jsignpdf/.github/workflows/do-release.yml at master · intoolswetrust/jsignpdf · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
name: Do Release

# This workflow is the IRREVERSIBLE half of a release: it bumps versions,
# commits, tags the repo, and deploys to Maven Central (library jars + the
# full/minimal distribution ZIPs as classified artifacts on
# com.github.kwart.jsign:jsignpdf-distribution). It then chains to
# package-release.yml for the per-platform installers + GitHub Release.
#
# If the packaging half fails or times out (e.g. a starved macOS runner pool),
# DO NOT re-run this workflow — re-run `Package Release` standalone with the
# same release version; it rebuilds everything from the ZIPs already on
# Maven Central. See design-doc/3.1-separate-release-steps.md.

on:
  workflow_dispatch:
    inputs:
      release-version:
        description: 'Version to be released (e.g. 3.1.0).'
        required: true
      next-snapshot-version:
        description: 'Version to be set after the release - without the -SNAPSHOT suffix (e.g. 3.2.0).'
        required: true

env:
  GIT_AUTHOR_NAME: Flash Gordon
  GIT_AUTHOR_EMAIL: <>
  GIT_COMMITTER_NAME: Terminator the Kitty
  GIT_COMMITTER_EMAIL: <>

# Cancel a previous workflow on the same ref (e.g. when re-running a release
# manually). We do NOT cancel in-progress runs — a half-finished release would
# leave Maven Central and SourceForge in an inconsistent state.
concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: false

jobs:
  do-release:
    # Tags the repo and deploys the library jars + the full/minimal ZIPs to
    # Maven Central. The ZIPs become the durable, mirror-able inputs the
    # package-release workflow downloads to drive the per-platform jpackage
    # builds and the Flatpak bundle.
    runs-on: ubuntu-24.04
    outputs:
      version: ${{ steps.maven_release.outputs.VERSION }}
    steps:
    - name: Checkout
      uses: actions/checkout@v6

    - name: Verify release notes file exists
      run: |
        VERSION=${{ github.event.inputs.release-version }}
        BASE_VERSION="${VERSION%%-*}"
        NOTES_FILE="distribution/doc/release-notes/${BASE_VERSION}.md"
        if [ ! -f "$NOTES_FILE" ]; then
          echo "::error::Release notes file not found: $NOTES_FILE"
          echo "Create it before triggering the release workflow."
          exit 1
        fi
        echo "Found release notes: $NOTES_FILE"

    - name: Set up Java and credentials
      uses: actions/setup-java@v5
      with:
        java-version: 21
        distribution: 'temurin'
        server-id: ossrh
        server-username: MAVEN_USERNAME
        server-password: MAVEN_PASSWORD
        gpg-private-key: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }}
        gpg-passphrase: MAVEN_GPG_PASSPHRASE
        cache: 'maven'

    - name: Do the Maven release (deploys jars + full/minimal ZIPs to Central)
      id: maven_release
      run: |
        VERSION=${{ github.event.inputs.release-version }}
        NEXT_VERSION=${{ github.event.inputs.next-snapshot-version }}-SNAPSHOT
        TAG=JSignPdf_${VERSION//\./_}
        set -x
        mvn --batch-mode clean install
        mvn -P release --batch-mode "-Dtag=${TAG}" release:prepare \
                 "-DreleaseVersion=${VERSION}" \
                 "-DdevelopmentVersion=${NEXT_VERSION}"
        mvn -P release --batch-mode release:perform \
            -DstagingProgressTimeoutMinutes=30 -Dmaven.wagon.rto=7200000 \
            -Dmaven.wagon.httpconnectionManager.maxPerRoute=60 -Dmaven.wagon.httpconnectionManager.maxTotal=100
        echo "VERSION=$VERSION" >> $GITHUB_OUTPUT
      env:
        MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }}
        MAVEN_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
        MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }}

  # Happy-path chaining: build the per-platform installers + GitHub Release
  # from the ZIPs just published to Maven Central. This is the same reusable
  # workflow you can re-dispatch standalone to recover a failed/timed-out
  # packaging run without re-releasing.
  package-release:
    needs: do-release
    uses: ./.github/workflows/package-release.yml
    with:
      release-version: ${{ needs.do-release.outputs.version }}
    secrets: inherit