Skip to content
Release

Release #14

Sign in to view logs

Release

Release #14

Workflow file for this run

.github/workflows/release.yml at c56a3c7
name: Release
# Triggered when a GitHub release is published (released).
# Builds, signs, and publishes all artifacts to Maven Central automatically.
# The CLI fat jar is also uploaded to the GitHub release assets.
#
# The project version is derived from the git tag (e.g. v3.0.0 → 3.0.0) and applied to all
# modules in-place via versions:set before building. No pom.xml version commits are needed.
on:
release:
types: [released]
env:
java_version: '17'
java_distribution: 'zulu'
jobs:
release:
runs-on: ubuntu-24.04
permissions:
contents: write
env:
HAS_1PASSWORD: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN != '' && vars.ONE_PASSWORD_SECRET_REFERENCES != '' }}
steps:
- uses: actions/checkout@v5
with:
fetch-depth: 0
# Check out the exact tagged commit so the version is correctly resolved from the tag.
ref: ${{ github.event.release.tag_name }}
- name: Set up JDK ${{ env.java_version }}-${{ env.java_distribution }}
uses: actions/setup-java@v5
with:
java-version: ${{ env.java_version }}
distribution: ${{ env.java_distribution }}
- name: Print Java and Maven versions
run: mvn --version
- name: Cache Maven dependencies
uses: actions/cache@v4
with:
path: ~/.m2/repository
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
restore-keys: |
${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
${{ runner.os }}-maven-
${{ runner.os }}-
- name: Load secrets from 1Password
if: env.HAS_1PASSWORD == 'true'
uses: MobilityData/gtfs-validator/.github/actions/extract-1password-secret@master
with:
OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
VARIABLES_TO_EXTRACT: 'MAVEN_GPG_PASSPHRASE, MAVEN_GPG_PRIVATE_KEY, MAVEN_CENTRAL_PORTAL_TOKEN_USERNAME, MAVEN_CENTRAL_PORTAL_TOKEN_PASSWORD'
ONE_PASSWORD_SECRET_REFERENCES: ${{ vars.ONE_PASSWORD_SECRET_REFERENCES }}
- name: Load secrets from GitHub secrets (fallback for forks without 1Password)
if: env.HAS_1PASSWORD != 'true'
env:
GPG_KEY: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }}
GPG_PASS: ${{ secrets.MAVEN_GPG_PASSPHRASE }}
MVN_USER: ${{ secrets.MAVEN_CENTRAL_PORTAL_TOKEN_USERNAME }}
MVN_PASS: ${{ secrets.MAVEN_CENTRAL_PORTAL_TOKEN_PASSWORD }}
run: |
{
echo "MAVEN_GPG_PASSPHRASE=$GPG_PASS"
echo "MAVEN_GPG_PRIVATE_KEY<<GPG_EOF"
echo "$GPG_KEY"
echo "GPG_EOF"
echo "MAVEN_CENTRAL_PORTAL_TOKEN_USERNAME=$MVN_USER"
echo "MAVEN_CENTRAL_PORTAL_TOKEN_PASSWORD=$MVN_PASS"
} >> "$GITHUB_ENV"
- name: Set release version from tag
run: |
TAG="${{ github.event.release.tag_name }}"
VERSION="${TAG#v}"
echo "Setting version: $VERSION"
mvn --batch-mode -ntp versions:set -DnewVersion="$VERSION" -DprocessAllModules=true -DgenerateBackupPoms=false
- name: Verify version is not placeholder
run: |
VERSION=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)
if [[ "$VERSION" == *"placeholder"* || "$VERSION" == "0.0.0"* ]]; then
echo "ERROR: Version is still '$VERSION' — aborting release."
exit 1
fi
echo "Version OK: $VERSION"
- name: Stage artifacts
run: mvn deploy -Ppublication -Dprettier.skip=true -ntp
- name: Deploy to Maven Central
env:
JRELEASER_GPG_PASSPHRASE: ${{ env.MAVEN_GPG_PASSPHRASE }}
JRELEASER_GPG_SECRET_KEY: ${{ env.MAVEN_GPG_PRIVATE_KEY }}
run: mvn jreleaser:deploy -Djreleaser.output.directory=out -ntp
- name: Upload CLI fat jar to GitHub release
run: |
gh release upload "${{ github.event.release.tag_name }}" \
gbfs-validator-java-cli/target/gbfs-validator-cli.jar \
--clobber
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Upload JReleaser output
if: always()
uses: actions/upload-artifact@v4
with:
name: jreleaser-release-logs
path: out/