-
Notifications
You must be signed in to change notification settings - Fork 0
151 lines (135 loc) · 5.81 KB
/
release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
name: "Create release and publish packages to Sonatype"
on:
push:
branches:
- main
permissions:
id-token: write
contents: write
jobs:
# First, check if there is a RELEASE.md file in the root of the repository.
# If not, no release will be created and subsequent steps and jobs will be skipped.
check-for-release-file:
runs-on: ubuntu-latest
outputs:
has-release: ${{ steps.check-for-release-file.outputs.has-release }}
steps:
- uses: actions/checkout@v4
- name: Check for RELEASE.md file
id: check-for-release-file
run: |
if [ ! -f ./RELEASE.md ]; then
echo "has-release=false" >> $GITHUB_OUTPUT
echo "No release detected. Exiting."
exit 0
fi
echo "has-release=true" >> $GITHUB_OUTPUT
# Creating a release involves the following two changes:
# - Updating the CHANGELOG.md file with the contents of the RELEASE.md file
# - Bumping the version number in the build.sbt file
# Once these changes are made, they are pushed to the main branch
create-release:
runs-on: ubuntu-latest
outputs:
new-version: ${{ steps.create-release.outputs.new-version }}
needs: check-for-release-file
if: needs.check-for-release-file.outputs.has-release == 'true'
steps:
- uses: actions/checkout@v4
with:
persist-credentials: false
- name: Update CHANGELOG.md and build.sbt
id: create-release
run: |
git fetch --tags
LATEST_TAG=$(git describe --tags $(git rev-list --tags --max-count=1))
python3 .github/scripts/create_release.py ${LATEST_TAG} $(pwd)
VERSION_TAG="$(cat CHANGELOG.md | grep -m1 -o 'v[0-9]\+\.[0-9]\+\.[0-9]\+')"
echo "new-version=${VERSION_TAG:1}" >> $GITHUB_OUTPUT
- name: Generate a token
id: generate-token
uses: actions/create-github-app-token@v1
with:
app-id: 129326 # App ID of the Wellcome Collection app
private-key: ${{ secrets.WELLCOME_COLLECTION_APP_PRIVATE_KEY }}
- name: Configure git
# We need to give the GitHub action full repo privileges so that it can push the release directly into main
run: |
git config --global user.name "GitHub on behalf of Wellcome Collection"
git config --global user.email "[email protected]"
git remote set-url origin https://x-access-token:${{ steps.generate-token.outputs.token }}@github.com/${{ github.repository }}.git
- name: Commit and push changes
run: |
git checkout main
git pull
git add CHANGELOG.md build.sbt
git rm RELEASE.md
NEW_TAG="v${{ steps.create-release.outputs.new-version }}"
git commit -m "$(printf "Release: Bump version to ${NEW_TAG}\n\n[skip ci]")"
git tag ${NEW_TAG}
git push origin main
git push origin --tags
# All sbt projects are published to Sonatype (https://central.sonatype.com/namespace/org.wellcomecollection).
# Publishing involves several steps:
# - Configuring a GPG key so that the packages can be signed
# - Configuring Sonatype credentials
# - Publishing the packages to a local staging repository using the sbt-sonatype plugin
# - Releasing the published bundle to Sonatype
publish:
runs-on: ubuntu-latest
needs: create-release
strategy:
matrix:
service:
- fixtures
- http
- json
- typesafe_app
- monitoring
- monitoring_typesafe
- messaging
- messaging_typesafe
- storage
- storage_typesafe
- elasticsearch
- elasticsearch_typesafe
- sierra
- sierra_typesafe
steps:
- uses: actions/checkout@v4
with:
# Checkout the latest version, which includes the changes pushed by the previous step!
# If we didn't do this, we would be publishing using the previous version tag.
ref: main
- name: Set up GPG
run: |
echo "${{ secrets.BASE64_GPG_KEY }}" | base64 -d > secret-keys.gpg
echo "${{ secrets.GPG_PASSPHRASE }}" | gpg --batch --yes --passphrase-fd 0 --import secret-keys.gpg
rm secret-keys.gpg
- name: Set up Sonatype credentials
run: |
mkdir ~/.sbt
echo "${{ secrets.SONATYPE_CREDENTIALS }}" > ~/.sbt/sonatype.credentials
- name: Setup JDK
uses: actions/setup-java@v3
with:
distribution: temurin
java-version: 17
cache: sbt
- name: Publish to Sonatype
run: |
ARTIFACT_NAME="${{ matrix.service }}_2.12"
NEW_VERSION="${{ needs.create-release.outputs.new-version }}"
# Check if the current version already exists in Sonatype.
SONATYPE_RESPONSE=$(curl -s "https://central.sonatype.com/solrsearch/select?q=g:org.wellcomecollection%20a:$ARTIFACT_NAME%20v:$NEW_VERSION")
ARTIFACT_COUNT=$(echo $SONATYPE_RESPONSE | jq '.response | .numFound')
# To check the status of the deployment in Sonatype, visit https://central.sonatype.com/publishing/deployments.
# (Credentials are stored in AWS Secrets Manager.)
if [[ $ARTIFACT_COUNT -eq 0 ]]; then
echo "Publishing package $ARTIFACT_NAME, version $NEW_VERSION to Sonatype."
PGP_PASSPHRASE=${{ secrets.GPG_PASSPHRASE }} sbt "project ${{ matrix.service }}" publishSigned
# See https://github.com/xerial/sbt-sonatype/issues/518
sbt -Dsun.net.client.defaultReadTimeout=60000 "project ${{ matrix.service }}" sonatypeBundleRelease
else
echo "Package $ARTIFACT_NAME, version $NEW_VERSION already exists in Sonatype. Exiting."
fi