-
Notifications
You must be signed in to change notification settings - Fork 0
101 lines (93 loc) · 3.45 KB
/
Copy pathpublish.yml
File metadata and controls
101 lines (93 loc) · 3.45 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
name: Publish to Maven Central
on:
# Manual: publish any version on demand.
workflow_dispatch:
inputs:
version:
description: "Version to publish (e.g. 1.0.0, without the 'v')"
required: true
type: string
ref:
description: "Commit SHA to build & publish from (defaults to the launch commit)"
required: false
default: ''
type: string
release:
description: "Publish and release. Off = upload to the Portal and stop at VALIDATED for manual review."
required: true
type: boolean
default: false
# Chained: invoked by tag-and-release.yml after a release is cut.
workflow_call:
inputs:
version:
description: "Version to publish (e.g. 1.0.0, without the 'v')"
required: true
type: string
ref:
description: "Commit SHA to build & publish from (defaults to the launch commit)"
required: false
default: ''
type: string
release:
description: "Publish and release. Off = upload to the Portal and stop at VALIDATED."
required: false
default: false
type: boolean
jobs:
guard:
name: Require green main.yml for this commit
runs-on: ubuntu-latest
permissions:
actions: read
steps:
- name: Check latest main.yml conclusion
env:
GH_TOKEN: ${{ github.token }}
REPO: ${{ github.repository }}
# Build/guard against the explicit commit when given (chained path);
# otherwise the commit the workflow was launched from.
SHA: ${{ inputs.ref || github.sha }}
run: |
conclusion=$(gh api \
"repos/${REPO}/actions/workflows/main.yml/runs?head_sha=${SHA}&status=completed" \
--jq '.workflow_runs[0].conclusion // "missing"')
echo "main.yml conclusion for ${SHA}: $conclusion"
if [ "$conclusion" != "success" ]; then
echo "::error::main.yml is not green for ${SHA} (got: $conclusion). Run publish from a commit on main whose CI passed."
exit 1
fi
publish:
name: Publish to Maven Central
needs: guard
runs-on: ubuntu-latest
environment:
name: maven-central
url: https://central.sonatype.com/artifact/app.marketdata/marketdata-sdk-java
env:
VERSION: ${{ inputs.version }}
ORG_GRADLE_PROJECT_mavenCentralUsername: ${{ secrets.MAVEN_CENTRAL_USERNAME }}
ORG_GRADLE_PROJECT_mavenCentralPassword: ${{ secrets.MAVEN_CENTRAL_PASSWORD }}
ORG_GRADLE_PROJECT_signingInMemoryKey: ${{ secrets.SIGNING_KEY }}
ORG_GRADLE_PROJECT_signingInMemoryKeyPassword: ${{ secrets.SIGNING_KEY_PASSWORD }}
steps:
- name: Checkout
uses: actions/checkout@v7
with:
# Build from the explicit commit when chained; else the launch commit.
ref: ${{ inputs.ref || github.sha }}
- name: Set up JDK 17
uses: actions/setup-java@v5
with:
distribution: temurin
java-version: "17"
- name: Set up Gradle
uses: gradle/actions/setup-gradle@v4
- name: Build and test
run: ./gradlew clean build -PsdkVersion="$VERSION"
- name: Upload to Portal (validate only)
if: ${{ !inputs.release }}
run: ./gradlew publishToMavenCentral -PsdkVersion="$VERSION"
- name: Publish and release
if: ${{ inputs.release }}
run: ./gradlew publishAndReleaseToMavenCentral -PsdkVersion="$VERSION"