && '-X' || '' }} | |
| PUSH_TOKEN : '${{ secrets.PUSH_TOKEN }}' # critical; see ${GIT_ASKPASS} file | |
| SCM_GIT_HTTPS_URL: 'scm:git:${{ github.server_url }}/${{ github.repository }}.git' | |
| run: | | |
| git config --global user.email '[email protected]' | |
| git config --global user.name 'microbean' | |
| mvn ${MVN_DEBUG} -e --batch-mode scm-publish:publish-scm -Dscmpublish.pubScmUrl="${SCM_GIT_HTTPS_URL}" -Dscmpublish.content=target/staging |