Skip to content
Publish CI

chore: Add SECURITY.md (#5768) #192

Sign in to view logs

chore: Add SECURITY.md (#5768)

chore: Add SECURITY.md (#5768) #192

Workflow file for this run

.github/workflows/publish-ci.yml at e1c4d9b
name: Publish CI
on:
push:
branches: [ 'main', 'release/v*' ]
pull_request:
branches: [ 'main', 'rc/v*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: false
jobs:
publish:
runs-on: ubuntu-22.04
permissions:
id-token: write
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup JDK 11
id: setup-java-11
uses: actions/setup-java@v4
with:
distribution: 'temurin'
java-version: '11'
- name: Setup JDK 17
id: setup-java-17
uses: actions/setup-java@v4
with:
distribution: 'temurin'
java-version: '17'
- name: Set JAVA_HOME
run: echo "JAVA_HOME=${{ steps.setup-java-11.outputs.path }}" >> $GITHUB_ENV
- name: Setup gradle properties
run: |
.github/scripts/gradle-properties.sh >> gradle.properties
cat gradle.properties
- name: Setup Node for deployment to npmjs
uses: actions/setup-node@v4
with:
node-version-file: 'web/client-api/types/.nvmrc'
registry-url: 'https://registry.npmjs.org'
# TODO(deephaven-core#2614): Improve gradle/CI assemble and publishing of artifacts
- name: Build all artifacts, publish to Maven Local
if: ${{ !startsWith(github.ref, 'refs/heads/release/v') }}
uses: burrunan/gradle-cache-action@v1
with:
job-id: publish-local
arguments: server-netty-app:build server-jetty-app:build py-server:build py-embedded-server:build py-client:build py-client-ticking:build web-client-api:types:build publishToMavenLocal
gradle-version: wrapper
- name: Build all artifacts, publish to Sonatype for staging to Maven Central
if: ${{ startsWith(github.ref, 'refs/heads/release/v') }}
uses: burrunan/gradle-cache-action@v1
with:
job-id: publish
# We need to be explicit here about no parallelism to ensure we don't create disjointed staging repositories.
arguments: --no-parallel server-netty-app:build server-jetty-app:build py-server:build py-embedded-server:build py-client:build py-client-ticking:build web-client-api:types:build publish
gradle-version: wrapper
env:
ORG_GRADLE_PROJECT_ossrhUsername: ${{ secrets.SONATYPE_USERNAME }}
ORG_GRADLE_PROJECT_ossrhPassword: ${{ secrets.SONATYPE_PASSWORD }}
ORG_GRADLE_PROJECT_signingKey: ${{ secrets.CI_AT_DEEPHAVEN_KEY }}
ORG_GRADLE_PROJECT_signingPassword: ${{ secrets.CI_AT_DEEPHAVEN_PASSWORD }}
ORG_GRADLE_PROJECT_signingRequired: true
- name: Upload Artifacts
if: ${{ startsWith(github.ref, 'refs/heads/release/v') }}
uses: actions/upload-artifact@v4
with:
name: artifacts
path: |
server/jetty-app/build/distributions/
py/server/build/wheel/
py/embedded-server/build/wheel/
py/client/build/wheel/
py/client-ticking/build/wheel/
web/client-api/types/build/*.tgz
- name: Publish deephaven-core to PyPi
if: ${{ startsWith(github.ref, 'refs/heads/release/v') }}
uses: pypa/gh-action-pypi-publish@release/v1
with:
packages_dir: py/server/build/wheel/
continue-on-error: true
- name: Publish deephaven-server to PyPi
if: ${{ startsWith(github.ref, 'refs/heads/release/v') }}
uses: pypa/gh-action-pypi-publish@release/v1
with:
packages_dir: py/embedded-server/build/wheel/
continue-on-error: true
- name: Publish pydeephaven to PyPi
if: ${{ startsWith(github.ref, 'refs/heads/release/v') }}
uses: pypa/gh-action-pypi-publish@release/v1
with:
packages_dir: py/client/build/wheel/
continue-on-error: true
- name: Publish pydeephaven-ticking to PyPi
if: ${{ startsWith(github.ref, 'refs/heads/release/v') }}
uses: pypa/gh-action-pypi-publish@release/v1
with:
packages_dir: py/client-ticking/build/wheel/
continue-on-error: true
- name: Publish @deephaven/jsapi-types to npmjs
if: ${{ startsWith(github.ref, 'refs/heads/release/v') }}
env:
NODE_AUTH_TOKEN: ${{ secrets.DEEPHAVENBOT_NPM_TOKEN }}
run: npm publish --provenance --tag latest web/client-api/types/build/deephaven-jsapi-types-*.tgz
continue-on-error: true