oras-java/.github/workflows/release.yml at main · oras-project/oras-java · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
name: Release

on:
  workflow_dispatch:

permissions:
  contents: read

jobs:
  deploy-release:
    runs-on: ubuntu-latest
    permissions:
      contents: write
      id-token: write
      packages: write
    steps:

      - name: Checkout
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

      - name: Read Maven version
        id: maven-version
        run: echo "version=$(cat .github/vars/maven-version.txt)" >> $GITHUB_OUTPUT

      - name: Setup Maven Action
        uses: s4u/setup-maven-action@ba34de01b7f4ba2ab8e2860df8993a29f4477056 # v1.20.0
        with:
          checkout-enabled: false
          java-distribution: 'temurin'
          java-version: 17
          maven-version: ${{ steps.maven-version.outputs.version }}
          cache-enabled: true
          settings-servers: |
            [{
                "id": "central",
                "username": "${{ secrets.CENTRAL_USERNAME }}",
                "password": "${{ secrets.CENTRAL_PASSWORD }}"
            }]

      - name: Configure Git
        run: |
          git config user.name "github-actions[bot]"
          git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
          git config gpg.format openpgp
          git config commit.gpgsign true
          git config user.signingkey CB5831CAFA9D8C6AFA9FC9DA67E69853B952BA35

      - name: Import GPG key
        uses: crazy-max/ghaction-import-gpg@2dc316deee8e90f13e1a351ab510b4d5bc0c82cd # v7.0.0
        with:
          gpg_private_key: ${{ secrets.GPG_KEY }}
          passphrase: ${{ secrets.GPG_PASSPHRASE }}
      - name: List keys
        run: gpg -K

      - name: Setup SSH
        uses: webfactory/ssh-agent@e83874834305fe9a4a2997156cb26c5de65a8555 # v0.10.0
        with:
          ssh-private-key: ${{ secrets.RELEASE_SSH_KEY }}

      - name: Maven release
        run: mvn --batch-mode --update-snapshots -Dmaven.resolver.transport=wagon -DskipTests -Darguments="-DskipTests" release:prepare release:perform
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

      - name: Finalize release
        run: |
          draft_id=$(gh api /repos/oras-project/oras-java/releases | jq -r '.[] | select(.draft == true) | .id')
          echo "Draft ID: $draft_id"
          gh api -X PATCH -F draft=false /repos/oras-project/oras-java/releases/$draft_id
          release_tag_name=$(gh api /repos/oras-project/oras-java/releases/latest | jq -r '.tag_name')
          echo "Release tag: $release_tag_name"
          for file in target/checkout/target/*.jar target/checkout/target/*.jar.asc target/checkout/target/*.jar.sigstore.json; do
            if [[ -f "$file" ]]; then
              if [[ "$file" != *javadoc* && "$file" != *sources* && "$file" != *tests* ]]; then
                echo "Uploading $file"
                gh release upload "$release_tag_name" "$file" --repo oras-project/oras-java
              else
                echo "Skipping $file"
              fi
            else
              echo "Skipping missing file: $file"
            fi
          done
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}