|
1 | 1 | name: Create release # You may choose a different name
|
2 | 2 | run-name: ${{ inputs.releaseversion }} # Enumerates entries in the "workflow runs" view
|
3 | 3 | on:
|
4 |
| - workflow_dispatch: |
5 |
| - inputs: |
6 |
| - releaseversion: |
7 |
| - description: "Release version" |
8 |
| - required: true |
9 |
| - type: string |
10 |
| - default: "X.Y.Z" |
| 4 | + workflow_dispatch: |
| 5 | + inputs: |
| 6 | + releaseversion: |
| 7 | + description: "Release version" |
| 8 | + required: true |
| 9 | + type: string |
| 10 | + default: "X.Y.Z" |
11 | 11 |
|
12 | 12 | jobs:
|
13 |
| - release: # Arbitrarily chosen |
14 |
| - name: Release |
15 |
| - runs-on: ubuntu-latest |
16 |
| - permissions: |
17 |
| - contents: write |
18 |
| - packages: write |
19 |
| - attestations: write |
20 |
| - id-token: write |
21 |
| - steps: |
| 13 | + release: # Arbitrarily chosen |
| 14 | + name: Release |
| 15 | + runs-on: ubuntu-latest |
| 16 | + permissions: |
| 17 | + contents: write |
| 18 | + packages: write |
| 19 | + attestations: write |
| 20 | + id-token: write |
| 21 | + steps: |
22 | 22 |
|
23 |
| - - uses: actions/create-github-app-token@v1 |
24 |
| - id: app-token |
25 |
| - with: |
26 |
| - app-id: ${{ vars.CI_APP_ID }} |
27 |
| - private-key: ${{ secrets.CI_PRIVATE_KEY }} |
| 23 | + - uses: actions/create-github-app-token@v1 |
| 24 | + id: app-token |
| 25 | + with: |
| 26 | + app-id: ${{ vars.CI_APP_ID }} |
| 27 | + private-key: ${{ secrets.CI_PRIVATE_KEY }} |
28 | 28 |
|
29 |
| - - name: Checkout |
30 |
| - uses: actions/checkout@v4 |
31 |
| - with: |
32 |
| - fetch-depth: 0 |
33 |
| - token: ${{ steps.app-token.outputs.token }} |
34 |
| - ref: ${{ github.head_ref }} |
| 29 | + - name: Checkout |
| 30 | + uses: actions/checkout@v4 |
| 31 | + with: |
| 32 | + fetch-depth: 0 |
| 33 | + token: ${{ steps.app-token.outputs.token }} |
| 34 | + ref: ${{ github.head_ref }} |
35 | 35 |
|
36 |
| - - name: Get GitHub App User ID |
37 |
| - id: get-user-id |
38 |
| - run: echo "user-id=$(gh api "/users/${{ steps.app-token.outputs.app-slug }}[bot]" --jq .id)" >> "$GITHUB_OUTPUT" |
39 |
| - env: |
40 |
| - GH_TOKEN: ${{ steps.app-token.outputs.token }} |
| 36 | + - name: Get GitHub App User ID |
| 37 | + id: get-user-id |
| 38 | + run: echo "user-id=$(gh api "/users/${{ steps.app-token.outputs.app-slug }}[bot]" --jq .id)" >> "$GITHUB_OUTPUT" |
| 39 | + env: |
| 40 | + GH_TOKEN: ${{ steps.app-token.outputs.token }} |
41 | 41 |
|
42 |
| - - name: Configure Git author |
43 |
| - run: | |
44 |
| - git config --global user.name '${{ steps.app-token.outputs.app-slug }}[bot]' |
45 |
| - git config --global user.email '${{ steps.get-user-id.outputs.user-id }}+${{ steps.app-token.outputs.app-slug }}[bot]@users.noreply.github.com>' |
| 42 | + - name: Configure Git author |
| 43 | + run: | |
| 44 | + git config --global user.name '${{ steps.app-token.outputs.app-slug }}[bot]' |
| 45 | + git config --global user.email '${{ steps.get-user-id.outputs.user-id }}+${{ steps.app-token.outputs.app-slug }}[bot]@users.noreply.github.com>' |
46 | 46 |
|
47 |
| - - name: Setup NodeJS |
48 |
| - uses: actions/setup-node@v4 |
49 |
| - with: |
50 |
| - node-version: "20" |
51 |
| - registry-url: "https://registry.npmjs.org" |
| 47 | + - name: Setup NodeJS |
| 48 | + uses: actions/setup-node@v4 |
| 49 | + with: |
| 50 | + node-version: "20" |
| 51 | + registry-url: "https://registry.npmjs.org" |
52 | 52 |
|
53 |
| - - name: Setup Java |
54 |
| - uses: actions/setup-java@v4 # Does also set up Maven and GPG |
55 |
| - with: |
56 |
| - distribution: "temurin" # As good as any other, see: https://github.com/actions/setup-java#supported-distributions |
57 |
| - java-package: "jdk" |
58 |
| - java-version: "21" |
59 |
| - gpg-private-key: ${{ secrets.OSS_SONATYPE_GPG_PRIVATE_KEY }} # Value of the GPG private key to import |
60 |
| - gpg-passphrase: ${{ secrets.OSS_SONATYPE_GPG_PASSPHRASE }} # env variable for GPG private key passphrase |
61 |
| - check-latest: true |
62 |
| - cache: "maven" |
| 53 | + - name: Setup Java |
| 54 | + uses: actions/setup-java@v4 |
| 55 | + with: |
| 56 | + distribution: "temurin" # As good as any other, see: https://github.com/actions/setup-java#supported-distributions |
| 57 | + java-package: "jdk" |
| 58 | + java-version: "21" |
| 59 | + check-latest: true |
| 60 | + cache: "maven" |
63 | 61 |
|
64 |
| - - name: Setup settings.xml |
65 |
| - uses: s4u/maven-settings-action@v3.0.0 |
66 |
| - with: |
67 |
| - override: true |
68 |
| - servers: | |
69 |
| - [{ |
70 |
| - "id": "central", |
71 |
| - "username": "${{ secrets.OSS_SONATYPE_USER }}", |
72 |
| - "password": "${{ secrets.OSS_SONATYPE_PASS }}" |
73 |
| - },{ |
74 |
| - "id":"github", |
75 |
| - "username": "ci-bot", |
76 |
| - "password": "${{ secrets.GITHUB_TOKEN }}" |
77 |
| - }] |
| 62 | + - name: Setup settings.xml |
| 63 | + uses: s4u/maven-settings-action@v3.0.0 |
| 64 | + with: |
| 65 | + override: true |
| 66 | + servers: | |
| 67 | + [{ |
| 68 | + "id": "central", |
| 69 | + "username": "${{ secrets.OSS_SONATYPE_USER }}", |
| 70 | + "password": "${{ secrets.OSS_SONATYPE_PASS }}" |
| 71 | + },{ |
| 72 | + "id":"github", |
| 73 | + "username": "ci-bot", |
| 74 | + "password": "${{ secrets.GITHUB_TOKEN }}" |
| 75 | + }] |
78 | 76 |
|
79 |
| - - name: Create release |
80 |
| - env: |
81 |
| - GITHUB_TOKEN: ${{ steps.app-token.outputs.token }} |
82 |
| - run: | |
83 |
| - export TZ="Europe/Berlin" |
84 |
| - mvn release:prepare release:perform -B -Pcentral-publish -DreleaseVersion=${{ inputs.releaseversion }} -DskipITs=true -Darguments="-DskipTests=true -DskipITs=true" |
85 |
| - # write version info |
86 |
| - cat <<EOF >target/config.json |
87 |
| - { |
88 |
| - "version": "${{ inputs.releaseversion }}" |
89 |
| - } |
90 |
| - EOF |
| 77 | + - id: install-secret-key |
| 78 | + name: Install gpg secret key |
| 79 | + run: | |
| 80 | + # Install gpg secret key |
| 81 | + cat <(echo -e "${{ secrets.OSS_SONATYPE_GPG_PRIVATE_KEY }}") | gpg --batch --import |
| 82 | + # Verify gpg secret key |
| 83 | + gpg --list-secret-keys --keyid-format LONG |
91 | 84 |
|
92 |
| - - name: Conventional Changelog Action |
93 |
| - uses: TriPSs/conventional-changelog-action@v5 |
94 |
| - with: |
95 |
| - input-file: CHANGELOG.md |
96 |
| - github-token: ${{ secrets.GITHUB_TOKEN }} |
97 |
| - version-file: target/config.json |
98 |
| - pre-release: true |
99 |
| - skip-bump: true |
100 |
| - skip-tag: true |
101 |
| - skip-on-empty: true |
102 |
| - tag-prefix: "v" |
| 85 | + - name: Create release |
| 86 | + env: |
| 87 | + GITHUB_TOKEN: ${{ steps.app-token.outputs.token }} |
| 88 | + run: | |
| 89 | + export TZ="Europe/Berlin" |
| 90 | + ./mvnw release:prepare release:perform -B -Pcentral-publish -DreleaseVersion=${{ inputs.releaseversion }} -Dgpg.passphrase=${{ secrets.OSS_SONATYPE_GPG_PASSPHRASE }} -DskipITs=true -Darguments="-DskipTests=true -DskipITs=true -Dgpg.passphrase=${{ secrets.OSS_SONATYPE_GPG_PASSPHRASE }}" |
| 91 | + # write version info |
| 92 | + cat <<EOF >target/config.json |
| 93 | + { |
| 94 | + "version": "${{ inputs.releaseversion }}" |
| 95 | + } |
| 96 | + EOF |
103 | 97 |
|
104 |
| - - name: Create Release on GH |
105 |
| - id: tag-and-release |
106 |
| - uses: avakar/tag-and-release@v1 |
107 |
| - with: |
108 |
| - draft: true |
109 |
| - release_name: ${{ github.event.inputs.releaseversion }} |
110 |
| - tag_name: v${{ github.event.inputs.releaseversion }} |
111 |
| - env: |
112 |
| - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |
| 98 | + - name: Conventional Changelog Action |
| 99 | + uses: TriPSs/conventional-changelog-action@v5 |
| 100 | + with: |
| 101 | + input-file: CHANGELOG.md |
| 102 | + github-token: ${{ steps.app-token.outputs.token }} |
| 103 | + version-file: target/config.json |
| 104 | + pre-release: true |
| 105 | + skip-bump: true |
| 106 | + skip-tag: true |
| 107 | + skip-on-empty: true |
| 108 | + tag-prefix: "v" |
113 | 109 |
|
114 |
| - - name: Add SPI to github release |
115 |
| - uses: actions/upload-release-asset@v1 |
116 |
| - with: |
117 |
| - upload_url: ${{ steps.tag-and-release.outputs.upload_url }} |
118 |
| - asset_path: spi/target/keycloak-auditor-spi.jar |
119 |
| - asset_name: keycloak-auditor-spi.jar |
120 |
| - asset_content_type: application/zip |
121 |
| - env: |
122 |
| - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |
| 110 | + - name: Create Release on GH |
| 111 | + id: tag-and-release |
| 112 | + uses: avakar/tag-and-release@v1 |
| 113 | + with: |
| 114 | + draft: true |
| 115 | + release_name: ${{ github.event.inputs.releaseversion }} |
| 116 | + tag_name: v${{ github.event.inputs.releaseversion }} |
| 117 | + env: |
| 118 | + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |
123 | 119 |
|
124 |
| - - run: cd sdk && npm run clean && npm run build |
125 |
| - - name: Publish npm package |
126 |
| - run: | |
127 |
| - cd sdk |
128 |
| - npm version --no-git-tag-version ${{ github.event.inputs.releaseversion }} |
129 |
| - npm publish |
130 |
| - env: |
131 |
| - NODE_AUTH_TOKEN: ${{ secrets.NPM_AUTH_TOKEN }} |
| 120 | + - name: Add SPI to github release |
| 121 | + uses: actions/upload-release-asset@v1 |
| 122 | + with: |
| 123 | + upload_url: ${{ steps.tag-and-release.outputs.upload_url }} |
| 124 | + asset_path: spi/target/keycloak-auditor-spi.jar |
| 125 | + asset_name: keycloak-auditor-spi.jar |
| 126 | + asset_content_type: application/zip |
| 127 | + env: |
| 128 | + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |
| 129 | + |
| 130 | + - run: cd sdk && npm run clean && npm run build |
| 131 | + - name: Publish npm package |
| 132 | + run: | |
| 133 | + cd sdk |
| 134 | + npm version --no-git-tag-version ${{ github.event.inputs.releaseversion }} |
| 135 | + npm publish |
| 136 | + env: |
| 137 | + NODE_AUTH_TOKEN: ${{ secrets.NPM_AUTH_TOKEN }} |
0 commit comments