Workflow Run: Maven Release: Prepare and Perform #15
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: 'Workflow: Maven Release: Prepare and Perform' | |
| run-name: 'Workflow Run: Maven Release: Prepare and Perform' | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| dryRun: | |
| default: true | |
| description: 'Dry run?' | |
| type: 'boolean' | |
| mvnDebug: | |
| default: false | |
| description: 'Debug?' | |
| type: 'boolean' | |
| mvnTransferLogging: | |
| default: false | |
| description: 'Log Maven artifact transfers?' | |
| type: 'boolean' | |
| jobs: | |
| job-mvn-release-prepare-perform: | |
| name: 'Job: Maven Release: Prepare and Perform' | |
| permissions: | |
| contents: 'read' | |
| runs-on: 'ubuntu-latest' | |
| steps: | |
| - id: 'checkout' | |
| name: 'Step: Check Out Project' | |
| uses: 'actions/checkout@v4' | |
| with: | |
| fetch-depth: 1 | |
| persist-credentials: false | |
| - id: 'setup-java' | |
| name: 'Step: Set Up Java and Maven' | |
| uses: 'actions/setup-java@v4' | |
| with: | |
| cache: 'maven' | |
| distribution: 'temurin' | |
| gpg-passphrase: 'GPG_PASSPHRASE' | |
| gpg-private-key: '${{ secrets.GPG_PRIVATE_KEY }}' | |
| java-version: '24' | |
| mvn-toolchain-id: 'Temurin 24' | |
| mvn-toolchain-vendor: 'openjdk' # see ../../pom.xml | |
| server-id: 'central.sonatype.com' | |
| server-password: 'CENTRAL_SONATYPE_COM_PASSWORD' | |
| server-username: 'CENTRAL_SONATYPE_COM_USERNAME' | |
| - id: 'setup-askpass' | |
| name: 'Step: Set Up GIT_ASKPASS' | |
| run: | | |
| install -m 700 /dev/null "${RUNNER_TEMP}/.askpass" # atomically create empty file with appropriate permissions | |
| cat >> "${RUNNER_TEMP}/.askpass" <<<'#!/bin/bash | |
| case "${1}" in | |
| Username*) exec echo x-access-token ;; | |
| Password*) exec echo "${PUSH_TOKEN}" ;; | |
| esac' | |
| - id: 'setup-gpg' | |
| name: 'Step: Set Up GPG' | |
| run: | | |
| echo 'pinentry-mode loopback' >> ~/.gnupg/gpg.conf | |
| - id: 'mvn-release-prepare' | |
| name: 'Step: Maven Release: Prepare, Perform and Publish Site' | |
| env: | |
| CENTRAL_SONATYPE_COM_PASSWORD: '${{ secrets.CENTRAL_SONATYPE_COM_PASSWORD }}' | |
| CENTRAL_SONATYPE_COM_USERNAME: '${{ secrets.CENTRAL_SONATYPE_COM_USERNAME }}' | |
| DRY_RUN: '${{ inputs.dryRun }}' | |
| GIT_ASKPASS: '${{ runner.temp }}/.askpass' | |
| GPG_PASSPHRASE: '${{ secrets.GPG_PASSPHRASE }}' | |
| MVN_DEBUG: ${{ inputs.mvnDebug && '--debug' || '' }} | |
| MVN_TRANSFER_LOGGING: ${{ inputs.mvnTransferLogging && '' || '--no-transfer-progress' }} | |
| PUSH_TOKEN : '${{ secrets.PUSH_TOKEN }}' # critical; see ${GIT_ASKPASS} file | |
| SCM_GIT_HTTPS_URL: 'scm:git:${{ github.server_url }}/${{ github.repository }}.git' | |
| shell: 'bash -e {0}' | |
| run: > | |
| git config --global user.email '[email protected]' | |
| git config --global user.name 'microbean' | |
| echo "::group::Running mvn prepare" | |
| ./mvnw --batch-mode ${MVN_DEBUG} --errors ${MVN_TRANSFER_LOGGING} release:prepare | |
| -DdryRun="${DRY_RUN}" | |
| -Darguments="${MVN_TRANSFER_LOGGING}" | |
| -Dscm.url="${SCM_GIT_HTTPS_URL}" | |
| scm_tag="$(grep '^scm.tag=' release.properties | cut -f 2 -d =)" | |
| echo "Prepared ${scm_tag}" >> "${GITHUB_STEP_SUMMARY}" | |
| echo "scm_tag=${scm_tag}" >> "${GITHUB_OUTPUT}" | |
| echo "::endgroup::" | |
| echo "::group::Running mvn perform" | |
| ./mvnw --batch-mode ${MVN_DEBUG} --errors ${MVN_TRANSFER_LOGGING} release:perform | |
| -Darguments="${MVN_TRANSFER_LOGGING} -Dscmpublish.dryRun=${DRY_RUN} -Dscmpublish.pubScmUrl=${SCM_GIT_HTTPS_URL} -DskipTests -DautoPublish=true -DwaitUntil=published" | |
| -DdryRun="${DRY_RUN}" | |
| -Dgoals="process-classes,post-site,scm-publish:publish-scm,deploy" | |
| -Dscm.url="${SCM_GIT_HTTPS_URL}" | |
| echo "Released ${scm_tag} successfully" >> "${GITHUB_STEP_SUMMARY}"; | |
| echo "::endgroup::" |