Skip to content

feat(INF-70): use reusable-workflows-pub #46

feat(INF-70): use reusable-workflows-pub

feat(INF-70): use reusable-workflows-pub #46

name: Continuous Delivery
on:
push:
branches:
- master
paths-ignore:
- '**/README.md'
env:
# This will suppress any download for dependencies and plugins or upload messages which would clutter the console log.
# `showDateTime` will show the passed time in milliseconds. You need to specify `--batch-mode` to make this work.
MAVEN_OPTS: "-Dhttps.protocols=TLSv1.2 -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=WARN -Dorg.slf4j.simpleLogger.showDateTime=true -Djava.awt.headless=true"
# As of Maven 3.3.0 instead of this you may define these options in `.mvn/maven.config` so the same config is used
# when running from the command line.
# `installAtEnd` and `deployAtEnd` are only effective with recent version of the corresponding plugins.
MAVEN_CLI_OPTS: "--batch-mode --errors --fail-at-end --show-version -DinstallAtEnd=true -DdeployAtEnd=true"
jobs:
mainJob:
runs-on: ubuntu-latest
timeout-minutes: 10
outputs:
releaseVersion: ${{ steps.semanticversion.outputs.new_version }}
steps:
- uses: actions/checkout@v4
- name: Bump version and create tag
id: semanticversion
uses: mathieudutour/github-tag-action@v6.2
with:
release_branches: master
github_token: ${{ secrets.GITHUB_TOKEN }}
- name: Verify and print new build number
run: |
if echo '${{ steps.semanticversion.outputs.new_tag }}' |grep -Eq '^v[0-9]+[.][0-9]+[.][0-9]+$'; then
echo Tag '${{ steps.semanticversion.outputs.new_tag }}', New version '${{ steps.semanticversion.outputs.new_version }}', Changelog '${{ steps.semanticversion.outputs.changelog }}'
else
echo 'unexpected tag format - aborting'
exit -1
fi
- name: Set up JDK 17
uses: actions/setup-java@v4
with:
distribution: 'temurin'
java-version: '17'
cache: 'maven'
- name: Set version
id: version
run: |
echo Releasing as ${{ steps.semanticversion.outputs.new_version }}
mvn $MAVEN_CLI_OPTS versions:set -DnewVersion=${{ steps.semanticversion.outputs.new_version }}
- name: Perform build
env:
REPOSITORY_URL: ${{ secrets.LEVIGO_OSS_MAVEN_REPO_URL }}
REPOSITORY_USERID: ${{ secrets.LEVIGO_OSS_MAVEN_REPO_USER }}
REPOSITORY_CREDENTIALS: ${{ secrets.LEVIGO_OSS_MAVEN_REPO_PASSWORD }}
run: mvn $MAVEN_CLI_OPTS package --settings .github/settings.xml
- name: Deploy package
env:
GPG_EXECUTABLE: gpg
GPG_SECRET_KEYS: ${{ secrets.LEVIGO_GPG_KEYS }}
GPG_OWNERTRUST: ${{ secrets.LEVIGO_GPG_OWNERTRUST }}
GPG_PASSPHRASE: ${{ secrets.LEVIGO_GPG_PASSPHRASE }}
SONATYPE_USERNAME: ${{ secrets.LEVIGO_SONATYPE_USERNAME }}
SONATYPE_PASSWORD: ${{ secrets.LEVIGO_SONATYPE_PASSWORD }}
REPOSITORY_URL: ${{ secrets.LEVIGO_OSS_MAVEN_REPO_URL }}
REPOSITORY_USERID: ${{ secrets.LEVIGO_OSS_MAVEN_REPO_USER }}
REPOSITORY_CREDENTIALS: ${{ secrets.LEVIGO_OSS_MAVEN_REPO_PASSWORD }}
run: |
echo "$GPG_SECRET_KEYS" | base64 --decode | $GPG_EXECUTABLE --import --no-tty --batch --yes
echo "$GPG_OWNERTRUST" | base64 --decode | $GPG_EXECUTABLE --import-ownertrust --no-tty --batch --yes
mvn $MAVEN_CLI_OPTS deploy --settings .github/settings.xml -Dmaven.test.skip.exec=true -U -Prelease
- name: create release and upload release asset
uses: softprops/action-gh-release@v2
with:
name: Release ${{ steps.semanticversion.outputs.new_tag }}
tag_name: ${{ steps.semanticversion.outputs.new_tag }}
draft: false
prerelease: false
# the step above will NOT trigger a second workflow.
- name: dispatch release event
run: |
curl \
-X POST \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
https://api.github.com/repos/${{ github.repository }}/dispatches \
-d '{"event_type":"release_created","client_payload":{"version":"${{ steps.semanticversion.outputs.new_version }}"}}'
- name: Notify Developers
uses: 8398a7/action-slack@v4
with:
username: GitHub
icon_emoji: octocat
channel: ci_jwt
status: ${{ job.status }}
fields: repo,message,commit,author,action,eventName,ref
text: ${{ github.workflow }} ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
# you probably have to pass the personal access token to the action so that it can send to mattermost.
# Alternatively, set as below so that nothing happens with dependabot PRs.
if: ${{ github.actor != 'dependabot[bot]' }}
updateReadme:
needs: mainJob
uses: levigo/reusable-workflows-pub/.github/workflows/update-readme-md.yml@v1
secrets: inherit
with:
releaseVersion: ${{ needs.mainJob.outputs.releaseVersion }}