This repository has been archived by the owner on Dec 10, 2024. It is now read-only.
Fix/trying to fix token holder zezo #1018
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Publish artifacts to (internal) Gitlab Packages | |
| on: | |
| push: | |
| branches: | |
| - main | |
| - develop | |
| pull_request: | |
| types: [ opened, synchronize ] | |
| workflow_dispatch: | |
| env: | |
| PRIVATE_DOCKER_REGISTRY_URL: ${{ secrets.GITLAB_DOCKER_REGISTRY_URL }} | |
| PRIVATE_DOCKER_REGISTRY_USER: Deploy-Token | |
| PRIVATE_DOCKER_REGISTRY_PASS: ${{ secrets.GITLAB_PKG_REGISTRY_TOKEN }} | |
| PRIVATE_MVN_REGISTRY_TOKEN: ${{ secrets.GITLAB_PKG_REGISTRY_TOKEN }} | |
| PRIVATE_MVN_REGISTRY_URL: ${{ secrets.GITLAB_MAVEN_REGISTRY_URL }} | |
| PRIVATE_MVN_REGISTRY_USER: Deploy-Token | |
| PRIVATE_MVN_REGISTRY_PASS: ${{ secrets.GITLAB_PKG_REGISTRY_TOKEN }} | |
| jobs: | |
| publish: | |
| permissions: | |
| contents: read | |
| packages: write | |
| runs-on: self-hosted | |
| if: | | |
| "contains(github.event.head_commit.message, 'release-please--branches--main')" || | |
| ${{ github.event_name == 'pull_request' }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| - name: Setup JDK 18 | |
| uses: actions/setup-java@v3 | |
| with: | |
| java-version: '18' | |
| distribution: 'temurin' | |
| cache: maven | |
| - name: Setup depends | |
| run: | | |
| pip install yq | |
| - name: Setup maven settings.xml | |
| run: | | |
| envsubst < ./.m2/settings.default.xml.tpl > ./.m2/settings.xml | |
| - name: Set extra environment and metadata | |
| id: metadata | |
| run: | | |
| GIT_SHORT_COMMIT=$(git rev-parse --short "$GITHUB_SHA") | |
| CURRENT_VERSION=$(xq -r .project.version pom.xml) | |
| DOCKER_IMAGE_NAME=$(basename ${GITHUB_REPOSITORY}) | |
| echo "DOCKER_IMAGE_NAME=${DOCKER_IMAGE_NAME}" >> "$GITHUB_ENV" | |
| if [ ${{github.event_name}} == "pull_request" ] | |
| then | |
| PR_NUMBER=$(echo $GITHUB_REF | awk -F/ '{ print $3 }') | |
| ARTIFACT_VERSION="${CURRENT_VERSION}-PR${PR_NUMBER}" | |
| echo "ARTIFACT_VERSION=${ARTIFACT_VERSION}" | tee -a "$GITHUB_ENV" | tee -a "$GITHUB_OUTPUT" | |
| echo "DOCKER_LATEST_IMAGE_TAG=" >> "$GITHUB_ENV" | |
| else | |
| # Make sure develop branch artifacts include SNAPSHOT | |
| BRANCH=${GITHUB_REF##*/} | |
| echo "BRANCH=${GITHUB_REF##*/}" >> "$GITHUB_OUTPUT" | |
| if [[ "${BRANCH}" == "develop" ]] && [[ "${CURRENT_VERSION}" =~ .*-SNAPSHOT$ ]] | |
| then | |
| echo "DEVELOP_SNAPSHOT_OK=true" >> "$GITHUB_OUTPUT" | |
| fi | |
| ARTIFACT_VERSION=${CURRENT_VERSION} | |
| echo "ARTIFACT_VERSION=${ARTIFACT_VERSION}" | tee -a "$GITHUB_ENV" | tee -a "$GITHUB_OUTPUT" | |
| echo "DOCKER_LATEST_IMAGE_TAG=${{ env.PRIVATE_DOCKER_REGISTRY_URL }}/${DOCKER_IMAGE_NAME}:latest" >> "$GITHUB_ENV" | |
| fi | |
| echo "DOCKER_COMMIT_TAG=${ARTIFACT_VERSION}-${GIT_SHORT_COMMIT}" | tee -a "$GITHUB_ENV" | tee -a "$GITHUB_OUTPUT" | |
| echo "DOCKER_COMMIT_GHRUNID_TAG=${ARTIFACT_VERSION}-${GIT_SHORT_COMMIT}-${GITHUB_RUN_ID}" | tee -a "$GITHUB_ENV" | tee -a "$GITHUB_OUTPUT" | |
| - name: Setup mvn settings.yml | |
| uses: s4u/[email protected] | |
| with: | |
| servers: '[{"id": "private-registry","configuration": {"httpHeaders": {"property": {"name": "PRIVATE-TOKEN","value": "${{ env.PRIVATE_MVN_REGISTRY_TOKEN }}"}}}}]' | |
| - name: Build | |
| run: | | |
| mvn --batch-mode --update-snapshots clean package -DskipTests | |
| - name: Set pom.xml version | |
| if: | | |
| steps.metadata.outputs.BRANCH == 'main' || | |
| steps.metadata.outputs.DEVELOP_SNAPSHOT_OK == 'true' | |
| run: | | |
| if [ ${{github.event_name}} == "pull_request" ] | |
| then | |
| PR_NUMBER=$(echo $GITHUB_REF | awk -F/ '{ print $3 }') | |
| CURRENT_VERSION=$(xq -r .project.version pom.xml) | |
| NEW_VERSION="${CURRENT_VERSION}-PR${PR_NUMBER}" | |
| xq \ | |
| --arg NEW_VERSION "${NEW_VERSION}" \ | |
| '.project.version = $NEW_VERSION' \ | |
| pom.xml \ | |
| --xml-output > pom.xml.mod && mv pom.xml.mod pom.xml | |
| fi | |
| - name: Publish maven artifacts | |
| if: | | |
| steps.metadata.outputs.BRANCH == 'main' || | |
| steps.metadata.outputs.DEVELOP_SNAPSHOT_OK == 'true' | |
| run: | | |
| xq \ | |
| --arg REPOSITORY_ID private-registry \ | |
| --arg REPOSITORY_NAME "${GITHUB_REPOSITORY}" \ | |
| --arg REPOSITORY_URL "${{ env.PRIVATE_MVN_REGISTRY_URL }}" \ | |
| '.project.distributionManagement = { "repository": { "id": $REPOSITORY_ID, "name": $REPOSITORY_NAME , "url": $REPOSITORY_URL } }' \ | |
| pom.xml \ | |
| --xml-output > pom.xml.mod && mv pom.xml.mod pom.xml | |
| mvn --batch-mode --update-snapshots deploy -DskipTests | |
| - name: Docker Login | |
| uses: docker/login-action@v2 | |
| if: | | |
| steps.metadata.outputs.BRANCH == 'main' || | |
| steps.metadata.outputs.DEVELOP_SNAPSHOT_OK == 'true' || | |
| github.event_name == 'pull_request' | |
| with: | |
| registry: ${{ env.PRIVATE_DOCKER_REGISTRY_URL }} | |
| username: ${{ env.PRIVATE_DOCKER_REGISTRY_USER }} | |
| password: ${{ env.PRIVATE_DOCKER_REGISTRY_PASS }} | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v2 | |
| - name: Build and Push docker image | |
| uses: docker/build-push-action@v4 | |
| if: | | |
| steps.metadata.outputs.BRANCH == 'main' || | |
| steps.metadata.outputs.DEVELOP_SNAPSHOT_OK == 'true' || | |
| github.event_name == 'pull_request' | |
| with: | |
| context: . | |
| push: true | |
| tags: | | |
| ${{ env.DOCKER_LATEST_IMAGE_TAG }} | |
| ${{ env.PRIVATE_DOCKER_REGISTRY_URL }}/${{ env.DOCKER_IMAGE_NAME }}:${{ env.ARTIFACT_VERSION }} | |
| ${{ env.PRIVATE_DOCKER_REGISTRY_URL }}/${{ env.DOCKER_IMAGE_NAME }}:${{ env.DOCKER_COMMIT_TAG }} | |
| ${{ env.PRIVATE_DOCKER_REGISTRY_URL }}/${{ env.DOCKER_IMAGE_NAME }}:${{ env.DOCKER_COMMIT_GHRUNID_TAG }} | |
| build-args: | | |
| PRIVATE_MVN_REGISTRY_URL=${{ env.PRIVATE_MVN_REGISTRY_URL }} | |
| PRIVATE_MVN_REGISTRY_USER=${{ env.PRIVATE_MVN_REGISTRY_USER }} | |
| PRIVATE_MVN_REGISTRY_PASS=${{ env.PRIVATE_MVN_REGISTRY_PASS }} |