Skip to content
Release Artifacts

release-2.61.0 (#2417) #53

Sign in to view logs

release-2.61.0 (#2417)

release-2.61.0 (#2417) #53

Workflow file for this run

.github/workflows/release-artifacts.yml at 0ea757f
# SPDX-License-Identifier: Apache-2.0
name: Release Artifacts
on:
push:
tags:
- "v*.*.*"
workflow_dispatch:
inputs:
version:
type: string
description: Test Version String (No release to Maven Central)
required: true
defaults:
run:
shell: bash
permissions:
contents: read
packages: write
env:
LC_ALL: C.UTF-8
GRADLE_CACHE_USERNAME: ${{ secrets.GRADLE_CACHE_USERNAME }}
GRADLE_CACHE_PASSWORD: ${{ secrets.GRADLE_CACHE_PASSWORD }}
jobs:
validate-release:
name: Validate Release
runs-on: hiero-client-sdk-linux-medium
steps:
- name: Harden Runner
uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
with:
egress-policy: audit
- name: Checkout Code
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Retrieve Tag Version
if: ${{ github.event_name == 'push' }}
id: tag
run: echo "version=${GITHUB_REF#refs/tags/v}" >> "${GITHUB_OUTPUT}"
- name: Retrieve Tag Version (workflow_dispatch)
if: ${{ github.event_name == 'workflow_dispatch' }}
id: workflow_tag
run: echo "version=${{github.event.inputs.version}}" >> "${GITHUB_OUTPUT}"
- name: Setup Java
uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
with:
distribution: temurin
java-version: "21.0.6"
- name: Setup Gradle
uses: gradle/actions/setup-gradle@ac638b010cf58a27ee6c972d7336334ccaf61c96 # v4.4.1
with:
cache-read-only: false
- name: Determine Project Version
id: project
run: echo "version=$(./gradlew -q showVersion | tr -d '[:space:]')" >> "${GITHUB_OUTPUT}"
- name: Validate Release
if: ${{ github.event_name == 'push' }}
run: |
if [[ "${{ steps.tag.outputs.version }}" != "${{ steps.project.outputs.version }}" ]]; then
echo "::error file=version.txt,line=0,title=Version Mismatch::Tag version '${{ steps.tag.outputs.version }}' does not match the Gradle project version '${{ steps.project.outputs.version }}'. Please update the 'version.txt' file before tagging."
exit 1
fi
maven-central:
name: Publish to Maven Central
runs-on: hiero-client-sdk-linux-medium
needs:
# This needs clause exists solely to provide a dependency on the previous step. This publish step will not occur
# until the validate-release step completes successfully.
- validate-release
steps:
- name: Harden Runner
uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
with:
egress-policy: audit
- name: Checkout Code
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Install GnuPG Tools
run: |
if ! command -v gpg2 >/dev/null 2>&1; then
echo "::group::Updating APT Repository Indices"
sudo apt update
echo "::endgroup::"
echo "::group::Installing GnuPG Tools"
sudo apt install -y gnupg2
echo "::endgroup::"
fi
- name: Import GPG key
id: gpg_key
uses: step-security/ghaction-import-gpg@c86c374c0659a6c2d1284bccf8af889e73ce8fe0 # v6.3.0
with:
gpg_private_key: ${{ secrets.GPG_KEY_CONTENTS }}
passphrase: ${{ secrets.GPG_KEY_PASSPHRASE }}
git_config_global: true
git_user_signingkey: true
git_commit_gpgsign: true
git_tag_gpgsign: true
- name: Setup Java
uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
with:
distribution: temurin
java-version: "21.0.6"
- name: Setup Gradle
uses: gradle/actions/setup-gradle@ac638b010cf58a27ee6c972d7336334ccaf61c96 # v4.4.1
with:
cache-read-only: false
- name: Compile SDK & Javadoc
run: ./gradlew assemble
- name: Nexus Release
if: ${{ github.event_name == 'push' }}
env:
NEXUS_USERNAME: ${{ secrets.CENTRAL_PUBLISHING_USERNAME }}
NEXUS_PASSWORD: ${{ secrets.CENTRAL_PUBLISHING_PASSWORD }}
run: ./gradlew publishAggregationToCentralPortal -PpublishSigningEnabled=true