Release #120
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Release | |
on: | |
workflow_dispatch: | |
inputs: | |
version: | |
description: 'Next release version' | |
required: true | |
default: 'patch' | |
type: choice | |
options: | |
- major | |
- minor | |
- patch | |
jobs: | |
build: | |
name: Build and release | |
runs-on: ubuntu-latest | |
steps: | |
- uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 | |
with: | |
egress-policy: audit | |
# Setups the environment | |
- name: Checkout | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 | |
with: | |
fetch-depth: 0 | |
token: ${{ secrets.JRELEASER_GITHUB_TOKEN }} | |
- name: Set up JDK 17 | |
uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4 | |
with: | |
java-version: '17' | |
distribution: 'temurin' | |
cache: maven | |
- name: Set up Maven | |
uses: stCarolas/setup-maven@d6af6abeda15e98926a57b5aa970a96bb37f97d1 # v5 | |
with: | |
maven-version: 3.9.6 | |
- id: install-jbang | |
run: curl -Ls https://sh.jbang.dev | bash -s - app setup | |
shell: bash | |
- name: Set git user | |
run: | | |
git config --global user.name "GitHub Actions Bot" | |
git config --global user.email "<>" | |
- name: install go | |
uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5 | |
- name: install semversion | |
run: go install github.com/ffurrer2/semver/cmd/semver@latest | |
# Get current version from pom and remove snapshot if present. | |
- name: Get current version from pom and remove snapshot if present. | |
run: echo "CURRENT_VERSION=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout | sed 's/-SNAPSHOT//')" >> $GITHUB_ENV | |
- name: Get version with snapshot | |
run: echo "CURRENT_VERSION_WITH_SNAPSHOT=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)" >> $GITHUB_ENV | |
# Calculate next version: | |
# - if version is patch, we just increment the patch version | |
# - if version is minor or major, we increment the minor or major version and set the patch version to 0 | |
# As we are using a snapshot version, we need to run semver next twice to get the next version for mahor and minor releases. Reason: Any X.Y.Z-SNAPSHOT version will be released as X.Y.Z if we run semver next major X.Y.Z-SNAPSHOT | |
- name: Set next version | |
if: ${{ github.event.inputs.version == 'patch' }} | |
run: echo "NEXT_VERSION=$(semver next ${{ github.event.inputs.version }} $CURRENT_VERSION_WITH_SNAPSHOT)" >> $GITHUB_ENV | |
- name: Set next version | |
# semver next for a snapshot only releases the snapshot version, so we need to run it 2 times | |
if: ${{ github.event.inputs.version == 'major' || github.event.inputs.version == 'minor' }} | |
run: echo "NEXT_VERSION=$(semver next ${{ github.event.inputs.version }} $CURRENT_VERSION)" >> $GITHUB_ENV | |
- name: run maven-lockfile (validate lockfile) | |
uses: chains-project/maven-lockfile@526cd67327ab19c7bd95be6d2d16530d80bf3c9e # v5.2.0 | |
with: | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
include-maven-plugins: true | |
commit-lockfile: false | |
- name: set branchname to next version | |
run: echo "BRANCH_NAME=release/$NEXT_VERSION" >> $GITHUB_ENV | |
- name: Set release version | |
run: mvn --no-transfer-progress --batch-mode versions:set -DnewVersion=$NEXT_VERSION -DprocessAllModules | |
- name: Generate Readme | |
run : mvn generate-resources resources:copy-resources | |
- name: run maven-lockfile (generate new lockfile for release version) | |
env: | |
POM_CHANGED: true # the version has changed, new lockfile is needed | |
COMMIT_UPDATED_LOCKFILE: true | |
run: ~/.jbang/bin/jbang --repos 'mavencentral' io.github.chains-project:maven-lockfile-github-action:5.2.0 | |
shell: bash | |
- name: commit changes | |
run: | | |
git checkout -b ${{ env.BRANCH_NAME }} | |
git commit -am "🔖 Releasing version ${{ env.NEXT_VERSION }}" | |
git push --set-upstream origin ${{ env.BRANCH_NAME }} | |
# Now we can run the release | |
- name: Stage release | |
run: mvn --no-transfer-progress --batch-mode -Ppublication clean deploy -DaltDeploymentRepository=local::file:./target/staging-deploy | |
- name: generate buildinfo file | |
run: mvn org.apache.maven.plugins:maven-artifact-plugin:3.4.1:buildinfo | |
- name: Print next version | |
run: mvn help:evaluate -Dexpression=project.version -q -DforceStdout | sed 's/-SNAPSHOT//' | |
- name: Run JReleaser | |
uses: jreleaser/release-action@f69e545b05f149483cecb2fb81866247992694b8 | |
with: | |
setup-java: false | |
version: 1.15.0 | |
arguments: full-release | |
env: | |
JRELEASER_PROJECT_VERSION: ${{ env.NEXT_VERSION }} | |
JRELEASER_GITHUB_TOKEN: ${{ secrets.JRELEASER_GITHUB_TOKEN }} | |
JRELEASER_GPG_PASSPHRASE: ${{ secrets.JRELEASER_GPG_PASSPHRASE }} | |
JRELEASER_GPG_PUBLIC_KEY: ${{ secrets.JRELEASER_GPG_PUBLIC_KEY }} | |
JRELEASER_GPG_SECRET_KEY: ${{ secrets.JRELEASER_GPG_SECRET_KEY }} | |
JRELEASER_NEXUS2_MAVEN_CENTRAL_USERNAME: ${{ secrets.JRELEASER_NEXUS2_MAVEN_CENTRAL_USERNAME }} | |
JRELEASER_NEXUS2_MAVEN_CENTRAL_PASSWORD: ${{ secrets.JRELEASER_NEXUS2_MAVEN_CENTRAL_PASSWORD }} | |
# Now we can update the changelog | |
- name: Append changelog from out/jreleaser/CHANGELOG.md to CHANGELOG.md with version as header | |
run: | | |
echo "" >> CHANGELOG.md | |
echo -n "# ${{ env.NEXT_VERSION }}" >> CHANGELOG.md | |
echo "" >> CHANGELOG.md | |
cat out/jreleaser/release/CHANGELOG.md >> CHANGELOG.md | |
echo "" >> CHANGELOG.md | |
# Time to set the next version: The next version of any Release is a snapshot version of the next patch version | |
- name : Set next version (patch of release version) with -SNAPSHOT suffix | |
run: | | |
echo "NEXT_RELEASE_VERSION=$(semver next patch $NEXT_VERSION)-SNAPSHOT" >> $GITHUB_ENV | |
echo "NEXT_RELEASE_VERSION_WITHOUT_SNAPSHOT=$(semver next patch $NEXT_VERSION)" >> $GITHUB_ENV | |
- name: Set release version | |
run: mvn --no-transfer-progress --batch-mode versions:set -DnewVersion=$NEXT_RELEASE_VERSION -DprocessAllModules | |
# Time to update some files with the new version | |
#1 Readme and action.yml | |
- name: Generate Readme | |
run : mvn generate-resources resources:copy-resources -q | |
- name: run maven-lockfile (generate new lockfile for -SNAPSHOT version) | |
env: | |
POM_CHANGED: true # the version has changed, new lockfile is needed | |
COMMIT_UPDATED_LOCKFILE: true | |
run: ~/.jbang/bin/jbang --repos 'mavencentral' io.github.chains-project:maven-lockfile-github-action:5.2.0 | |
shell: bash | |
# Commit and push changes | |
- name: Commit & Push changes | |
run: | | |
git commit -am "🔖 Setting SNAPSHOT version ${{ env.NEXT_RELEASE_VERSION }}" | |
git push --set-upstream origin ${{ env.BRANCH_NAME }} | |
- name: Merge Fast Forward | |
run: | | |
git checkout main | |
git merge --ff-only ${{ env.BRANCH_NAME }} | |
- name: Attempt Push with Retry | |
env: | |
RETRY_MAX_TIME: 600 | |
RETRY_INTERVAL: 10 | |
run: | | |
curl -L \ | |
-X POST \ | |
-H "Accept: application/vnd.github+json" \ | |
-H "Authorization: Bearer ${{ secrets.JRELEASER_GITHUB_TOKEN }}" \ | |
-H "X-GitHub-Api-Version: 2022-11-28" \ | |
https://api.github.com/repos/${{ github.repository }}/pulls \ | |
-d '{"title":"Release ${{ env.BRANCH_NAME }} ff-merge","body":"PR to trigger tests required for branch protection rules","head":"${{ env.BRANCH_NAME }}","base":"main"}' | |
START_TIME=$(date +%s) | |
while true; do | |
git push origin main && break | |
ELAPSED_TIME=$(( $(date +%s) - START_TIME )) | |
if [ "$ELAPSED_TIME" -ge $RETRY_MAX_TIME ]; then | |
echo "Push failed after $RETRY_MAX_TIME seconds. Exiting..." | |
exit 1 | |
fi | |
echo "Push failed. Retrying in $RETRY_INTERVAL seconds..." | |
sleep $RETRY_INTERVAL | |
done | |
# Log failure: | |
- name: JReleaser release output | |
if: always() | |
uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4 | |
with: | |
name: jreleaser-release | |
path: | | |
out/jreleaser/trace.log | |
out/jreleaser/output.properties |