From 78497b3ae22cfe38e41daffb7b7dc30c8ec4f701 Mon Sep 17 00:00:00 2001 From: Tobias Trabelsi <64127335+tobias-trabelsi-sonarsource@users.noreply.github.com> Date: Fri, 23 Apr 2021 15:26:03 +0200 Subject: [PATCH] BUILD-909 updated release workflow for sonar-scanner-maven --- .cirrus.yml | 4 ++- .github/workflows/release.yml | 48 ++++++++++++++++++++++++++++++----- 2 files changed, 45 insertions(+), 7 deletions(-) diff --git a/.cirrus.yml b/.cirrus.yml index bb8dd9a7..3d5a10b1 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -31,7 +31,7 @@ env: # RE-USABLE CONFIGS # container_definition: &CONTAINER_DEFINITION - image: us.gcr.io/sonarqube-team/base:mvn-jdk-11 + image: us.gcr.io/sonarqube-team/base:j11-m3-latest cluster_name: cirrus-ci-cluster zone: us-central1-a namespace: default @@ -50,6 +50,8 @@ build_task: env: SONAR_TOKEN: ENCRYPTED[!5ba7cbb5bf9d168de69bcd444d9e884c9cf664be1115640cc64e49df6d241c309a87fc527cab533c08f289b167187017!] SONAR_HOST_URL: https://next.sonarqube.com/sonarqube + SIGN_KEY: ENCRYPTED[!54147bd7fb86bbe802fd432fab7d53bee19e71fe642d7b57703ec985b10f1976602adc743a906ea9851e5dd793be540c!] + PGP_PASSPHRASE: ENCRYPTED[!15c41fa6fdc13ace4a011693a002664593e038f91a2597fad40f4295f0de9858a587c504f5b9f1f97250f19fd5f4a655!] maven_cache: folder: ${CIRRUS_WORKING_DIR}/.m2/repository script: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index c1762461..68d41e29 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -16,7 +16,7 @@ jobs: steps: - name: Run release action id: run_release - uses: SonarSource/gh-action_LT_release@v2 + uses: SonarSource/gh-action_release/main@v3 with: distribute: true publish_to_binaries: true @@ -25,14 +25,9 @@ jobs: slack_channel: sonarqube-build env: ARTIFACTORY_API_KEY: ${{ secrets.ARTIFACTORY_API_KEY }} - BINTRAY_USER: ${{ secrets.BINTRAY_USER }} - BINTRAY_TOKEN: ${{ secrets.BINTRAY_TOKEN }} BURGRX_USER: ${{ secrets.BURGRX_USER }} BURGRX_PASSWORD: ${{ secrets.BURGRX_PASSWORD }} - CENTRAL_USER: ${{ secrets.CENTRAL_USER }} - CENTRAL_PASSWORD: ${{ secrets.CENTRAL_PASSWORD }} CIRRUS_TOKEN: ${{ secrets.CIRRUS_TOKEN }} - GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} PATH_PREFIX: ${{ secrets.BINARIES_PATH_PREFIX }} GITHUB_TOKEN: ${{ secrets.RELEASE_GITHUB_TOKEN }} RELEASE_SSH_USER: ${{ secrets.RELEASE_SSH_USER }} @@ -57,3 +52,44 @@ jobs: SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} with: args: "Release failed, see the logs at https://github.com/{{ GITHUB_REPOSITORY }}/actions by {{ GITHUB_ACTOR }}" + maven-central-sync: + runs-on: ubuntu-latest + needs: + - run_release + steps: + - name: Setup JFrog CLI + uses: jfrog/setup-jfrog-cli@v1 + - name: JFrog config + run: jfrog rt config repox --url https://repox.jfrog.io/artifactory/ --apikey $ARTIFACTORY_API_KEY --basic-auth-only + env: + ARTIFACTORY_API_KEY: ${{ secrets.ARTIFACTORY_API_KEY }} + - name: Get the version + id: get_version + run: | + IFS=. read major minor patch build <<< "${{ github.event.release.tag_name }}" + echo ::set-output name=build::"${build}" + - name: Create local repository directory + id: local_repo + run: echo ::set-output name=dir::"$(mktemp -d repo.XXXXXXXX)" + - name: Download Artifacts + uses: SonarSource/gh-action_release/download-build@v3 + with: + build-number: ${{ steps.get_version.outputs.build }} + local-repo-dir: ${{ steps.local_repo.outputs.dir }} + - name: Maven Central Sync + id: maven-central-sync + continue-on-error: true + uses: SonarSource/gh-action_release/maven-central-sync@v3 + with: + local-repo-dir: ${{ steps.local_repo.outputs.dir }} + env: + OSSRH_USERNAME: ${{ secrets.OSSRH_USERNAME }} + OSSRH_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + - name: Notify on failure + if: ${{ failure() || steps.maven-central-sync.outcome == 'failure' }} + uses: 8398a7/action-slack@v3 + with: + status: failure + fields: repo,author,eventName + env: + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_BUILD_WEBHOOK }} \ No newline at end of file