chore(deps): update all non-major dependencies (#150) #95
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build & Release | |
on: | |
workflow_dispatch: | |
push: | |
branches: | |
- main | |
- next | |
paths: | |
- '**/src/**' | |
- '**/pom.xml' | |
- 'pom.xml' | |
concurrency: | |
group: ci-main | |
permissions: | |
contents: read | |
jobs: | |
build: | |
name: Build & Release | |
runs-on: ubuntu-latest | |
permissions: | |
# used by cycjimmy/semantic-release-action | |
contents: write | |
issues: write | |
pull-requests: write | |
packages: write | |
# used by aws-actions/configure-aws-credentials | |
id-token: write | |
outputs: | |
new-release-published: ${{ steps.semantic-release.outputs.new_release_published }} | |
new-release-version: ${{ steps.semantic-release.outputs.new_release_version }} | |
steps: | |
- uses: actions/checkout@v4.1.3 | |
with: | |
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis | |
- name: Set up JDK 11 | |
uses: actions/setup-java@v4.2.1 | |
with: | |
java-version: '11' | |
distribution: 'temurin' | |
cache: 'maven' | |
- name: Setup Node 20 | |
uses: actions/setup-node@v4.0.2 | |
with: | |
node-version: 20 | |
cache: 'yarn' | |
cache-dependency-path: integration-tests/infrastructure/yarn.lock | |
- name: Setup Terraform | |
uses: hashicorp/setup-terraform@v3.0.0 | |
with: | |
terraform_version: 1.5.7 | |
terraform_wrapper: false | |
- name: Setup AWS Credentials for Infrastructure | |
uses: aws-actions/configure-aws-credentials@v4.0.2 | |
with: | |
aws-region: eu-central-1 | |
role-to-assume: arn:aws:iam::956243129466:role/github-deployer | |
- name: Synth Infrastructure for Integration Tests | |
working-directory: integration-tests/infrastructure | |
run: | | |
yarn install --frozen-lockfile | |
yarn run synth | |
- id: apply-infrastructure | |
name: Apply Infrastructure for Integration Tests | |
working-directory: integration-tests/infrastructure/cdktf.out/stacks/feign-aws-sigv4-integration-tests | |
run: | | |
terraform init | |
terraform apply -auto-approve | |
echo "integration-test-role-arn=$(terraform output -raw integration-test-role-arn)" >> $GITHUB_OUTPUT | |
echo "api-gateway-url=$(terraform output -raw api-gateway-url)" >> $GITHUB_OUTPUT | |
- name: Setup AWS Credentials for Integration Tests | |
uses: aws-actions/configure-aws-credentials@v4.0.2 | |
with: | |
aws-region: eu-central-1 | |
role-to-assume: ${{ steps.apply-infrastructure.outputs.integration-test-role-arn }} | |
- id: run-tests | |
name: Run Tests | |
run: | | |
mvn -B -ntp clean install failsafe:integration-test failsafe:verify -DapiGatewayUrl=${{ steps.apply-infrastructure.outputs.api-gateway-url }} | |
- name: Setup AWS Credentials for Infrastructure | |
uses: aws-actions/configure-aws-credentials@v4.0.2 | |
if: always() | |
with: | |
aws-region: eu-central-1 | |
role-to-assume: arn:aws:iam::956243129466:role/github-deployer | |
- name: Destroy Infrastructure for Integration Tests | |
if: always() | |
working-directory: integration-tests/infrastructure/cdktf.out/stacks/feign-aws-sigv4-integration-tests | |
run: | | |
terraform destroy -auto-approve | |
- name: Import GPG key | |
uses: crazy-max/ghaction-import-gpg@v6.1.0 | |
if: steps.run-tests.outcome == 'success' | |
with: | |
gpg_private_key: ${{ secrets.OSSRH_GPG_SECRET_KEY }} | |
passphrase: ${{ secrets.OSSRH_GPG_SECRET_KEY_PASSWORD }} | |
- id: semantic-release | |
name: Create new release | |
uses: cycjimmy/semantic-release-action@v4.1.0 | |
if: steps.run-tests.outcome == 'success' | |
with: | |
extra_plugins: | | |
@semantic-release/git | |
@semantic-release/exec | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
OSSRH_GPG_SECRET_KEY_PASSWORD: ${{ secrets.OSSRH_GPG_SECRET_KEY_PASSWORD }} | |
publish-maven-central: | |
name: Publish to Maven Central | |
runs-on: ubuntu-latest | |
needs: build | |
if: needs.build.outputs.new-release-published == 'true' | |
steps: | |
- uses: actions/checkout@v4.1.3 | |
- name: Set up JDK 11 | |
uses: actions/setup-java@v4.2.1 | |
with: | |
java-version: '11' | |
distribution: 'temurin' | |
cache: 'maven' | |
server-id: ossrh | |
server-username: MAVEN_USERNAME | |
server-password: MAVEN_PASSWORD | |
- name: Import GPG key | |
uses: crazy-max/ghaction-import-gpg@v6.1.0 | |
with: | |
gpg_private_key: ${{ secrets.OSSRH_GPG_SECRET_KEY }} | |
passphrase: ${{ secrets.OSSRH_GPG_SECRET_KEY_PASSWORD }} | |
- name: Publish package | |
run: | | |
mvn -B -ntp versions:set -DgenerateBackupPoms=false -DnewVersion=${{ needs.build.outputs.new-release-version }} | |
mvn -B -ntp -Psign-with-gpg -Ppublish-ossrh clean deploy -DskipTests -Dgpg.passphrase=${{ secrets.OSSRH_GPG_SECRET_KEY_PASSWORD }} | |
env: | |
MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }} | |
MAVEN_PASSWORD: ${{ secrets.OSSRH_TOKEN }} |