-
Notifications
You must be signed in to change notification settings - Fork 0
204 lines (175 loc) · 10.4 KB
/
maven-build-deploy.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
# From https://github.com/ShahimEssaid/examples/blob/92328c1347cdb9b36c2c1936147a1ae7fe556c56/.github/workflows/maven-build-deploy.yaml
# This workflow aims to be an easily reused workflow to enable the build or deployment or a Maven project.
# You will need to adjust a few of the lines (through the job environment section) but remaining lines are not meant to
# customized by a user unless really needed. If this becomes needed, customizing remaining lines, I probably need to add
# additional environment variables or some other sort of indirection.
# You will need to create a few Actions repository secrets:
# MVN_BUILD_DISTRIBUTION_RELEASE_REPO_USERNAME: to hold your release distribution repo username.
# MVN_BUILD_DISTRIBUTION_RELEASE_REPO_PASSWORD: to hold your release distribution repo password.
# MVN_BUILD_DISTRIBUTION_SNAPSHOT_REPO_USERNAME: to hold your snapshot distribution repo username.
# MVN_BUILD_DISTRIBUTION_SNAPSHOT_REPO_PASSWORD: to hold your snapshot distribution repo password.
# If you use maven-gpg-plugin: See: https://maven.apache.org/plugins/maven-gpg-plugin/usage.html
# and: https://unix.stackexchange.com/questions/481939/how-to-export-a-gpg-private-key-and-public-key-to-a-file#482559
# MVN_BUILD_GPG_PRIVATE_KEY: your gpg private key
# MVN_BUILD_GPG_PRIVATE_KEY_PASSPHRASE: your gpg private key passphrase
name: maven-build-deploy.yaml
run-name: Running maven-build-deploy.yaml
on:
# The following job is only meant for push requests, i.e. trusted code in a branch in this repository.
# This workflow can't work for building pull requests since it requires repository secrets.
# See: https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request_target
# See: https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
# If a pull request needs to be deployed, create a branch to track the PR's branch to trigger a deployment.
push: # https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#onpushbranchestagsbranches-ignoretags-ignore
paths: # https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#onpushpull_requestpull_request_targetpathspaths-ignore
- '**'
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
build:
name: Build and optionally deploy
runs-on: ubuntu-22.04
env:
JAVA_VERSION: '17'
JAVA_DISTRIBUTION: 'temurin'
# The relative path to the Maven project.
MVN_PROJECT_REL_PATH: ''
# Bash regular expression to math against branch names to decide if the branch should be deployed or not.
DEPLOY_BRANCHES: '^main$|^master$'
NO_DEPLOY_BRANCHES: '^$'
# The maven command line without the "mvn" part. If there is a ./mvnw it will be use. Otherwise, defaults to availabe
# mvn command in the image.
DEPLOY_COMMAND: '--no-transfer-progress deploy'
# Bash regular expression to match against branch names to decide if the branch should be built.
# Build all branches by default
BUILD_BRANCHES: '.+'
NO_BUILD_BRANCHES: '^$'
# The maven command line without the "mvn" part. If there is a ./mvnw it will be use. Otherwise, defaults to availabe
# mvn command in the image.
BUILD_COMMAND: '--no-transfer-progress verify'
# We need to qualify the artifact version(s) if we want to deploy distinct artifacts from different branches.
# For example, if we want to deploy a PR (so other projects can test it), we need to qualify the Maven version
# somehow to not overwrite the main/master deployment. The approach in this workflow is to update the project
# version by adding the branch name as an additional qualifier to the version.
# For example, 0.1.0 becomes 0.1.0-some-branch-name, 0.1.0-SNAPSHOT becomes 0.1.0-some-branch-name-SNAPSHOT
# Also, to support deploying non -SNAPSHOT versions as a temporary snapshot build to simplify deploying such builds.
# Which branches to qualify. A branch has to both match the QUALIFY_BRANCHES and NOT match the NO_QUALIFY_BRANCHES
# in order for its version to be branch-qualified.
QUALIFY_BRANCHES: '^$' # None by default
NO_QUALIFY_BRANCHES: '^main$|^master$'
SNAPSHOT_BRANCHES: '^$' # None by default
NO_SNAPSHOT_BRANCHES: '^main$|^master$'
# The command to set a branch version if needed. "-DnewVersion=${BRANCH_VERSION_NEW}" will be appended to this value.
# The maven command line without the "mvn" part. If there is a ./mvnw it will be use. Otherwise, defaults to availabe
# mvn command in the image.
MVN_VERSION_SET_COMMAND: '--no-transfer-progress versions:set -DprocessAllModules'
# The repository ids, from the POM, for distribution so that the settings.xml can be created correctly below.
DISTRIBUTION_RELEASE_REPO_ID: 'oss'
DISTRIBUTION_SNAPSHOT_REPO_ID: 'oss'
# The default server id for the maven-gpg-plugin to work.
# Don't change this unless you know what you are doing.
# See: https://maven.apache.org/plugins/maven-gpg-plugin/usage.html
GPG_SERVER_ID: 'gpg.passphrase'
# To output debugging info to the log.
DEBUG: true
defaults:
run:
shell: bash
working-directory: ${{ github.workspace }}/${{ env.MVN_PROJECT_REL_PATH }}
steps:
- id: checkout
uses: actions/checkout@v3 #https://github.com/actions/checkout
- id: setup-java
uses: actions/setup-java@v3 # https://github.com/marketplace/actions/setup-java-jdk
with: # https://github.com/actions/setup-java#user-content-usage
java-version: ${{ env.JAVA_VERSION }}
distribution: ${{ env.JAVA_DISTRIBUTION }}
gpg-private-key: ${{ secrets.MVN_BUILD_GPG_PRIVATE_KEY }} # https://unix.stackexchange.com/questions/481939/how-to-export-a-gpg-private-key-and-public-key-to-a-file#482559
- name: maven-settings-action
uses: s4u/[email protected] # https://github.com/marketplace/actions/maven-settings-action
with:
servers: |
[
{"id": "${{ env.DISTRIBUTION_RELEASE_REPO_ID }}", "username": "${env.MVN_BUILD_DISTRIBUTION_RELEASE_REPO_USERNAME}", "password": "${env.MVN_BUILD_DISTRIBUTION_RELEASE_REPO_PASSWORD}"},
{"id": "${{ env.DISTRIBUTION_SNAPSHOT_REPO_ID }}", "username": "${env.MVN_BUILD_DISTRIBUTION_SNAPSHOT_REPO_USERNAME}", "password": "${env.MVN_BUILD_DISTRIBUTION_SNAPSHOT_REPO_PASSWORD}"},
{"id": "${{ env.GPG_SERVER_ID }}", "username": "stub-username-needed-or-error", "passphrase": "${env.MVN_BUILD_GPG_PRIVATE_KEY_PASSPHRASE}"}
]
- id: debug-info
name: Debugging info
if: env.DEBUG == 'true'
run: |
stdbuf -oL echo "Working dir: $(pwd)"
stdbuf -oL env | sort
stdbuf -oL cat "${{ github.workspace }}/.git/config"
stdbuf -oL echo "Git default remote branch: $(git remote show origin | sed -n '/HEAD branch/s/.*: //p')"
stdbuf -oL cat ~/.m2/settings.xml
stdbuf -oL echo "github context:"
stdbuf -oL echo "${{ toJSON(github) }}"
- id: update-version
name: Updating version if needed
run: |
if [[ ${{ env.DEBUG }} == true ]]; then
set -x
fi
BRANCH_VERSION="$(mvn org.apache.maven.plugins:maven-help-plugin:3.2.0:evaluate -Dexpression=project.version -q -DforceStdout)"
BRANCH_VERSION_NEW=${BRANCH_VERSION}
if [[ ${{ github.ref_name }} =~ ${{ env.SNAPSHOT_BRANCHES }} &&
! ${{ github.ref_name }} =~ ${{ env.NO_SNAPSHOT_BRANCHES }} ]]; then
if [[ ${BRANCH_VERSION_NEW} != *-SNAPSHOT ]]; then
echo "Adding -SNAPSHOT to ${BRANCH_VERSION_NEW}"
BRANCH_VERSION_NEW=${BRANCH_VERSION_NEW}-SNAPSHOT
fi
fi
if [[ ${{ github.ref_name }} =~ ${{ env.QUALIFY_BRANCHES }} &&
! ${{ github.ref_name }} =~ ${{ env.NO_QUALIFY_BRANCHES }} ]]; then
echo "Qualifying branch's version: ${BRANCH_VERSION_NEW}"
BRANCH_NAME="${{ github.ref_name }}"
BRANCH_NAME="${BRANCH_NAME//[^a-zA-Z0-9._-]/_}"
if [[ ${BRANCH_VERSION_NEW} == *-SNAPSHOT ]]; then
BRANCH_VERSION_NEW="${BRANCH_VERSION_NEW%-SNAPSHOT}-${BRANCH_NAME}-SNAPSHOT"
else
BRANCH_VERSION_NEW="${BRANCH_VERSION_NEW}-${BRANCH_NAME}"
fi
fi
if [[ ${BRANCH_VERSION_NEW} != ${BRANCH_VERSION} ]]; then
if [[ -f ./mvnw ]]; then
./mvnw ${{ env.MVN_VERSION_SET_COMMAND }} -DnewVersion=${BRANCH_VERSION_NEW}
else
mvn ${{ env.MVN_VERSION_SET_COMMAND }} -DnewVersion=${BRANCH_VERSION_NEW}
fi
echo "Versions changed from ${BRANCH_VERSION} to ${BRANCH_VERSION_NEW} " >> $GITHUB_STEP_SUMMARY
fi
- id: build-or-deploy
name: Building or deploying
env:
MVN_BUILD_DISTRIBUTION_RELEASE_REPO_USERNAME: ${{ secrets.MVN_BUILD_DISTRIBUTION_RELEASE_REPO_USERNAME }}
MVN_BUILD_DISTRIBUTION_RELEASE_REPO_PASSWORD: ${{ secrets.MVN_BUILD_DISTRIBUTION_RELEASE_REPO_PASSWORD }}
MVN_BUILD_DISTRIBUTION_SNAPSHOT_REPO_USERNAME: ${{ secrets.MVN_BUILD_DISTRIBUTION_SNAPSHOT_REPO_USERNAME }}
MVN_BUILD_DISTRIBUTION_SNAPSHOT_REPO_PASSWORD: ${{ secrets.MVN_BUILD_DISTRIBUTION_SNAPSHOT_REPO_PASSWORD }}
MVN_BUILD_GPG_PRIVATE_KEY_PASSPHRASE: ${{ secrets.MVN_BUILD_GPG_PRIVATE_KEY_PASSPHRASE }}
run: |
if [[ ${{ env.DEBUG }} == true ]]; then
set -x
fi
if [[ ${{ github.ref_name }} =~ ${{ env.DEPLOY_BRANCHES }} &&
! ${{ github.ref_name }} =~ ${{ env.NO_DEPLOY_BRANCHES }} ]]; then
echo "Deploying branch."
if [[ -f ./mvnw ]]; then
./mvnw ${{ env.DEPLOY_COMMAND }}
else
mvn ${{ env.DEPLOY_COMMAND }}
fi
else
if [[ ${{ github.ref_name }} =~ ${{ env.BUILD_BRANCHES }} &&
! ${{ github.ref_name }} =~ ${{ env.NO_BUILD_BRANCHES }} ]]; then
echo "Building branch."
if [[ -f ./mvnw ]]; then
./mvnw ${{ env.BUILD_COMMAND }}
else
mvn ${{ env.BUILD_COMMAND }}
fi
else
echo "Not building or deploying branch"
fi
fi