Do Release #39
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Do Release | |
| # This workflow is the IRREVERSIBLE half of a release: it bumps versions, | |
| # commits, tags the repo, and deploys to Maven Central (library jars + the | |
| # full/minimal distribution ZIPs as classified artifacts on | |
| # com.github.kwart.jsign:jsignpdf-distribution). It then chains to | |
| # package-release.yml for the per-platform installers + GitHub Release. | |
| # | |
| # If the packaging half fails or times out (e.g. a starved macOS runner pool), | |
| # DO NOT re-run this workflow — re-run `Package Release` standalone with the | |
| # same release version; it rebuilds everything from the ZIPs already on | |
| # Maven Central. See design-doc/3.1-separate-release-steps.md. | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| release-version: | |
| description: 'Version to be released (e.g. 3.1.0).' | |
| required: true | |
| next-snapshot-version: | |
| description: 'Version to be set after the release - without the -SNAPSHOT suffix (e.g. 3.2.0).' | |
| required: true | |
| env: | |
| GIT_AUTHOR_NAME: Flash Gordon | |
| GIT_AUTHOR_EMAIL: <> | |
| GIT_COMMITTER_NAME: Terminator the Kitty | |
| GIT_COMMITTER_EMAIL: <> | |
| # Cancel a previous workflow on the same ref (e.g. when re-running a release | |
| # manually). We do NOT cancel in-progress runs — a half-finished release would | |
| # leave Maven Central and SourceForge in an inconsistent state. | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: false | |
| jobs: | |
| do-release: | |
| # Tags the repo and deploys the library jars + the full/minimal ZIPs to | |
| # Maven Central. The ZIPs become the durable, mirror-able inputs the | |
| # package-release workflow downloads to drive the per-platform jpackage | |
| # builds and the Flatpak bundle. | |
| runs-on: ubuntu-24.04 | |
| outputs: | |
| version: ${{ steps.maven_release.outputs.VERSION }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v6 | |
| - name: Verify release notes file exists | |
| run: | | |
| VERSION=${{ github.event.inputs.release-version }} | |
| BASE_VERSION="${VERSION%%-*}" | |
| NOTES_FILE="distribution/doc/release-notes/${BASE_VERSION}.md" | |
| if [ ! -f "$NOTES_FILE" ]; then | |
| echo "::error::Release notes file not found: $NOTES_FILE" | |
| echo "Create it before triggering the release workflow." | |
| exit 1 | |
| fi | |
| echo "Found release notes: $NOTES_FILE" | |
| - name: Set up Java and credentials | |
| uses: actions/setup-java@v5 | |
| with: | |
| java-version: 21 | |
| distribution: 'temurin' | |
| server-id: ossrh | |
| server-username: MAVEN_USERNAME | |
| server-password: MAVEN_PASSWORD | |
| gpg-private-key: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }} | |
| gpg-passphrase: MAVEN_GPG_PASSPHRASE | |
| cache: 'maven' | |
| - name: Do the Maven release (deploys jars + full/minimal ZIPs to Central) | |
| id: maven_release | |
| run: | | |
| VERSION=${{ github.event.inputs.release-version }} | |
| NEXT_VERSION=${{ github.event.inputs.next-snapshot-version }}-SNAPSHOT | |
| TAG=JSignPdf_${VERSION//\./_} | |
| set -x | |
| mvn --batch-mode clean install | |
| mvn -P release --batch-mode "-Dtag=${TAG}" release:prepare \ | |
| "-DreleaseVersion=${VERSION}" \ | |
| "-DdevelopmentVersion=${NEXT_VERSION}" | |
| mvn -P release --batch-mode release:perform \ | |
| -DstagingProgressTimeoutMinutes=30 -Dmaven.wagon.rto=7200000 \ | |
| -Dmaven.wagon.httpconnectionManager.maxPerRoute=60 -Dmaven.wagon.httpconnectionManager.maxTotal=100 | |
| echo "VERSION=$VERSION" >> $GITHUB_OUTPUT | |
| env: | |
| MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }} | |
| MAVEN_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} | |
| MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }} | |
| # Happy-path chaining: build the per-platform installers + GitHub Release | |
| # from the ZIPs just published to Maven Central. This is the same reusable | |
| # workflow you can re-dispatch standalone to recover a failed/timed-out | |
| # packaging run without re-releasing. | |
| package-release: | |
| needs: do-release | |
| uses: ./.github/workflows/package-release.yml | |
| with: | |
| release-version: ${{ needs.do-release.outputs.version }} | |
| secrets: inherit |