diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 3397cac4..1176498a 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,9 +1,11 @@ name: "Create release and publish packages to Sonatype" -on: - push: - branches: - - main +on: push + +#on: +# push: +# branches: +# - main permissions: id-token: write @@ -45,13 +47,21 @@ jobs: git fetch --tags LATEST_TAG=$(git describe --tags $(git rev-list --tags --max-count=1)) python3 .github/scripts/create_release.py ${LATEST_TAG} $(pwd) + + - name: Generate a token + id: generate-token + uses: actions/create-github-app-token@v1 + with: + app-id: 129326 # App ID of the Wellcome Collection app + private-key: ${{ secrets.WELLCOME_COLLECTION_APP_PRIVATE_KEY }} + - name: Configure git # We need to give the GitHub action full repo privileges via a PAT so that it can push the release directly into main run: | git config --global user.name "GitHub on behalf of Wellcome Collection" git config --global user.email "wellcomedigitalplatform@wellcome.ac.uk" - git remote set-url origin https://x-access-token:${{ secrets.FULL_REPO_PRIVILEGES_PAT }}@github.com/${{ github.repository }}.git + git remote set-url origin https://x-access-token:${{ steps.generate-token.outputs.token }}@github.com/${{ github.repository }}.git - name: Commit and push changes run: | @@ -74,47 +84,47 @@ jobs: # - Configuring Sonatype credentials # - Publishing the packages to a local staging repository using the sbt-sonatype plugin # - Releasing the published bundle to Sonatype - publish: - runs-on: ubuntu-latest - needs: create-release - strategy: - matrix: - service: - - fixtures - - http - - json - - typesafe_app - - monitoring - - monitoring_typesafe - - messaging - - messaging_typesafe - - storage - - storage_typesafe - - elasticsearch - - elasticsearch_typesafe - - sierra - steps: - - uses: actions/checkout@v4 - with: - # Checkout the latest version, which includes the changes pushed by the previous step! - # If we didn't do this, we would be publishing using the previous version tag. - ref: main - - name: Set up GPG - run: | - echo "${{ secrets.BASE64_GPG_KEY }}" | base64 -d > secret-keys.gpg - echo "${{ secrets.GPG_PASSPHRASE }}" | gpg --batch --yes --passphrase-fd 0 --import secret-keys.gpg - rm secret-keys.gpg - - name: Set up Sonatype credentials - run: | - mkdir ~/.sbt - echo "${{ secrets.SONATYPE_CREDENTIALS }}" > ~/.sbt/sonatype.credentials - - name: Setup JDK - uses: actions/setup-java@v3 - with: - distribution: temurin - java-version: 17 - cache: sbt - - name: Publish to Sonatype - run: | - PGP_PASSPHRASE=${{ secrets.GPG_PASSPHRASE }} sbt "project ${{ matrix.service }}" publishSigned - sbt "project ${{ matrix.service }}" sonatypeBundleRelease +# publish: +# runs-on: ubuntu-latest +# needs: create-release +# strategy: +# matrix: +# service: +# - fixtures +# - http +# - json +# - typesafe_app +# - monitoring +# - monitoring_typesafe +# - messaging +# - messaging_typesafe +# - storage +# - storage_typesafe +# - elasticsearch +# - elasticsearch_typesafe +# - sierra +# steps: +# - uses: actions/checkout@v4 +# with: +# # Checkout the latest version, which includes the changes pushed by the previous step! +# # If we didn't do this, we would be publishing using the previous version tag. +# ref: main +# - name: Set up GPG +# run: | +# echo "${{ secrets.BASE64_GPG_KEY }}" | base64 -d > secret-keys.gpg +# echo "${{ secrets.GPG_PASSPHRASE }}" | gpg --batch --yes --passphrase-fd 0 --import secret-keys.gpg +# rm secret-keys.gpg +# - name: Set up Sonatype credentials +# run: | +# mkdir ~/.sbt +# echo "${{ secrets.SONATYPE_CREDENTIALS }}" > ~/.sbt/sonatype.credentials +# - name: Setup JDK +# uses: actions/setup-java@v3 +# with: +# distribution: temurin +# java-version: 17 +# cache: sbt +# - name: Publish to Sonatype +# run: | +# PGP_PASSPHRASE=${{ secrets.GPG_PASSPHRASE }} sbt "project ${{ matrix.service }}" publishSigned +# sbt "project ${{ matrix.service }}" sonatypeBundleRelease