Publish Release #14

Summary
Jobs
- publish
Run details
- Usage
- Workflow file

Workflow file for this run

.github/workflows/release.yml at b9f8444

	# Release artifact will be pushed to Sonatype, which is synced to Maven Central
	# Build artifacts get pushed to Sonatype and non-SNAPSHOT versions are then
	# auto-synced to Maven Central
	name: Publish a release to Maven Central

	on:
	# We can use very similiar workflow to manually trigger a full publish
	# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#onworkflow_dispatchinputs
	workflow_dispatch:
	inputs:
	releaseversion:
	description: 'Release version'
	required: true
	nextversion:
	description: 'Next dev version'
	required: true

	# Will need to have someone with admin permissions to add some secrets:
	# Credentials for Sonatype, needs a Sonatype account.
	# - OSSRH_USERNAME
	# - OSSRH_PASSWORD
	# Will need GPG key + passphrase to sign artifacts for Maven Central
	# - MAVEN_GPG_PASSPHRASE
	# - MAVEN_GPG_KEY
	#
	# Should be able to use secrets.GITHUB_TOKEN to push images to GHCR, this
	# secret is provided automatically to the workflow
	#
	# May need a GH PAT (likely fine-grained) in order to update pass-docker with
	# new image refs
	# (Not yet used)
	# - GH_USER
	# - GH_PAT
	#
	# Using maven with arguments:
	# -B (--batch-mode) non-interactive batch mode
	# -U force dependency SNAPSHOT update
	# -V print maven version without stopping build
	# -ntp (--no-transfer-progress) do not show download progress

	env:
	RELEASE: ${{ inputs.releaseversion }}
	NEXT: ${{ inputs.nextversion}}

	jobs:
	publish:
	runs-on: ubuntu-latest
	# Can we check to make sure $NEXT doesn't already exist as a tag?
	steps:
	# =============================================================================
	# Setup
	# =============================================================================
	# Automatically checks out the repo and branch where the workflow was triggered
	- name: Checkout code
	uses: actions/checkout@v3

	- name: Config git user
	run: \|
	git config user.name ${{ github.actor }}
	git config user.email "${{ github.actor }}@users.noreply.github.com"

	- name: Setup Java & Maven
	uses: actions/setup-java@v3
	with:
	java-version: 17
	distribution: 'temurin'
	server-id: ossrh
	# User/pass refer to ENV VARs set below
	server-username: MAVEN_USERNAME
	server-password: MAVEN_PASSWORD
	gpg-private-key: ${{ secrets.MAVEN_GPG_KEY }}
	gpg-passphrase: MAVEN_GPG_PASSPHRASE

	# =============================================================================
	# Start the work
	# =============================================================================
	# This versions:update-parent will grab the specified release (non-snapshot)
	- name: Bump version to release
	run: mvn -B -U -V -ntp versions:update-parent -DparentVersion=$RELEASE

	- name: Commit release version bump
	uses: EndBug/add-and-commit@v9
	with:
	add: pom.xml **/pom.xml
	message: "Update parent version to $RELEASE"

	# Will publish and create new Docker image for release version
	- name: Publish release
	run: \|
	mvn -B -U -V -ntp release:prepare -DreleaseVersion=$RELEASE -Dtag=$RELEASE -DdevelopmentVersion=$NEXT -DautoVersionSubmodules=true -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn
	mvn -B -U -V -ntp release:perform -P release -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn
	env:
	# Add OSSRH_USERNAME and OSSRH_PASSWORD as GH secrets
	# https://docs.github.com/en/actions/security-guides/encrypted-secrets
	MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }}
	MAVEN_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
	MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }}

	# Project and submodule versions _should_ already be updated in the release step above
	- name: Update parent POM to new dev version
	run: mvn -B -U -V -ntp versions:update-parent -DallowSnapshots=true -DparentVersion=$NEXT

	- name: Commit snapshot version bump
	uses: EndBug/add-and-commit@v9
	with:
	add: pom.xml **/pom.xml
	message: "Update parent version to $NEXT"
	push: true

	# Will produce a new Docker image for the new dev version
	- name: Build and publish new dev version
	run: mvn -B -U -V -ntp deploy -P release
	env:
	MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }}
	MAVEN_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
	MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }}

	- name: Push new release tag GH
	run: git push origin --tags

	# Handle Docker images
	- name: Login to GHCR
	uses: docker/login-action@v2
	with:
	registry: ghcr.io
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Push Docker image to GHCR
	run: \|
	docker push ghcr.io/eclipse-pass/pass-core-main:$RELEASE
	docker push ghcr.io/eclipse-pass/pass-core-main:$NEXT

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Publish Release #14

Workflow file

Publish Release #14

Jobs

Run details

Workflow file for this run