Refactor build and release workflows

.github/workflows/ci.yml

@@ -1,33 +1,7 @@
-name: pass-core Continuous Integration
-on: [ pull_request, workflow_dispatch ]
-
-concurrency:
-  group: ci-${{ github.head_ref || github.ref }}
-  cancel-in-progress: true
+name: Continuous Integration
+on: [pull_request, workflow_dispatch]
 
 jobs:
-  print-workflow-description:
-    runs-on: ubuntu-latest
-    steps:
-      - run: echo "This is a CI build of branch ${{ github.ref }} in repository ${{ github.repository }}"
-      - run: echo "This job was triggered by a ${{ github.event_name }} event and is running on a ${{ runner.os }} server"
-
-  run-tests:
+  test:
     name: "Run Unit & Integration Tests"
-    runs-on: ubuntu-latest
-    steps:
-      - name: "Checkout the repository"
-        uses: actions/checkout@v2
-      - name: "Set up JDK 17"
-        uses: actions/setup-java@v3
-        with:
-          java-version: 17
-          distribution: 'temurin'
-      - name: "Cache Maven packages"
-        uses: actions/cache@v2
-        with:
-          path: ~/.m2
-          key: ${{ runner.os }}-m3-${{ hashFiles('**/pom.xml') }}
-          restore-keys: ${{ runner.os }}-m3
-      - name: "Run unit & integration tests"
-        run: mvn -U -B -V -ntp verify --file pom.xml
+    uses: eclipse-pass/main/.github/workflows/ci.yml@main

.github/workflows/release.yml

@@ -1,11 +1,7 @@
-# Release artifact will be pushed to Sonatype, which is synced to Maven Central
-# Build artifacts get pushed to Sonatype and non-SNAPSHOT versions are then
-# auto-synced to Maven Central
-name: Publish a release to Maven Central
+# Test
+name: Publish Release
 
 on:
-  # We can use very similiar workflow to manually trigger a full publish
-  # https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#onworkflow_dispatchinputs
   workflow_dispatch:
     inputs:
       releaseversion:
@@ -15,119 +11,11 @@ on:
         description: 'Next dev version'
         required: true
 
-# Will need to have someone with admin permissions to add some secrets:
-# Credentials for Sonatype, needs a Sonatype account.
-#   - OSSRH_USERNAME
-#   - OSSRH_PASSWORD
-# Will need GPG key + passphrase to sign artifacts for Maven Central
-#   - MAVEN_GPG_PASSPHRASE
-#   - MAVEN_GPG_KEY
-# 
-# Should be able to use secrets.GITHUB_TOKEN to push images to GHCR, this
-# secret is provided automatically to the workflow
-# 
-# May need a GH PAT (likely fine-grained) in order to update pass-docker with
-# new image refs
-# (Not yet used)
-#   - GH_USER
-#   - GH_PAT
-# 
-# Using maven with arguments:
-#   -B (--batch-mode) non-interactive batch mode
-#   -U force dependency SNAPSHOT update
-#   -V print maven version without stopping build
-#   -ntp (--no-transfer-progress) do not show download progress
-
-env:
-  RELEASE: ${{ inputs.releaseversion }}
-  NEXT: ${{ inputs.nextversion}}
-
 jobs:
-  publish:
-    runs-on: ubuntu-latest
-    # Can we check to make sure $NEXT doesn't already exist as a tag?
-    steps:
-      # =============================================================================
-      # Setup
-      # =============================================================================
-      # Automatically checks out the repo and branch where the workflow was triggered
-      - name: Checkout code
-        uses: actions/checkout@v3
-
-      - name: Config git user
-        run: |
-          git config user.name ${{ github.actor }}
-          git config user.email "${{ github.actor }}@users.noreply.github.com"
-
-      - name: Setup Java & Maven
-        uses: actions/setup-java@v3
-        with:
-          java-version: 17
-          distribution: 'temurin'
-          server-id: ossrh
-          # User/pass refer to ENV VARs set below
-          server-username: MAVEN_USERNAME
-          server-password: MAVEN_PASSWORD
-          gpg-private-key: ${{ secrets.MAVEN_GPG_KEY }}
-          gpg-passphrase: MAVEN_GPG_PASSPHRASE
-
-      # =============================================================================
-      # Start the work
-      # =============================================================================
-      # This versions:update-parent will grab the specified release (non-snapshot)
-      - name: Bump version to release
-        run: mvn -B -U -V -ntp versions:update-parent -DparentVersion=$RELEASE
-
-      - name: Commit release version bump
-        uses: EndBug/add-and-commit@v9
-        with:
-          add: pom.xml **/pom.xml
-          message: "Update parent version to $RELEASE"
-          push: false
-
-      # Will publish and create new Docker image for release version
-      - name: Publish release
-        run: |
-          mvn -B -U -V -ntp release:prepare -DreleaseVersion=$RELEASE -Dtag=$RELEASE -DdevelopmentVersion=$NEXT -DautoVersionSubmodules=true
-          mvn -B -U -V -ntp release:perform -P release
-        env:
-          # Add OSSRH_USERNAME and OSSRH_PASSWORD as GH secrets
-          # https://docs.github.com/en/actions/security-guides/encrypted-secrets
-          MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }}
-          MAVEN_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
-          MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }}
-
-      # Project and submodule versions _should_ already be updated in the release step above
-      - name: Update parent POM to new dev version
-        run: mvn -B -U -V -ntp versions:update-parent -DallowSnapshots=true -DparentVersion=$NEXT
-
-      - name: Commit snapshot version bump
-        uses: EndBug/add-and-commit@v9
-        with:
-          add: pom.xml **/pom.xml
-          message: "Update parent version to $NEXT"
-          push: true
-
-      # Will produce a new Docker image for the new dev version
-      - name: Build and publish new dev version
-        run: mvn -B -U -V -ntp deploy -P release
-        env:
-          MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }}
-          MAVEN_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
-          MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }}
-
-      - name: Push new release tag GH
-        run: git push origin --tags
-
-      # Handle Docker images
-      - name: Login to GHCR
-        uses: docker/login-action@v2
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Push Docker image to GHCR
-        run: |
-          docker push ghcr.io/eclipse-pass/pass-core-main:$RELEASE
-          docker push ghcr.io/eclipse-pass/pass-core-main:$NEXT
+  release:
+    uses: eclipse-pass/main/.github/workflows/release.yml@main
+    secrets: inherit
+    with:
+      releaseversion: ${{ inputs.releaseversion }}
+      nextversion: ${{ inputs.nextversion}}
+      images: ghcr.io/eclipse-pass/pass-core-main

.github/workflows/snapshot.yml

@@ -0,0 +1,14 @@
+name: Publish SNAPSHOT
+
+on:
+  push:
+    branches:
+      - 'main'
+  workflow_dispatch:
+
+jobs:
+  snapshot:
+    uses: eclipse-pass/main/.github/workflows/snapshot.yml@main
+    secrets: inherit
+    with:
+      images: ghcr.io/eclipse-pass/pass-core-main