-
Notifications
You must be signed in to change notification settings - Fork 119
144 lines (121 loc) · 5.66 KB
/
release-artifacts.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
name: Release Artifacts
on:
push:
tags:
- 'v*.*.*'
workflow_dispatch:
inputs:
version:
type: string
description: Fake version
required: true
defaults:
run:
shell: bash
permissions:
contents: read
packages: write
env:
LC_ALL: C.UTF-8
GRADLE_CACHE_USERNAME: ${{ secrets.GRADLE_CACHE_USERNAME }}
GRADLE_CACHE_PASSWORD: ${{ secrets.GRADLE_CACHE_PASSWORD }}
jobs:
validate-release:
name: Validate Release
runs-on: [ self-hosted, Linux, medium, ephemeral ]
steps:
- name: Harden Runner
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
with:
egress-policy: audit
- name: Checkout Code
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Retrieve Tag Version
if: ${{ github.event_name == 'push' }}
id: tag
run: echo "version=${GITHUB_REF#refs/tags/v}" >> "${GITHUB_OUTPUT}"
- name: Retrieve Tag Version (dispatch)
if: ${{ github.event_name == 'workflow_dispatch' }}
id: workflow_tag
run: echo "version=${{github.event.inputs.version}}" >> "${GITHUB_OUTPUT}"
- name: Setup Java
uses: actions/setup-java@0ab4596768b603586c0de567f2430c30f5b0d2b0 # v3.13.0
with:
distribution: temurin
java-version: 17
- name: Setup Gradle
uses: gradle/gradle-build-action@29c0906b64b8fc82467890bfb7a0a7ef34bda89e # v3.1.0
with:
cache-read-only: false
- name: Determine Project Version
id: project
run: echo "version=$(./gradlew -q showVersion | tr -d '[:space:]')" >> "${GITHUB_OUTPUT}"
- name: Validate Release
if: ${{ github.event_name == 'push' }}
run: |
if [[ "${{ steps.tag.outputs.version }}" != "${{ steps.project.outputs.version }}" ]]; then
echo "::error file=version.gradle,line=5,title=Version Mismatch::Tag version '${{ steps.tag.outputs.version }}' does not match the Gradle project version '${{ steps.project.outputs.version }}'. Please update the 'version.gradle' file before tagging."
exit 1
fi
- name: Validate Release (dispatch)
if: ${{ github.event_name == 'workflow_dispatch' }}
run: |
if [[ "${{ steps.workflow_tag.outputs.version }}" != "${{github.event.inputs.version}}" ]]; then
echo "::error file=version.gradle,line=5,title=Version Mismatch::Tag version '${{ steps.workflow_tag.outputs.version }}' does not match the Gradle project version '${{github.event.inputs.version}}'. Please update the 'version.gradle' file before tagging."
exit 1
fi
maven-central:
name: Publish to Maven Central
runs-on: [ self-hosted, Linux, medium, ephemeral ]
needs:
# This needs clause exists solely to provide a dependency on the previous step. This publish step will not occur
# until the validate-release step completes successfully.
- validate-release
steps:
- name: Harden Runner
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
with:
egress-policy: audit
- name: Checkout Code
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Install GnuPG Tools
run: |
if ! command -v gpg2 >/dev/null 2>&1; then
echo "::group::Updating APT Repository Indices"
sudo apt update
echo "::endgroup::"
echo "::group::Installing GnuPG Tools"
sudo apt install -y gnupg2
echo "::endgroup::"
fi
- name: Import GPG key
id: gpg_key
uses: step-security/ghaction-import-gpg@a7c87df2279f2bf2e69ba8289dfbf35fe05a4e08 # v1.0.0
with:
gpg_private_key: ${{ secrets.GPG_KEY_CONTENTS }}
passphrase: ${{ secrets.GPG_KEY_PASSPHRASE }}
git_config_global: true
git_user_signingkey: true
git_commit_gpgsign: true
git_tag_gpgsign: true
- name: Setup Java
uses: actions/setup-java@0ab4596768b603586c0de567f2430c30f5b0d2b0 # v3.13.0
with:
distribution: temurin
java-version: 17
- name: Setup Gradle
uses: gradle/gradle-build-action@29c0906b64b8fc82467890bfb7a0a7ef34bda89e # v3.1.0
with:
cache-read-only: false
- name: Compile SDK & Javadoc
run: ./gradlew assemble :sdk:javadoc -Dfile.encoding=UTF-8 --scan
- name: Nexus Release
#run: ./gradlew publishToSonatype closeAndReleaseSonatypeStagingRepository --no-parallel -Dfile.encoding=UTF-8 --scan -PsonatypeUsername=${{ secrets.SONATYPE_USERNAME }} -PsonatypePassword=${{ secrets.SONATYPE_PASSWORD }}
run: ./gradlew publishToSonatype closeSonatypeStagingRepository --no-parallel -Dfile.encoding=UTF-8 --scan -PsonatypeUsername=${{ secrets.SONATYPE_USERNAME }} -PsonatypePassword=${{ secrets.SONATYPE_PASSWORD }}
- name: Nexus Release sdk-full artifacts
run: |
# This is a temporary fix and should be removed once https://github.com/hashgraph/hedera-sdk-java/pull/1732 is merged
sed -i 's#sdk\.gradle#sdk-full.gradle#g' sdk/build.gradle
git clean -fdx
./gradlew publishToSonatype closeSonatypeStagingRepository --no-parallel -Dfile.encoding=UTF-8 --scan -PsonatypeUsername=${{ secrets.SONATYPE_USERNAME }} -PsonatypePassword=${{ secrets.SONATYPE_PASSWORD }}
# ./gradlew publishToSonatype closeAndReleaseSonatypeStagingRepository --no-parallel -Dfile.encoding=UTF-8 --scan -PsonatypeUsername=${{ secrets.SONATYPE_USERNAME }} -PsonatypePassword=${{ secrets.SONATYPE_PASSWORD }}