Build out workflow for incrementing

qld-gov-au · Jul 29, 2024 · c7ac499 · c7ac499
1 parent b128d27
commit c7ac499
Show file tree

Hide file tree

Showing 2 changed files with 131 additions and 25 deletions.
diff --git a/.github/bin/versionIncrement.sh b/.github/bin/versionIncrement.sh
@@ -16,15 +16,15 @@ major=${version_parts[0]}
 minor=${version_parts[1]}
 patch=${version_parts[2]}
 next_patch=$((patch + 1))
-next_development_version="'$major.$minor.$next_patch-SNAPSHOT'"
-next_version="'$major.$minor.$next_patch'"
+next_development_version="$major.$minor.$patch-SNAPSHOT"
+next_version="$major.$minor.$next_patch"
 
 # Update the YAML file
-./update_text.sh ./../workflows/publish.yml releaseVersion $next_version
-./update_text.sh ./../workflows/publish.yml developmentVersion $next_development_version
+./update_text.sh ./../workflows/publish.yml releaseVersion "$next_version"
+./update_text.sh ./../workflows/publish.yml developmentVersion "$next_development_version"
 
 
 git add ./../workflows/publish.yml
 git commit -m "Updated publish.yml with release version: $release_version and development version: $next_development_version"
 
-echo "Updated publish.yml with release version: $release_version and development version: $next_development_version and commited"
+echo "Updated publish.yml with next patch release version: $release_version and patch development version: $next_development_version and commited"
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
@@ -36,6 +36,7 @@ jobs:
         uses: actions/checkout@v4
         with:
           ssh-key: ${{ secrets.DEPLOY_KEY }}
+          fetch-depth: 3
 
       - name: Set up JDK
         uses: actions/setup-java@v4
@@ -44,6 +45,39 @@ jobs:
           java-version: '21'
           cache: 'maven'
 
+      - name: Dump event context for debugging
+        continue-on-error: true  # Debugging output only, and this annoyingly fails when the commit messge has a (
+        run: |
+          echo '${{ github.event_name }} for ${{ github.ref_type }} ${{ github.ref_name }} or ${{ github.event.ref }}'
+          # https://docs.github.com/en/developers/webhooks-and-events/webhooks/webhook-events-and-payloads#push
+          echo 'github.event:'
+          echo '${{ toJSON(github.event) }}'
+
+      - name: Dump github context for debugging
+        continue-on-error: true  # Debugging output only, and this annoyingly fails when the commit message has a (
+        run: |
+          echo '${{ toJSON(github) }}'
+
+      - name: Try to set a master password
+        run: |
+          MASTERPWD=$(openssl rand -base64 25)
+          echo "<settingsSecurity> <master>$(mvn --encrypt-master-password "$MASTERPWD")</master></settingsSecurity>" > $HOME/.m2/settings-security.xml
+          # echo "MASTERPWD=\"$MASTERPWD\"" >> $GITHUB_ENV
+          # The master password isn't actually used, but the maven-gpg-plugin complains otherwise.
+
+      - name: Git & Maven Status
+        run: |
+          $MVNCMD -version
+          git remote -v
+          git status --untracked-files --ignored
+          git log -3 --no-color --decorate
+
+      - name: Mvn Effective POM
+        run: $MVNCMD -N help:effective-pom
+
+      - name: Mvn Effective Settings
+        run: $MVNCMD -N help:effective-settings
+
       - name: Build with Maven
         env:
           KITEWORKS_BASE_URI: ${{ secrets.KITEWORKS_BASE_URI }}
@@ -58,34 +92,81 @@ jobs:
 
       - name: Set up Git username and email
         run: |
-          git config --global user.name " ${{ variables.GPG_NAME }}"
+          git config --global user.name "${{ variables.GPG_NAME }}"
           git config --global user.email "${{ secrets.GPG_EMAIL }}"
-          echo "${{ secrets.GPG_KEY }}" | gpg --batch --import
+          echo "${{ secrets.GPG_KEY }}" | base64 --decode | gpg --import --no-tty --batch --yes
+          gpg -v --refresh-keys
+          gpg --list-secret-keys --keyid-format LONG
           git config --global user.signingkey ${{ secrets.GPG_KEY_ID }}
           git config --global commit.gpgSign true
           git config --global gpg.program gpg
         env:
-          ssh-deploy-key: ${{ secrets.DEPLOY_KEY }}
-          ssh-gpg-email: ${{ secrets.GPG_EMAIL }}
-          ssh-gpg-key: ${{ secrets.GPG_KEY }}
-          ssh-gpg-key-id: ${{ secrets.GPG_KEY_ID }}
-          ssh-gpg-name: ${{ variables.GPG_NAME }}
+          #ssh-deploy-key: ${{ secrets.DEPLOY_KEY }}
+          #ssh-gpg-email: ${{ secrets.GPG_EMAIL }}
+          #ssh-gpg-key: ${{ secrets.GPG_KEY }}
+          #ssh-gpg-key-id: ${{ secrets.GPG_KEY_ID }}
+          #ssh-gpg-name: ${{ variables.GPG_NAME }}
 
-      - name: "Verify GPG setup"
-        run: gpg --list-keys
+      - name: Check that we are on snapshot branch before creating the release
+        run: |
+          echo "Version: "
+          $MVNCMD help:evaluate -Dexpression=project.version -q -DforceStdout
+          $MVNCMD help:evaluate -Dexpression=project.version -q -DforceStdout | egrep -- '-SNAPSHOT$' > /dev/null || exit 1
+          # unfortunately, this would require a snapshot parent if just called from the command line, so we cannot use it: :-(
+          # mvn org.apache.maven.plugins:maven-enforcer-plugin:3.2.1:enforce -Drules=requireSnapshotVersion
+
+      - name: Check that we are on snapshot branch before creating the release
+        run: |
+          echo "Version: "
+          $MVNCMD help:evaluate -Dexpression=project.version -q -DforceStdout
+          $MVNCMD help:evaluate -Dexpression=project.version -q -DforceStdout | egrep -- '-SNAPSHOT$' > /dev/null || exit 1
+          # unfortunately, this would require a snapshot parent if just called from the command line, so we cannot use it: :-(
+          # mvn org.apache.maven.plugins:maven-enforcer-plugin:3.2.1:enforce -Drules=requireSnapshotVersion
+
+      - name: Dry run of release goals
+
+        run: |
+          mvn clean release:clean
+          mvn release:prepare -DdryRun=true -DpushChanges=false
+          mvn release:perform -DdryRun=true -DlocalCheckout=true -DdeployAtEnd=true
+          mvn clean release:clean
+          git clean -f -d -x
+
+      - name: Verify git is clean
+        run: |
+          git status --untracked-files --ignored
+          git log -3 --no-color --decorate
+          git clean -f -d
+
+      - name: Prepare package publish
+        run: |
+          # Define versions and tag
+          RELEASE_VERSION="${github.event.inputs.releaseVersion}"
+          DEVELOPMENT_VERSION="${github.event.inputs.developmentVersion}"
+          TAG=v"${github.event.inputs.releaseVersion}"
+          
+          # Prepare the release with -DpushChanges=false so its all local for now
+          mvn release:prepare -DreleaseVersion=$RELEASE_VERSION -DdevelopmentVersion=$DEVELOPMENT_VERSION -Dtag=$TAG -DpushChanges=false
 
-      - name: Increment poms
-        run: echo "do"
         env:
-          ssh-deploy-key: ${{ secrets.DEPLOY_KEY }}
-          ssh-gpg-email: ${{ secrets.GPG_EMAIL }}
-          ssh-gpg-key: ${{ secrets.GPG_KEY }}
-          ssh-gpg-key-id: ${{ secrets.GPG_KEY_ID }}
-          ssh-gpg-name: ${{ variables.GPG_NAME }}
+          KITEWORKS_BASE_URI: ${{ secrets.KITEWORKS_BASE_URI }}
+          KITEWORKS_CLIENT_ID: ${{ secrets.KITEWORKS_CLIENT_ID }}
+          KITEWORKS_CLIENT_SECRET: ${{ secrets.KITEWORKS_CLIENT_SECRET }}
+          KITEWORKS_SIGNATURE_KEY: ${{ secrets.KITEWORKS_SIGNATURE_KEY }}
+          KITEWORKS_USER_ID: ${{ secrets.KITEWORKS_USER_ID }}
+          KITEWORKS_CLIENT_APP_SCOPES: ${{ secrets.KITEWORKS_CLIENT_APP_SCOPES }}
+          KITEWORKS_REDIRECT_URI: ${{ secrets.KITEWORKS_REDIRECT_URI }}
+          KITEWORKS_ACCESS_TOKEN_URI: ${{ secrets.KITEWORKS_ACCESS_TOKEN_URI }}
+
+      - name: Git status after prepare
+        run: |
+          git status --untracked-files --ignored
+          git log -3 --no-color --decorate
+          cat release.properties || true
 
-      - name: Publish package
+      - name: Perform package publish
         if: ${{ env.DO_DEPLOYMENT == 'true' }}
-        run: mvn --batch-mode deploy
+        run: mvn  release:perform -DlocalCheckout=true -DdeployAtEnd=true "-Dgoals=clean install package source:jar javadoc:jar deploy"
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           KITEWORKS_BASE_URI: ${{ secrets.KITEWORKS_BASE_URI }}
@@ -97,12 +178,37 @@ jobs:
           KITEWORKS_REDIRECT_URI: ${{ secrets.KITEWORKS_REDIRECT_URI }}
           KITEWORKS_ACCESS_TOKEN_URI: ${{ secrets.KITEWORKS_ACCESS_TOKEN_URI }}
 
+      - name: Git Status after perform
+        if: always()
+        run: |
+          git status
+          git log -3 --no-color --decorate
+
+      - name: Git Status after perform, long
+        if: always()
+        run: |
+          git status --untracked-files --ignored
+
       - name: Increment workflow defaults
         if: ${{ env.DO_DEPLOYMENT == 'true' }}
         run: |
           ./../bin/versionIncrement.sh
-          git push
-        
+      
+
+      - name: Push changes
+        if: ${{ env.DO_DEPLOYMENT == 'true' }}
+        run: |
+          git push origin --follow-tags -v
+
+      - name: List target files even if recipe fails
+        if: always()
+        run: |
+          pwd
+          ls -ld
+          ls -ld target
+          find . -type d -name target
+          ls -l ./target/checkout/target || true
+          ls -l ./target/checkout/commons/target || true
 
       - name: Publish - Skipped
         if: ${{ env.DO_DEPLOYMENT != 'true' }}