Skip to content
Release

Release #2

Sign in to view logs

Release

Release #2

Workflow file for this run

.github/workflows/release.yml at 6d9a297
name: Release
on:
# [impl->dsn~release-workflow.triggers~1]
workflow_call:
inputs:
started-from-ci:
description: "Marks this release as started from CI, skipping precondition check"
type: boolean
required: true
default: false
workflow_dispatch:
inputs:
skip-maven-central:
description: "Skip deployment to Maven Central"
required: true
type: boolean
default: false
skip-github-release:
description: "Skip creating the GitHub release"
required: true
type: boolean
default: false
jobs:
release:
runs-on: ubuntu-latest
defaults:
run:
shell: "bash"
concurrency:
group: ${{ github.workflow }}
cancel-in-progress: false
permissions:
contents: write
actions: read
steps:
- name: Checkout the repository
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set up Maven Central Repository
uses: actions/setup-java@v4
with:
distribution: "temurin"
java-version: |
11
17
cache: "maven"
server-id: ossrh
server-username: MAVEN_USERNAME
server-password: MAVEN_PASSWORD
gpg-private-key: ${{ secrets.OSSRH_GPG_SECRET_KEY }}
gpg-passphrase: MAVEN_GPG_PASSPHRASE
# Check preconditions
- name: Fail if not running on main branch
if: ${{ github.ref != 'refs/heads/main' }}
uses: actions/github-script@v7
with:
script: |
core.setFailed('Not running on main branch, github.ref is ${{ github.ref }}. Please start this workflow only on main')
# [impl->dsn~release-workflow.verify-ci-build-success~1]
- name: Check CI build of this commit succeeded
# We skip this check if this was started from ci-build.yml, because the build status would be "in progress".
if: ${{ ! inputs.started-from-ci }}
run: |
echo "Commit SHA: $COMMIT_SHA"
gh run list --workflow ci-build.yml --branch main --event push --commit $COMMIT_SHA
ci_build_status=$(gh run list --workflow ci-build.yml --branch main --event push --commit $COMMIT_SHA --json conclusion --template '{{range .}}{{.conclusion}}{{"\n"}}{{end}}')
echo "CI build status at commit $COMMIT_SHA was '$ci_build_status'"
if [[ "$ci_build_status" != "success" ]]; then
gh run list --workflow ci-build.yml --commit $COMMIT_SHA >> $GITHUB_STEP_SUMMARY
echo "Status of CI build for commit $COMMIT_SHA was '$ci_build_status', expected 'success'" >> $GITHUB_STEP_SUMMARY
cat $GITHUB_STEP_SUMMARY
exit 1
fi
env:
COMMIT_SHA: ${{ github.sha }}
GH_TOKEN: ${{ github.token }}
# [impl->dsn~release-workflow.run-verify-release~1]
- name: Verify release preconditions
id: verify-release
run: |
mvn --batch-mode -T 1C install -DskipTests
mvn --batch-mode com.exasol:project-keeper-maven-plugin:verify-release --projects .
echo "$GITHUB_OUTPUT"
env:
GITHUB_TOKEN: ${{ github.token }}
# [impl->dsn~release-workflow.verify-skip-tests~1]
- name: Build project
run: mvn --batch-mode -DskipTests clean verify
# Maven Central Deployment
- name: List secret GPG keys
if: ${{ ! inputs.skip-maven-central }}
run: gpg --list-secret-keys
# [impl->dsn~release-workflow.deploy-maven-central~1]
- name: Publish to Central Repository
if: ${{ ! inputs.skip-maven-central }}
run: |
mvn --batch-mode -Dgpg.skip=false -DskipTests deploy
echo "Published to Maven Central" >> "$GITHUB_STEP_SUMMARY"
env:
MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }}
MAVEN_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
MAVEN_GPG_PASSPHRASE: ${{ secrets.OSSRH_GPG_SECRET_KEY_PASSWORD }}
# Create GitHub releasse
- name: Calculate Artifact Checksums
id: artifact-checksum
if: ${{ ! inputs.skip-github-release }}
run: |
ls target/
echo "Calculating sha256 checksum for artifact files"
echo "artifacts<<EOF" >> "$GITHUB_OUTPUT"
IFS=$'\n' artifacts_array=($ARTIFACTS)
for file in "${artifacts_array[@]}";
do
full_path=$(realpath "$file")
echo "Calculate sha256sum for file '$full_path'"
file_dir="$(dirname "$full_path")"
file_name=$(basename "$full_path")
pushd "$file_dir"
checksum_file_name="${file_name}.sha256"
sha256sum "$file_name" > "$checksum_file_name"
echo "$full_path" >> "$GITHUB_OUTPUT"
echo "${file_dir}/$checksum_file_name" >> "$GITHUB_OUTPUT"
popd
done
echo "EOF" >> "$GITHUB_OUTPUT"
echo "Full artifact file list"
cat "$GITHUB_OUTPUT"
env:
ARTIFACTS: ${{ steps.verify-release.outputs.release-artifacts }}
# [impl->dsn~release-workflow.create-github-release~1]
- name: Create GitHub Release
id: create-github-release
if: ${{ ! inputs.skip-github-release }}
run: |
IFS=$'\n' artifacts_array=($ARTIFACTS)
for file in "${artifacts_array[@]}";
do
echo "Attaching file '$file'"
done
release_url=$(gh release create --draft --latest --title "$TITLE" --notes "$NOTES" --target main $TAG "${artifacts_array[@]}")
echo "Created release $TAG with title '$TITLE' at $release_url" >> "$GITHUB_STEP_SUMMARY"
echo "release-url=$release_url" >> "$GITHUB_OUTPUT"
git fetch --tags origin
env:
GH_TOKEN: ${{ github.token }}
TAG: ${{ steps.verify-release.outputs.version }}
NOTES: ${{ steps.verify-release.outputs.release-notes }}
TITLE: ${{ steps.verify-release.outputs.release-title }}
ARTIFACTS: ${{ steps.artifact-checksum.outputs.artifacts }}
- name: Report failure Status to Slack channel
# Also run this step in case of failures
if: ${{ always() }}
uses: ravsamhq/notify-slack-action@v2
with:
status: ${{ job.status }}
token: ${{ github.token }}
notification_title: "Release build in {repo} has {status_message}"
message_format: "{emoji} *{workflow}* {status_message} in <{repo_url}|{repo}>"
notify_when: "failure,cancelled,warnings,skipped"
env:
SLACK_WEBHOOK_URL: ${{ secrets.INTEGRATION_TEAM_SLACK_NOTIFICATION_WEBHOOK }}
- name: Report new release to Slack channel
if: ${{ steps.create-github-release.outputs.release-url }}
uses: ravsamhq/notify-slack-action@v2
with:
status: ${{ job.status }}
token: ${{ github.token }}
notification_title: "Release build for {repo} created a new release"
message_format: "{workflow} created release ${{ steps.create-github-release.outputs.release-url }}"
env:
SLACK_WEBHOOK_URL: ${{ secrets.INTEGRATION_TEAM_SLACK_NOTIFICATION_WEBHOOK }}