Skip to content

Release Artifacts

Release Artifacts #11

name: Release Artifacts
on:
push:
tags:
- 'v*.*.*'
workflow_dispatch:
inputs:
version:
type: string
description: Fake version
required: true
defaults:
run:
shell: bash
permissions:
contents: read
packages: write
env:
LC_ALL: C.UTF-8
GRADLE_CACHE_USERNAME: ${{ secrets.GRADLE_CACHE_USERNAME }}
GRADLE_CACHE_PASSWORD: ${{ secrets.GRADLE_CACHE_PASSWORD }}
jobs:
validate-release:
name: Validate Release
runs-on: [ self-hosted, Linux, medium, ephemeral ]
steps:
- name: Harden Runner
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
with:
egress-policy: audit
- name: Checkout Code
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Retrieve Tag Version
if: ${{ github.event_name == 'push' }}
id: tag
run: echo "version=${GITHUB_REF#refs/tags/v}" >> "${GITHUB_OUTPUT}"
- name: Retrieve Tag Version (dispatch)
if: ${{ github.event_name == 'workflow_dispatch' }}
id: workflow_tag
run: echo "version=${{github.event.inputs.version}}" >> "${GITHUB_OUTPUT}"
- name: Setup Java
uses: actions/setup-java@0ab4596768b603586c0de567f2430c30f5b0d2b0 # v3.13.0
with:
distribution: temurin
java-version: 17
- name: Setup Gradle
uses: gradle/gradle-build-action@29c0906b64b8fc82467890bfb7a0a7ef34bda89e # v3.1.0
with:
cache-read-only: false
- name: Determine Project Version
id: project
run: echo "version=$(./gradlew -q showVersion | tr -d '[:space:]')" >> "${GITHUB_OUTPUT}"
- name: Validate Release
if: ${{ github.event_name == 'push' }}
run: |
if [[ "${{ steps.tag.outputs.version }}" != "${{ steps.project.outputs.version }}" ]]; then
echo "::error file=version.gradle,line=5,title=Version Mismatch::Tag version '${{ steps.tag.outputs.version }}' does not match the Gradle project version '${{ steps.project.outputs.version }}'. Please update the 'version.gradle' file before tagging."
exit 1
fi
- name: Validate Release (dispatch)
if: ${{ github.event_name == 'workflow_dispatch' }}
run: |
if [[ "${{ steps.workflow_tag.outputs.version }}" != "${{github.event.inputs.version}}" ]]; then
echo "::error file=version.gradle,line=5,title=Version Mismatch::Tag version '${{ steps.workflow_tag.outputs.version }}' does not match the Gradle project version '${{github.event.inputs.version}}'. Please update the 'version.gradle' file before tagging."
exit 1
fi
maven-central:
name: Publish to Maven Central
runs-on: [ self-hosted, Linux, medium, ephemeral ]
needs:
# This needs clause exists solely to provide a dependency on the previous step. This publish step will not occur
# until the validate-release step completes successfully.
- validate-release
steps:
- name: Harden Runner
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
with:
egress-policy: audit
- name: Checkout Code
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Install GnuPG Tools
run: |
if ! command -v gpg2 >/dev/null 2>&1; then
echo "::group::Updating APT Repository Indices"
sudo apt update
echo "::endgroup::"
echo "::group::Installing GnuPG Tools"
sudo apt install -y gnupg2
echo "::endgroup::"
fi
- name: Import GPG key
id: gpg_key
uses: step-security/ghaction-import-gpg@a7c87df2279f2bf2e69ba8289dfbf35fe05a4e08 # v1.0.0
with:
gpg_private_key: ${{ secrets.GPG_KEY_CONTENTS }}
passphrase: ${{ secrets.GPG_KEY_PASSPHRASE }}
git_config_global: true
git_user_signingkey: true
git_commit_gpgsign: true
git_tag_gpgsign: true
- name: Setup Java
uses: actions/setup-java@0ab4596768b603586c0de567f2430c30f5b0d2b0 # v3.13.0
with:
distribution: temurin
java-version: 17
- name: Setup Gradle
uses: gradle/gradle-build-action@29c0906b64b8fc82467890bfb7a0a7ef34bda89e # v3.1.0
with:
cache-read-only: false
- name: Compile SDK & Javadoc
run: ./gradlew assemble :sdk:javadoc -Dfile.encoding=UTF-8 --scan
- name: Nexus Release
#run: ./gradlew publishToSonatype closeAndReleaseSonatypeStagingRepository --no-parallel -Dfile.encoding=UTF-8 --scan -PsonatypeUsername=${{ secrets.SONATYPE_USERNAME }} -PsonatypePassword=${{ secrets.SONATYPE_PASSWORD }}
run: ./gradlew publishToSonatype closeSonatypeStagingRepository --no-parallel -Dfile.encoding=UTF-8 --scan -PsonatypeUsername=${{ secrets.SONATYPE_USERNAME }} -PsonatypePassword=${{ secrets.SONATYPE_PASSWORD }}
- name: Nexus Release sdk-full artifacts
run: |
# This is a temporary fix and should be removed once https://github.com/hashgraph/hedera-sdk-java/pull/1732 is merged
sed -i 's#sdk\.gradle#sdk-full.gradle#g' sdk/build.gradle
git clean -fdx
./gradlew publishToSonatype closeSonatypeStagingRepository --no-parallel -Dfile.encoding=UTF-8 --scan -PsonatypeUsername=${{ secrets.SONATYPE_USERNAME }} -PsonatypePassword=${{ secrets.SONATYPE_PASSWORD }}
# ./gradlew publishToSonatype closeAndReleaseSonatypeStagingRepository --no-parallel -Dfile.encoding=UTF-8 --scan -PsonatypeUsername=${{ secrets.SONATYPE_USERNAME }} -PsonatypePassword=${{ secrets.SONATYPE_PASSWORD }}