Release Thin JAR #25
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release Thin JAR | |
| on: | |
| workflow_run: | |
| workflows: ["Release"] | |
| types: | |
| - completed | |
| workflow_dispatch: | |
| inputs: | |
| tag: | |
| description: 'Tag to release (e.g., v3.0.5)' | |
| required: true | |
| type: string | |
| jobs: | |
| publish-thin: | |
| # Only run if main JAR workflow succeeded or manual trigger | |
| if: | | |
| github.event_name == 'workflow_dispatch' || | |
| (github.event_name == 'workflow_run' && github.event.workflow_run.conclusion == 'success') | |
| runs-on: | |
| group: databricks-protected-runner-group | |
| labels: linux-ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| # If manual trigger: use input tag, else use the SHA from the completed workflow run | |
| ref: ${{ github.event_name == 'workflow_dispatch' && format('refs/tags/{0}', inputs.tag) || github.event.workflow_run.head_sha }} | |
| fetch-tags: true | |
| fetch-depth: 0 | |
| - name: Set up Java for publishing to Maven Central Repository | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: 11 | |
| distribution: "adopt" | |
| server-id: central | |
| server-username: MAVEN_CENTRAL_USERNAME | |
| server-password: MAVEN_CENTRAL_PASSWORD | |
| gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }} | |
| gpg-passphrase: GPG_PASSPHRASE | |
| - name: Configure GPG | |
| run: | | |
| echo "allow-loopback-pinentry" >> ~/.gnupg/gpg-agent.conf | |
| echo "pinentry-mode loopback" >> ~/.gnupg/gpg.conf | |
| gpg-connect-agent reloadagent /bye | |
| - name: Build thin JAR with sources and javadocs | |
| run: | | |
| # Build main artifacts including sources and javadocs | |
| mvn -B -DskipTests package source:jar javadoc:jar | |
| - name: Sign all thin JAR artifacts | |
| run: | | |
| VERSION=$(grep -m1 '<version>' pom.xml | sed 's/.*<version>\(.*\)<\/version>.*/\1/') | |
| # Sign thin JAR | |
| echo "$GPG_PASSPHRASE" | gpg --batch --yes --passphrase-fd 0 --pinentry-mode loopback \ | |
| --armor --detach-sign "target/databricks-jdbc-${VERSION}-thin.jar" | |
| # Sign sources JAR | |
| echo "$GPG_PASSPHRASE" | gpg --batch --yes --passphrase-fd 0 --pinentry-mode loopback \ | |
| --armor --detach-sign "target/databricks-jdbc-${VERSION}-sources.jar" | |
| # Sign javadoc JAR | |
| echo "$GPG_PASSPHRASE" | gpg --batch --yes --passphrase-fd 0 --pinentry-mode loopback \ | |
| --armor --detach-sign "target/databricks-jdbc-${VERSION}-javadoc.jar" | |
| env: | |
| GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} | |
| - name: Verify all required artifacts exist | |
| run: | | |
| VERSION=$(grep -m1 '<version>' pom.xml | sed 's/.*<version>\(.*\)<\/version>.*/\1/') | |
| test -f "target/databricks-jdbc-${VERSION}-thin.jar" | |
| test -f "target/databricks-jdbc-${VERSION}-thin.jar.asc" | |
| test -f "target/databricks-jdbc-${VERSION}-sources.jar" | |
| test -f "target/databricks-jdbc-${VERSION}-sources.jar.asc" | |
| test -f "target/databricks-jdbc-${VERSION}-javadoc.jar" | |
| test -f "target/databricks-jdbc-${VERSION}-javadoc.jar.asc" | |
| - name: Publish Thin JAR as Separate Artifact to Maven Central | |
| run: | | |
| VERSION=$(grep -m1 '<version>' pom.xml | sed 's/.*<version>\(.*\)<\/version>.*/\1/') | |
| echo "Creating deployment bundle for thin JAR..." | |
| # Create staging directory | |
| mkdir -p target/thin-staging/com/databricks/databricks-jdbc-thin/${VERSION} | |
| # Copy thin JAR and its signature | |
| cp "target/databricks-jdbc-${VERSION}-thin.jar" \ | |
| target/thin-staging/com/databricks/databricks-jdbc-thin/${VERSION}/databricks-jdbc-thin-${VERSION}.jar | |
| cp "target/databricks-jdbc-${VERSION}-thin.jar.asc" \ | |
| target/thin-staging/com/databricks/databricks-jdbc-thin/${VERSION}/databricks-jdbc-thin-${VERSION}.jar.asc | |
| # Copy sources JAR and its signature | |
| cp "target/databricks-jdbc-${VERSION}-sources.jar" \ | |
| target/thin-staging/com/databricks/databricks-jdbc-thin/${VERSION}/databricks-jdbc-thin-${VERSION}-sources.jar | |
| cp "target/databricks-jdbc-${VERSION}-sources.jar.asc" \ | |
| target/thin-staging/com/databricks/databricks-jdbc-thin/${VERSION}/databricks-jdbc-thin-${VERSION}-sources.jar.asc | |
| # Copy javadoc JAR and its signature | |
| cp "target/databricks-jdbc-${VERSION}-javadoc.jar" \ | |
| target/thin-staging/com/databricks/databricks-jdbc-thin/${VERSION}/databricks-jdbc-thin-${VERSION}-javadoc.jar | |
| cp "target/databricks-jdbc-${VERSION}-javadoc.jar.asc" \ | |
| target/thin-staging/com/databricks/databricks-jdbc-thin/${VERSION}/databricks-jdbc-thin-${VERSION}-javadoc.jar.asc | |
| # Copy POM and sign it | |
| cp thin_public_pom.xml target/thin-staging/com/databricks/databricks-jdbc-thin/${VERSION}/databricks-jdbc-thin-${VERSION}.pom | |
| echo "$GPG_PASSPHRASE" | gpg --batch --yes --passphrase-fd 0 --pinentry-mode loopback \ | |
| --armor --detach-sign \ | |
| target/thin-staging/com/databricks/databricks-jdbc-thin/${VERSION}/databricks-jdbc-thin-${VERSION}.pom | |
| # Generate checksums for all files | |
| cd target/thin-staging/com/databricks/databricks-jdbc-thin/${VERSION} | |
| for file in databricks-jdbc-thin-*; do | |
| md5sum "$file" | awk '{print $1}' > "${file}.md5" | |
| sha1sum "$file" | awk '{print $1}' > "${file}.sha1" | |
| done | |
| cd $GITHUB_WORKSPACE | |
| # Create bundle ZIP | |
| cd target/thin-staging | |
| zip -r ../central-thin-bundle.zip com/ | |
| cd $GITHUB_WORKSPACE | |
| echo "Uploading bundle to Maven Central Portal..." | |
| # Upload to new Maven Central Portal | |
| curl -X POST \ | |
| -u "$MAVEN_CENTRAL_USERNAME:$MAVEN_CENTRAL_PASSWORD" \ | |
| -F "bundle=@target/central-thin-bundle.zip" \ | |
| -F "publishingType=AUTOMATIC" \ | |
| -w "\nHTTP_STATUS:%{http_code}\n" \ | |
| https://central.sonatype.com/api/v1/publisher/upload | |
| echo "Thin JAR published successfully!" | |
| env: | |
| GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} | |
| MAVEN_CENTRAL_USERNAME: ${{ secrets.MAVEN_CENTRAL_USERNAME }} | |
| MAVEN_CENTRAL_PASSWORD: ${{ secrets.MAVEN_CENTRAL_PASSWORD }} | |
| - name: Get tag name from commit | |
| id: get_tag | |
| run: | | |
| if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then | |
| # For manual trigger, use the input tag directly | |
| TAG="${{ inputs.tag }}" | |
| else | |
| # For workflow_run, find the tag pointing to the current commit | |
| TAG=$(git tag --points-at HEAD | grep "^v" | head -1) | |
| if [ -z "$TAG" ]; then | |
| echo "Error: No tag found for current commit" | |
| exit 1 | |
| fi | |
| fi | |
| echo "tag=$TAG" >> $GITHUB_OUTPUT | |
| echo "Found tag: $TAG" | |
| - name: Verify main release exists | |
| if: github.event_name == 'workflow_run' | |
| run: | | |
| echo "Verifying main release exists for ${{ steps.get_tag.outputs.tag }}" | |
| gh release view "${{ steps.get_tag.outputs.tag }}" || { | |
| echo "Error: Main release not found for tag ${{ steps.get_tag.outputs.tag }}" | |
| exit 1 | |
| } | |
| env: | |
| GH_TOKEN: ${{ github.token }} | |
| - name: Upload Thin JAR to GitHub Release | |
| uses: softprops/action-gh-release@v1 | |
| with: | |
| tag_name: ${{ steps.get_tag.outputs.tag }} | |
| files: | | |
| target/*-thin.jar | |