forked from HL7/kindling
-
Notifications
You must be signed in to change notification settings - Fork 0
/
main-branch-pipeline.yml
76 lines (63 loc) · 2.8 KB
/
main-branch-pipeline.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
# This is manually run to deploy SNAPSHOT versions of kindling to oss.sonaypte.org.
# We only want to publish a new SNAPSHOT version on successful merge to the main branch,
# so we trigger on that branch.
trigger:
- main
pr: none
pool:
vmImage: "ubuntu-22.04"
# We cannot store things like gpg passwords and sonatype credentials as plain text within the
# pipeline's yaml file, so we've created variable groups in our library to store sensitive variables.
# Pipelines do not load these groups by default, and we need to define which groups to load before
# running any steps.
variables:
- group: GPG_VARIABLE_GROUP
- group: SONATYPE_VARIABLE_GROUP
steps:
# We need a valid signing key to sign our builds for deployment to sonatype. We have uploaded
# both our private and public keys to Azure as 'secure files' that we load into individual pipelines.
# 1. Load the public key file
- task: DownloadSecureFile@1
displayName: 'Load public key from secure files.'
inputs:
secureFile: public.pgp
# 2. Load the private key file
- task: DownloadSecureFile@1
displayName: 'Load private key from secure files.'
inputs:
secureFile: private.pgp
# Although we have imported the key files into our workspace, GPG has no knowledge that these keys exist.
# We use a bash script to import both the private and puablic keys into gpg for future signing.
# 3. Import keys into gpg
- bash: |
gpg --import --no-tty --batch --yes $(Agent.TempDirectory)/public.pgp
gpg --import --no-tty --batch --yes $(Agent.TempDirectory)/private.pgp
gpg --list-keys --keyid-format LONG
gpg --list-secret-keys --keyid-format LONG
displayName: 'Import signing keys into gpg.'
# For creating a snapshot release with maven, we need to add content to the local gradle.properties that
# sets our credentials for both sonatype and gpg. Then gradle can read the necessary fields from it.
# 4. Create local gradle.properties file
- bash: |
cat >>$(System.DefaultWorkingDirectory)/gradle.properties <<EOL
signing.gnupg.keyName=$(GPG_KEYNAME)
signing.gnupg.passphrase=$(GPG_PASSPHRASE)
signatory.keyId=$(GPG_KEYNAME)
nexusUsername=$(SONATYPE_USERNAME)
nexusPassword=$(SONATYPE_PASSWORD)
EOL
displayName: 'Create gradle.properties'
# With our gradle.properties created locally, we can now run grtadle (using to our created gradle.properties file) to deploy
# the kindling jar to oss sonatype.
# 5. Deploy SNAPSHOT build to sonatype
- task: Gradle@2
inputs:
workingDirectory: ''
gradleWrapperFile: 'gradlew'
gradleOptions: '-Xmx3072m'
javaHomeOption: 'JDKVersion'
jdkVersionOption: '1.11'
jdkArchitectureOption: 'x64'
publishJUnitResults: true
testResultsFiles: '**/TEST-*.xml'
tasks: 'clean publish'