Release Artifacts #13
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Release Artifacts | |
on: | |
push: | |
tags: | |
- 'v*.*.*' | |
workflow_dispatch: | |
inputs: | |
version: | |
type: string | |
description: Test Version String (No release to Maven Central) | |
required: true | |
defaults: | |
run: | |
shell: bash | |
permissions: | |
contents: read | |
packages: write | |
env: | |
LC_ALL: C.UTF-8 | |
GRADLE_CACHE_USERNAME: ${{ secrets.GRADLE_CACHE_USERNAME }} | |
GRADLE_CACHE_PASSWORD: ${{ secrets.GRADLE_CACHE_PASSWORD }} | |
jobs: | |
validate-release: | |
name: Validate Release | |
runs-on: [ self-hosted, Linux, medium, ephemeral ] | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 | |
with: | |
egress-policy: audit | |
- name: Checkout Code | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
- name: Retrieve Tag Version | |
if: ${{ github.event_name == 'push' }} | |
id: tag | |
run: echo "version=${GITHUB_REF#refs/tags/v}" >> "${GITHUB_OUTPUT}" | |
- name: Retrieve Tag Version (workflow_dispatch) | |
if: ${{ github.event_name == 'workflow_dispatch' }} | |
id: workflow_tag | |
run: echo "version=${{github.event.inputs.version}}" >> "${GITHUB_OUTPUT}" | |
- name: Setup Java | |
uses: actions/setup-java@0ab4596768b603586c0de567f2430c30f5b0d2b0 # v3.13.0 | |
with: | |
distribution: temurin | |
java-version: 17 | |
- name: Setup Gradle | |
uses: gradle/gradle-build-action@29c0906b64b8fc82467890bfb7a0a7ef34bda89e # v3.1.0 | |
with: | |
cache-read-only: false | |
- name: Determine Project Version | |
id: project | |
run: echo "version=$(./gradlew -q showVersion | tr -d '[:space:]')" >> "${GITHUB_OUTPUT}" | |
- name: Validate Release | |
if: ${{ github.event_name == 'push' }} | |
run: | | |
if [[ "${{ steps.tag.outputs.version }}" != "${{ steps.project.outputs.version }}" ]]; then | |
echo "::error file=version.gradle,line=5,title=Version Mismatch::Tag version '${{ steps.tag.outputs.version }}' does not match the Gradle project version '${{ steps.project.outputs.version }}'. Please update the 'version.gradle' file before tagging." | |
exit 1 | |
fi | |
- name: Validate Release (workflow_dispatch) | |
if: ${{ github.event_name == 'workflow_dispatch' }} | |
run: | | |
if [[ "${{ steps.workflow_tag.outputs.version }}" != "${{github.event.inputs.version}}" ]]; then | |
echo "::error file=version.gradle,line=5,title=Version Mismatch::Tag version '${{ steps.workflow_tag.outputs.version }}' does not match the Gradle project version '${{github.event.inputs.version}}'. Please update the 'version.gradle' file before tagging." | |
exit 1 | |
fi | |
maven-central: | |
name: Publish to Maven Central | |
runs-on: [ self-hosted, Linux, medium, ephemeral ] | |
needs: | |
# This needs clause exists solely to provide a dependency on the previous step. This publish step will not occur | |
# until the validate-release step completes successfully. | |
- validate-release | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 | |
with: | |
egress-policy: audit | |
- name: Checkout Code | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
- name: Install GnuPG Tools | |
run: | | |
if ! command -v gpg2 >/dev/null 2>&1; then | |
echo "::group::Updating APT Repository Indices" | |
sudo apt update | |
echo "::endgroup::" | |
echo "::group::Installing GnuPG Tools" | |
sudo apt install -y gnupg2 | |
echo "::endgroup::" | |
fi | |
- name: Import GPG key | |
id: gpg_key | |
uses: step-security/ghaction-import-gpg@a7c87df2279f2bf2e69ba8289dfbf35fe05a4e08 # v1.0.0 | |
with: | |
gpg_private_key: ${{ secrets.GPG_KEY_CONTENTS }} | |
passphrase: ${{ secrets.GPG_KEY_PASSPHRASE }} | |
git_config_global: true | |
git_user_signingkey: true | |
git_commit_gpgsign: true | |
git_tag_gpgsign: true | |
- name: Setup Java | |
uses: actions/setup-java@0ab4596768b603586c0de567f2430c30f5b0d2b0 # v3.13.0 | |
with: | |
distribution: temurin | |
java-version: 17 | |
- name: Setup Gradle | |
uses: gradle/gradle-build-action@29c0906b64b8fc82467890bfb7a0a7ef34bda89e # v3.1.0 | |
with: | |
cache-read-only: false | |
- name: Compile SDK & Javadoc | |
run: ./gradlew assemble :sdk:javadoc -Dfile.encoding=UTF-8 --scan | |
- name: Nexus Release | |
if: ${{ github.event_name == 'push' }} | |
run: ./gradlew publishToSonatype closeAndReleaseSonatypeStagingRepository --no-parallel -Dfile.encoding=UTF-8 --scan -PsonatypeUsername=${{ secrets.SONATYPE_USERNAME }} -PsonatypePassword=${{ secrets.SONATYPE_PASSWORD }} | |
- name: Nexus Release (workflow_dispatch) | |
if: ${{ github.event_name == 'workflow_dispatch' }} | |
run: ./gradlew publishToSonatype closeSonatypeStagingRepository --no-parallel -Dfile.encoding=UTF-8 --scan -PsonatypeUsername=${{ secrets.SONATYPE_USERNAME }} -PsonatypePassword=${{ secrets.SONATYPE_PASSWORD }} | |
- name: Nexus Release sdk-full artifacts | |
if: ${{ github.event_name == 'push' }} | |
run: | | |
# This is a temporary fix and should be removed once https://github.com/hashgraph/hedera-sdk-java/pull/1732 is merged | |
sed -i 's#sdk\.gradle#sdk-full.gradle#g' sdk/build.gradle | |
git clean -fdx | |
./gradlew publishToSonatype closeAndReleaseSonatypeStagingRepository --no-parallel -Dfile.encoding=UTF-8 --scan -PsonatypeUsername=${{ secrets.SONATYPE_USERNAME }} -PsonatypePassword=${{ secrets.SONATYPE_PASSWORD }} | |
- name: Nexus Release sdk-full artifacts (workflow_dispatch) | |
if: ${{ github.event_name == 'workflow_dispatch' }} | |
run: | | |
# This is a temporary fix and should be removed once https://github.com/hashgraph/hedera-sdk-java/pull/1732 is merged | |
sed -i 's#sdk\.gradle#sdk-full.gradle#g' sdk/build.gradle | |
git clean -fdx | |
./gradlew publishToSonatype closeSonatypeStagingRepository --no-parallel -Dfile.encoding=UTF-8 --scan -PsonatypeUsername=${{ secrets.SONATYPE_USERNAME }} -PsonatypePassword=${{ secrets.SONATYPE_PASSWORD }} |