Merge-ignore release 2023.0.5 into 2024.0.0-M1 #269
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: publish | |
on: | |
push: | |
branches: # For branches, better to list them explicitly than include via glob pattern | |
- main | |
- 2023.0.x | |
- 2022.0.x | |
- 2020.0.x | |
permissions: read-all | |
jobs: | |
# General job notes: we DON'T want to cancel any previous runs, especially in the case of a "back to snapshots" build right after a release push | |
# We specify the ubuntu version to minimize the chances we have to deal with a migration during a release | |
prepare: | |
# Notes on prepare: this job has no access to secrets, only github token. As a result, all non-core actions are centralized here | |
# This includes the tagging and drafting of release notes. Still, when possible we favor plain run of gradle tasks | |
name: prepare | |
runs-on: ubuntu-20.04 | |
outputs: | |
versionType: ${{ steps.version.outputs.versionType }} | |
fullVersion: ${{ steps.version.outputs.fullVersion }} | |
steps: | |
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 | |
- name: setup java | |
uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # tag=v3 | |
with: | |
distribution: 'temurin' | |
java-version: 8 | |
- name: interpret version | |
id: version | |
#we only run the qualifyVersionGha task so that no other console printing can hijack this step's output | |
#output: versionType, fullVersion | |
#fails if versionType is BAD, which interrupts the workflow | |
run: ./gradlew qualifyVersionGha | |
- name: run checks | |
id: checks | |
run: ./gradlew check | |
#deploy the snapshot artifacts to Artifactory | |
deploySnapshot: | |
name: deploySnapshot | |
runs-on: ubuntu-20.04 | |
needs: prepare | |
if: needs.prepare.outputs.versionType == 'SNAPSHOT' | |
environment: snapshots | |
steps: | |
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 | |
- uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # tag=v3 | |
with: | |
distribution: 'temurin' | |
java-version: 8 | |
- name: deploy | |
env: | |
ORG_GRADLE_PROJECT_artifactory_publish_username: ${{secrets.ARTIFACTORY_SNAPSHOT_USERNAME}} | |
ORG_GRADLE_PROJECT_artifactory_publish_password: ${{secrets.ARTIFACTORY_PASSWORD}} | |
run: | | |
./gradlew assemble artifactoryPublish -Partifactory_publish_contextUrl=https://repo.spring.io -Partifactory_publish_repoKey=libs-snapshot-local | |
#sign the milestone artifacts and deploy them to Artifactory | |
deployMilestone: | |
name: deployMilestone | |
runs-on: ubuntu-20.04 | |
needs: prepare | |
if: needs.prepare.outputs.versionType == 'MILESTONE' | |
environment: releases | |
steps: | |
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 | |
- uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # tag=v3 | |
with: | |
distribution: 'temurin' | |
java-version: 8 | |
- name: deploy | |
env: | |
ORG_GRADLE_PROJECT_artifactory_publish_username: ${{secrets.ARTIFACTORY_USERNAME}} | |
ORG_GRADLE_PROJECT_artifactory_publish_password: ${{secrets.ARTIFACTORY_PASSWORD}} | |
ORG_GRADLE_PROJECT_signingKey: ${{secrets.SIGNING_KEY}} | |
ORG_GRADLE_PROJECT_signingPassword: ${{secrets.SIGNING_PASSPHRASE}} | |
run: | | |
./gradlew assemble sign artifactoryPublish -Partifactory_publish_contextUrl=https://repo.spring.io -Partifactory_publish_repoKey=libs-milestone-local | |
#sign the release artifacts and deploy them to Artifactory | |
deployRelease: | |
name: deployRelease | |
runs-on: ubuntu-20.04 | |
needs: prepare | |
if: needs.prepare.outputs.versionType == 'RELEASE' | |
environment: releases | |
steps: | |
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 | |
- uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # tag=v3 | |
with: | |
distribution: 'temurin' | |
java-version: 8 | |
- name: deploy | |
env: | |
ORG_GRADLE_PROJECT_artifactory_publish_username: ${{secrets.ARTIFACTORY_USERNAME}} | |
ORG_GRADLE_PROJECT_artifactory_publish_password: ${{secrets.ARTIFACTORY_PASSWORD}} | |
ORG_GRADLE_PROJECT_signingKey: ${{secrets.SIGNING_KEY}} | |
ORG_GRADLE_PROJECT_signingPassword: ${{secrets.SIGNING_PASSPHRASE}} | |
ORG_GRADLE_PROJECT_sonatypeUsername: ${{secrets.SONATYPE_USERNAME}} | |
ORG_GRADLE_PROJECT_sonatypePassword: ${{secrets.SONATYPE_PASSWORD}} | |
run: | | |
./gradlew assemble sign artifactoryPublish -Partifactory_publish_contextUrl=https://repo.spring.io -Partifactory_publish_repoKey=libs-release-local publishMavenJavaPublicationToSonatypeRepository | |
tagMilestone: | |
name: Tag milestone | |
needs: [ prepare, deployMilestone ] | |
runs-on: ubuntu-20.04 | |
permissions: | |
contents: write | |
steps: | |
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 | |
- name: tag | |
#specifics: no v prefix for the tag | |
run: | | |
git config --local user.name 'reactorbot' | |
git config --local user.email '32325210+reactorbot@users.noreply.github.com' | |
git tag -m "Release BOM milestone ${{ needs.prepare.outputs.fullVersion }}" ${{ needs.prepare.outputs.fullVersion }} ${{ github.sha }} | |
git push --tags | |
tagRelease: | |
name: Tag release | |
needs: [ prepare, deployRelease ] | |
runs-on: ubuntu-20.04 | |
permissions: | |
contents: write | |
steps: | |
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 | |
- name: tag | |
#specifics: no v prefix for the tag | |
run: | | |
git config --local user.name 'reactorbot' | |
git config --local user.email '32325210+reactorbot@users.noreply.github.com' | |
git tag -m "Release BOM ${{ needs.prepare.outputs.fullVersion }}" ${{ needs.prepare.outputs.fullVersion }} ${{ github.sha }} | |
git push --tags | |
# For Gradle configuration of signing, see https://docs.gradle.org/current/userguide/signing_plugin.html#sec:in-memory-keys | |
# publishMavenJavaPublicationToSonatypeRepository only sends to a staging repository |