Merge #345 into 3.6.0-RC1 #235
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: publish | |
on: | |
push: | |
branches: # For branches, better to list them explicitly than regexp include | |
- main | |
- 3.5.x | |
- 3.4.x | |
permissions: read-all | |
jobs: | |
# General job notes: we DON'T want to cancel any previous runs, especially in the case of a "back to snapshots" build right after a release push | |
# We specify the ubuntu version to minimize the chances we have to deal with a migration during a release | |
prepare: | |
# Notes on prepare: this job has no access to secrets, only github token. As a result, all non-core actions are centralized here | |
# This includes the tagging and drafting of release notes. Still, when possible we favor plain run of gradle tasks | |
name: prepare | |
runs-on: ubuntu-20.04 | |
outputs: | |
versionType: ${{ steps.version.outputs.versionType }} | |
fullVersion: ${{ steps.version.outputs.fullVersion }} | |
steps: | |
- uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 | |
- name: setup java | |
uses: actions/setup-java@b36c23c0d998641eff861008f374ee103c25ac73 # tag=v3 | |
with: | |
distribution: 'temurin' | |
java-version: 8 | |
- name: interpret version | |
id: version | |
#we only run the qualifyVersionGha task so that no other console printing can hijack this step's output | |
#output: versionType, fullVersion | |
#fails if versionType is BAD, which interrupts the workflow | |
run: ./gradlew qualifyVersionGha | |
- name: run checks | |
id: checks | |
run: ./gradlew check | |
#deploy the snapshot artifacts to Artifactory | |
deploySnapshot: | |
name: deploySnapshot | |
runs-on: ubuntu-20.04 | |
needs: prepare | |
if: needs.prepare.outputs.versionType == 'SNAPSHOT' | |
environment: snapshots | |
steps: | |
- uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 | |
- uses: actions/setup-java@b36c23c0d998641eff861008f374ee103c25ac73 # tag=v3 | |
with: | |
distribution: 'temurin' | |
java-version: 8 | |
- name: deploy | |
env: | |
ORG_GRADLE_PROJECT_artifactory_publish_username: ${{secrets.ARTIFACTORY_SNAPSHOT_USERNAME}} | |
ORG_GRADLE_PROJECT_artifactory_publish_password: ${{secrets.ARTIFACTORY_PASSWORD}} | |
run: | | |
./gradlew assemble artifactoryPublish -Partifactory_publish_contextUrl=https://repo.spring.io -Partifactory_publish_repoKey=libs-snapshot-local | |
#sign the milestone artifacts and deploy them to Artifactory | |
deployMilestone: | |
name: deployMilestone | |
runs-on: ubuntu-20.04 | |
needs: prepare | |
if: needs.prepare.outputs.versionType == 'MILESTONE' | |
environment: releases | |
steps: | |
- uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 | |
- uses: actions/setup-java@b36c23c0d998641eff861008f374ee103c25ac73 # tag=v3 | |
with: | |
distribution: 'temurin' | |
java-version: 8 | |
- name: deploy | |
env: | |
ORG_GRADLE_PROJECT_artifactory_publish_username: ${{secrets.ARTIFACTORY_USERNAME}} | |
ORG_GRADLE_PROJECT_artifactory_publish_password: ${{secrets.ARTIFACTORY_PASSWORD}} | |
ORG_GRADLE_PROJECT_signingKey: ${{secrets.SIGNING_KEY}} | |
ORG_GRADLE_PROJECT_signingPassword: ${{secrets.SIGNING_PASSPHRASE}} | |
run: | | |
./gradlew assemble sign artifactoryPublish -Partifactory_publish_contextUrl=https://repo.spring.io -Partifactory_publish_repoKey=libs-milestone-local | |
#sign the release artifacts and deploy them to Artifactory | |
deployRelease: | |
name: deployRelease | |
runs-on: ubuntu-20.04 | |
needs: prepare | |
if: needs.prepare.outputs.versionType == 'RELEASE' | |
environment: releases | |
steps: | |
- uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 | |
- uses: actions/setup-java@b36c23c0d998641eff861008f374ee103c25ac73 # tag=v3 | |
with: | |
distribution: 'temurin' | |
java-version: 8 | |
- name: deploy | |
env: | |
ORG_GRADLE_PROJECT_artifactory_publish_username: ${{secrets.ARTIFACTORY_USERNAME}} | |
ORG_GRADLE_PROJECT_artifactory_publish_password: ${{secrets.ARTIFACTORY_PASSWORD}} | |
ORG_GRADLE_PROJECT_signingKey: ${{secrets.SIGNING_KEY}} | |
ORG_GRADLE_PROJECT_signingPassword: ${{secrets.SIGNING_PASSPHRASE}} | |
ORG_GRADLE_PROJECT_sonatypeUsername: ${{secrets.SONATYPE_USERNAME}} | |
ORG_GRADLE_PROJECT_sonatypePassword: ${{secrets.SONATYPE_PASSWORD}} | |
run: | | |
./gradlew assemble sign artifactoryPublish -Partifactory_publish_contextUrl=https://repo.spring.io -Partifactory_publish_repoKey=libs-release-local publishMavenJavaPublicationToSonatypeRepository | |
tagMilestone: | |
name: Tag milestone | |
needs: [ prepare, deployMilestone ] | |
runs-on: ubuntu-20.04 | |
permissions: | |
contents: write | |
steps: | |
- uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 | |
- name: tag | |
run: | | |
git config --local user.name 'reactorbot' | |
git config --local user.email '[email protected]' | |
git tag -m "Release milestone ${{ needs.prepare.outputs.fullVersion }}" v${{ needs.prepare.outputs.fullVersion }} ${{ github.sha }} | |
git push --tags | |
tagRelease: | |
name: Tag release | |
needs: [ prepare, deployRelease ] | |
runs-on: ubuntu-20.04 | |
permissions: | |
contents: write | |
steps: | |
- uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 | |
- name: tag | |
run: | | |
git config --local user.name 'reactorbot' | |
git config --local user.email '[email protected]' | |
git tag -m "Release version ${{ needs.prepare.outputs.fullVersion }}" v${{ needs.prepare.outputs.fullVersion }} ${{ github.sha }} | |
git push --tags | |
# For Gradle configuration of signing, see https://docs.gradle.org/current/userguide/signing_plugin.html#sec:in-memory-keys | |
# publishMavenJavaPublicationToSonatypeRepository only sends to a staging repository |