Skip to content

release: v2.40.0 (#2001) #26

release: v2.40.0 (#2001)

release: v2.40.0 (#2001) #26

name: Release Artifacts
on:
push:
tags:
- 'v*.*.*'
workflow_dispatch:
inputs:
version:
type: string
description: Test Version String (No release to Maven Central)
required: true
defaults:
run:
shell: bash
permissions:
contents: read
packages: write
env:
LC_ALL: C.UTF-8
GRADLE_CACHE_USERNAME: ${{ secrets.GRADLE_CACHE_USERNAME }}
GRADLE_CACHE_PASSWORD: ${{ secrets.GRADLE_CACHE_PASSWORD }}
jobs:
validate-release:
name: Validate Release
runs-on: client-sdk-linux-medium
steps:
- name: Harden Runner
uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1
with:
egress-policy: audit
- name: Checkout Code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Retrieve Tag Version
if: ${{ github.event_name == 'push' }}
id: tag
run: echo "version=${GITHUB_REF#refs/tags/v}" >> "${GITHUB_OUTPUT}"
- name: Retrieve Tag Version (workflow_dispatch)
if: ${{ github.event_name == 'workflow_dispatch' }}
id: workflow_tag
run: echo "version=${{github.event.inputs.version}}" >> "${GITHUB_OUTPUT}"
- name: Setup Java
uses: actions/setup-java@6a0805fcefea3d4657a47ac4c165951e33482018 # v4.2.2
with:
distribution: temurin
java-version: 17
- name: Setup Gradle
uses: gradle/actions/setup-gradle@16bf8bc8fe830fa669c3c9f914d3eb147c629707 # v4
with:
cache-read-only: false
- name: Determine Project Version
id: project
run: echo "version=$(./gradlew -q showVersion | tr -d '[:space:]')" >> "${GITHUB_OUTPUT}"
- name: Validate Release
if: ${{ github.event_name == 'push' }}
run: |
if [[ "${{ steps.tag.outputs.version }}" != "${{ steps.project.outputs.version }}" ]]; then
echo "::error file=version.txt,line=0,title=Version Mismatch::Tag version '${{ steps.tag.outputs.version }}' does not match the Gradle project version '${{ steps.project.outputs.version }}'. Please update the 'version.txt' file before tagging."
exit 1
fi
maven-central:
name: Publish to Maven Central
runs-on: client-sdk-linux-medium
needs:
# This needs clause exists solely to provide a dependency on the previous step. This publish step will not occur
# until the validate-release step completes successfully.
- validate-release
steps:
- name: Harden Runner
uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1
with:
egress-policy: audit
- name: Checkout Code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Install GnuPG Tools
run: |
if ! command -v gpg2 >/dev/null 2>&1; then
echo "::group::Updating APT Repository Indices"
sudo apt update
echo "::endgroup::"
echo "::group::Installing GnuPG Tools"
sudo apt install -y gnupg2
echo "::endgroup::"
fi
- name: Import GPG key
id: gpg_key
uses: step-security/ghaction-import-gpg@6c8fe4d0126a59d57c21f87c9ae5dd3451fa3cca # v6.1.0
with:
gpg_private_key: ${{ secrets.GPG_KEY_CONTENTS }}
passphrase: ${{ secrets.GPG_KEY_PASSPHRASE }}
git_config_global: true
git_user_signingkey: true
git_commit_gpgsign: true
git_tag_gpgsign: true
- name: Setup Java
uses: actions/setup-java@6a0805fcefea3d4657a47ac4c165951e33482018 # v4.2.2
with:
distribution: temurin
java-version: 17
- name: Setup Gradle
uses: gradle/actions/setup-gradle@16bf8bc8fe830fa669c3c9f914d3eb147c629707 # v4
with:
cache-read-only: false
- name: Compile SDK & Javadoc
run: ./gradlew assemble :sdk:javadoc --scan
- name: Nexus Release
if: ${{ github.event_name == 'push' }}
run: ./gradlew closeAndReleaseSonatypeStagingRepository --no-configuration-cache --scan -PsonatypeUsername=${{ secrets.SONATYPE_USERNAME }} -PsonatypePassword=${{ secrets.SONATYPE_PASSWORD }}