.github/workflows/release.yml

name: Create Release

on:
  workflow_dispatch:
  push:
    tags:
      - 'v*'

concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

jobs:
  build:
    name: Create Release
    runs-on: ubuntu-latest
    steps:

# VALIDATE TAGS
    - id: validate-semver
      name: Validate tag against semantic versioning
      if: startsWith(github.ref, 'refs/tags/')
      shell: bash
      run: |
        SEMVER_PATTERN="^refs/tags/v(0|[1-9][0-9]*)\.(0|[1-9][0-9]*)\.(0|[1-9][0-9]*)(-[0-9A-Za-z-]+(\.[0-9A-Za-z-]+)*)?(\+[0-9A-Za-z-]+(\.[0-9A-Za-z-]+)*)?$"
        if [[ ! $GITHUB_REF =~ $SEMVER_PATTERN ]]
          then
            echo "Tag $GITHUB_REF does not follow semantic versioning"
            exit 1
          fi

# SETUP BUILD ENVIRONMENT
    - id: prepare-maven-build
      name: Prepare Maven build
      uses: sualeh/prepare-maven-build@v1.4.0
      with:
        java-version: 8
    - id: install-graphviz
      name: Install Graphviz
      uses: sualeh/install-graphviz@v1.0.3

# BUILD FOR DISTRIBUTION
    - id: build
      name: Build and test for distribution
      shell: bash
      run: |
        # Build
        mvn \
          --no-transfer-progress \
          --batch-mode \
          -Ddistrib \
          clean install

# BUILD AND PUBLISH DOCKER IMAGE
    - id: setup-qemu
      name: Setup QEMU
      uses: docker/setup-qemu-action@v3

    - id: setup-buildx
      name: Setup Docker Buildx
      uses: docker/setup-buildx-action@v3

    - name: Log into Docker Hub
      uses: docker/login-action@v3
      with:
        username: ${{ secrets.DOCKER_USERNAME }}
        password: ${{ secrets.DOCKER_PASSWORD }}

    - name: Build and Push Docker Image
      uses: docker/build-push-action@v6
      with:
        file: ./schemacrawler-docker/Dockerfile
        context: ./schemacrawler-distrib/target/_expanded-distribution
        platforms: |-
          linux/amd64
          linux/arm64
        tags: |-
          schemacrawler/schemacrawler:v16.25.2
          schemacrawler/schemacrawler:latest
        sbom: true
        provenance: true
        push: true

# CREATE GITHUB RELEASE AND ADD ASSETS
    - id: upload-artifacts
      name: Upload installers
      uses: actions/upload-artifact@v4
      with:
        name: release-artifacts-v16.25.2
        path: |
          ./schemacrawler-distrib/target/schemacrawler-16.25.2-distribution.zip
          ./schemacrawler-distrib/target/schemacrawler-16.25.2-distribution.zip.SHA-512
          ./schemacrawler-distrib/target/schemacrawler-16.25.2-bin.zip
          ./schemacrawler-distrib/target/schemacrawler-16.25.2-bin.zip.SHA-512
        retention-days: 1
    - id: create-release
      name: Create GitHub release
      uses: softprops/action-gh-release@v2
      if: startsWith(github.ref, 'refs/tags/')
      with:
        token: ${{ secrets.GITHUB_TOKEN }}
        name: ${{ github.ref_name }}
        draft: false
        prerelease: false
        body: |
          SchemaCrawler ${{ github.event.release.tag_name }} release at last commit ${{ github.sha }}
          See the change history at https://www.schemacrawler.com/changes-report.html
        generate_release_notes: true
        files: |
          ./schemacrawler-distrib/target/schemacrawler-16.25.2-distribution.zip
          ./schemacrawler-distrib/target/schemacrawler-16.25.2-distribution.zip.SHA-512
          ./schemacrawler-distrib/target/schemacrawler-16.25.2-bin.zip
          ./schemacrawler-distrib/target/schemacrawler-16.25.2-bin.zip.SHA-512

# PUBLISH TO CENTRAL REPOSITORY
    - id: install-secret-key
      name: Install secret key
      if: startsWith(github.ref, 'refs/tags/')
      # Note: OSSRH_GPG_SECRET_KEY is exported using gpg --export-secret-keys -a <keyid>
      # and has newlines substituted with a literal \n
      shell: bash
      run: |
        # Install secret key
        cat <(echo -e "${{ secrets.OSSRH_GPG_SECRET_KEY }}") | gpg --batch --import
        gpg --list-secret-keys --keyid-format LONG
    - id: publish-to-central
      name: Publish to Central Repository
      if: startsWith(github.ref, 'refs/tags/')
      env:
        MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }}
        MAVEN_PASSWORD: ${{ secrets.OSSRH_TOKEN }}
      shell: bash
      run: |
        # Publish to Central Repository
        export GPG_TTY=$(tty)
        mvn \
          --no-transfer-progress \
          --batch-mode \
          -Ddistrib \
          -Dmaven.javadoc.skip=false \
          -Dskip.signing.artifacts=false \
          -Dgpg.passphrase=${{ secrets.OSSRH_GPG_SECRET_KEY_PASSWORD }} \
          clean deploy