00304 Propagate Errors (#328) #227
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "Deploy Release Artifact" | |
on: | |
workflow_dispatch: | |
inputs: | |
java-version: | |
description: "Java JDK Version:" | |
type: string | |
required: false | |
default: "21.0.3" | |
java-distribution: | |
description: "Java JDK Distribution:" | |
type: string | |
required: false | |
default: "temurin" | |
push: | |
branches: | |
- main | |
tags: | |
- "v[0-9]+.[0-9]+.[0-9]+-?*" | |
defaults: | |
run: | |
shell: bash | |
permissions: | |
contents: read | |
env: | |
LC_ALL: C.UTF-8 | |
PBJ_CORE: pbj-core | |
GRADLE_CACHE_USERNAME: ${{ secrets.GRADLE_CACHE_USERNAME }} | |
GRADLE_CACHE_PASSWORD: ${{ secrets.GRADLE_CACHE_PASSWORD }} | |
jobs: | |
prepare-release: | |
name: Release / Prepare | |
runs-on: network-node-linux-medium | |
outputs: | |
mode: ${{ steps.info.outputs.mode }} | |
version: ${{ steps.info.outputs.version }} | |
prerelease: ${{ steps.info.outputs.prerelease }} | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 | |
with: | |
egress-policy: audit | |
- name: Install Semantic Version Tools | |
run: | | |
echo "::group::Download SemVer Binary" | |
sudo curl -L -o /usr/local/bin/semver https://raw.githubusercontent.com/fsaintjacques/semver-tool/master/src/semver | |
echo "::endgroup::" | |
echo "::group::Change SemVer Binary Permissions" | |
sudo chmod -v +x /usr/local/bin/semver | |
echo "::endgroup::" | |
echo "::group::Show SemVer Binary Version Info" | |
semver --version | |
echo "::endgroup::" | |
- name: Extract Version Info | |
id: info | |
env: | |
IS_TAGGED_RELEASE: ${{ github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v') }} | |
run: | | |
if [[ "${IS_TAGGED_RELEASE}" == true ]]; then | |
RELEASE_VERSION="$(semver get release "${{ github.ref_name }}")" | |
PRERELEASE_VERSION="$(semver get prerel "${{ github.ref_name }}")" | |
RELEASE_MODE="specified" | |
FINAL_VERSION="${RELEASE_VERSION}" | |
PRERELEASE_FLAG="false" | |
[[ -n "${PRERELEASE_VERSION}" ]] && FINAL_VERSION="${RELEASE_VERSION}-${PRERELEASE_VERSION}" | |
[[ -n "${PRERELEASE_VERSION}" ]] && PRERELEASE_FLAG="true" | |
else | |
RELEASE_MODE="snapshot" | |
PRERELEASE_FLAG="true" | |
FINAL_VERSION="" | |
fi | |
echo "mode=${RELEASE_MODE}" >>"${GITHUB_OUTPUT}" | |
echo "version=${FINAL_VERSION}" >>"${GITHUB_OUTPUT}" | |
echo "prerelease=${PRERELEASE_FLAG}" >>"${GITHUB_OUTPUT}" | |
maven-central-release: | |
name: Release / Maven Central | |
runs-on: network-node-linux-medium | |
needs: | |
- prepare-release | |
if: | | |
(needs.prepare-release.outputs.mode == 'specified' && needs.prepare-release.outputs.prerelease != 'true') || needs.prepare-release.outputs.mode == 'snapshot' | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 | |
with: | |
egress-policy: audit | |
- name: Checkout Code | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
with: | |
fetch-depth: 0 | |
- name: Setup Java | |
uses: actions/setup-java@387ac29b308b003ca37ba93a6cab5eb57c8f5f93 # v4.0.0 | |
with: | |
distribution: ${{ github.event.inputs.java-distribution || 'temurin' }} | |
java-version: ${{ github.event.inputs.java-version || '21.0.3' }} | |
- name: Setup Gradle | |
uses: gradle/actions/setup-gradle@dbbdc275be76ac10734476cc723d82dfe7ec6eda # v3.4.2 | |
with: | |
gradle-home-cache-strict-match: false | |
- name: Install GnuPG Tools | |
run: | | |
if ! command -v gpg2 >/dev/null 2>&1; then | |
echo "::group::Updating APT Repository Indices" | |
sudo apt update | |
echo "::endgroup::" | |
echo "::group::Installing GnuPG Tools" | |
sudo apt install -y gnupg2 | |
echo "::endgroup::" | |
fi | |
- name: Import GPG key | |
id: gpg_key | |
uses: step-security/ghaction-import-gpg@6c8fe4d0126a59d57c21f87c9ae5dd3451fa3cca # v6.1.0 | |
with: | |
gpg_private_key: ${{ secrets.GPG_KEY_CONTENTS }} | |
passphrase: ${{ secrets.GPG_KEY_PASSPHRASE }} | |
git_config_global: true | |
git_user_signingkey: true | |
git_commit_gpgsign: true | |
git_tag_gpgsign: true | |
- name: Gradle Update Version (As Specified) | |
if: ${{ needs.prepare-release.outputs.mode == 'specified' && !cancelled() && !failure() }} | |
working-directory: ${{ env.PBJ_CORE }} | |
run: ./gradlew versionAsSpecified -PnewVersion=${{ needs.prepare-release.outputs.version }} --scan | |
- name: Gradle Update Version (Snapshot) | |
if: ${{ needs.prepare-release.outputs.mode == 'snapshot' && !cancelled() && !failure() }} | |
working-directory: ${{ env.PBJ_CORE }} | |
run: ./gradlew versionAsSnapshot --scan | |
- name: Gradle Version Summary | |
working-directory: ${{ env.PBJ_CORE }} | |
run: ./gradlew githubVersionSummary --scan | |
- name: Gradle Assemble | |
working-directory: ${{ env.PBJ_CORE }} | |
run: ./gradlew assemble --scan | |
- name: Gradle Maven Central Release | |
if: ${{ needs.prepare-release.outputs.mode == 'specified' && !cancelled() && !failure() }} | |
working-directory: ${{ env.PBJ_CORE }} | |
env: | |
OSSRH_USERNAME: ${{ secrets.OSSRH_USERNAME }} | |
OSSRH_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} | |
GRADLE_PUBLISH_KEY: ${{ secrets.GRADLE_PUBLISH_KEY }} | |
GRADLE_PUBLISH_SECRET: ${{ secrets.GRADLE_PUBLISH_SECRET }} | |
run: | | |
./gradlew release --no-parallel --scan -PpublishSigningEnabled=true \ | |
-Pgradle.publish.key=${GRADLE_PUBLISH_KEY} -Pgradle.publish.secret=${GRADLE_PUBLISH_SECRET} | |
- name: Gradle Maven Central Snapshot | |
if: ${{ needs.prepare-release.outputs.mode == 'snapshot' && !cancelled() && !failure() }} | |
working-directory: ${{ env.PBJ_CORE }} | |
env: | |
OSSRH_USERNAME: ${{ secrets.OSSRH_USERNAME }} | |
OSSRH_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} | |
run: ./gradlew releaseSnapshot --no-parallel --scan -PpublishSigningEnabled=true |