From cdafa1d78115ff37b86f86cbb2fd06f48b5f8a68 Mon Sep 17 00:00:00 2001 From: Artem Bilan Date: Wed, 23 Oct 2024 14:07:24 -0400 Subject: [PATCH] Fix `README.md` according the latest state of code --- README.md | 77 ++++++++----------------------------------------------- 1 file changed, 11 insertions(+), 66 deletions(-) diff --git a/README.md b/README.md index a438343..d5388a4 100644 --- a/README.md +++ b/README.md @@ -51,7 +51,8 @@ https://github.com/spring-io/spring-github-workflows/blob/78b29123a17655f019d800 #### Maven SNAPSHOT caller workflow: https://github.com/spring-io/spring-github-workflows/blob/78b29123a17655f019d800690cc906d692f836a9/samples/ci-snapshot-maven.yml#L1-L13 -The Gradle SNAPSHOT build workflow requires `ARTIFACTORY_USERNAME` & `ARTIFACTORY_PASSWORD` secretes to authorise JFrog Artifactory plugin; the Maven one uses JFrog CLI action and requires a `JF_ARTIFACTORY_SPRING` instead. +Both Gradle and Maven SNAPSHOT build workflow requires `ARTIFACTORY_USERNAME` & `ARTIFACTORY_PASSWORD` secretes to authorise [spring-io/artifactory-deploy-action](https://github.com/spring-io/artifactory-deploy-action). +Optionally, all the artifacts can be signed if `GPG_PASSPHRASE` and `GPG_PRIVATE_KEY` secrets are provided. ## Release Workflow @@ -87,47 +88,8 @@ The `buildToolArgs` parameter for this job means extra build tool arguments. For example, the mentioned `dist` value is a Gradle task in the project. Can be any Maven goal or other command line arguments. -The signing released artifacts before pushing to the repository is done now by build tool. -The Gradle workflow is enhanced with specific init script to apply a `signing` plugin. -There is no way to inject any goals for Maven build, so the POM file of the project must have the `maven-gpg-plugin` configuration with this profile: - -````xml - - sign - - - gpg.passphrase - - - - - - org.apache.maven.plugins - maven-gpg-plugin - 3.0.1 - - - sign-artifacts - verify - - sign - - - - --pinentry-mode - loopback - --no-tty - - - - - - - - -```` - -The Maven release workflow uses `crazy-max/ghaction-import-gpg` to export `gpg_private_key` and `passphrase` based on respective secrets. +The signing released artifacts is done by the [spring-io/artifactory-deploy-action](https://github.com/spring-io/artifactory-deploy-action) if `GPG_PASSPHRASE` and `GPG_PRIVATE_KEY` secrets are provided. +In the end all the artifacts, together with their signatures, are uploaded to the Artifactory according to the respective workflow inputs. In the end you just need to go to the `Actions` tab on your project, press `Run workflow` on your release workflow and choose a branch from drop-down list to release currently scheduled Milestone against. Such a release workflow can also be scheduled (`cron`, fo example) against branches matrix. @@ -207,32 +169,15 @@ jobs: ``` The workflow reacts to non-empty `due_on` property of the event's milestone payload and check if this property really was changed on milestone edit. -## Gradle Init Scripts +## "Dispatch Workflow and Wait" Action -The `next-dev-version-init.gradle` script adds a `nextDevelopmentVersion` task which is used when release has been staged and job is ready to push `Next development version` commit. -The `spring-artifactory-init.gradle` script adds the `org.jfrog.gradle.plugin.artifactory.ArtifactoryPlugin` and `signing` plugins. -Configures them for those projects where the `maven-publish` plugin is applied. -The `signing` is activated if no `OSSRH_STAGING_PROFILE_NAME` environment variable is present, but `GPG_PASSPHRASE` & `GPG_PRIVATE_KEY` are present. -The Artifactory plugin requires these environment variables: +The [spring-dispatch-workflow-and-wait](.github/actions/spring-dispatch-workflow-and-wait/action.yml) action implements the logic to call `gh workflow run` for the provided workflow file and wait until it is complete, successful or not. +This action is used in the `verify-staged` job of the release workflow. -``` -ARTIFACTORY_URL -ARTIFACTORY_REPOSITORY -ARTIFACTORY_USERNAME -ARTIFACTORY_PASSWORD -ARTIFACTORY_BUILD_PROJECT -ARTIFACTORY_BUILD_NAME -ARTIFACTORY_BUILD_NUMBER -ARTIFACTORY_BUILD_URL -ARTIFACTORY_USER_AGENT_NAME -ARTIFACTORY_USER_AGENT_VERSION -ARTIFACTORY_VCS_REVISION -ARTIFACTORY_VCS_URL -``` +## Gradle Init Scripts -See more information about these properties in the JFrog [documentation](https://github.com/jfrog/build-info-go/blob/main/buildinfo-schema.json). -See also [spring-artifactory-gradle-build/action.yml](.github/actions/spring-artifactory-gradle-build/action.yml) how those environment variables are calculated. -The `artifactoryPublish` & `signing` tasks deal with `publishing.publications.mavenJava`. -The `artifactoryPublish` also adds `zip.*` properties into `zip` artifacts. +The `[deployment-repository-init.gradle](utils/deployment-repository-init.gradle)` script adds a Maven repository for publishing artifacts into a local directory (`/deployment-repository`) via respective `publishAllPublicationsToDeploymentRepository` Gradle task. +Then [spring-io/artifactory-deploy-action](https://github.com/spring-io/artifactory-deploy-action) picks up those artifacts for uploading to the Artifactory. +The Maven build does that via `deploy` goal and respective `-DaltDeploymentRepository=local::file:deployment-repository` CLI option. See more information in the [Reusing Workflows](https://docs.github.com/en/actions/using-workflows/reusing-workflows).