-
Notifications
You must be signed in to change notification settings - Fork 50
127 lines (111 loc) · 4.06 KB
/
publish-java.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
name: Publish Java SDK
run-name: Publish Java SDK ${{ inputs.release_type }}
on:
workflow_dispatch:
inputs:
release_type:
description: "Release Options"
required: true
default: "Release"
type: choice
options:
- Release
- Dry Run
version:
description: "Release Version"
required: false
default: "latest"
defaults:
run:
shell: bash
working-directory: languages/java
env:
_KEY_VAULT: "bitwarden-ci"
jobs:
validate:
name: Setup
runs-on: ubuntu-22.04
outputs:
version: ${{ steps.version-output.outputs.version }}
tag_name: ${{ steps.version-output.outputs.tag_name }}
steps:
- name: Checkout repo
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Branch check
if: ${{ inputs.release_type != 'Dry Run' }}
run: |
if [[ "$GITHUB_REF" != "refs/heads/main" ]]; then
echo "==================================="
echo "[!] Can only release from the 'main' branch"
echo "==================================="
exit 1
fi
- name: Version output
id: version-output
run: |
if [[ "${{ inputs.version }}" == "latest" || "${{ inputs.version }}" == "" ]]; then
TAG_NAME=$(curl "https://api.github.com/repos/bitwarden/sdk/releases" | jq -rc '.[] | select(.tag_name | contains("java")) | .tag_name' | head -1)
VERSION=$(echo $TAG_NAME | grep -oE '[0-9]+\.[0-9]+\.[0-9]+')
echo "Latest Released Version: $VERSION"
echo "version=$VERSION" >> $GITHUB_OUTPUT
echo "Latest Released Tag name: $TAG_NAME"
echo "tag_name=$TAG_NAME" >> $GITHUB_OUTPUT
else
echo "Release Version: ${{ inputs.version }}"
echo "version=${{ inputs.version }}" >> $GITHUB_OUTPUT
fi
publish:
name: Publish
runs-on: ubuntu-22.04
needs: validate
steps:
- name: Checkout Repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
ref: ${{ needs.validate.outputs.tag_name }}
- name: Azure login
uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
with:
creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
- name: Retrieve secrets
id: retrieve-secrets
uses: bitwarden/gh-actions/get-keyvault-secrets@main
with:
keyvault: ${{ env._KEY_VAULT }}
secrets: "maven-sonartype-ssrh-username,
maven-sonartype-ossrh-password"
- name: Setup java
uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b # v4.5.0
with:
distribution: temurin
java-version: 17
- name: Setup Gradle
uses: gradle/actions/setup-gradle@d156388eb19639ec20ade50009f3d199ce1e2808 # v4.1.0
- name: Download Java SDK Build
uses: bitwarden/gh-actions/download-artifacts@main
with:
workflow: build-java.yml
workflow_conclusion: success
artifacts: build
path: languages/java/build
- name: Download Java Resources
uses: bitwarden/gh-actions/download-artifacts@main
with:
workflow: build-java.yml
workflow_conclusion: success
artifacts: resources
path: languages/java/src/main/resources
- name: Download Java Resources
uses: bitwarden/gh-actions/download-artifacts@main
with:
workflow: build-java.yml
workflow_conclusion: success
artifacts: schemas
path: languages/java/src/main/java/bit/sdk/schema
- name: Publish package to GitHub Packages
if: ${{ inputs.release_type != 'Dry Run' }}
run: ./gradlew publish
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
MAVEN_USERNAME: ${{ steps.retrieve-secrets.outputs.maven-sonartype-ssrh-username }}
MAVEN_PASSWORD: ${{ steps.retrieve-secrets.outputs.maven-sonartype-ossrh-password }}