[release] Release new version #1545
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
push: | |
branches: | |
- master | |
pull_request: | |
branches: | |
- master | |
schedule: | |
- cron: "0 0 * * 1" | |
permissions: read-all | |
jobs: | |
hotspot-ea: | |
name: HotSpot (EA) | |
runs-on: ubuntu-20.04 | |
needs: [ extended ] | |
continue-on-error: true | |
steps: | |
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 | |
- uses: actions/setup-java@cd89f46ac9d01407894225f350157564c9c7cee2 # v3.12.0 | |
with: | |
java-version: 22-ea | |
distribution: temurin | |
cache: maven | |
- name: Build project | |
run: ./mvnw verify -Pjava21 -Dnet.bytebuddy.experimental | |
continue-on-error: false | |
hotspot-supported: | |
name: Any (supported) | |
strategy: | |
fail-fast: false | |
matrix: | |
os: [ ubuntu-20.04, macos-11, windows-2022 ] | |
java: [ 8, 11, 17, 21 ] | |
runs-on: ${{ matrix.os }} | |
needs: [ extended ] | |
steps: | |
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 | |
- uses: actions/setup-java@cd89f46ac9d01407894225f350157564c9c7cee2 # v3.12.0 | |
with: | |
java-version: ${{ matrix.java }} | |
distribution: temurin | |
architecture: x64 | |
cache: maven | |
- name: Build project | |
run: ./mvnw verify -Pintegration -Pjava${{ matrix.java }} | |
j9-supported: | |
name: Any (supported) | |
strategy: | |
fail-fast: false | |
matrix: | |
os: [ ubuntu-20.04, macos-11, windows-2022 ] | |
java: [ 8, 11 ] | |
runs-on: ${{ matrix.os }} | |
needs: [ extended ] | |
steps: | |
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 | |
- uses: actions/setup-java@cd89f46ac9d01407894225f350157564c9c7cee2 # v3.12.0 | |
with: | |
java-version: ${{ matrix.java }} | |
distribution: adopt-openj9 | |
architecture: x64 | |
cache: maven | |
- name: Build project | |
run: ./mvnw verify -Pintegration -Pjava${{ matrix.java }} | |
hotspot-unsupported: | |
name: HotSpot (unsupported) | |
strategy: | |
fail-fast: false | |
matrix: | |
java: [ 9, 10, 12, 13, 14, 15, 16, 18, 19, 20 ] | |
runs-on: ubuntu-20.04 | |
needs: [ extended ] | |
steps: | |
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 | |
- uses: actions/setup-java@cd89f46ac9d01407894225f350157564c9c7cee2 # v3.12.0 | |
with: | |
java-version: ${{ matrix.java }} | |
distribution: zulu | |
architecture: x64 | |
cache: maven | |
- name: Build project | |
run: ./mvnw verify -Pintegration -Pjava${{ matrix.java }} | |
hotspot-32: | |
name: HotSpot (32 bit) | |
strategy: | |
fail-fast: false | |
matrix: | |
os: [ ubuntu-20.04, windows-2022 ] | |
java: [ 8 ] | |
runs-on: ${{ matrix.os }} | |
needs: [ extended ] | |
steps: | |
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 | |
- uses: actions/setup-java@cd89f46ac9d01407894225f350157564c9c7cee2 # v3.12.0 | |
with: | |
java-version: ${{ matrix.java }} | |
distribution: zulu | |
architecture: x86 | |
cache: maven | |
- name: Build project | |
run: ./mvnw verify -Pintegration -Pjava${{ matrix.java }} | |
hotspot-legacy: | |
name: HotSpot (legacy) | |
strategy: | |
fail-fast: false | |
matrix: | |
java: [ 6, 7 ] | |
runs-on: ubuntu-20.04 | |
needs: [ extended ] | |
steps: | |
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 | |
- uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1 | |
with: | |
path: ~/.m2/repository | |
key: ${{ runner.os }}-legacy-maven-${{ hashFiles('**/pom.xml') }} | |
restore-keys: ${{ runner.os }}-legacy-maven- | |
- uses: actions/setup-java@cd89f46ac9d01407894225f350157564c9c7cee2 # v3.12.0 | |
with: | |
java-version: ${{ matrix.java }} | |
distribution: zulu | |
architecture: x64 | |
- name: Build project | |
run: ./mvnw -s .mvn/nossl.settings.xml verify -Pintegration -Pjava${{ matrix.java }} | |
extended: | |
name: Extended build | |
runs-on: ubuntu-20.04 | |
if: github.event_name == 'push' | |
steps: | |
- uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 # V2.5.0 | |
with: | |
egress-policy: block | |
disable-telemetry: true | |
allowed-endpoints: > | |
github.com:443 | |
raw.githubusercontent.com:443 | |
artifactcache.actions.githubusercontent.com:443 | |
blob.core.windows.net:443 | |
repo.maven.apache.org:443 | |
coveralls.io:443 | |
javadoc.io:443 | |
docs.oracle.com:443 | |
docs.gradle.org:443 | |
plugins.gradle.org:443 | |
services.gradle.org:443 | |
downloads.gradle-dn.com:443 | |
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 | |
- uses: actions/setup-java@cd89f46ac9d01407894225f350157564c9c7cee2 # v3.12.0 | |
with: | |
java-version: 8 | |
distribution: temurin | |
architecture: x64 | |
cache: maven | |
- name: Build project | |
run: ./mvnw jacoco:prepare-agent verify jacoco:report coveralls:report -DrepoToken=${{ secrets.coveralls }} -Pextras -Pchecks -Panalysis -Pintegration -Pchecksum-enforce | |
release: | |
name: Release new version | |
runs-on: ubuntu-20.04 | |
needs: [ extended, hotspot-ea, hotspot-supported, j9-supported, hotspot-unsupported, hotspot-32, hotspot-legacy ] | |
if: github.event_name == 'push' && startsWith(github.event.head_commit.message, '[release]') | |
permissions: | |
contents: write | |
steps: | |
- uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 # V2.5.0 | |
with: | |
egress-policy: audit # servers have changed, must be adjusted after next release | |
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 | |
- uses: actions/setup-java@cd89f46ac9d01407894225f350157564c9c7cee2 # v3.12.0 | |
with: | |
java-version: 8 | |
distribution: temurin | |
architecture: x64 | |
gpg-private-key: ${{ secrets.gpg_secret }} | |
- name: Publish new version | |
run: | | |
git config user.name "${{ github.event.head_commit.committer.name }}" | |
git config user.email "${{ github.event.head_commit.committer.email }}" | |
./mvnw -B -s .mvn/release.settings.xml release:prepare release:perform -Drepository.url=https://${{ github.actor }}:${{ secrets.github_token }}@github.com/${{ github.repository }}.git -Dcentral.username=raphw -Dcentral.password=${{ secrets.central_password }} -Dgpg.passphrase=${{ secrets.gpg_passphrase }} -Dgpg.keyname=B4AC8CDC141AF0AE468D16921DA784CCB5C46DD5 -Dgradle.key=${{ secrets.gradle_key }} -Dgradle.secret=${{ secrets.gradle_secret }} -Pchecksum-enforce |