Create Release of develop , dryrun=false #36
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Creates a release and uploads that. We don't upload the site - that's done in the master.yml workflow once it's merged. | |
# Since our build sometimes fails (because some tests occasionally fail for reasons not in our code) we make this robust: | |
# the irreversible actions are done only after all builds are done. That is the git push and the release to maven central. | |
# The copy to the Sonatype staging area is likely repeatable. That way you just have to restart the job if it fails, | |
# with no harm done and no traces in git. | |
name: Create Release | |
run-name: Create Release of ${{ github.ref_name }} , dryrun=${{ inputs.dryrun }} | |
on: | |
workflow_dispatch: | |
inputs: | |
dryrun: | |
type: boolean | |
description: 'Dry run? If given, the release will be built but dropped afterwards from OSSRH, and the git changes will not be pushed.' | |
default: false | |
jobs: | |
createrelease: | |
runs-on: ubuntu-latest | |
env: | |
MVNCMD: mvn -B -ntp -s ${{ github.workspace }}/.github/settings-istrepo.xml -P nexus-staging,skipDocker,!docker | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
GITHUB_ACTOR: ${{ github.actor }} | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
fetch-depth: 3 | |
- name: print configuration | |
run: | | |
echo "MVNCMD: $MVNCMD" | |
echo "dryrun: ${{ github.event.inputs.dryrun }}" | |
- name: Set up JDK 11 | |
uses: actions/setup-java@v3 | |
with: | |
java-version: '11' | |
distribution: 'temurin' | |
maven-version: 3.8.7 | |
# deliberately not: cache: maven | |
- name: Dump event context for debugging | |
continue-on-error: true # Debugging output only, and this annoyingly fails when the commit messge has a ( | |
run: | | |
echo '${{ github.event_name }} for ${{ github.ref_type }} ${{ github.ref_name }} or ${{ github.event.ref }}' | |
# https://docs.github.com/en/developers/webhooks-and-events/webhooks/webhook-events-and-payloads#push | |
echo 'github.event:' | |
echo '${{ toJSON(github.event) }}' | |
- name: Dump github context for debugging | |
continue-on-error: true # Debugging output only, and this annoyingly fails when the commit message has a ( | |
run: | | |
echo '${{ toJSON(github) }}' | |
- name: Try to set a master password | |
run: | | |
MASTERPWD=$(openssl rand -base64 25) | |
echo "<settingsSecurity> <master>$(mvn --encrypt-master-password "$MASTERPWD")</master></settingsSecurity>" > $HOME/.m2/settings-security.xml | |
# echo "MASTERPWD=\"$MASTERPWD\"" >> $GITHUB_ENV | |
# The master password isn't actually used, but the maven-gpg-plugin complains otherwise. | |
- name: Git & Maven Status | |
run: | | |
$MVNCMD -version | |
git remote -v | |
git status --untracked-files --ignored | |
git log -3 --no-color --decorate | |
- name: Mvn Effective POM | |
run: $MVNCMD -N help:effective-pom | |
- name: Mvn Effective Settings | |
run: $MVNCMD -N help:effective-settings | |
- name: Import GPG key | |
env: | |
GPG_SECRET_KEYS: ${{ secrets.GPG_SECRET_KEYS }} | |
GPG_OWNERTRUST: ${{ secrets.GPG_OWNERTRUST }} | |
run: | | |
echo $GPG_SECRET_KEYS | base64 --decode | gpg --import --no-tty --batch --yes | |
echo $GPG_OWNERTRUST | base64 --decode | gpg --import-ownertrust --no-tty --batch --yes | |
gpg -v --refresh-keys | |
gpg --list-secret-keys --keyid-format LONG | |
- name: Configure git user for release commits | |
# specific to repository - we don't want that to be the same thing in a fork. | |
env: | |
X_RELEASE_USERNAME: ${{ vars.RELEASE_USERNAME }} | |
X_RELEASE_USEREMAIL: ${{ vars.RELEASE_USEREMAIL }} | |
run: | | |
git config --global user.email "${X_RELEASE_USERNAME}" | |
git config --global user.name "${X_RELEASE_USEREMAIL}" | |
- name: Check that we are on snapshot branch before creating the release | |
run: | | |
echo "Version: " | |
$MVNCMD help:evaluate -Dexpression=project.version -q -DforceStdout | |
$MVNCMD help:evaluate -Dexpression=project.version -q -DforceStdout | egrep -- '-SNAPSHOT$' > /dev/null || exit 1 | |
# unfortunately, this would require a snapshot parent if just called from the command line, so we cannot use it: :-( | |
# mvn org.apache.maven.plugins:maven-enforcer-plugin:3.2.1:enforce -Drules=requireSnapshotVersion | |
- name: Dry run of release goals | |
env: | |
GPG_PASSPHRASE : ${{ secrets.GPG_PASSPHRASE }} | |
run: | | |
# export GPG_PASSPHRASE=$(mvn --encrypt-password "$(echo $GPG_PASSPHRASE_RAW | base64 --decode)") | |
# we need the snapshot of the topmost pom installed for the versions:update-child-modules later. | |
# $MVNCMD -N install | |
$MVNCMD clean release:clean | |
$MVNCMD release:prepare -DdryRun=true -DpushChanges=false | |
$MVNCMD release:perform -DdryRun=true -DlocalCheckout=true -DdeployAtEnd=true | |
$MVNCMD clean release:clean | |
git clean -f -d -x | |
- name: Verify git is clean | |
run: | | |
git status --untracked-files --ignored | |
git log -3 --no-color --decorate | |
git clean -f -d | |
- name: Prepare release | |
env: | |
GPG_PASSPHRASE : ${{ secrets.GPG_PASSPHRASE }} | |
run: | | |
git clean -f -d -x | |
$MVNCMD clean release:clean release:prepare -DpushChanges=false | |
- name: Git status after prepare | |
run: | | |
git status --untracked-files --ignored | |
git log -3 --no-color --decorate | |
cat release.properties || true | |
- name: Perform release | |
env: | |
OSSRH_USER: ${{ secrets.OSSRH_USER }} | |
OSSRH_PASSWD: ${{ secrets.OSSRH_PASSWD }} | |
GPG_PASSPHRASE : ${{ secrets.GPG_PASSPHRASE }} | |
run: | | |
$MVNCMD release:perform -DlocalCheckout=true -DdeployAtEnd=true "-Dgoals=clean test source:jar javadoc:jar deploy" | |
- name: Git Status after perform | |
if: always() | |
run: | | |
git status | |
git log -3 --no-color --decorate | |
- name: Git Status after perform, long | |
if: always() | |
run: | | |
git status --untracked-files --ignored | |
- name: Switch allmodules to same release since we skipped docker modules and startup test modules | |
run: | | |
git reset --hard HEAD^ | |
$MVNCMD -N versions:update-child-modules -DprocessAllModules -P allmodules -DgenerateBackupPoms=false | |
(cd docker; $MVNCMD -N versions:update-child-modules -DprocessAllModules -P allmodules -DgenerateBackupPoms=false) | |
releasetag=$(git tag -l --points-at HEAD) | |
git add -u pom.xml '**/pom.xml' | |
git commit --amend --no-edit | |
git tag -f $releasetag | |
$MVNCMD -B release:update-versions -DautoVersionSubmodules=true -DgenerateBackupPoms=false -DprocessAllModules=true -P allmodules | |
git add -u pom.xml '**/pom.xml' | |
git commit -m "prepare for next development iteration" | |
- name: Git Status after allmodules update | |
run: | | |
git status | |
git log -3 --no-color --decorate | |
- name: Push changes | |
if: ${{ github.event.inputs.dryrun == 'false' }} | |
run: | | |
git push -v | |
git push --tags -v | |
- name: Release to maven central repository | |
if: ${{ github.event.inputs.dryrun == 'false' }} | |
env: | |
OSSRH_USER: ${{ secrets.OSSRH_USER }} | |
OSSRH_PASSWD: ${{ secrets.OSSRH_PASSWD }} | |
run: | | |
cd target/checkout | |
pwd | |
$MVNCMD nexus-staging:release | |
- name: Drop from OSSRH on dryrun | |
if: ${{ github.event.inputs.dryrun != 'false' }} | |
env: | |
OSSRH_USER: ${{ secrets.OSSRH_USER }} | |
OSSRH_PASSWD: ${{ secrets.OSSRH_PASSWD }} | |
run: | | |
cd target/checkout | |
pwd | |
$MVNCMD nexus-staging:drop | |
- name: List target files even if recipe fails | |
if: always() | |
run: | | |
pwd | |
ls -ld | |
ls -ld target | |
find . -type d -name target | |
ls -l ./target/checkout/target || true | |
ls -l ./target/checkout/commons/target || true | |
- name: Set master to the release tag | |
if: ${{ github.event.inputs.dryrun == 'false' }} | |
run: | | |
git checkout master | |
git reset --hard $releasetag | |
git push -v | |
git push --tags -v |