-
Notifications
You must be signed in to change notification settings - Fork 10
107 lines (99 loc) · 3.88 KB
/
deploy-snapshot.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
# Expected secrets
# MAVEN_CENTRAL_USERNAME - Username for Maven Central
# MAVEN_CENTRAL_PASSWORD - Password for Maven Central
# MAVEN_SIGNING_KEY_ASCII - GPG key without a password which has ASCII-armored and then BASE64-encoded
# Note that we sign the snapshot releases with GPG key, too
name: Deploy Snapshot
on:
workflow_dispatch:
push:
branches:
- main
paths-ignore:
- '.github/ISSUE_TEMPLATE/*'
- '.github/PULL_REQUEST_TEMPLATE.md'
- 'LICENSE'
- 'README.md'
- 'docs/**'
concurrency: deploy_snapshot
jobs:
validate_gradle_wrapper:
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: Checkout
timeout-minutes: 1
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
# Gradle Wrapper validation can be flaky
# https://github.com/gradle/wrapper-validation-action/issues/40
- name: Gradle Wrapper Validation
timeout-minutes: 1
uses: gradle/wrapper-validation-action@f9c9c575b8b21b6485636a91ffecd10e558c62f6
check_secrets:
environment: deployment
permissions:
contents: read
runs-on: ubuntu-latest
outputs:
has-secrets: ${{ steps.check_secrets.outputs.defined }}
steps:
- id: check_secrets
env:
MAVEN_CENTRAL_USERNAME: ${{ secrets.MAVEN_CENTRAL_USERNAME }}
MAVEN_CENTRAL_PASSWORD: ${{ secrets.MAVEN_CENTRAL_PASSWORD }}
MAVEN_SIGNING_KEY: ${{ secrets.MAVEN_SIGNING_KEY_ASCII }}
if: "${{ env.MAVEN_CENTRAL_USERNAME != '' && env.MAVEN_CENTRAL_PASSWORD != '' && env.MAVEN_SIGNING_KEY != '' }}"
run: echo "defined=true" >> $GITHUB_OUTPUT
deploy_snapshot:
environment: deployment
needs: [validate_gradle_wrapper, check_secrets]
if: needs.check_secrets.outputs.has-secrets == 'true'
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: Checkout
timeout-minutes: 1
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
- name: Setup
id: setup
timeout-minutes: 50
uses: ./.github/actions/setup
# While not strictly necessary, this sanity checks the build before attempting to upload.
# This adds minimal additional build time, since most of the work is cached and re-used
# in the next step.
- name: Deploy to Maven Local
timeout-minutes: 25
env:
ORG_GRADLE_PROJECT_IS_SNAPSHOT: true
ORG_GRADLE_PROJECT_ZCASH_ASCII_GPG_KEY: ${{ secrets.MAVEN_SIGNING_KEY_ASCII }}
run: |
./gradlew publishReleasePublicationToMavenLocalRepository --no-parallel
# Note that GitHub Actions appears to have issues with environment variables that contain periods,
# so the GPG variables are done as command line arguments instead.
- name: Deploy to Maven Central
timeout-minutes: 8
env:
ORG_GRADLE_PROJECT_ZCASH_MAVEN_PUBLISH_USERNAME: ${{ secrets.MAVEN_CENTRAL_USERNAME }}
ORG_GRADLE_PROJECT_ZCASH_MAVEN_PUBLISH_PASSWORD: ${{ secrets.MAVEN_CENTRAL_PASSWORD }}
ORG_GRADLE_PROJECT_ZCASH_ASCII_GPG_KEY: ${{ secrets.MAVEN_SIGNING_KEY_ASCII }}
ORG_GRADLE_PROJECT_IS_SNAPSHOT: true
run: |
./gradlew publishReleasePublicationToMavenCentralRepository --no-parallel
- name: Collect Artifacts
timeout-minutes: 1
if: ${{ always() }}
env:
ARTIFACTS_DIR_PATH: ${{ format('{0}/artifacts', env.home) }}
BINARIES_ZIP_PATH: ${{ format('{0}/artifacts/snapshot_binaries.zip', env.home) }}
run: |
mkdir ${ARTIFACTS_DIR_PATH}
zip -r ${BINARIES_ZIP_PATH} . -i *build/outputs/*
- name: Upload Artifacts
if: ${{ always() }}
uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a
timeout-minutes: 10
with:
name: Snapshot binaries
path: ~/artifacts