-
Notifications
You must be signed in to change notification settings - Fork 3
86 lines (71 loc) · 3.19 KB
/
create-release.yml
File metadata and controls
86 lines (71 loc) · 3.19 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
name: Create Release
on:
workflow_dispatch:
inputs:
versionTag:
description: 'Version Tag (semantic version)'
required: true
permissions:
id-token: write # This is required for requesting the JWT
contents: write # This is required for branch creation
pull-requests: write # required for opening pull requests
attestations: write # required for provenance
jobs:
release:
runs-on: ubuntu-latest
steps:
- name: Validate version tag format
run: |
if ! echo "${{ github.event.inputs.versionTag }}" | grep -Eq '^[0-9]+\.[0-9]+\.[0-9]+(-[a-zA-Z0-9.]+)?$'; then
echo "ERROR: versionTag must be a semantic version (e.g. 1.2.3 or 1.2.3-SNAPSHOT)"
exit 1
fi
- name: Checkout repository
uses: actions/checkout@v6
- name: Set up JDK 21
uses: actions/setup-java@v5
with:
distribution: 'zulu'
java-version: '21'
settings-path: ${{ github.workspace }}
- name: Load local Maven repository cache
uses: actions/cache@v4
with:
path: ~/.m2/repository
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
restore-keys: |
${{ runner.os }}-maven-
- name: Set version in Maven project
run: mvn versions:set -DnewVersion="${{ github.event.inputs.versionTag }}" -DprocessAllModules -DgenerateBackupPoms=false
- name: Build with Maven
run: mvn -B package -Pproduction -Dvaadin.force.production.build=true --file pom.xml
# Generate provenance (SLSA attestation) for all JARs
- name: Generate SLSA build provenance
uses: actions/attest-build-provenance@v1
with:
subject-path: "**/target/*.jar"
- name: Publish artefact to QBiC Nexus Repository
run: mvn --quiet --settings $GITHUB_WORKSPACE/.github.settings.xml -Pproduction -DskipTests -Dvaadin.force.production.build=true deploy
env:
MAVEN_REPO_USERNAME: ${{ secrets.NEXUS_USERNAME }}
MAVEN_REPO_PASSWORD: ${{ secrets.NEXUS_PASSWORD }}
- name: Configure Git Credentials for GithubActions
run: |
git config user.name "github-actions[bot]"
git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
env:
GH_TOKEN: ${{ github.token }}
- name: Create GitHub Release
run: gh release create "${{ github.event.inputs.versionTag }}" --generate-notes --fail-on-no-commits
env:
GH_TOKEN: ${{ github.token }}
- name: Switch to new branch
run: git checkout -b release/set-version-to-${{ github.event.inputs.versionTag }}
- name: Checkin commit
run: git commit . -m 'Set version to "${{ github.event.inputs.versionTag }}"'
- name: Push to Github
run: git push --set-upstream origin release/set-version-to-${{ github.event.inputs.versionTag }}
- name: Open PR with version bump
run: gh pr create --base main --title "Update POM to released code in ${{ github.event.inputs.versionTag }}" --body "Records the version set during the release of ${{ github.event.inputs.versionTag }}."
env:
GH_TOKEN: ${{ github.token }}