Merge pull request #2240 from microsoftgraph/dependabot/github_action… #621
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Maven Preview/Release and GitHub Release | |
on: | |
push: | |
branches: [main] | |
paths-ignore: | |
- '.gradle/wrapper' | |
- '.gitignore' | |
- 'LICENSE' | |
- 'THIRD PARTY NOTICES' | |
- '*.md' | |
tags: | |
- "v[0-9]+.[0-9]+.[0-9]+" | |
workflow_dispatch: | |
env: | |
PREVIEW_TASK: publishToSonatype | |
PUBLISH_TASK: publishToSonatype closeAndReleaseSonatypeStagingRepository | |
JAVA_VERSION: 21 | |
JAVA_DISTRIBUTION: 'temurin' | |
permissions: | |
contents: write | |
jobs: | |
maven_Preview: | |
if: ${{ github.ref == 'refs/heads/main' }} | |
environment: | |
name: maven_central_snapshot | |
runs-on: ubuntu-latest | |
needs: validate-package-contents | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Set up JDK | |
uses: actions/setup-java@v4 | |
with: | |
java-version: ${{ env.JAVA_VERSION }} | |
distribution: ${{ env.JAVA_DISTRIBUTION}} | |
cache: gradle | |
- name: Detect secrets | |
run: | | |
pip install detect-secrets | |
git ls-files -z | xargs -0 detect-secrets-hook --baseline .secrets.baseline | |
- name: Download File | |
run: .\scripts\decodeAndWrite.ps1 -encodedValue $env:ENCODED_VALUE -outputPath $env:OUTPUT_PATH | |
shell: pwsh | |
env: | |
ENCODED_VALUE: ${{ secrets.LOCAL_PROPERTIES }} | |
OUTPUT_PATH: '.\local.properties' | |
- name: Download File | |
run: .\scripts\decodeAndWrite.ps1 -encodedValue $env:ENCODED_VALUE -outputPath $env:OUTPUT_PATH | |
shell: pwsh | |
env: | |
ENCODED_VALUE: ${{ secrets.SECRING_GPG }} | |
OUTPUT_PATH: '.\secring.gpg' | |
- name: Grant execute permission for gradlew | |
run: chmod +x gradlew | |
- name: Publish | |
run: ./gradlew $PREVIEW_TASK | |
maven_Release: | |
if: ${{ startsWith(github.ref, 'refs/tags/') && github.actor == 'release-please[bot]'}} | |
environment: | |
name: maven_central_release | |
runs-on: ubuntu-latest | |
needs: validate-package-contents | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Set up JDK | |
uses: actions/setup-java@v4 | |
with: | |
java-version: ${{ env.JAVA_VERSION }} | |
distribution: ${{ env.JAVA_DISTRIBUTION}} | |
cache: gradle | |
- name: Detect secrets | |
run: | | |
pip install detect-secrets | |
git ls-files -z | xargs -0 detect-secrets-hook --baseline .secrets.baseline | |
- name: Download File | |
run: .\scripts\decodeAndWrite.ps1 -encodedValue $env:ENCODED_VALUE -outputPath $env:OUTPUT_PATH | |
shell: pwsh | |
env: | |
ENCODED_VALUE: ${{ secrets.LOCAL_PROPERTIES }} | |
OUTPUT_PATH: '.\local.properties' | |
- name: Download File | |
run: .\scripts\decodeAndWrite.ps1 -encodedValue $env:ENCODED_VALUE -outputPath $env:OUTPUT_PATH | |
shell: pwsh | |
env: | |
ENCODED_VALUE: ${{ secrets.SECRING_GPG }} | |
OUTPUT_PATH: '.\secring.gpg' | |
- name: Grant execute permission for gradlew | |
run: chmod +x gradlew | |
- name: Publish | |
run: ./gradlew $PUBLISH_TASK -PmavenCentralSnapshotArtifactSuffix="" | |
- name: Upload Build Artifact | |
uses: actions/upload-artifact@v4 | |
with: | |
name: drop | |
path: | | |
**/libs/* | |
build/generated-pom.xml | |
build/generated-pom.xml.asc | |
build.gradle | |
gradlew | |
gradlew.bat | |
settings.gradle | |
gradle.properties | |
**/gradle/** | |
scripts/** | |
- name: GitHub Release | |
uses: softprops/action-gh-release@v2 | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
fail_on_unmatched_files: true | |
files: | | |
build/**/*.jar | |
validate-package-contents: | |
runs-on: ubuntu-latest | |
environment: ${{ contains(github.ref, 'refs/tags/v') && 'maven_central_release' || 'maven_central_snapshot' }} | |
defaults: | |
run: | |
working-directory: ./ | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Setup JDK | |
uses: actions/setup-java@v4 | |
with: | |
java-version: ${{ env.JAVA_VERSION }} | |
distribution: ${{ env.JAVA_DISTRIBUTION}} | |
cache: gradle | |
- name: Download file | |
run: .\scripts\decodeAndWrite.ps1 -encodedValue $env:ENCODED_VALUE -outputPath $env:OUTPUT_PATH | |
shell: pwsh | |
env: | |
ENCODED_VALUE: ${{ secrets.LOCAL_PROPERTIES }} | |
OUTPUT_PATH: 'local.properties' | |
- name: Download file | |
run: .\scripts\decodeAndWrite.ps1 -encodedValue $env:ENCODED_VALUE -outputPath $env:OUTPUT_PATH | |
shell: pwsh | |
env: | |
ENCODED_VALUE: ${{ secrets.SECRING_GPG }} | |
OUTPUT_PATH: '.\secring.gpg' | |
- name: Publish to local Maven cache for validation | |
run: ./gradlew --no-daemon publishToMavenLocal | |
- name: Get current SNAPSHOT version | |
shell: pwsh | |
run: | | |
$contents = Get-Content gradle.properties -Raw | |
$major = $contents | Select-String -Pattern 'mavenMajorVersion\s+= ([0-9]+)' | ForEach-Object { $_.Matches.Groups[1].Value } | |
$minor = $contents | Select-String -Pattern 'mavenMinorVersion\s+= ([0-9]+)' | ForEach-Object { $_.Matches.Groups[1].Value } | |
$patch = $contents | Select-String -Pattern 'mavenPatchVersion\s+= ([0-9]+)' | ForEach-Object { $_.Matches.Groups[1].Value } | |
$version = "$major.$minor.$patch-SNAPSHOT" | |
echo "Current version is $version" | |
echo "PACKAGE_VERSION=$version" >> $Env:GITHUB_ENV | |
- name: Inspect contents of local Maven cache | |
shell: pwsh | |
run: | | |
.\scripts\validatePackageContents.ps1 -ArtifactId microsoft-graph -Version $env:PACKAGE_VERSION |