Skip to content

Commit

Permalink
Merge pull request #1611 from smallrye/ci/new-secrets-workflow
Browse files Browse the repository at this point in the history
ci: use the new Smallrye secrets scheme
  • Loading branch information
jponge authored May 29, 2024
2 parents 265465a + 94f5a4d commit 10f6a3a
Show file tree
Hide file tree
Showing 7 changed files with 30 additions and 31 deletions.
9 changes: 0 additions & 9 deletions .build/decrypt-secrets.sh

This file was deleted.

22 changes: 4 additions & 18 deletions .build/justfile-for-release
Original file line number Diff line number Diff line change
Expand Up @@ -12,28 +12,14 @@ purpose:
perform-release: pre-release release post-release
@echo "🎉 Successfully released Mutiny ${RELEASE_VERSION} 🚀"

# Decrypt secrets
decrypt-secrets:
@echo "Decrypting smallrye signature"
gpg --quiet --batch --yes --decrypt --passphrase="${SECRET_FILES_PASSPHRASE}" \
--output smallrye-sign.asc .build/smallrye-sign.asc.gpg
@echo "Decrypting Maven settings"
gpg --quiet --batch --yes --decrypt --passphrase="${SECRET_FILES_PASSPHRASE}" \
--output maven-settings.xml .build/maven-settings.xml.gpg

# Initialize GnuPG
init-gpg:
@echo "GnuPG setup"
gpg --fast-import --no-tty --batch --yes smallrye-sign.asc

# Initialize Git
init-git:
@echo "Git setup"
git config --global user.name "smallrye-ci"
git config --global user.email "smallrye@googlegroups.com"

# Steps before releasing
pre-release: decrypt-secrets init-gpg init-git
pre-release: init-git
@echo "🚀 Pre-release steps..."
@echo "Pre-release verifications"
jbang .build/PreRelease.java --token=${RELEASE_TOKEN} --release-version=${RELEASE_VERSION}
Expand All @@ -42,7 +28,7 @@ pre-release: decrypt-secrets init-gpg init-git
./mvnw --settings .build/maven-ci-settings.xml --batch-mode --no-transfer-progress versions:set -DnewVersion=${RELEASE_VERSION} -DgenerateBackupPoms=false -pl bom
jbang .build/UpdateDocsAttributesFiles.java --mutiny-version=${RELEASE_VERSION}
@echo "Check that the project builds (no tests)"
./mvnw --settings maven-settings.xml --batch-mode --no-transfer-progress clean install -Prelease -DskipTests
./mvnw --settings .build/maven-ci-settings.xml --batch-mode --no-transfer-progress clean install -Prelease -DskipTests
@echo "Bump workshop examples to ${RELEASE_VERSION}"
.build/update-workshop-target-version.sh "${RELEASE_VERSION}"
@echo "Check that the website builds"
Expand All @@ -63,9 +49,9 @@ release: pre-release
git push

# Deploy to Maven Central
deploy-to-maven-central: decrypt-secrets init-gpg
deploy-to-maven-central:
@echo "Deploy to Maven Central"
./mvnw --settings maven-settings.xml --batch-mode --no-transfer-progress deploy -Prelease -DskipTests
./mvnw --settings .build/maven-ci-settings.xml --batch-mode --no-transfer-progress deploy -Prelease -DskipTests

# Steps post-release
post-release:
Expand Down
Binary file removed .build/maven-settings.xml.gpg
Binary file not shown.
Binary file removed .build/smallrye-sign.asc.gpg
Binary file not shown.
9 changes: 8 additions & 1 deletion .github/workflows/build-main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -20,12 +20,19 @@ jobs:
java-version: 11
distribution: temurin
cache: maven
server-id: 'oss.sonatype'
server-username: 'MAVEN_DEPLOY_USERNAME'
server-password: 'MAVEN_DEPLOY_TOKEN'
gpg-private-key: ${{secrets.MAVEN_GPG_PRIVATE_KEY}}
gpg-passphrase: 'MAVEN_GPG_PASSPHRASE'
- name: Install just
uses: taiki-e/install-action@just
- name: Test and deploy snapshots
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SECRET_FILES_PASSPHRASE: ${{ secrets.SECRET_FILES_PASSPHRASE }}
MAVEN_DEPLOY_USERNAME: ${{secrets.MAVEN_DEPLOY_USERNAME}}
MAVEN_DEPLOY_TOKEN: ${{secrets.MAVEN_DEPLOY_TOKEN}}
MAVEN_GPG_PASSPHRASE: ${{secrets.MAVEN_GPG_PASSPHRASE}}
run: |
VERSION=$(./mvnw -q exec:exec -Dexec.executable=echo -Dexec.args='${project.version}' -pl :mutiny-project)
if [[ ${VERSION} == *SNAPSHOT ]]; then
Expand Down
11 changes: 9 additions & 2 deletions .github/workflows/push-release-to-maven-central.yml
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,6 @@ on:
jobs:
release:
runs-on: ubuntu-latest
env:
SECRET_FILES_PASSPHRASE: ${{ secrets.SECRET_FILES_PASSPHRASE }}
steps:
- name: Git checkout
uses: actions/checkout@v4
Expand All @@ -19,7 +17,16 @@ jobs:
java-version: '11'
distribution: 'temurin'
cache: maven
server-id: 'oss.sonatype'
server-username: 'MAVEN_DEPLOY_USERNAME'
server-password: 'MAVEN_DEPLOY_TOKEN'
gpg-private-key: ${{secrets.MAVEN_GPG_PRIVATE_KEY}}
gpg-passphrase: 'MAVEN_GPG_PASSPHRASE'
- name: Install just
uses: taiki-e/install-action@just
- name: Deploy to Maven Central
env:
MAVEN_DEPLOY_USERNAME: ${{secrets.MAVEN_DEPLOY_USERNAME}}
MAVEN_DEPLOY_TOKEN: ${{secrets.MAVEN_DEPLOY_TOKEN}}
MAVEN_GPG_PASSPHRASE: ${{secrets.MAVEN_GPG_PASSPHRASE}}
run: just -f .build/justfile-for-release -d . deploy-to-maven-central
10 changes: 9 additions & 1 deletion .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,6 @@ jobs:
env:
GITHUB_TOKEN: ${{secrets.RELEASE_TOKEN}}
RELEASE_TOKEN: ${{ secrets.RELEASE_TOKEN }}
SECRET_FILES_PASSPHRASE: ${{ secrets.SECRET_FILES_PASSPHRASE }}
PREVIOUS_VERSION: ${{ github.event.inputs.previousVersion }}
RELEASE_VERSION: ${{ github.event.inputs.version }}
DEPLOY_WEBSITE: ${{ github.event.inputs.deployWebsite }}
Expand All @@ -45,6 +44,11 @@ jobs:
java-version: '11'
distribution: 'temurin'
cache: maven
server-id: 'oss.sonatype'
server-username: 'MAVEN_DEPLOY_USERNAME'
server-password: 'MAVEN_DEPLOY_TOKEN'
gpg-private-key: ${{secrets.MAVEN_GPG_PRIVATE_KEY}}
gpg-passphrase: 'MAVEN_GPG_PASSPHRASE'
- name: Install just
uses: taiki-e/install-action@just
- name: Install yq
Expand All @@ -56,6 +60,10 @@ jobs:
- name: Install MkDocs dependencies
run: .build/install-mkdocs-deps.sh
- name: Perform the release steps
env:
MAVEN_DEPLOY_USERNAME: ${{secrets.MAVEN_DEPLOY_USERNAME}}
MAVEN_DEPLOY_TOKEN: ${{secrets.MAVEN_DEPLOY_TOKEN}}
MAVEN_GPG_PASSPHRASE: ${{secrets.MAVEN_GPG_PASSPHRASE}}
run: |
curl -s "https://get.sdkman.io" | bash
source ~/.sdkman/bin/sdkman-init.sh && sdk install jbang
Expand Down

0 comments on commit 10f6a3a

Please sign in to comment.