Skip to content

Deploy Release

Deploy Release #10

# Expected secrets
# MAVEN_CENTRAL_USERNAME - Username for Maven Central.
# MAVEN_CENTRAL_PASSWORD - Password for Maven Central.
# MAVEN_SIGNING_KEY_ASCII - GPG key without a password which has ASCII-armored and then BASE64-encoded.
name: Deploy Release
on:
workflow_dispatch:
concurrency: deploy_release
jobs:
validate_gradle_wrapper:
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: Checkout
timeout-minutes: 1
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633
# Gradle Wrapper validation can be flaky
# https://github.com/gradle/wrapper-validation-action/issues/40
- name: Gradle Wrapper Validation
timeout-minutes: 1
uses: gradle/wrapper-validation-action@b5418f5a58f5fd2eb486dd7efb368fe7be7eae45
check_secrets:
environment: deployment
permissions:
contents: read
runs-on: ubuntu-latest
outputs:
has-secrets: ${{ steps.check_secrets.outputs.defined }}
steps:
- id: check_secrets
env:
MAVEN_CENTRAL_USERNAME: ${{ secrets.MAVEN_CENTRAL_USERNAME }}
MAVEN_CENTRAL_PASSWORD: ${{ secrets.MAVEN_CENTRAL_PASSWORD }}
MAVEN_SIGNING_KEY: ${{ secrets.MAVEN_SIGNING_KEY_ASCII }}
if: "${{ env.MAVEN_CENTRAL_USERNAME != '' && env.MAVEN_CENTRAL_PASSWORD != '' && env.MAVEN_SIGNING_KEY != '' }}"
run: echo "::set-output name=defined::true"
deploy_release:
environment: deployment
if: needs.check_secrets.outputs.has-secrets == 'true'
needs: [validate_gradle_wrapper, check_secrets]
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: Checkout
timeout-minutes: 1
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633
- name: Set up Java
uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9
timeout-minutes: 1
with:
distribution: 'temurin'
java-version: 17
- name: Set up Gradle
uses: gradle/gradle-build-action@bdf99f9dada2506e990bac6de8ec5e3de34a04f1
timeout-minutes: 10
with:
gradle-home-cache-cleanup: true
# While not strictly necessary, this sanity checks the build before attempting to upload.
# This adds minimal additional build time, since most of the work is cached and re-used
# in the next step.
- name: Deploy to Maven Local
timeout-minutes: 25
env:
ORG_GRADLE_PROJECT_IS_SNAPSHOT: false
ORG_GRADLE_PROJECT_NATIVE_TARGETS_ENABLED: false
ORG_GRADLE_PROJECT_ZCASH_ASCII_GPG_KEY: ${{ secrets.MAVEN_SIGNING_KEY_ASCII }}
run: |
./gradlew publishAllPublicationsToMavenLocalRepository --no-parallel
- name: Deploy to Maven Central
timeout-minutes: 5
env:
ORG_GRADLE_PROJECT_IS_SNAPSHOT: false
ORG_GRADLE_PROJECT_NATIVE_TARGETS_ENABLED: false
ORG_GRADLE_PROJECT_ZCASH_ASCII_GPG_KEY: ${{ secrets.MAVEN_SIGNING_KEY_ASCII }}
ORG_GRADLE_PROJECT_ZCASH_MAVEN_PUBLISH_PASSWORD: ${{ secrets.MAVEN_CENTRAL_PASSWORD }}
ORG_GRADLE_PROJECT_ZCASH_MAVEN_PUBLISH_USERNAME: ${{ secrets.MAVEN_CENTRAL_USERNAME }}
run: |
./gradlew publishAllPublicationsToMavenCentralRepository --no-parallel
- name: Collect Artifacts
timeout-minutes: 1
if: ${{ always() }}
run: |
export ARTIFACTS_DIR_PATH=~/artifacts
export BINARIES_ZIP_PATH=${ARTIFACTS_DIR_PATH}/release_binaries.zip
mkdir ${ARTIFACTS_DIR_PATH}
zip -r ${BINARIES_ZIP_PATH} . -i *build/libs/*
- name: Upload Artifacts
if: ${{ always() }}
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3
timeout-minutes: 1
with:
name: Release binaries
path: ~/artifacts