Allow manual runs of the security check (#233) #17
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: create_release | |
# We create a release version on a trigger tag, regardless of if the commit is | |
# documentation-only. | |
on: # yamllint disable-line rule:truthy | |
push: | |
tags: # e.g. release-1.2.3 | |
- 'release-[0-9]+.[0-9]+.[0-9]+**' | |
jobs: | |
create_release: | |
runs-on: ubuntu-24.04 # newest available distribution, aka numbat | |
steps: | |
- name: Checkout Repository | |
uses: actions/checkout@v4 | |
with: | |
# Prevent use of implicit GitHub Actions read-only GITHUB_TOKEN | |
# because maven-release-plugin pushes commits to master. | |
token: ${{ secrets.GH_TOKEN }} | |
- name: Setup java | |
uses: actions/setup-java@v4 | |
with: | |
distribution: 'zulu' # zulu as it supports a wide version range | |
java-version: '17' # earliest LTS supported by Spring Boot 3 | |
- name: Cache local Maven repository | |
uses: actions/cache@v3 | |
with: | |
path: ~/.m2/repository | |
key: ${{ runner.os }}-jdk-17-maven-${{ hashFiles('**/pom.xml') }} | |
restore-keys: ${{ runner.os }}-jdk-17-maven- | |
- name: Create Release | |
env: | |
# GH_USER=<user that created GH_TOKEN> | |
GH_USER: ${{ secrets.GH_USER }} | |
# GH_TOKEN=<hex token value> | |
# * makes release commits and tags | |
# * needs repo:status, public_repo | |
# * referenced in .settings.xml | |
GH_TOKEN: ${{ secrets.GH_TOKEN }} | |
run: | # GITHUB_REF will be refs/tags/release-MAJOR.MINOR.PATCH | |
build-bin/git/login_git && | |
build-bin/maven/maven_release $(echo ${GITHUB_REF} | cut -d/ -f 3) |