@@ -11,10 +11,18 @@ permissions:
1111 contents : write # This is required for branch creation
1212 pull-requests : write # required for opening pull requests
1313 attestations : write # required for provenance
14+
1415jobs :
1516 release :
1617 runs-on : ubuntu-latest
1718 steps :
19+ - name : Validate version tag format
20+ run : |
21+ if ! echo "${{ github.event.inputs.versionTag }}" | grep -Eq '^[0-9]+\.[0-9]+\.[0-9]+(-[a-zA-Z0-9.]+)?$'; then
22+ echo "ERROR: versionTag must be a semantic version (e.g. 1.2.3 or 1.2.3-SNAPSHOT)"
23+ exit 1
24+ fi
25+
1826name : Checkout repository
1927 uses : actions/checkout@v6
2028
@@ -33,25 +41,12 @@ jobs:
3341 restore-keys : |
3442 ${{ runner.os }}-maven-
3543
36- name : Debug OIDC (get a token)
37- uses : actions/github-script@v7
38- with :
39- script : |
40- const token = await core.getIDToken('sigstore'); // audience example
41- core.setSecret(token);
42- console.log('OIDC token acquired. Length:', token.length);
43-
4444name : Set version in Maven project
45- run : mvn versions:set -DnewVersion=${{ github.event.inputs.versionTag }} -DprocessAllModules
45+ run : mvn versions:set -DnewVersion=" ${{ github.event.inputs.versionTag }}" -DprocessAllModules -DgenerateBackupPoms=false
4646
4747 - name : Build with Maven
4848 run : mvn -B package -Pproduction -Dvaadin.force.production.build=true --file pom.xml
4949
50- - name : Create GitHub Release
51- run : gh release create ${{ github.event.inputs.versionTag }} --generate-notes --fail-on-no-commits
52- env :
53- GH_TOKEN : ${{ github.token }}
54-
5550 # Generate provenance (SLSA attestation) for all JARs
5651 - name : Generate SLSA build provenance
5752 uses : actions/attest-build-provenance@v1
@@ -64,21 +59,28 @@ jobs:
6459 MAVEN_REPO_USERNAME : ${{ secrets.NEXUS_USERNAME }}
6560 MAVEN_REPO_PASSWORD : ${{ secrets.NEXUS_PASSWORD }}
6661
67- - name : Configure Git Credentials
62+ - name : Configure Git Credentials for GithubActions
6863 run : |
69- git config user.name github-actions
70- git config user.email github-actions@github.com
64+ git config user.name "github-actions[bot]"
65+ git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
66+ env :
67+ GH_TOKEN : ${{ github.token }}
68+
69+ - name : Create GitHub Release
70+ run : gh release create "${{ github.event.inputs.versionTag }}" --generate-notes --fail-on-no-commits
71+ env :
72+ GH_TOKEN : ${{ github.token }}
7173
7274 - name : Switch to new branch
7375 run : git checkout -b release/set-version-to-${{ github.event.inputs.versionTag }}
7476
7577 - name : Checkin commit
76- run : git commit . -m 'Set version to ${{ github.event.inputs.versionTag }}'
78+ run : git commit . -m 'Set version to " ${{ github.event.inputs.versionTag }}" '
7779
7880 - name : Push to Github
7981 run : git push --set-upstream origin release/set-version-to-${{ github.event.inputs.versionTag }}
8082
8183 - name : Open PR with version bump
82- run : gh pr create --base main --title "Update version to ${{ github.event.inputs.versionTag }}" --body "Updates the project version after a release to ${{ github.event.inputs.versionTag }}"
84+ run : gh pr create --base main --title "Update POM to released code in ${{ github.event.inputs.versionTag }}" --body "Records the version set during the release of ${{ github.event.inputs.versionTag }}. "
8385 env :
8486 GH_TOKEN : ${{ github.token }}
0 commit comments