-
Notifications
You must be signed in to change notification settings - Fork 1
105 lines (95 loc) · 3.33 KB
/
deploy-artifacts.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
name: Deploy Artifacts to Central
run-name: Deploy ${{ github.event.inputs.name }} ${{ github.event.inputs.version }} to Central
on:
workflow_dispatch:
inputs:
name:
description: 'Name of the artifact'
required: true
version:
description: 'Version of the artifact'
required: true
github_repository:
description: 'GitHub repository of the artifact'
required: true
run_id:
description: 'Run ID of the release workflow'
required: true
dry_run:
description: 'Dry run the release'
required: false
type: boolean
default: false
permissions:
contents: read
env:
PAYLOAD_NAME: ${{ github.event.inputs.name }}
PAYLOAD_VERSION: ${{ github.event.inputs.version }}
PAYLOAD_REPOSITORY: ${{ github.event.inputs.github_repository }}
PAYLOAD_RUN_ID: ${{ github.event.inputs.run_id }}
DRY_RUN: ${{ github.event.inputs.dry_run || vars.DRY_RUN }}
concurrency:
# Group by repository and version
group: ${{ github.event.inputs.github_repository }}-${{ github.event.inputs.version }}
cancel-in-progress: true
jobs:
deploy_to_central:
environment: central
runs-on: ubuntu-latest
steps:
- name: Set environment variables
run: |
echo "ARTIFACT_PATH=${PAYLOAD_NAME}-${PAYLOAD_VERSION}.tar.gz" >> $GITHUB_ENV
- name: Checkout code
uses: actions/checkout@v4
with:
ref: main
fetch-depth: 0
- name: Download artifact
uses: actions/download-artifact@v4
with:
name: artifact
repository: ${{ env.PAYLOAD_REPOSITORY }}
run-id: ${{ env.PAYLOAD_RUN_ID }}
github-token: ${{ secrets.GITHUB_TOKEN }}
- name: Verify Artifact Attestation
run: gh attestation verify --repo ${PAYLOAD_REPOSITORY} ${ARTIFACT_PATH} --signer-repo quarkiverse/.github
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Untar the artifacts
run: |
mkdir repository
tar -xzvf $ARTIFACT_PATH -C repository
- name: Verify structure
uses: jbangdev/[email protected]
with:
script: validate_repository.java
env:
ARTIFACT_DIR: ./repository
REPOSITORY: ${{ env.PAYLOAD_REPOSITORY }}
NAME: ${{ env.PAYLOAD_NAME }}
VERSION: ${{ env.PAYLOAD_VERSION }}
- name: Deploy to Central
uses: jreleaser/release-action@v2
with:
version: early-access
arguments: 'deploy'
env:
JRELEASER_DRY_RUN: ${{ env.DRY_RUN }}
JRELEASER_GPG_PUBLIC_KEY: ${{ secrets.GPG_PUBLIC_KEY }}
JRELEASER_GPG_SECRET_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
JRELEASER_GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
JRELEASER_NEXUS2_USERNAME: ${{ secrets.OSSRH_USERNAME }}
JRELEASER_NEXUS2_TOKEN: ${{ secrets.OSSRH_TOKEN }}
JRELEASER_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
JRELEASER_PROJECT_VERSION: ${{ env.PAYLOAD_VERSION }}
JRELEASER_PROJECT_NAME: ${{ env.PAYLOAD_NAME }}
# Persist logs
- name: JReleaser release output
if: always()
uses: actions/upload-artifact@v4
with:
name: jreleaser-logs
path: |
out/jreleaser/trace.log
out/jreleaser/output.properties