-
Notifications
You must be signed in to change notification settings - Fork 8
294 lines (255 loc) · 14.3 KB
/
pass-complete-release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
name: "Publish: Release All"
run-name: Release All Modules (${{ inputs.releaseversion }} -> ${{ inputs.nextversion}})
on:
workflow_dispatch:
inputs:
releaseversion:
description: 'Release version'
required: true
nextversion:
description: 'Next dev version'
required: true
jobs:
release:
runs-on: ubuntu-latest
env:
RELEASE: ${{ inputs.releaseversion }}
NEXT: ${{ inputs.nextversion }}
steps:
- name: Checkout main
uses: actions/checkout@v4
with:
path: main
fetch-depth: 0
- name: Setup Java & Maven
uses: actions/setup-java@v3
with:
java-version: 17
distribution: 'temurin'
cache: 'maven'
server-id: ossrh
server-username: MAVEN_USERNAME
server-password: MAVEN_PASSWORD
gpg-private-key: ${{ secrets.MAVEN_GPG_KEY }}
gpg-passphrase: MAVEN_GPG_PASSPHRASE
- name: Get the artifact from the main POM
working-directory: main
run: |
echo "ARTIFACT=`mvn help:evaluate -Dexpression=project.artifactId -q -DforceStdout`" >> $GITHUB_ENV
- name: Configure git user
run: |
git config --global user.name ${{ github.actor }}
git config --global user.email "${{ github.actor }}@users.noreply.github.com"
- name: Create combined module
run: |
mkdir combined
cp main/pom.xml combined
sed -i '/<\/developers>/a <modules><module>pass-core</module><module>pass-support</module></modules>' combined/pom.xml
- name: Checkout all released PASS repos
run: |
git clone https://${{ secrets.JAVA_RELEASE_PAT }}@github.com/eclipse-pass/pass-core.git combined/pass-core
git clone https://${{ secrets.JAVA_RELEASE_PAT }}@github.com/eclipse-pass/pass-support.git combined/pass-support
git clone https://${{ secrets.JAVA_RELEASE_PAT }}@github.com/eclipse-pass/pass-ui.git combined/pass-ui
git clone https://${{ secrets.JAVA_RELEASE_PAT }}@github.com/eclipse-pass/pass-acceptance-testing.git combined/pass-acceptance-testing
git clone https://${{ secrets.JAVA_RELEASE_PAT }}@github.com/eclipse-pass/pass-docker.git combined/pass-docker
- name: Setup Node & pnpm
uses: actions/setup-node@v4
with:
node-version: 20
- name: Login to GHCR
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.JAVA_RELEASE_PAT }}
- name: Check for Release tags
run: |
(cd main && echo "MAIN_TAG_EXISTS=$(git tag -l "$RELEASE")" >> $GITHUB_ENV)
(cd combined/pass-core && echo "PASS_CORE_TAG_EXISTS=$(git tag -l "$RELEASE")" >> $GITHUB_ENV)
(cd combined/pass-support && echo "PASS_SUPPORT_TAG_EXISTS=$(git tag -l "$RELEASE")" >> $GITHUB_ENV)
(cd combined/pass-ui && echo "PASS_UI_TAG_EXISTS=$(git tag -l "$RELEASE")" >> $GITHUB_ENV)
(cd combined/pass-acceptance-testing && echo "PASS_ACCPT_TEST_TAG_EXISTS=$(git tag -l "$RELEASE")" >> $GITHUB_ENV)
(cd combined/pass-docker && echo "PASS_DOCKER_TAG_EXISTS=$(git tag -l "$RELEASE")" >> $GITHUB_ENV)
- name: Create aggregate tag env vars
run: |
echo "ALL_JAVA_REPOS_TAG_EXISTS=${{ env.MAIN_TAG_EXISTS && env.PASS_CORE_TAG_EXISTS && env.PASS_SUPPORT_TAG_EXISTS }}" >> $GITHUB_ENV
# Note that the Java Repositories uses --force on tagging and pushing tagging. This is to cover the case where
# there is a failure during the Push commits and tags step, then the workflow is re-run, we will update any tag
# that made it to the remote to the new commit created when updating the version.
- name: Set Release/commit/tag ~ Java Repositories
if: ${{ ! env.ALL_JAVA_REPOS_TAG_EXISTS }}
run: |
(cd main && mvn versions:set -B -ntp -DnewVersion=$RELEASE && git commit --allow-empty -am "Update version to $RELEASE" && git tag --force $RELEASE)
(cd combined && mvn versions:set -B -ntp -DnewVersion=$RELEASE)
(cd combined/pass-core && git commit --allow-empty -am "Update version to $RELEASE" && git tag --force $RELEASE)
(cd combined/pass-support && git commit --allow-empty -am "Update version to $RELEASE" && git tag --force $RELEASE)
- name: Release Java modules
if: ${{ ! env.ALL_JAVA_REPOS_TAG_EXISTS }}
uses: ./main/.github/actions/maven-release
with:
repodir: combined
env:
MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }}
MAVEN_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }}
- name: Push Release Docker images to GHCR ~ Java Repositories
if: ${{ ! env.ALL_JAVA_REPOS_TAG_EXISTS }}
run: |
docker push ghcr.io/eclipse-pass/pass-core-main:$RELEASE
docker push ghcr.io/eclipse-pass/deposit-services-core:$RELEASE
docker push ghcr.io/eclipse-pass/pass-notification-service:$RELEASE
docker push ghcr.io/eclipse-pass/jhu-grant-loader:$RELEASE
docker push ghcr.io/eclipse-pass/pass-journal-loader:$RELEASE
docker push ghcr.io/eclipse-pass/pass-nihms-loader:$RELEASE
docker push ghcr.io/eclipse-pass/pass-nihms-token-refresh:$RELEASE
- name: Copy Release SBOMs ~ Java Repositories
if: ${{ ! env.ALL_JAVA_REPOS_TAG_EXISTS }}
run: |
cp combined/pass-core/pass-core-main/target/classes/META-INF/sbom/application.cdx.json pass-core-main-$RELEASE-cyclonedx-sbom.json
cp combined/pass-support/pass-data-client/target/classes/META-INF/sbom/application.cdx.json pass-data-client-$RELEASE-cyclonedx-sbom.json
cp combined/pass-support/pass-deposit-services/deposit-core/target/classes/META-INF/sbom/application.cdx.json deposit-core-$RELEASE-cyclonedx-sbom.json
cp combined/pass-support/pass-grant-loader/target/classes/META-INF/sbom/application.cdx.json pass-grant-loader-$RELEASE-cyclonedx-sbom.json
cp combined/pass-support/pass-journal-loader/pass-journal-loader-nih/target/classes/META-INF/sbom/application.cdx.json pass-journal-loader-nih-$RELEASE-cyclonedx-sbom.json
cp combined/pass-support/pass-nihms-loader/nihms-data-harvest/target/classes/META-INF/sbom/application.cdx.json nihms-data-harvest-$RELEASE-cyclonedx-sbom.json
cp combined/pass-support/pass-nihms-loader/nihms-data-transform-load/target/classes/META-INF/sbom/application.cdx.json nihms-data-transform-load-$RELEASE-cyclonedx-sbom.json
cp combined/pass-support/pass-notification-service/target/classes/META-INF/sbom/application.cdx.json pass-notification-service-$RELEASE-cyclonedx-sbom.json
- name: Set Snapshot/commit ~ Java Repositories
if: ${{ ! env.ALL_JAVA_REPOS_TAG_EXISTS }}
run: |
(cd main && mvn versions:set -B -ntp -DallowSnapshots=true -DnewVersion=$NEXT && git commit --allow-empty -am "Update version to $NEXT")
(cd combined && mvn versions:set -B -ntp -DallowSnapshots=true -DnewVersion=$NEXT)
(cd combined/pass-core && git commit --allow-empty -am "Update version to $NEXT")
(cd combined/pass-support && git commit --allow-empty -am "Update version to $NEXT")
- name: Release Snapshot Java modules
if: ${{ ! env.ALL_JAVA_REPOS_TAG_EXISTS }}
working-directory: combined
run: |
mvn -B -V -ntp -P release clean deploy -DskipTests -DskipITs
env:
MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }}
MAVEN_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }}
- name: Push Snapshot Docker images to GHCR ~ Java Repositories
if: ${{ ! env.ALL_JAVA_REPOS_TAG_EXISTS }}
run: |
docker push ghcr.io/eclipse-pass/pass-core-main:$NEXT
docker push ghcr.io/eclipse-pass/deposit-services-core:$NEXT
docker push ghcr.io/eclipse-pass/pass-notification-service:$NEXT
docker push ghcr.io/eclipse-pass/jhu-grant-loader:$NEXT
docker push ghcr.io/eclipse-pass/pass-journal-loader:$NEXT
docker push ghcr.io/eclipse-pass/pass-nihms-loader:$NEXT
docker push ghcr.io/eclipse-pass/pass-nihms-token-refresh:$NEXT
- name: Push the commits and tags ~ Java Repositories
if: ${{ ! env.ALL_JAVA_REPOS_TAG_EXISTS }}
run: |
(cd main && git push --atomic origin main --force $RELEASE)
(cd combined/pass-core && git push --atomic origin main --force $RELEASE)
(cd combined/pass-support && git push --atomic origin main --force $RELEASE)
- name: Create GitHub main release ~ Java Repositories
if: ${{ ! env.ALL_JAVA_REPOS_TAG_EXISTS }}
run: |
gh release delete "$RELEASE" --repo=eclipse-pass/main || true
gh release create "$RELEASE" --repo=eclipse-pass/main --generate-notes
gh release delete "$RELEASE" --repo=eclipse-pass/pass-core || true
gh release create "$RELEASE" --repo=eclipse-pass/pass-core --generate-notes
gh release upload "$RELEASE" --repo=eclipse-pass/pass-core pass-core-main-$RELEASE-cyclonedx-sbom.json
gh release delete "$RELEASE" --repo=eclipse-pass/pass-support || true
gh release create "$RELEASE" --repo=eclipse-pass/pass-support --generate-notes
gh release upload "$RELEASE" --repo=eclipse-pass/pass-support pass-data-client-$RELEASE-cyclonedx-sbom.json
gh release upload "$RELEASE" --repo=eclipse-pass/pass-support deposit-core-$RELEASE-cyclonedx-sbom.json
gh release upload "$RELEASE" --repo=eclipse-pass/pass-support pass-grant-loader-$RELEASE-cyclonedx-sbom.json
gh release upload "$RELEASE" --repo=eclipse-pass/pass-support pass-journal-loader-nih-$RELEASE-cyclonedx-sbom.json
gh release upload "$RELEASE" --repo=eclipse-pass/pass-support nihms-data-harvest-$RELEASE-cyclonedx-sbom.json
gh release upload "$RELEASE" --repo=eclipse-pass/pass-support nihms-data-transform-load-$RELEASE-cyclonedx-sbom.json
gh release upload "$RELEASE" --repo=eclipse-pass/pass-support pass-notification-service-$RELEASE-cyclonedx-sbom.json
env:
GITHUB_TOKEN: ${{ secrets.JAVA_RELEASE_PAT }}
- name: Set Release/commit/tag ~ pass-ui
if: ${{ ! env.PASS_UI_TAG_EXISTS }}
uses: ./main/.github/actions/node-version
with:
repository_dir: combined/pass-ui
env:
RELEASE: ${{ env.RELEASE }}
- name: Build Release pass-ui
if: ${{ ! env.PASS_UI_TAG_EXISTS }}
uses: ./main/.github/actions/node-build
with:
repository_dir: combined/pass-ui
env_path: ../pass-docker/.env
- name: Push Release Docker images to GHCR ~ pass-ui
if: ${{ ! env.PASS_UI_TAG_EXISTS }}
run: |
docker push ghcr.io/eclipse-pass/pass-ui:$RELEASE
cp combined/pass-ui/pass-ui-$RELEASE-cyclonedx-sbom.json pass-ui-$RELEASE-cyclonedx-sbom.json
- name: Set Snapshot/commit ~ pass-ui
if: ${{ ! env.PASS_UI_TAG_EXISTS }}
uses: ./main/.github/actions/node-version
with:
repository_dir: combined/pass-ui
skip_tag: "true"
env:
RELEASE: ${{ env.NEXT }}
- name: Build Snapshot pass-ui
if: ${{ ! env.PASS_UI_TAG_EXISTS }}
uses: ./main/.github/actions/node-build
with:
repository_dir: combined/pass-ui
env_path: ../pass-docker/.env
- name: Push Snapshot Docker images to GHCR ~ pass-ui
if: ${{ ! env.PASS_UI_TAG_EXISTS }}
run: docker push ghcr.io/eclipse-pass/pass-ui:$NEXT
- name: Push the commits and tags ~ pass-ui
if: ${{ ! env.PASS_UI_TAG_EXISTS }}
run: cd combined/pass-ui && git push --atomic origin main --force $RELEASE
- name: Create GitHub main release ~ pass-ui
if: ${{ ! env.PASS_UI_TAG_EXISTS }}
run: |
gh release create "$RELEASE" --repo=eclipse-pass/pass-ui --generate-notes
gh release upload "$RELEASE" --repo=eclipse-pass/pass-ui pass-ui-$RELEASE-cyclonedx-sbom.json
env:
GITHUB_TOKEN: ${{ secrets.JAVA_RELEASE_PAT }}
- name: Set Release/commit/tag ~ pass-acceptance-testing
if: ${{ ! env.PASS_ACCPT_TEST_TAG_EXISTS }}
uses: ./main/.github/actions/yarn-version
with:
repository_dir: combined/pass-acceptance-testing
env:
RELEASE: ${{ env.RELEASE }}
- name: Set Snapshot/commit ~ pass-acceptance-testing
if: ${{ ! env.PASS_ACCPT_TEST_TAG_EXISTS }}
uses: ./main/.github/actions/yarn-version
with:
repository_dir: combined/pass-acceptance-testing
skip_tag: "true"
env:
RELEASE: ${{ env.NEXT }}
- name: Push the commits and tags ~ pass-acceptance-testing
if: ${{ ! env.PASS_ACCPT_TEST_TAG_EXISTS }}
run: cd combined/pass-acceptance-testing && git push --atomic origin main --force $RELEASE
- name: Create GitHub main release ~ pass-acceptance-testing
if: ${{ ! env.PASS_ACCPT_TEST_TAG_EXISTS }}
run: gh release create "$RELEASE" --repo=eclipse-pass/pass-acceptance-testing --generate-notes
env:
GITHUB_TOKEN: ${{ secrets.JAVA_RELEASE_PAT }}
- name: Set Release/commit/tag ~ pass-docker
if: ${{ ! env.PASS_DOCKER_TAG_EXISTS }}
run: |
cd combined/pass-docker
sed -i "/^PASS_VERSION/s/.*/PASS_VERSION=$RELEASE/" .env
git commit --allow-empty -am "Update version to $RELEASE"
git tag --force $RELEASE
- name: Set Snapshot/commit ~ pass-docker
if: ${{ ! env.PASS_DOCKER_TAG_EXISTS }}
run: |
cd combined/pass-docker
sed -i "/^PASS_VERSION/s/.*/PASS_VERSION=$NEXT/" .env
git commit --allow-empty -am "Update version to $NEXT"
- name: Push the commits and tags ~ pass-docker
if: ${{ ! env.PASS_DOCKER_TAG_EXISTS }}
run: cd combined/pass-docker && git push --atomic origin main --force $RELEASE
- name: Create GitHub main release ~ pass-docker
if: ${{ ! env.PASS_DOCKER_TAG_EXISTS }}
run: gh release create "$RELEASE" --repo=eclipse-pass/pass-docker --generate-notes
env:
GITHUB_TOKEN: ${{ secrets.JAVA_RELEASE_PAT }}