-
Notifications
You must be signed in to change notification settings - Fork 223
202 lines (181 loc) · 8.58 KB
/
Copy pathrelease.yaml
File metadata and controls
202 lines (181 loc) · 8.58 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
permissions:
# This is required for requesting the OIDC token
id-token: write
contents: read
on:
workflow_call:
inputs:
ref:
description: Branch to release from
type: string
required: true
java-version:
description: Java version to release
type: string
required: true
crypto-type:
description: Crypto type to release
type: string
required: true
is-snapshot:
description: Is snapshot build
type: string
required: true
gh-retention-days:
description: GitHub artifact retention days
type: number
required: false
default: 1
secrets:
JFROG_OIDC_PROVIDER:
description: JFrog OIDC provider
required: true
JFROG_OIDC_AUDIENCE:
description: JFrog OIDC audience
required: true
GPG_SECRET_KEY:
description: GPG secret key
required: true
GPG_PUBLIC_KEY:
description: GPG public key
required: true
GPG_PASS:
description: GPG pass
required: true
jobs:
build:
runs-on: ${{ vars.BUILD_CONTAINER_DISTRO_VERSION }}
outputs:
gh-artifact-name: ${{ steps.build-info.outputs.gh-artifact-name }}
artifact-id: ${{ steps.get-artifact-id.outputs.artifact-id }}
artifact-version: ${{ steps.get-artifact-version.outputs.artifact-version }}
group-id: ${{ steps.get-group-id.outputs.group-id }}
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0
ref: ${{ inputs.ref }}
# Java plugin will setup gpg but we are not using maven to deploy do JFrog.
# - jf mvn clean install on publish does not publish POM we would like to publish
- name: Setup Java
uses: actions/setup-java@v4
with:
distribution: ${{ vars.JAVA_PROVIDER }}
java-version: ${{ inputs.java-version }}
- name: Get release or snapshot-version
id: get-release-version
shell: bash
run: |
IS_SNAPSHOT=${{ inputs.is-snapshot }}
if [ $IS_SNAPSHOT == 'true' ];then
echo release-version="$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)-SNAPSHOT_$GITHUB_SHA" >> $GITHUB_OUTPUT
else
echo release-version="$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)" >> $GITHUB_OUTPUT
fi
# Setting version based on release or snapshot. Snapshot version will have the commit sha appended to it.
- name: Set version
shell: bash
run: |
./set_version ${{ steps.get-release-version.outputs.release-version }}
# Running build install with crypto profile. We are explicitly setting the crypto profile to ensure valid crypto is toggled.
- name: Build all modules
shell: bash
run: mvn clean install -P ${{ inputs.crypto-type }} # The crypto profile is usually set with set_crypto but since we need to toggle multiple profiles set_crypto option is not being picked up
# Creating docs, sources jars and installing them to local repo as well as siging them
- name: Stage artifacts for publish
working-directory: client
shell: bash
run: mvn clean source:jar javadoc:jar install -P ${{ inputs.crypto-type }} # The crypto profile is usually set with set_crypto but since we need to toggle multiple prfiles set_crypto option is not being picked up
- name: Get artifact name
id: get-artifact-name
working-directory: client
run: |
echo artifact-name=$(mvn help:evaluate -Dexpression=project.build.finalName -P ${{ inputs.crypto-type }} -q -DforceStdout) >> $GITHUB_OUTPUT
- name: Get artifact ID
id: get-artifact-id
working-directory: client
run: |
echo artifact-id="aerospike-client${{ inputs.crypto-type == 'bouncycastle' && '-bc' || '' }}-jdk${{ inputs.java-version }}" >> $GITHUB_OUTPUT
- name: Get artifact version
id: get-artifact-version
working-directory: client
run: |
echo artifact-version=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout) >> $GITHUB_OUTPUT
- name: Get group ID
id: get-group-id
working-directory: client
run: |
echo group-id=$(mvn help:evaluate -Dexpression=project.groupId -q -DforceStdout) >> $GITHUB_OUTPUT
# Running deploy/install from using custom pom. This is needed since we need to stage/assemble a public facing release. The public facing release will NOT
# have the same pom as the pom that is used for builds and tests.
# If/when modifying the mvn deploy command be careful with types and classifiers. The order of the types and classifiers should match.
- name: Stage to local repo
working-directory: client
run: |
ls -la target
mkdir ${{ github.workspace }}/local_repo
mvn deploy:deploy-file \
-DpomFile=deploy-resources/${{ inputs.crypto-type }}_pom.xml \
-DrepositoryId=local \
-Durl=file://${{ github.workspace }}/local_repo \
-Dfile=target/aerospike-client${{ inputs.crypto-type == 'bouncycastle' && '-bc' || '' }}-jdk${{ inputs.java-version == '1.8' && '8' || inputs.java-version }}-${{ steps.get-artifact-version.outputs.artifact-version }}.jar \
-DartifactId=aerospike-client${{ inputs.crypto-type == 'bouncycastle' && '-bc' || '' }}-jdk${{ inputs.java-version == '1.8' && '8' || inputs.java-version }} \
-Dversion=${{ steps.get-artifact-version.outputs.artifact-version }} \
-Dpackaging=jar \
-Dfiles=target/aerospike-client${{ inputs.crypto-type == 'bouncycastle' && '-bc' || '' }}-jdk${{ inputs.java-version == '1.8' && '8' || inputs.java-version }}-${{ steps.get-artifact-version.outputs.artifact-version }}-jar-with-dependencies.jar,target/aerospike-client${{ inputs.crypto-type == 'bouncycastle' && '-bc' || '' }}-jdk${{ inputs.java-version == '1.8' && '8' || inputs.java-version }}-${{ steps.get-artifact-version.outputs.artifact-version }}-sources.jar,target/aerospike-client${{ inputs.crypto-type == 'bouncycastle' && '-bc' || '' }}-jdk${{ inputs.java-version == '1.8' && '8' || inputs.java-version }}-${{ steps.get-artifact-version.outputs.artifact-version }}-javadoc.jar \
-Dclassifiers=jar-with-dependencies,sources,javadoc \
-Dtypes=jar,jar,jar \
-P ${{ inputs.crypto-type }}
ls -laR ${{ github.workspace }}/local_repo
- name: Upload Artifacts
uses: actions/upload-artifact@v5
with:
name: ${{ steps.get-artifact-id.outputs.artifact-id }}
path: ${{ github.workspace }}/local_repo
retention-days: ${{ inputs.gh-retention-days }}
- name: Set Build Info Outputs
id: build-info
run: |
echo "gh-artifact-name=${{ steps.get-artifact-id.outputs.artifact-id }}" >> $GITHUB_OUTPUT
sign-artifacts:
needs: build
uses: aerospike/shared-workflows/.github/workflows/reusable_sign-artifacts.yaml@37581d0437fe0b76315dafc402882c875789b1af
with:
gh-retention-days: 1
gh-artifact-name: signed_${{ needs.build.outputs.gh-artifact-name }}
gh-unsigned-artifacts: ${{ needs.build.outputs.gh-artifact-name }}
# gh-workflows-ref: v2.0.2 # Use specific shared-workflows version
secrets:
gpg-private-key: ${{ secrets.GPG_SECRET_KEY }}
gpg-public-key: ${{ secrets.GPG_PUBLIC_KEY }}
gpg-key-pass: ${{ secrets.GPG_PASS }}
publish-to-jfrog:
needs: [build, sign-artifacts]
runs-on: ${{ vars.BUILD_CONTAINER_DISTRO_VERSION }}
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0
ref: ${{ inputs.ref }}
- name: Download signed artifacts
uses: actions/download-artifact@v4
with:
name: ${{ needs.sign-artifacts.outputs.gh-artifact-name }}
path: ${{ github.workspace }}/local_repo
merge-multiple: true
- name: Debug list downloaded content
shell: bash
working-directory: ${{ github.workspace }}/local_repo
run: |
pwd
ls -laR
- name: Publish to JFrog
uses: ./.github/actions/publish-to-jfrog
with:
oidc-provider: ${{ secrets.JFROG_OIDC_PROVIDER }}
oidc-audience: ${{ secrets.JFROG_OIDC_AUDIENCE }}
artifact-id: ${{ needs.build.outputs.artifact-id }}
artifact-version: ${{ needs.build.outputs.artifact-version }}
package-install-location: ${{ github.workspace }}/local_repo/unsigned-artifacts