-
Notifications
You must be signed in to change notification settings - Fork 1.2k
153 lines (146 loc) · 6.56 KB
/
publish.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
name: publish
on:
push:
branches: # For branches, better to list them explicitly than regexp include
- main
- 3.5.x
- 3.4.x
permissions: read-all
jobs:
# General job notes: we DON'T want to cancel any previous runs, especially in the case of a "back to snapshots" build right after a release push
# We specify the ubuntu version to minimize the chances we have to deal with a migration during a release
prepare:
# Notes on prepare: this job has no access to secrets, only github token. As a result, all non-core actions are centralized here
# This includes the tagging and drafting of release notes. Still, when possible we favor plain run of gradle tasks
name: prepare
runs-on: ubuntu-20.04
outputs:
versionType: ${{ steps.version.outputs.versionType }}
fullVersion: ${{ steps.version.outputs.fullVersion }}
steps:
- uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # tag=v4
- name: setup java
uses: actions/setup-java@0ab4596768b603586c0de567f2430c30f5b0d2b0 # tag=v3
with:
distribution: 'temurin'
java-version: 8
- name: interpret version
id: version
#we only run the qualifyVersionGha task so that no other console printing can hijack this step's output
#output: versionType, fullVersion
#fails if versionType is BAD, which interrupts the workflow
run: ./gradlew qualifyVersionGha
- name: run checks
id: checks
uses: gradle/gradle-build-action@842c587ad8aa4c68eeba24c396e15af4c2e9f30a # tag=v2
with:
arguments: check -Pjunit-tags=!slow -x jcstress
slowerChecks:
# similar limitations as in prepare, but we parallelize slower tests here
name: slowerChecks
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # tag=v4
- name: setup java
uses: actions/setup-java@0ab4596768b603586c0de567f2430c30f5b0d2b0 # tag=v3
with:
distribution: 'temurin'
java-version: 8
- name: run slower tests
id: slowerTests
uses: gradle/gradle-build-action@842c587ad8aa4c68eeba24c396e15af4c2e9f30a # tag=v2
with:
arguments: reactor-core:test -Pjunit-tags=slow
#deploy the snapshot artifacts to Artifactory
deploySnapshot:
name: deploySnapshot
runs-on: ubuntu-20.04
needs: [ prepare, slowerChecks ]
if: needs.prepare.outputs.versionType == 'SNAPSHOT'
environment: snapshots
steps:
- uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # tag=v4
- uses: actions/setup-java@0ab4596768b603586c0de567f2430c30f5b0d2b0 # tag=v3
with:
distribution: 'temurin'
java-version: 8
- name: deploy
env:
ORG_GRADLE_PROJECT_artifactory_publish_username: ${{secrets.ARTIFACTORY_SNAPSHOT_USERNAME}}
ORG_GRADLE_PROJECT_artifactory_publish_password: ${{secrets.ARTIFACTORY_PASSWORD}}
run: |
./gradlew assemble artifactoryPublish -Partifactory_publish_contextUrl=https://repo.spring.io -Partifactory_publish_repoKey=libs-snapshot-local
#sign the milestone artifacts and deploy them to Artifactory
deployMilestone:
name: deployMilestone
runs-on: ubuntu-20.04
needs: [ prepare, slowerChecks ]
if: needs.prepare.outputs.versionType == 'MILESTONE'
environment: releases
steps:
- uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # tag=v4
- uses: actions/setup-java@0ab4596768b603586c0de567f2430c30f5b0d2b0 # tag=v3
with:
distribution: 'temurin'
java-version: 8
- name: deploy
env:
ORG_GRADLE_PROJECT_artifactory_publish_username: ${{secrets.ARTIFACTORY_USERNAME}}
ORG_GRADLE_PROJECT_artifactory_publish_password: ${{secrets.ARTIFACTORY_PASSWORD}}
ORG_GRADLE_PROJECT_signingKey: ${{secrets.SIGNING_KEY}}
ORG_GRADLE_PROJECT_signingPassword: ${{secrets.SIGNING_PASSPHRASE}}
run: |
./gradlew assemble sign artifactoryPublish -Partifactory_publish_contextUrl=https://repo.spring.io -Partifactory_publish_repoKey=libs-milestone-local
#sign the release artifacts and deploy them to Artifactory
deployRelease:
name: deployRelease
runs-on: ubuntu-20.04
needs: [ prepare, slowerChecks ]
if: needs.prepare.outputs.versionType == 'RELEASE'
environment: releases
steps:
- uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # tag=v4
- uses: actions/setup-java@0ab4596768b603586c0de567f2430c30f5b0d2b0 # tag=v3
with:
distribution: 'temurin'
java-version: 8
- name: deploy
env:
ORG_GRADLE_PROJECT_artifactory_publish_username: ${{secrets.ARTIFACTORY_USERNAME}}
ORG_GRADLE_PROJECT_artifactory_publish_password: ${{secrets.ARTIFACTORY_PASSWORD}}
ORG_GRADLE_PROJECT_signingKey: ${{secrets.SIGNING_KEY}}
ORG_GRADLE_PROJECT_signingPassword: ${{secrets.SIGNING_PASSPHRASE}}
ORG_GRADLE_PROJECT_sonatypeUsername: ${{secrets.SONATYPE_USERNAME}}
ORG_GRADLE_PROJECT_sonatypePassword: ${{secrets.SONATYPE_PASSWORD}}
run: |
./gradlew assemble sign artifactoryPublish -Partifactory_publish_contextUrl=https://repo.spring.io -Partifactory_publish_repoKey=libs-release-local publishMavenJavaPublicationToSonatypeRepository
tagMilestone:
name: Tag milestone
needs: [ prepare, deployMilestone ]
runs-on: ubuntu-20.04
permissions:
contents: write
steps:
- uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # tag=v4
- name: tag
run: |
git config --local user.name 'reactorbot'
git config --local user.email '[email protected]'
git tag -m "Release milestone ${{ needs.prepare.outputs.fullVersion }}" v${{ needs.prepare.outputs.fullVersion }} ${{ github.sha }}
git push --tags
tagRelease:
name: Tag release
needs: [ prepare, deployRelease ]
runs-on: ubuntu-20.04
permissions:
contents: write
steps:
- uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # tag=v4
- name: tag
run: |
git config --local user.name 'reactorbot'
git config --local user.email '[email protected]'
git tag -m "Release version ${{ needs.prepare.outputs.fullVersion }}" v${{ needs.prepare.outputs.fullVersion }} ${{ github.sha }}
git push --tags
# For Gradle configuration of signing, see https://docs.gradle.org/current/userguide/signing_plugin.html#sec:in-memory-keys
# publishMavenJavaPublicationToSonatypeRepository only sends to a staging repository