Skip to content

Testing #5780

Testing #5780 #105

Workflow file for this run

name: "Create release and publish packages to Sonatype"
on: push
#on:
# push:
# branches:
# - main
permissions:
id-token: write
contents: write
jobs:
# First, check if there is a RELEASE.md file in the root of the repository.
# If not, no release will be created and subsequent steps and jobs will be skipped.
check-for-release-file:
runs-on: ubuntu-latest
outputs:
has-release: ${{ steps.check-for-release-file.outputs.has-release }}
steps:
- uses: actions/checkout@v4
- name: Check for RELEASE.md file
id: check-for-release-file
run: |
if [ ! -f ./RELEASE.md ]; then
echo "has-release=false" >> $GITHUB_OUTPUT
echo "No release detected. Exiting."
exit 0
fi
echo "has-release=true" >> $GITHUB_OUTPUT
# Creating a release involves the following two changes:
# - Updating the CHANGELOG.md file with the contents of the RELEASE.md file
# - Bumping the version number in the build.sbt file
# Once these changes are made, they are pushed to the main branch
create-release:
runs-on: ubuntu-latest
needs: check-for-release-file
if: needs.check-for-release-file.outputs.has-release == 'true'
steps:
- uses: actions/checkout@v4
with:
persist-credentials: false
- name: Update CHANGELOG.md and build.sbt
id: create-release
run: |
git fetch --tags
LATEST_TAG=$(git describe --tags $(git rev-list --tags --max-count=1))
python3 .github/scripts/create_release.py ${LATEST_TAG} $(pwd)
- name: Generate a token
id: generate-token
uses: actions/create-github-app-token@v1
with:
app-id: 129326 # App ID of the Wellcome Collection app
private-key: ${{ secrets.WELLCOME_COLLECTION_APP_PRIVATE_KEY }}
- name: Configure git
# We need to give the GitHub action full repo privileges so that it can push the release directly into main
run: |
git config --global user.name "GitHub on behalf of Wellcome Collection"
git config --global user.email "[email protected]"
git remote set-url origin https://x-access-token:${{ steps.generate-token.outputs.token }}@github.com/${{ github.repository }}.git
#
# - name: Commit and push changes
# run: |
# git checkout main
# git pull
#
# git add CHANGELOG.md build.sbt
# git rm RELEASE.md
#
# NEW_TAG="$(cat CHANGELOG.md | grep -m1 -o 'v[0-9]\+\.[0-9]\+\.[0-9]\+')"
# git commit -m "$(printf "Release: Bump version to ${NEW_TAG}\n\n[skip ci]")"
# git tag ${NEW_TAG}
#
# git push origin main
# git push origin --tags
# All sbt projects are published to Sonatype (https://central.sonatype.com/namespace/org.wellcomecollection).
# Publishing involves several steps:
# - Configuring a GPG key so that the packages can be signed
# - Configuring Sonatype credentials
# - Publishing the packages to a local staging repository using the sbt-sonatype plugin
# - Releasing the published bundle to Sonatype
publish:
runs-on: ubuntu-latest
needs: create-release
strategy:
matrix:
service:
- fixtures
- http
- json
- typesafe_app
- monitoring
- monitoring_typesafe
- messaging
- messaging_typesafe
- storage
- storage_typesafe
- elasticsearch
- elasticsearch_typesafe
- sierra
steps:
- uses: actions/checkout@v4
with:
# Checkout the latest version, which includes the changes pushed by the previous step!
# If we didn't do this, we would be publishing using the previous version tag.
ref: main
- name: Set up GPG
run: |
echo "${{ secrets.BASE64_GPG_KEY }}" | base64 -d > secret-keys.gpg
echo "${{ secrets.GPG_PASSPHRASE }}" | gpg --batch --yes --passphrase-fd 0 --import secret-keys.gpg
rm secret-keys.gpg
- name: Set up Sonatype credentials
run: |
mkdir ~/.sbt
echo "${{ secrets.SONATYPE_CREDENTIALS }}" > ~/.sbt/sonatype.credentials
- name: Setup JDK
uses: actions/setup-java@v3
with:
distribution: temurin
java-version: 17
cache: sbt
- name: Publish to Sonatype
run: |
ARTIFACT_NAME="http_2.12"
NEW_VERSION=$(sbt "project http" -Dsbt.supershell=false -error "print version" | tr -d "\n")
SONATYPE_RESPONSE=$(curl -s "https://central.sonatype.com/solrsearch/select?q=g:org.wellcomecollection%20a:$ARTIFACT_NAME%20v:$NEW_VERSION")