-
Notifications
You must be signed in to change notification settings - Fork 1.2k
136 lines (130 loc) · 5.95 KB
/
publish.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
name: publish
on:
push:
branches: # For branches, better to list them explicitly than regexp include
- main
- 3.5.x
- 3.4.x
permissions: read-all
jobs:
# General job notes: we DON'T want to cancel any previous runs, especially in the case of a "back to snapshots" build right after a release push
# We specify the ubuntu version to minimize the chances we have to deal with a migration during a release
prepare:
# Notes on prepare: this job has no access to secrets, only github token. As a result, all non-core actions are centralized here
# This includes the tagging and drafting of release notes. Still, when possible we favor plain run of gradle tasks
name: prepare
runs-on: ubuntu-20.04
outputs:
versionType: ${{ steps.version.outputs.versionType }}
fullVersion: ${{ steps.version.outputs.fullVersion }}
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # tag=v4
- name: setup java
uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # tag=v3
with:
distribution: 'temurin'
java-version: 8
- name: interpret version
id: version
#we only run the qualifyVersionGha task so that no other console printing can hijack this step's output
#output: versionType, fullVersion
#fails if versionType is BAD, which interrupts the workflow
run: ./gradlew qualifyVersionGha
- name: run checks
id: checks
uses: gradle/actions/setup-gradle@db19848a5fa7950289d3668fb053140cf3028d43 # tag=v3
with:
arguments: check -x jcstress
#deploy the snapshot artifacts to Artifactory
deploySnapshot:
name: deploySnapshot
runs-on: ubuntu-20.04
needs: prepare
if: needs.prepare.outputs.versionType == 'SNAPSHOT'
environment: snapshots
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # tag=v4
- uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # tag=v3
with:
distribution: 'temurin'
java-version: 8
- name: deploy
env:
ORG_GRADLE_PROJECT_artifactory_publish_username: ${{secrets.ARTIFACTORY_SNAPSHOT_USERNAME}}
ORG_GRADLE_PROJECT_artifactory_publish_password: ${{secrets.ARTIFACTORY_PASSWORD}}
run: |
./gradlew -Dorg.gradle.parallel=false assemble artifactoryPublish -Partifactory_publish_contextUrl=https://repo.spring.io -Partifactory_publish_repoKey=libs-snapshot-local
#sign the milestone artifacts and deploy them to Artifactory
deployMilestone:
name: deployMilestone
runs-on: ubuntu-20.04
needs: prepare
if: needs.prepare.outputs.versionType == 'MILESTONE'
environment: releases
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # tag=v4
- uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # tag=v3
with:
distribution: 'temurin'
java-version: 8
- name: deploy
env:
ORG_GRADLE_PROJECT_artifactory_publish_username: ${{secrets.ARTIFACTORY_USERNAME}}
ORG_GRADLE_PROJECT_artifactory_publish_password: ${{secrets.ARTIFACTORY_PASSWORD}}
ORG_GRADLE_PROJECT_signingKey: ${{secrets.SIGNING_KEY}}
ORG_GRADLE_PROJECT_signingPassword: ${{secrets.SIGNING_PASSPHRASE}}
run: |
./gradlew -Dorg.gradle.parallel=false assemble sign artifactoryPublish -Partifactory_publish_contextUrl=https://repo.spring.io -Partifactory_publish_repoKey=libs-milestone-local
#sign the release artifacts and deploy them to Artifactory
deployRelease:
name: deployRelease
runs-on: ubuntu-20.04
needs: prepare
if: needs.prepare.outputs.versionType == 'RELEASE'
environment: releases
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # tag=v4
- uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # tag=v3
with:
distribution: 'temurin'
java-version: 8
- name: deploy
env:
ORG_GRADLE_PROJECT_artifactory_publish_username: ${{secrets.ARTIFACTORY_USERNAME}}
ORG_GRADLE_PROJECT_artifactory_publish_password: ${{secrets.ARTIFACTORY_PASSWORD}}
ORG_GRADLE_PROJECT_signingKey: ${{secrets.SIGNING_KEY}}
ORG_GRADLE_PROJECT_signingPassword: ${{secrets.SIGNING_PASSPHRASE}}
ORG_GRADLE_PROJECT_sonatypeUsername: ${{secrets.SONATYPE_USERNAME}}
ORG_GRADLE_PROJECT_sonatypePassword: ${{secrets.SONATYPE_PASSWORD}}
run: |
./gradlew -Dorg.gradle.parallel=false assemble sign artifactoryPublish -Partifactory_publish_contextUrl=https://repo.spring.io -Partifactory_publish_repoKey=libs-release-local publishMavenJavaPublicationToSonatypeRepository
tagMilestone:
name: Tag milestone
needs: [ prepare, deployMilestone ]
runs-on: ubuntu-20.04
permissions:
contents: write
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # tag=v4
- name: tag
run: |
git config --local user.name 'reactorbot'
git config --local user.email '[email protected]'
git tag -m "Release milestone ${{ needs.prepare.outputs.fullVersion }}" v${{ needs.prepare.outputs.fullVersion }} ${{ github.sha }}
git push --tags
tagRelease:
name: Tag release
needs: [ prepare, deployRelease ]
runs-on: ubuntu-20.04
permissions:
contents: write
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # tag=v4
- name: tag
run: |
git config --local user.name 'reactorbot'
git config --local user.email '[email protected]'
git tag -m "Release version ${{ needs.prepare.outputs.fullVersion }}" v${{ needs.prepare.outputs.fullVersion }} ${{ github.sha }}
git push --tags
# For Gradle configuration of signing, see https://docs.gradle.org/current/userguide/signing_plugin.html#sec:in-memory-keys
# publishMavenJavaPublicationToSonatypeRepository only sends to a staging repository