templates..github.workflows.release.yml Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of project-keeper-core Show documentation
Show all versions of project-keeper-core Show documentation
Project keeper is a tool that verifies and fixes project setups.
The newest version!
name: Release
on:
# [impl->dsn~release-workflow.triggers~1]
workflow_call:
inputs:
started-from-ci:
description: "Marks this release as started from CI, skipping precondition check"
type: boolean
required: true
default: false
workflow_dispatch:
inputs:
skip-maven-central:
description: "Skip deployment to Maven Central"
required: true
type: boolean
default: false
skip-github-release:
description: "Skip creating the GitHub release"
required: true
type: boolean
default: false
jobs:
release:
runs-on: ubuntu-latest
defaults:
run:
shell: "bash"
concurrency:
group: ${{ github.workflow }}
cancel-in-progress: false
permissions:
contents: write # Required for creating GitHub release
actions: read # Required for checking build status
issues: read # Required for PK verify-release
steps:
- name: Checkout the repository
id: checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set up Maven Central Repository
id: configure-maven-central-credentials
if: ${{ $mavenCentralDeployment }}
uses: actions/setup-java@v4
with:
distribution: "temurin"
java-version: |
11
17
cache: "maven"
server-id: ossrh
server-username: MAVEN_USERNAME
server-password: MAVEN_PASSWORD
gpg-private-key: ${{ secrets.OSSRH_GPG_SECRET_KEY }}
gpg-passphrase: MAVEN_GPG_PASSPHRASE
- name: Set up JDKs
id: setup-jdks
if: ${{ ! $mavenCentralDeployment }}
uses: actions/setup-java@v4
with:
distribution: "temurin"
java-version: |
11
17
cache: "maven"
# Check preconditions
- name: Fail if not running on main branch
id: check-main-branch
if: ${{ github.ref != 'refs/heads/main' }}
uses: actions/github-script@v7
with:
script: |
core.setFailed('Not running on main branch, github.ref is ${{ github.ref }}. Please start this workflow only on main')
# [impl->dsn~release-workflow.verify-ci-build-success~1]
- name: Check CI build of this commit succeeded
id: check-ci-build-status
# We skip this check if this was started from ci-build.yml, because the build status would be "in progress".
if: ${{ ! inputs.started-from-ci }}
run: |
echo "Commit SHA: $COMMIT_SHA"
gh run list --workflow ci-build.yml --branch main --event push --commit $COMMIT_SHA
ci_build_status=$(gh run list --workflow ci-build.yml --branch main --event push --commit $COMMIT_SHA --json conclusion --template '{{range .}}{{.conclusion}}{{"\n"}}{{end}}')
echo "CI build status at commit $COMMIT_SHA was '$ci_build_status'"
if [[ "$ci_build_status" != "success" ]]; then
gh run list --workflow ci-build.yml --commit $COMMIT_SHA >> $GITHUB_STEP_SUMMARY
echo "Status of CI build for commit $COMMIT_SHA was '$ci_build_status', expected 'success'" >> $GITHUB_STEP_SUMMARY
cat $GITHUB_STEP_SUMMARY
exit 1
fi
env:
COMMIT_SHA: ${{ github.sha }}
GH_TOKEN: ${{ github.token }}
# [impl->dsn~release-workflow.run-verify-release~1]
- name: Verify release preconditions
id: verify-release
run: |
mvn --batch-mode com.exasol:project-keeper-maven-plugin:verify-release --projects .
echo "$GITHUB_OUTPUT"
env:
GITHUB_TOKEN: ${{ github.token }}
# [impl->dsn~release-workflow.verify-skip-tests~1]
- name: Build project
id: build
run: mvn --batch-mode -DskipTests clean verify
# Maven Central Deployment
- name: List secret GPG keys
id: list-secret-gpg-keys
if: ${{ $mavenCentralDeployment && (! inputs.skip-maven-central) }}
run: gpg --list-secret-keys
# [impl->dsn~release-workflow.deploy-maven-central~1]
- name: Publish to Central Repository
id: deploy-maven-central
if: ${{ $mavenCentralDeployment && (! inputs.skip-maven-central) }}
run: |
echo "#### Maven Central Release" >> "$GITHUB_STEP_SUMMARY"
mvn --batch-mode -Dgpg.skip=false -DskipTests deploy
echo "Published to Maven Central ✅" >> "$GITHUB_STEP_SUMMARY"
env:
MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }}
MAVEN_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
MAVEN_GPG_PASSPHRASE: ${{ secrets.OSSRH_GPG_SECRET_KEY_PASSWORD }}
# Create GitHub releasse
- name: Calculate Artifact Checksums
id: artifact-checksum
if: ${{ ! inputs.skip-github-release }}
run: |
echo "Calculating sha256 checksum for artifact files"
echo "artifacts<> "$GITHUB_OUTPUT"
IFS=$'\n' artifacts_array=($ARTIFACTS)
for file in "${artifacts_array[@]}";
do
full_path=$(realpath "$file")
echo "Calculate sha256sum for file '$full_path'"
file_dir="$(dirname "$full_path")"
file_name=$(basename "$full_path")
pushd "$file_dir"
checksum_file_name="${file_name}.sha256"
sha256sum "$file_name" > "$checksum_file_name"
echo "$full_path" >> "$GITHUB_OUTPUT"
echo "${file_dir}/$checksum_file_name" >> "$GITHUB_OUTPUT"
popd
done
echo "EOF" >> "$GITHUB_OUTPUT"
echo "Full artifact file list"
cat "$GITHUB_OUTPUT"
env:
ARTIFACTS: ${{ steps.verify-release.outputs.release-artifacts }}
# [impl->dsn~release-workflow.create-github-release~1]
- name: Create GitHub Release
id: create-github-release
if: ${{ ! inputs.skip-github-release }}
run: |
echo "### GitHub Release" >> "$GITHUB_STEP_SUMMARY"
IFS=$'\n' artifacts_array=($ARTIFACTS)
echo "#### Attaching Release Artifacts" >> "$GITHUB_STEP_SUMMARY"
for file in "${artifacts_array[@]}";
do
echo "Attaching artifact '$file'"
echo "* \`$file\`" >> "$GITHUB_STEP_SUMMARY"
done
echo "" >> "$GITHUB_STEP_SUMMARY"
release_url=$(gh release create --latest --title "$TITLE" --notes "$NOTES" --target main $TAG "${artifacts_array[@]}")
echo "Created release $TAG with title '$TITLE' at $release_url ✅" >> "$GITHUB_STEP_SUMMARY"
echo "release-url=$release_url" >> "$GITHUB_OUTPUT"
# [impl->dsn~release-workflow.create-golang-tags~1]
echo "#### Creating Additional Tags" >> "$GITHUB_STEP_SUMMARY"
IFS=$'\n' tags_array=($ADDITIONAL_TAGS)
for tag in "${tags_array[@]}";
do
echo "Creating tag '$tag'"
git tag "$tag"
git push origin "$tag"
echo "* \`$tag\`" >> "$GITHUB_STEP_SUMMARY"
done
git fetch --tags origin
env:
GH_TOKEN: ${{ github.token }}
TAG: ${{ steps.verify-release.outputs.release-tag }}
ADDITIONAL_TAGS: ${{ steps.verify-release.outputs.additional-release-tags }}
NOTES: ${{ steps.verify-release.outputs.release-notes }}
TITLE: ${{ steps.verify-release.outputs.release-title }}
ARTIFACTS: ${{ steps.artifact-checksum.outputs.artifacts }}
- name: Report failure Status to Slack channel
id: report-failure-status-slack
# Also run this step in case of failures
if: ${{ always() }}
uses: ravsamhq/notify-slack-action@v2
with:
status: ${{ job.status }}
token: ${{ github.token }}
notification_title: "Release build in {repo} has {status_message}"
message_format: "{emoji} *{workflow}* {status_message} in <{repo_url}|{repo}>"
notify_when: "failure,cancelled,warnings,skipped"
env:
SLACK_WEBHOOK_URL: ${{ secrets.INTEGRATION_TEAM_SLACK_NOTIFICATION_WEBHOOK }}
- name: Report new release to Slack channel
id: report-new-release-slack
if: ${{ steps.create-github-release.outputs.release-url }}
uses: ravsamhq/notify-slack-action@v2
with:
status: ${{ job.status }}
token: ${{ github.token }}
notification_title: "Release build for {repo} created a new release"
message_format: "{workflow} created release ${{ steps.create-github-release.outputs.release-url }}"
env:
SLACK_WEBHOOK_URL: ${{ secrets.INTEGRATION_TEAM_SLACK_NOTIFICATION_WEBHOOK }}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy