-
Notifications
You must be signed in to change notification settings - Fork 0
127 lines (114 loc) · 3.97 KB
/
Copy pathrelease.yml
File metadata and controls
127 lines (114 loc) · 3.97 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
name: Deploy to Maven Central
env:
JAVA_VERSION: '17'
MAVEN_VERSION: '3.9.15'
on:
release:
types: ["released"]
jobs:
requires-approval:
runs-on: ubuntu-latest
name: "Waiting for release approval"
environment: release-approval
permissions:
contents: read
steps:
- name: Approval Step
run: echo "Release has been approved!"
verify-version:
needs: requires-approval
name: Verify Version Matches Tag
runs-on: ubuntu-latest
timeout-minutes: 10
permissions:
contents: read
steps:
- name: Checkout
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
with:
ref: ${{ github.event.release.tag_name }}
- name: Set up Java
uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5
with:
java-version: ${{ env.JAVA_VERSION }}
distribution: sapmachine
cache: maven
- name: Set up Maven
uses: stCarolas/setup-maven@d6af6abeda15e98926a57b5aa970a96bb37f97d1 # v5
with:
maven-version: ${{ env.MAVEN_VERSION }}
- name: Verify pom.xml revision matches release tag
env:
TAG: ${{ github.event.release.tag_name }}
run: |
REVISION=$(mvn help:evaluate -Dexpression=revision -q -DforceStdout)
echo "Tag: $TAG"
echo "Revision: $REVISION"
if [ "$TAG" != "$REVISION" ]; then
echo "::error::Release tag '$TAG' does not match pom.xml <revision> '$REVISION'. Open a 'Prep release' PR to bump the version before tagging."
exit 1
fi
shell: bash
blackduck:
needs: verify-version
name: Blackduck Scan
runs-on: ubuntu-latest
timeout-minutes: 30
permissions:
contents: read
steps:
- name: Checkout
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
with:
ref: ${{ github.event.release.tag_name }}
- name: Scan With Black Duck
uses: cap-java/.github/actions/scan-with-blackduck@296573b55e906f5c77a1855bcfe4285cbbc5cac4 # main
with:
blackduck_token: ${{ secrets.BLACK_DUCK_TOKEN }}
github_token: ${{ secrets.GITHUB_TOKEN }}
maven-version: ${{ env.MAVEN_VERSION }}
project-name: com.sap.cds.cds-ai
included-modules: cds-feature-ai-core,cds-feature-recommendations,cds-starter-ai
version: ${{ github.event.release.tag_name }}
build:
name: Build
runs-on: ubuntu-latest
timeout-minutes: 30
needs: verify-version
permissions:
contents: read
steps:
- name: Checkout
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
with:
ref: ${{ github.event.release.tag_name }}
- name: Build
uses: cap-java/.github/actions/build@296573b55e906f5c77a1855bcfe4285cbbc5cac4 # main
with:
java-version: ${{ env.JAVA_VERSION }}
maven-version: ${{ env.MAVEN_VERSION }}
maven-args: "-P '!with-integration-tests'"
deploy:
name: Deploy to Maven Central
runs-on: ubuntu-latest
timeout-minutes: 30
needs: [blackduck, build]
environment: release
permissions:
contents: read
steps:
- name: Checkout
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
with:
ref: ${{ github.event.release.tag_name }}
- name: Deploy
uses: cap-java/.github/actions/deploy-release@296573b55e906f5c77a1855bcfe4285cbbc5cac4 # main
with:
user: ${{ secrets.CENTRAL_REPOSITORY_USER }}
password: ${{ secrets.CENTRAL_REPOSITORY_PASS }}
gpg-pub-key: ${{ secrets.PGP_PUBKEY_ID }}
gpg-private-key: ${{ secrets.PGP_PRIVATE_KEY }}
gpg-passphrase: ${{ secrets.PGP_PASSPHRASE }}
revision: ${{ github.event.release.tag_name }}
maven-version: ${{ env.MAVEN_VERSION }}
maven-profiles: "deploy-release,'!with-integration-tests'"