Skip to content

ReleasePublished

ReleasePublished #253

# This workflow triggers when a new release has been made.
name: ReleasePublished
# Controls when the action will run.
on:
# Triggers the workflow on push or pull request events but only for the main branch
release:
types: [released]
# Allows you to run this workflow manually from the Actions tab.
workflow_dispatch:
inputs:
release:
description: 'Release version number ("latest" or "v1.35.0")'
required: true
default: latest
# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
# This workflow contains a single job called "build"
build:
# NOTE: If this runs in an environment, set this value (where "MC-Action" is the environment name)
# environment: MC-Action
# The type of runner that the job will run on
runs-on: ubuntu-latest
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
- name: Report the parameters
run: |
echo "GITHUB_REF is \"$GITHUB_REF\""
echo "GITHUB_SHA is \"$GITHUB_SHA\""
echo "inputs.release is \"${{github.event.inputs.release}}\""
if [ -z "${{github.event.inputs.release}}" ]; then
echo "Release not set manually, using GITHUB_REF"
export RELEASE=`echo "$GITHUB_REF" | sed "s#refs/tags/##"`
else
echo "Release set manually, using inputs.release"
export RELEASE=${{github.event.inputs.release}}
fi
echo "Release is $RELEASE"
pat="^v.*"
if [ "$RELEASE" = "latest" ]; then
echo "Using latest release"
elif [[ $RELEASE =~ $pat ]]; then
echo "Specified '$RELEASE' as release"
else
echo "Unsupported release, should be 'latest' or something like 'v1.35.0'; was '$RELEASE'"
exit 1
fi
echo "Repo name not set manually, using '${GITHUB_REPOSITORY}'"
export REPO=${GITHUB_REPOSITORY}
export FILE_NAME_PART="individual-modules.zip"
echo "RELEASE=$RELEASE" >> $GITHUB_ENV
echo "REPO=$REPO" >> $GITHUB_ENV
echo "FILE_NAME_PART=$FILE_NAME_PART" >> $GITHUB_ENV
- name: Check credentials
run: |
set -e
echo "Checking SonaType SONATYPE_BASIC_AUTH_CREDENTIALS"
curl --fail -X GET -H "Content-Type:application/xml" -u "${{ secrets.SONATYPE_BASIC_AUTH_CREDENTIALS }}" https://oss.sonatype.org/service/local/staging/profiles/b39883a429024e > /dev/null
echo "Checking GitHub ACCESS_TOKEN"
curl -f -H "Authorization: Bearer ${{ secrets.ACCESS_TOKEN }}" -H 'Accept: application/vnd.github.v3.raw' -s https://api.github.com/repos/$REPO > /dev/null
- name: Configure GPG key
env:
MCKEY: ${{ secrets.MCKEY }}
run: |
mkdir -p ~/.gnupg/
chown -R $(whoami) ~/.gnupg/
chmod 700 ~/.gnupg
gpg --version
echo "MCKEY is '$MCKEY'"
if [ -z ${MCKEY+x} ]; then echo "MCKEY is unset"; else echo "MCKEY is set to '$MCKEY'"; fi
printf "$MCKEY" | base64 --decode > ~/.gnupg/mckey_private.key
ls ~/.gnupg
gpg --import ~/.gnupg/mckey_private.key
gpg --list-keys
- name: Install packages
run: |
sudo apt-get install -y jq
shell: bash
- name: Download the release asset
env:
ACCESS_TOKEN: ${{ secrets.ACCESS_TOKEN }}
run: |
sleep 900
if [ "$RELEASE" = "latest" ]; then
echo "Using latest release"
set +e
curl -f -H "Authorization: Bearer $ACCESS_TOKEN" -H 'Accept: application/vnd.github.v3.raw' -s https://api.github.com/repos/$REPO/releases > releases.json
result="$?"
if [ "$result" -ne 0 ]; then
echo "curl returned '$result': Bad access token or repo (was '$REPO')"
exit $result
fi
asset_id=`cat releases.json | jq ".[0].assets | map(select(.name|test(\"$FILE_NAME_PART\")))[0].id"`
result="$?"
if [ "$result" -ne 0 ]; then
echo "jq returned '$result': No releases or bad file (was '$FILE_NAME_PART')"
cat releases.json
exit $result
fi
if [ "$asset_id" == "null" ]; then
echo "jq returned asset id '$asset_id': No releases or bad file (was '$FILE_NAME_PART')"
cat releases.json
exit 1
fi
set -e
else
echo "Using release $RELEASE"
set +e
curl -f -H "Authorization: Bearer $ACCESS_TOKEN" -H 'Accept: application/vnd.github.v3.raw' -s https://api.github.com/repos/$REPO/releases > releases.json
result="$?"
if [ "$result" -ne 0 ]; then
echo "curl returned '$result': Bad access token or repo (was '$REPO')"
exit $result
fi
asset_id=`cat releases.json | jq ". | map(select(.tag_name == \"$RELEASE\"))[0].assets | map(select(.name|test(\"$FILE_NAME_PART\")))[0].id"`
result="$?"
if [ "$result" -ne 0 ]; then
echo "jq returned '$result': Bad release (was '$RELEASE') or bad file (was '$FILE_NAME_PART')"
cat releases.json
exit $result
fi
if [ "$asset_id" == "null" ]; then
echo "jq returned asset id '$asset_id': Bad release (was '$RELEASE') or bad file (was '$FILE_NAME_PART')"
cat releases.json
exit 1
fi
set -e
fi
echo "Asset id for release $RELEASE file $FILE_NAME_PART is $asset_id"
wget --header='Accept:application/octet-stream' https://api.github.com/repos/$REPO/releases/assets/$asset_id -O asset.zip
- name: Examine asset
run: |
ls
mkdir unpacked
cd unpacked
unzip -q ../asset.zip
head CHANGELOG.md
- name: GPG sign all Maven files
run: |
cd unpacked/maven
find . -type f -not -name \*.asc | xargs -n 1 -I % gpg --output %.asc --detach-sig %
- name: Checksum all Maven files
run: |
cd unpacked/maven
find . -type f -not -name \*.asc -not -name \*.md5 -not -name \*.sha1 | xargs -n 1 -I % sh -c "md5sum % | cut -d' ' -f1 > %.md5"
find . -type f -not -name \*.asc -not -name \*.md5 -not -name \*.sha1 | xargs -n 1 -I % sh -c "sha1sum % | cut -d' ' -f1 > %.sha1"
find .
- name: Staging artifacts in SonaType
run: |
# Code mostly by mezzargh
set -e
WD=`pwd`
START_XML=$(cat << EOF
<promoteRequest>
<data>
<description>Publish ${GITHUB_REPOSITORY} ${RELEASE} Artifacts</description>
</data>
</promoteRequest>
EOF
)
printf "$START_XML" > start.xml
ls -lahn
cat start.xml
cd unpacked/maven/repository
cp $WD/start.xml start.xml
cat start.xml
curl --fail -v -X POST -d @start.xml -H "Content-Type:application/xml" -u "${{ secrets.SONATYPE_BASIC_AUTH_CREDENTIALS }}" https://oss.sonatype.org/service/local/staging/profiles/b39883a429024e/start -o $WD/finish.xml
rm start.xml
ls -lahn $WD
cat $WD/finish.xml
staging_dir=$(echo $(awk -F '[<>]' '/stagedRepositoryId/{print $3}' $WD/finish.xml))
echo "Staging dir is '${staging_dir}'"
find . -type f | sed -E s'@./@@' | grep -v start.xml > $WD/artifacts.list
ls -lahn $WD
echo "Uploading $(wc -l $WD/artifacts.list | sed "s/^ *\([0-9]*\) .*$/\1/") artifacts"
awk '{printf "%5d\t%s\n", NR, $0}' < $WD/artifacts.list
cat $WD/artifacts.list | xargs -n 1 -I {} curl --fail -u "${{ secrets.SONATYPE_BASIC_AUTH_CREDENTIALS }}" --upload-file {} https://oss.sonatype.org/service/local/staging/deployByRepositoryId/${staging_dir}/{}
cp $WD/finish.xml finish.xml
cat finish.xml
curl --fail -X POST -d @finish.xml -H "Content-Type:application/xml" -u "${{ secrets.SONATYPE_BASIC_AUTH_CREDENTIALS }}" -H "Content-Type:application/xml" https://oss.sonatype.org/service/local/staging/profiles/b39883a429024e/finish
echo https://oss.sonatype.org/content/repositories/${staging_dir}