-
Notifications
You must be signed in to change notification settings - Fork 0
139 lines (127 loc) · 4.93 KB
/
Copy pathpublish.yml
File metadata and controls
139 lines (127 loc) · 4.93 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
name: Publish to Maven Central + GitHub Release
# Cuts a release. Triggered by pushing a version tag (vX.Y.Z), or manually
# from the Actions tab with an explicit version.
#
# On a run it:
# 1. derives the release version from the tag (v0.2.0 -> 0.2.0) — Maven
# Central rejects -SNAPSHOT, so versions:set strips it,
# 2. builds, tests, GPG-signs and deploys the parent pom + attached source
# zip + attached distribution zip to Maven Central via the Sonatype
# Central Portal. This is a single-module project with packaging=pom;
# its deploy attaches: parent pom + source zip (classifier=src) + dist
# zip (classifier=dist). No daemon/cli JARs are published to Central,
# 3. creates a GitHub Release carrying two assets: a whole-repo source
# zip (git archive of HEAD) and the assembled distribution bundle
# (sonar-predictor-dist-<version>.zip — bin/sonar{,.bat} + lib/*.jar +
# plugins/*.jar). Users install by downloading + extracting the zip.
#
# Required repo secrets:
# OSS_NEXUS_USER - Sonatype Central Portal token username
# OSS_NEXUS_PASS - Sonatype Central Portal token password
# MAVEN_GPG_PRIVATE_KEY - ASCII-armored GPG private key for signing
# MAVEN_GPG_PASSPHRASE - passphrase for that key (omit if the key has none)
# GITHUB_TOKEN is provided automatically.
on:
push:
tags:
- 'v*'
workflow_dispatch:
inputs:
version:
description: 'Release version (e.g. 0.2.0) — required for manual runs'
required: true
type: string
permissions:
contents: write
concurrency:
group: publish-${{ github.ref }}
cancel-in-progress: false
jobs:
publish:
runs-on: ubuntu-latest
steps:
- name: Checkout (full history for git archive + release notes)
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set up JDK 21 + GPG
uses: actions/setup-java@v4
with:
distribution: temurin
java-version: '21'
server-id: central
server-username: OSS_NEXUS_USER
server-password: OSS_NEXUS_PASS
gpg-private-key: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }}
gpg-passphrase: MAVEN_GPG_PASSPHRASE
- name: Set up Node.js (JS analyzer tests need a Node runtime)
uses: actions/setup-node@v4
with:
node-version: '20'
- name: Derive release version
id: version
env:
INPUT_VERSION: ${{ inputs.version }}
run: |
set -euo pipefail
if [ -n "${INPUT_VERSION:-}" ]; then
VERSION="${INPUT_VERSION}"
else
# github.ref_name is the tag, e.g. v0.2.0 -> 0.2.0
VERSION="${GITHUB_REF_NAME#v}"
fi
if [ -z "${VERSION}" ]; then
echo "::error::could not determine release version"
exit 1
fi
echo "version=${VERSION}" >> "$GITHUB_OUTPUT"
echo "Release version: ${VERSION}"
- name: Strip -SNAPSHOT / set release version
run: |
set -euo pipefail
mvn -B -ntp versions:set \
-DnewVersion="${{ steps.version.outputs.version }}" \
-DgenerateBackupPoms=false
- name: Build the source bundle (whole-repo git archive of HEAD)
# Built BEFORE the deploy: the release profile's build-helper plugin
# attaches this zip (from the repo root) to the Maven Central upload,
# so the whole-repo source ships on Central as well as on the
# GitHub Release.
run: |
set -euo pipefail
VERSION="${{ steps.version.outputs.version }}"
git archive --format=zip \
--prefix="sonar-predict-${VERSION}/" \
-o "sonar-predict-${VERSION}-src.zip" HEAD
ls -la "sonar-predict-${VERSION}-src.zip"
- name: Build, sign and deploy to Maven Central
env:
OSS_NEXUS_USER: ${{ secrets.OSS_NEXUS_USER }}
OSS_NEXUS_PASS: ${{ secrets.OSS_NEXUS_PASS }}
MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }}
run: |
set -euo pipefail
mvn -B -ntp -Prelease clean deploy
- name: Create the GitHub Release
env:
GH_TOKEN: ${{ github.token }}
run: |
set -euo pipefail
VERSION="${{ steps.version.outputs.version }}"
SRC_ZIP="sonar-predict-${VERSION}-src.zip"
DIST_ZIP="target/sonar-predictor-dist-${VERSION}.zip"
if [ ! -f "${DIST_ZIP}" ]; then
echo "::error::distribution bundle not found at ${DIST_ZIP}"
ls -la target || true
exit 1
fi
if [ -n "${GITHUB_REF_NAME:-}" ] && [ "${GITHUB_REF_TYPE:-}" = "tag" ]; then
TAG="${GITHUB_REF_NAME}"
else
TAG="v${VERSION}"
fi
gh release create "${TAG}" \
--title "sonar-predictor ${VERSION}" \
--generate-notes \
"${SRC_ZIP}" \
"${DIST_ZIP}"