matrei commented on code in PR #15206:
URL: https://github.com/apache/grails-core/pull/15206#discussion_r2491806206
##########
.github/workflows/release.yml:
##########
@@ -21,267 +21,220 @@ permissions: { }
env:
# to prevent throttling of the github api, include the github token in an
environment variable since the build will check for it
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ GRAILS_PUBLISH_RELEASE: true
+ JAVA_DISTRIBUTION: liberica
+ JAVA_VERSION: 17.0.17 # this must be a specific version for reproducible
builds, keep it synced with .sdkmanrc
+ PROJECT_DESC: >
+ Grails is a powerful Groovy-based web application framework for the JVM,
+ built on top of Spring Boot, and supported by a rich ecosystem of plugins
+ that extend its functionality.
+ PROJECT_NAME: Apache Grails
+ REPO_NAME: ${{ github.event.repository.name }}
+ REPO_SLUG: ${{ github.repository }}
+ SVN_FOLDER: core
+ TAG: ${{ github.event.release.tag_name }}
+ TARGET_BRANCH: ${{ github.event.release.target_commitish }}
+ VERSION: will be computed in each job
jobs:
publish:
name: "Stage Jar Files"
permissions:
contents: write # to create release & upload wrapper
issues: write # to modify milestones
runs-on: ubuntu-24.04
- outputs:
- release_version: ${{ steps.release_version.outputs.value }}
- commit_hash: ${{ steps.commit_hash.outputs.value }}
- target_branch: ${{ steps.extract_branch.outputs.value }}
- extract_repository_name: ${{
steps.extract_repository_name.outputs.repository_name }}
steps:
- - name: "Output Agent IP" # in the event RAO blocks this agent, this can
be used to debug it
+ - name: "π Establish release version"
+ run: echo "VERSION=${TAG#v}" >> "$GITHUB_ENV"
+ - name: "π Output Agent IP" # in the event RAO blocks this agent, this
can be used to debug it
run: curl -s https://api.ipify.org
- - name: "Extract repository name"
- id: extract_repository_name
- run: |
- echo "repository_name=${GITHUB_REPOSITORY##*/}" >> $GITHUB_OUTPUT
- name: "π₯ Checkout repository"
- uses: actions/checkout@v4
+ uses: actions/checkout@v5
with:
+ ref: ${{ env.TAG }}
token: ${{ secrets.GITHUB_TOKEN }}
- ref: ${{ github.ref }}
- fetch-depth: 1
- fetch-tags: true
- - name: 'Ensure Common Build Date' # to ensure a reproducible build
+ - name: "π
Store common build date" # to ensure a reproducible build
run: echo "SOURCE_DATE_EPOCH=$(git log -1 --pretty=%ct)" >>
"$GITHUB_ENV"
- - name: "Ensure source files use common date"
- run: |
- find . -depth \( -type f -o -type d \) -exec touch -d
"@${SOURCE_DATE_EPOCH}" {} +
+ - name: "π
Ensure source files use common date"
+ run: find . -depth \( -type f -o -type d \) -exec touch -d
"@${SOURCE_DATE_EPOCH}" {} +
- name: 'π Set up GPG'
run: |
echo "${{ secrets.GRAILS_GPG_KEY }}" | gpg --batch --import
gpg --list-keys
- env:
- GPG_KEY_ID: ${{ secrets.GPG_KEY_ID }}
- name: "βοΈ Setup JDK"
- uses: actions/setup-java@v4
+ uses: actions/setup-java@v5
with:
- distribution: liberica
- java-version: '17.0.14' # this must be a specific version for
reproducible builds
+ distribution: ${{ env.JAVA_DISTRIBUTION }}
+ java-version: ${{ env.JAVA_VERSION }}
- name: "π Setup Gradle"
- uses: gradle/actions/setup-gradle@v4
+ uses: gradle/actions/setup-gradle@v5
with:
- develocity-access-key: ${{ secrets.GRAILS_DEVELOCITY_ACCESS_KEY }}
- - name: "π Store the target branch"
- id: extract_branch
- run: |
- echo "Determining Target Branch"
- TARGET_BRANCH=`cat $GITHUB_EVENT_PATH | jq
'.release.target_commitish' | sed -e 's/^"\(.*\)"$/\1/g'`
- echo $TARGET_BRANCH
- echo "value=${TARGET_BRANCH}" >> $GITHUB_OUTPUT
- - name: "π Store the current release version"
- id: release_version
- run: echo "value=${GITHUB_REF:11}" >> $GITHUB_OUTPUT
- - name: 'βοΈ Run pre-release'
+ develocity-access-key: ${{ secrets.GRAILS_DEVELOCITY_ACCESS_KEY }}
+ - name: "βοΈ Run pre-release"
uses: apache/grails-github-actions/pre-release@asf
env:
- RELEASE_VERSION: ${{ steps.release_version.outputs.value }}
+ RELEASE_VERSION: ${{ env.VERSION }}
RELEASE_SCRIPT_PATH: '.github/scripts/setReleasedGrailsVersion.sh'
- - name: 'Fetch release Commit Hash'
- id: commit_hash
- env:
- OWNER: ${{ github.repository_owner }}
- REPO: ${{ steps.extract_repository_name.outputs.repository_name }}
- TAG: 'v${{ steps.release_version.outputs.value }}'
- run: |
- ref_json=$(gh api "repos/$OWNER/$REPO/git/ref/tags/$TAG")
-
- type=$(jq -r '.object.type' <<<"$ref_json")
- sha=$(jq -r '.object.sha' <<<"$ref_json")
-
- if [ "$type" = "tag" ]; then
- sha=$(gh api "repos/$OWNER/$REPO/git/tags/$sha" --jq '.object.sha')
- fi
-
- echo "Found Commit Sha: $sha"
-
- echo "value=$sha" >>"$GITHUB_OUTPUT"
- - name: "𧩠Run grails-core Assemble"
- run: ./gradlew assemble -PgithubBranch=${{
steps.extract_branch.outputs.value }}
- env:
- GRAILS_PUBLISH_RELEASE: "true"
- - name: "𧩠Run grails-forge Assemble"
+ - name: "𧩠Run grails-core assemble"
+ run: ./gradlew assemble -PgithubBranch=${TARGET_BRANCH}
+ - name: "𧩠Run grails-forge assemble"
working-directory: grails-forge
- run: ./gradlew assemble -PgithubBranch=${{
steps.extract_branch.outputs.value }}
- env:
- GRAILS_PUBLISH_RELEASE: "true"
+ run: ./gradlew assemble -PgithubBranch=${TARGET_BRANCH}
- name: "π¦ Generate grails-core docs"
- run: ./gradlew grails-doc:build -PgithubBranch=${{
steps.extract_branch.outputs.value }}
- env:
- GRAILS_PUBLISH_RELEASE: "true"
- - name: "π Sign wrapper ZIP"
- env:
- GPG_KEY_ID: ${{ secrets.GPG_KEY_ID }}
- run: |
- gpg --default-key "${GPG_KEY_ID}" --batch --yes --pinentry-mode
loopback --armor --detach-sign
grails-wrapper/build/distributions/apache-grails-wrapper-${{
steps.release_version.outputs.value }}-bin.zip
- - name: "π¦ Create wrapper checksum"
+ run: ./gradlew grails-doc:build -PgithubBranch=${TARGET_BRANCH}
+ - name: "π Sign grails-wrapper ZIP"
+ run: >
+ gpg
+ --default-key "${{ secrets.GPG_KEY_ID }}"
+ --batch
+ --yes
+ --pinentry-mode loopback
+ --armor
+ --detach-sign
+
grails-wrapper/build/distributions/apache-grails-wrapper-${VERSION}-bin.zip
+ - name: "π¦ Create grails-wrapper checksum"
run: |
cd grails-wrapper/build/distributions
ls
- sha512sum apache-grails-wrapper-${{
steps.release_version.outputs.value }}-bin.zip > "apache-grails-wrapper-${{
steps.release_version.outputs.value }}-bin.zip.sha512"
+ sha512sum apache-grails-wrapper-${VERSION}-bin.zip >
apache-grails-wrapper-${VERSION}-bin.zip.sha512
echo "Generated checksum for grails wrapper ZIP:"
- cat apache-grails-wrapper-${{ steps.release_version.outputs.value
}}-bin.zip.sha512
- - name: "π€ Upload grails wrapper ZIP"
+ cat apache-grails-wrapper-${VERSION}-bin.zip.sha512
+ - name: "π€ Upload grails-wrapper ZIP"
uses: softprops/action-gh-release@v2
with:
- tag_name: ${{ github.event.release.tag_name }}
+ tag_name: ${{ env.TAG }}
files: |
- grails-wrapper/build/distributions/apache-grails-wrapper-${{
steps.release_version.outputs.value }}-bin.zip
- grails-wrapper/build/distributions/apache-grails-wrapper-${{
steps.release_version.outputs.value }}-bin.zip.sha512
- grails-wrapper/build/distributions/apache-grails-wrapper-${{
steps.release_version.outputs.value }}-bin.zip.asc
- env:
- GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- - name: "π Sign CLI ZIP"
- env:
- GPG_KEY_ID: ${{ secrets.GPG_KEY_ID }}
- run: |
- gpg --default-key "${GPG_KEY_ID}" --batch --yes --pinentry-mode
loopback --armor --detach-sign
grails-forge/grails-cli/build/distributions/apache-grails-${{
steps.release_version.outputs.value }}-bin.zip
- - name: "π¦ Create CLI checksum"
+ grails-wrapper/build/distributions/apache-grails-wrapper-${{
env.VERSION }}-bin.zip
+ grails-wrapper/build/distributions/apache-grails-wrapper-${{
env.VERSION }}-bin.zip.sha512
+ grails-wrapper/build/distributions/apache-grails-wrapper-${{
env.VERSION }}-bin.zip.asc
+ - name: "π Sign grails-cli ZIP"
+ run: >
+ gpg
+ --default-key "${{ secrets.GPG_KEY_ID }}"
+ --batch
+ --yes
+ --pinentry-mode loopback
+ --armor
+ --detach-sign
+
grails-forge/grails-cli/build/distributions/apache-grails-${VERSION}-bin.zip
+ - name: "π¦ Create grails-cli checksum"
run: |
cd grails-forge/grails-cli/build/distributions
ls
- sha512sum apache-grails-${{ steps.release_version.outputs.value
}}-bin.zip > "apache-grails-${{ steps.release_version.outputs.value
}}-bin.zip.sha512"
+ sha512sum apache-grails-${VERSION}-bin.zip >
apache-grails-${VERSION}-bin.zip.sha512
echo "Generated checksum for grails cli ZIP:"
- cat apache-grails-${{ steps.release_version.outputs.value
}}-bin.zip.sha512
- - name: "π€ Upload CLI ZIP"
+ cat apache-grails-${VERSION}-bin.zip.sha512
+ - name: "π€ Upload grails-cli ZIP"
uses: softprops/action-gh-release@v2
with:
- tag_name: ${{ github.event.release.tag_name }}
+ tag_name: ${{ env.TAG }}
files: |
- grails-forge/grails-cli/build/distributions/apache-grails-${{
steps.release_version.outputs.value }}-bin.zip
- grails-forge/grails-cli/build/distributions/apache-grails-${{
steps.release_version.outputs.value }}-bin.zip.sha512
- grails-forge/grails-cli/build/distributions/apache-grails-${{
steps.release_version.outputs.value }}-bin.zip.asc
- env:
- GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- - name: "Create Staging Repository"
+ grails-forge/grails-cli/build/distributions/apache-grails-${{
env.VERSION }}-bin.zip
+ grails-forge/grails-cli/build/distributions/apache-grails-${{
env.VERSION }}-bin.zip.sha512
+ grails-forge/grails-cli/build/distributions/apache-grails-${{
env.VERSION }}-bin.zip.asc
+ - name: "β¨ Create Staging Repository"
env:
- GRAILS_PUBLISH_RELEASE: "true"
NEXUS_PUBLISH_USERNAME: ${{ secrets.NEXUS_STAGE_DEPLOYER_USER }}
NEXUS_PUBLISH_PASSWORD: ${{ secrets.NEXUS_STAGE_DEPLOYER_PW }}
- NEXUS_PUBLISH_URL: 'https://repository.apache.org/service/local/'
+ NEXUS_PUBLISH_URL: ${{ vars.STAGING_URL }}
NEXUS_PUBLISH_STAGING_PROFILE_ID: ${{ secrets.STAGING_PROFILE_ID }}
- NEXUS_PUBLISH_DESCRIPTION: '${{
steps.extract_repository_name.outputs.repository_name }}:${{
steps.release_version.outputs.value }}'
- SIGNING_KEY: ${{ secrets.GPG_KEY_ID }}
- working-directory: 'grails-gradle'
- run: >
- ./gradlew initializeSonatypeStagingRepository
- - name: "π€ Publish Gradle Plugins"
+ NEXUS_PUBLISH_DESCRIPTION: '${{ env.REPO_NAME }}:${{ env.VERSION }}'
+ run: ./gradlew initializeSonatypeStagingRepository
+ - name: "π€ Publish Gradle Plugins to Staging Repository"
env:
- GRAILS_PUBLISH_RELEASE: 'true'
NEXUS_PUBLISH_USERNAME: ${{ secrets.NEXUS_STAGE_DEPLOYER_USER }}
NEXUS_PUBLISH_PASSWORD: ${{ secrets.NEXUS_STAGE_DEPLOYER_PW }}
- NEXUS_PUBLISH_URL: 'https://repository.apache.org/service/local/'
+ NEXUS_PUBLISH_URL: ${{ vars.STAGING_URL }}
NEXUS_PUBLISH_STAGING_PROFILE_ID: ${{ secrets.STAGING_PROFILE_ID }}
- NEXUS_PUBLISH_DESCRIPTION: '${{
steps.extract_repository_name.outputs.repository_name }}:${{
steps.release_version.outputs.value }}'
+ NEXUS_PUBLISH_DESCRIPTION: '${{ env.REPO_NAME }}:${{ env.VERSION }}'
SIGNING_KEY: ${{ secrets.GPG_KEY_ID }}
- working-directory: 'grails-gradle'
+ working-directory: grails-gradle
run: >
./gradlew
-x initializeSonatypeStagingRepository
- findSonatypeStagingRepository
- publishToSonatype
+ findSonatypeStagingRepository
+ publishToSonatype
aggregateChecksums
aggregatePublishedArtifacts
- - name: "π€ Publish grails-core"
+ - name: "π€ Publish grails-core to Staging Repository"
env:
- GRAILS_PUBLISH_RELEASE: 'true'
NEXUS_PUBLISH_USERNAME: ${{ secrets.NEXUS_STAGE_DEPLOYER_USER }}
NEXUS_PUBLISH_PASSWORD: ${{ secrets.NEXUS_STAGE_DEPLOYER_PW }}
- NEXUS_PUBLISH_URL: 'https://repository.apache.org/service/local/'
+ NEXUS_PUBLISH_URL: ${{ vars.STAGING_URL }}
NEXUS_PUBLISH_STAGING_PROFILE_ID: ${{ secrets.STAGING_PROFILE_ID }}
- NEXUS_PUBLISH_DESCRIPTION: '${{
steps.extract_repository_name.outputs.repository_name }}:${{
steps.release_version.outputs.value }}'
+ NEXUS_PUBLISH_DESCRIPTION: '${{ env.REPO_NAME }}:${{ env.VERSION }}'
SIGNING_KEY: ${{ secrets.GPG_KEY_ID }}
run: >
./gradlew
-x initializeSonatypeStagingRepository
- findSonatypeStagingRepository
- publishToSonatype
+ findSonatypeStagingRepository
+ publishToSonatype
aggregateChecksums
aggregatePublishedArtifacts
- - name: "π€ Publish grails-forge"
+ - name: "π€ Publish grails-forge to Staging Repository"
env:
- GRAILS_PUBLISH_RELEASE: 'true'
NEXUS_PUBLISH_USERNAME: ${{ secrets.NEXUS_STAGE_DEPLOYER_USER }}
NEXUS_PUBLISH_PASSWORD: ${{ secrets.NEXUS_STAGE_DEPLOYER_PW }}
- NEXUS_PUBLISH_URL: 'https://repository.apache.org/service/local/'
+ NEXUS_PUBLISH_URL: ${{ vars.STAGING_URL }}
NEXUS_PUBLISH_STAGING_PROFILE_ID: ${{ secrets.STAGING_PROFILE_ID }}
- NEXUS_PUBLISH_DESCRIPTION: '${{
steps.extract_repository_name.outputs.repository_name }}:${{
steps.release_version.outputs.value }}'
+ NEXUS_PUBLISH_DESCRIPTION: '${{ env.REPO_NAME }}:${{ env.VERSION }}'
SIGNING_KEY: ${{ secrets.GPG_KEY_ID }}
- working-directory: "grails-forge"
+ working-directory: grails-forge
run: >
./gradlew
-x initializeSonatypeStagingRepository
- findSonatypeStagingRepository
- publishToSonatype
+ findSonatypeStagingRepository
+ publishToSonatype
aggregateChecksums
aggregatePublishedArtifacts
- - name: "π€ Close Staging Repository"
+ - name: "β
Close Staging Repository"
env:
- GRAILS_PUBLISH_RELEASE: 'true'
NEXUS_PUBLISH_USERNAME: ${{ secrets.NEXUS_STAGE_DEPLOYER_USER }}
NEXUS_PUBLISH_PASSWORD: ${{ secrets.NEXUS_STAGE_DEPLOYER_PW }}
- NEXUS_PUBLISH_URL: 'https://repository.apache.org/service/local/'
+ NEXUS_PUBLISH_URL: ${{ vars.STAGING_URL }}
NEXUS_PUBLISH_STAGING_PROFILE_ID: ${{ secrets.STAGING_PROFILE_ID }}
- NEXUS_PUBLISH_DESCRIPTION: '${{
steps.extract_repository_name.outputs.repository_name }}:${{
steps.release_version.outputs.value }}'
- SIGNING_KEY: ${{ secrets.GPG_KEY_ID }}
+ NEXUS_PUBLISH_DESCRIPTION: '${{ env.REPO_NAME }}:${{ env.VERSION }}'
run: >
./gradlew
-x initializeSonatypeStagingRepository
findSonatypeStagingRepository
closeSonatypeStagingRepository
- - name: "π©ΉCombine checksums"
+ - name: "π©Ή Combine checksums"
run: |
combined_file="build/CHECKSUMS.txt"
cat build/grails-core-checksums.txt > "$combined_file"
cat grails-gradle/build/grails-gradle-checksums.txt >>
"$combined_file"
cat grails-forge/build/grails-forge-checksums.txt >> "$combined_file"
- - name: "Upload combined checksums"
- uses: softprops/action-gh-release@v2
- with:
- tag_name: ${{ github.event.release.tag_name }}
- files: build/CHECKSUMS.txt
- env:
- GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- - name: "π©ΉCombine published artifacts"
+ - name: "π©Ή Combine published artifacts"
run: |
combined_file="build/PUBLISHED_ARTIFACTS.txt"
cat build/grails-core-artifacts.txt > "$combined_file"
cat grails-gradle/build/grails-gradle-artifacts.txt >>
"$combined_file"
cat grails-forge/build/grails-forge-artifacts.txt >> "$combined_file"
- - name: "Upload combined published artifacts"
- uses: softprops/action-gh-release@v2
- with:
- tag_name: ${{ github.event.release.tag_name }}
- files: build/PUBLISHED_ARTIFACTS.txt
- env:
- GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- - name: "Generate Build Date file"
+ - name: "π
Generate build date file"
run: echo "$SOURCE_DATE_EPOCH" >> build/BUILD_DATE.txt
- - name: "Upload Build Date file"
+ - name: "π€ Upload build date, checksums and published artifact files"
uses: softprops/action-gh-release@v2
Review Comment:
Yes, but I'm unsure how that works.
I think the documentation is unclear:
```yml
draft:
description: "Creates a draft release. Defaults to false"
required: false
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
