This repository has been archived by the owner on Jul 23, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
84 lines (73 loc) · 2.86 KB
/
stable-cicd.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
# 🏃♀️ Continuous Integration and Delivery: Stable
# ===============================================
#
# Note: for this workflow to succeed, the following secrets must be installed
# in the repository:
#
# ``ADMIN_GITHUB_TOKEN``
# A personal access token of a user with collaborator or better access to
# the project repository. You can generate this by visiting GitHub →
# Settings → Developer settings → Personal access tokens → Generate new
# token. Give the token scopes on ``repo``, ``write:packages``,
# ``delete:packages``, ``workflow``, and ``read:gpg_key``.
# ``CODE_SIGNING_KEY``
# A *private* key with which we can sign artifacts.
# ``OSSRH_USERNAME``
# Username for the Central Repository.
# ``OSSRH_USERNAME``
# Password for the Central Repository.
#
---
name: 😌 Stable integration & delivery
# Driving Event
# -------------
#
# What event starts this workflow: a push of a release tag. Note: according to
# https://git.io/JJZQt we have been doing our tag matching wrong. It's not
# regexp, it's not glob…it's more like…glob++ 😮
on:
push:
tags:
- 'release/*'
concurrency: roundup
# What to Do
# ----------
#
# Round up, yee-haw!
jobs:
stable-assembly:
name: 🐴 Stable Assembly
runs-on: ubuntu-latest
steps:
-
name: 💳 Checkout
uses: actions/checkout@v4
with:
lfs: true
token: ${{secrets.ADMIN_GITHUB_TOKEN}}
fetch-depth: 0
-
name: 💵 Maven Cache
uses: actions/cache@v3
with:
path: ~/.m2/repository
# The "key" used to indicate a set of cached files is the operating system runner
# plus "mvn" for Maven-specific builds, plus a hash of the `pom.xml` files, which
# should uniquely identify the dependent jars; plus "pds" because we pds-prefix
# everything with "pds" in PDS—even when the context is obvious! 😅
key: pds-${{runner.os}}-mvn-${{hashFiles('**/pom.xml')}}
# To restore a set of files, we only need to match a prefix of the saved key.
restore-keys: pds-${{runner.os}}-mvn-
-
name: 🤠 Roundup
uses: NASA-PDS/roundup-action@stable
with:
assembly: stable
packages: openjdk11-jdk
env:
ossrh_username: ${{secrets.OSSRH_USERNAME}}
ossrh_password: ${{secrets.OSSRH_PASSWORD}}
CODE_SIGNING_KEY: ${{secrets.CODE_SIGNING_KEY}}
ADMIN_GITHUB_TOKEN: ${{secrets.ADMIN_GITHUB_TOKEN}}
...
# -*- mode: yaml; indent: 4; fill-column: 120; coding: utf-8 -*-