Issue #217: Try blind Artifactory Release and Publish #1
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release and Publish to TBD Artifactory | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| version: | |
| description: 'Version to publish. For example "1.0.0 or 1.0.0-SNAPSHOT"' | |
| required: true | |
| default: '0.0.0' | |
| developmentVersion: | |
| description: 'Next development version. For example "1.1.0". The system will append "-SNAPSHOT" to the end of this input to reflect the next development version.' | |
| required: true | |
| default: "0.0.0" | |
| push: | |
| branches: | |
| - issue-217/maven-build | |
| jobs: | |
| publish: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| submodules: true | |
| # https://cashapp.github.io/hermit/usage/ci/ | |
| - name: Init Hermit | |
| uses: cashapp/activate-hermit@v1 | |
| - uses: actions/cache@v3 | |
| with: | |
| path: ~/.m2/repository | |
| key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} | |
| restore-keys: | | |
| ${{ runner.os }}-maven- | |
| # Adapted from: https://gist.github.com/sualeh/ae78dc16123899d7942bc38baba5203c | |
| - name: Install gpg secret key | |
| run: | | |
| # Install gpg secret key | |
| cat <(echo -e "${{ secrets.GPG_SECRET_KEY }}") | gpg --batch --import | |
| # Verify gpg secret key | |
| gpg --list-secret-keys --keyid-format LONG | |
| # This will set versions, git tag, and publish to TBD Artifactory. Does not release to Maven Central. | |
| - name: Release and Publish to TBD Artifactory | |
| run: | | |
| # Resolve versions from GH Actions inputs into bash variables | |
| resolvedVersion=${{ github.event.inputs.version }} | |
| resolvedNextVersion=${{ github.event.inputs.version }} | |
| # Precondition check; only allow this to proceed if we have a version ending in "-SNAPSHOT" | |
| if [[ "$resolvedVersion" =~ -SNAPSHOT$ ]]; then | |
| echo "Error: The version must not end with \"-SNAPSHOT\": $resolvedVersion" | |
| exit 1 | |
| fi | |
| if [[ ! "resolvedNextVersion" =~ -SNAPSHOT$ ]]; then | |
| echo "Error: The next development version must end with \"-SNAPSHOT\": resolvedNextVersion" | |
| exit 1 | |
| fi | |
| mvn \ | |
| release:prepare \ | |
| release:perform \ | |
| --batch-mode \ | |
| --settings .maven_settings.xml \ | |
| -DautoVersionSubmodules=true \ | |
| -DreleaseVersion=$resolvedVersion \ | |
| -DdevelopmentVersion=$resolvedNextVersion \ | |
| -Dgpg.passphrase=${{ secrets.GPG_SECRET_PASSPHRASE }} | |
| env: | |
| GITHUB_RELEASE_ACCOUNT_USERNAME: ${{ secrets.GITHUB_RELEASE_ACCOUNT_USERNAME }} | |
| GITHUB_RELEASE_ACCOUNT_PASSWORD: ${{ secrets.GITHUB_RELEASE_ACCOUNT_PASSWORD }} | |
| - name: Create GitHub Release | |
| uses: softprops/action-gh-release@v1 | |
| # skips snapshot releases | |
| if: contains(github.event.inputs.version, 'SNAPSHOT') == false | |
| with: | |
| tag_name: v${{ github.event.inputs.version }} | |
| draft: false | |
| prerelease: true | |
| generate_release_notes: true |