-
Notifications
You must be signed in to change notification settings - Fork 0
111 lines (94 loc) · 3.37 KB
/
manual-github-release-trigger.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
name: Manual GitHub Release Trigger
on:
workflow_dispatch:
env:
MAVEN_OPTS: ${{ vars.MAVEN_OPTS }}
jobs:
release:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Set up JDK 11
uses: actions/setup-java@v3
with:
java-version: '11'
distribution: 'temurin'
cache: maven
server-id: ossrh
server-username: MAVEN_USERNAME
server-password: MAVEN_PASSWORD
- name: Cache Maven packages
uses: actions/cache@v3
with:
path: ~/.m2
key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
restore-keys: ${{ runner.os }}-m2
- name: Prepare Maven settings.xml
run: |
cat "${{ github.workspace }}/.github/settings.xml" > ~/.m2/settings.xml
- name: Get Maven Project Version
run: |
echo "RELEASE_VERSION=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)" >> $GITHUB_ENV
- name: Manual Release Approval
uses: trstringer/[email protected]
timeout-minutes: 60
with:
secret: ${{ github.TOKEN }}
approvers: oranheim
issue-title: "Approve release of ${{ env.RELEASE_VERSION }}"
- name: Configure Git User
run: |
git config user.email "[email protected]"
git config user.name "GitHub Actions"
- name: Configure GPG
run: |
mkdir -p ~/.gnupg
echo "allow-loopback-pinentry" >> ~/.gnupg/gpg-agent.conf
echo "pinentry-mode loopback" >> ~/.gnupg/gpg.conf
echo "use-agent" >> ~/.gnupg/gpg.conf
echo "batch" >> ~/.gnupg/gpg.conf
echo "no-tty" >> ~/.gnupg/gpg.conf
gpg-connect-agent reloadagent /bye
echo "GPG configuration completed"
- name: Import GPG key
env:
GPG_SECRET: ${{ secrets.GPG_SECRET }}
run: |
echo "$GPG_SECRET" | gpg --batch --import
gpg --list-secret-keys --keyid-format LONG
echo "GPG key imported successfully"
- name: Debug GPG
run: |
gpg --version
gpg-agent --version
echo "GNUPGHOME=$GNUPGHOME"
ls -la ~/.gnupg
cat ~/.gnupg/gpg.conf
cat ~/.gnupg/gpg-agent.conf
- name: Release with Maven
env:
MAVEN_USERNAME: ${{ secrets.OSSRH_USER }}
MAVEN_PASSWORD: ${{ secrets.OSSRH_TOKEN }}
GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
GPG_KEY_ID: ${{ secrets.GPG_KEY_ID }}
run: |
mvn -X --batch-mode release:clean release:prepare release:perform \
-Darguments="-Dgpg.passphrase=${GPG_PASSPHRASE} -Dgpg.keyname=${GPG_KEY_ID} -Dgpg.pinentry-mode=loopback" \
-DskipTests \
-P oss-maven-central
- name: Cleanup GPG keys
if: always()
run: |
gpg --delete-secret-keys ${{ secrets.GPG_KEY_ID }}
gpg --delete-keys ${{ secrets.GPG_KEY_ID }}
- name: Notify on success
if: success()
run: |
echo "Release ${{ env.RELEASE_VERSION }} has been successfully deployed to Maven Central."
- name: Notify on failure
if: failure()
run: |
echo "Release ${{ env.RELEASE_VERSION }} failed. Please check the logs for more information."