Skip to content

[#1394] Release 2.2.0 (#1563) #449

[#1394] Release 2.2.0 (#1563)

[#1394] Release 2.2.0 (#1563) #449

# Expected secrets
# MAVEN_CENTRAL_USERNAME - Username for Maven Central
# MAVEN_CENTRAL_PASSWORD - Password for Maven Central
# MAVEN_SIGNING_KEY_ASCII - GPG key without a password which has ASCII-armored and then BASE64-encoded
# Note that we sign the snapshot releases with GPG key, too
name: Deploy Snapshot
on:
workflow_dispatch:
push:
branches:
- main
paths-ignore:
- '.github/ISSUE_TEMPLATE/*'
- '.github/PULL_REQUEST_TEMPLATE.md'
- 'LICENSE'
- 'README.md'
- 'docs/**'
concurrency: deploy_snapshot
jobs:
validate_gradle_wrapper:
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: Checkout
timeout-minutes: 1
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
# Gradle Wrapper validation can be flaky
# https://github.com/gradle/wrapper-validation-action/issues/40
- name: Gradle Wrapper Validation
timeout-minutes: 1
uses: gradle/wrapper-validation-action@f9c9c575b8b21b6485636a91ffecd10e558c62f6
check_secrets:
environment: deployment
permissions:
contents: read
runs-on: ubuntu-latest
outputs:
has-secrets: ${{ steps.check_secrets.outputs.defined }}
steps:
- id: check_secrets
env:
MAVEN_CENTRAL_USERNAME: ${{ secrets.MAVEN_CENTRAL_USERNAME }}
MAVEN_CENTRAL_PASSWORD: ${{ secrets.MAVEN_CENTRAL_PASSWORD }}
MAVEN_SIGNING_KEY: ${{ secrets.MAVEN_SIGNING_KEY_ASCII }}
if: "${{ env.MAVEN_CENTRAL_USERNAME != '' && env.MAVEN_CENTRAL_PASSWORD != '' && env.MAVEN_SIGNING_KEY != '' }}"
run: echo "defined=true" >> $GITHUB_OUTPUT
deploy_snapshot:
environment: deployment
needs: [validate_gradle_wrapper, check_secrets]
if: needs.check_secrets.outputs.has-secrets == 'true'
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: Checkout
timeout-minutes: 1
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
- name: Setup
id: setup
timeout-minutes: 50
uses: ./.github/actions/setup
# While not strictly necessary, this sanity checks the build before attempting to upload.
# This adds minimal additional build time, since most of the work is cached and re-used
# in the next step.
- name: Deploy to Maven Local
timeout-minutes: 25
env:
ORG_GRADLE_PROJECT_IS_SNAPSHOT: true
ORG_GRADLE_PROJECT_ZCASH_ASCII_GPG_KEY: ${{ secrets.MAVEN_SIGNING_KEY_ASCII }}
run: |
./gradlew publishReleasePublicationToMavenLocalRepository --no-parallel
# Note that GitHub Actions appears to have issues with environment variables that contain periods,
# so the GPG variables are done as command line arguments instead.
- name: Deploy to Maven Central
timeout-minutes: 8
env:
ORG_GRADLE_PROJECT_ZCASH_MAVEN_PUBLISH_USERNAME: ${{ secrets.MAVEN_CENTRAL_USERNAME }}
ORG_GRADLE_PROJECT_ZCASH_MAVEN_PUBLISH_PASSWORD: ${{ secrets.MAVEN_CENTRAL_PASSWORD }}
ORG_GRADLE_PROJECT_ZCASH_ASCII_GPG_KEY: ${{ secrets.MAVEN_SIGNING_KEY_ASCII }}
ORG_GRADLE_PROJECT_IS_SNAPSHOT: true
run: |
./gradlew publishReleasePublicationToMavenCentralRepository --no-parallel
- name: Collect Artifacts
timeout-minutes: 1
if: ${{ always() }}
env:
ARTIFACTS_DIR_PATH: ${{ format('{0}/artifacts', env.home) }}
BINARIES_ZIP_PATH: ${{ format('{0}/artifacts/snapshot_binaries.zip', env.home) }}
run: |
mkdir ${ARTIFACTS_DIR_PATH}
zip -r ${BINARIES_ZIP_PATH} . -i *build/outputs/*
- name: Upload Artifacts
if: ${{ always() }}
uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a
timeout-minutes: 10
with:
name: Snapshot binaries
path: ~/artifacts