Skip to content
ReleasePublished

3.70.0 #301

Sign in to view logs

3.70.0

3.70.0 #301

Workflow file for this run

.github/workflows/releasepublished.yml at 24e3329
# This workflow triggers when a new release has been made.
name: ReleasePublished
# Controls when the action will run.
on:
# Triggers the workflow on push or pull request events but only for the main branch
release:
types: [released]
# Allows you to run this workflow manually from the Actions tab.
workflow_dispatch:
inputs:
release:
description: 'Release version number ("latest" or "v1.35.0")'
required: true
default: latest
# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
# This workflow contains a single job called "build"
build:
# NOTE: If this runs in an environment, set this value (where "MC-Action" is the environment name)
# environment: MC-Action
# The type of runner that the job will run on
runs-on: ubuntu-latest
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
- name: Report the parameters
run: |
echo "GITHUB_REF is \"$GITHUB_REF\""
echo "GITHUB_SHA is \"$GITHUB_SHA\""
echo "inputs.release is \"${{github.event.inputs.release}}\""
if [ -z "${{github.event.inputs.release}}" ]; then
echo "Release not set manually, using GITHUB_REF"
export RELEASE=`echo "$GITHUB_REF" | sed "s#refs/tags/##"`
else
echo "Release set manually, using inputs.release"
export RELEASE=${{github.event.inputs.release}}
fi
echo "Release is $RELEASE"
pat="^v.*"
if [ "$RELEASE" = "latest" ]; then
echo "Using latest release"
elif [[ $RELEASE =~ $pat ]]; then
echo "Specified '$RELEASE' as release"
else
echo "Unsupported release, should be 'latest' or something like 'v1.35.0'; was '$RELEASE'"
exit 1
fi
echo "Repo name not set manually, using '${GITHUB_REPOSITORY}'"
export REPO=${GITHUB_REPOSITORY}
export FILE_NAME_PART="individual-modules.zip"
echo "RELEASE=$RELEASE" >> $GITHUB_ENV
echo "REPO=$REPO" >> $GITHUB_ENV
echo "FILE_NAME_PART=$FILE_NAME_PART" >> $GITHUB_ENV
- name: Check credentials
run: |
set -e
echo "Checking SonaType PORTAL_ACCESS_TOKEN"
curl --fail -H "Accept:application/json" -H "Authorization: Bearer ${{ secrets.PORTAL_ACCESS_TOKEN }}" 'https://ossrh-staging-api.central.sonatype.com/manual/search/repositories?state=open'
echo "Checking GitHub ACCESS_TOKEN"
curl -f -H "Authorization: Bearer ${{ secrets.ACCESS_TOKEN }}" -H 'Accept: application/vnd.github.v3.raw' -s https://api.github.com/repos/$REPO > /dev/null
- name: Configure GPG key
env:
MCKEY: ${{ secrets.MCKEY }}
run: |
mkdir -p ~/.gnupg/
chown -R $(whoami) ~/.gnupg/
chmod 700 ~/.gnupg
gpg --version
echo "MCKEY is '$MCKEY'"
if [ -z ${MCKEY+x} ]; then echo "MCKEY is unset"; else echo "MCKEY is set to '$MCKEY'"; fi
printf "$MCKEY" | base64 --decode > ~/.gnupg/mckey_private.key
ls ~/.gnupg
gpg --import ~/.gnupg/mckey_private.key
gpg --list-keys
- name: Install packages
run: |
sudo apt-get install -y jq
shell: bash
- name: Download the release asset
env:
ACCESS_TOKEN: ${{ secrets.ACCESS_TOKEN }}
run: |
sleep 900
if [ "$RELEASE" = "latest" ]; then
echo "Using latest release"
set +e
curl -f -H "Authorization: Bearer $ACCESS_TOKEN" -H 'Accept: application/vnd.github.v3.raw' -s https://api.github.com/repos/$REPO/releases > releases.json
result="$?"
if [ "$result" -ne 0 ]; then
echo "curl returned '$result': Bad access token or repo (was '$REPO')"
exit $result
fi
asset_id=`cat releases.json | jq ".[0].assets | map(select(.name|test(\"$FILE_NAME_PART\")))[0].id"`
result="$?"
if [ "$result" -ne 0 ]; then
echo "jq returned '$result': No releases or bad file (was '$FILE_NAME_PART')"
cat releases.json
exit $result
fi
if [ "$asset_id" == "null" ]; then
echo "jq returned asset id '$asset_id': No releases or bad file (was '$FILE_NAME_PART')"
cat releases.json
exit 1
fi
set -e
else
echo "Using release $RELEASE"
set +e
curl -f -H "Authorization: Bearer $ACCESS_TOKEN" -H 'Accept: application/vnd.github.v3.raw' -s https://api.github.com/repos/$REPO/releases > releases.json
result="$?"
if [ "$result" -ne 0 ]; then
echo "curl returned '$result': Bad access token or repo (was '$REPO')"
exit $result
fi
asset_id=`cat releases.json | jq ". | map(select(.tag_name == \"$RELEASE\"))[0].assets | map(select(.name|test(\"$FILE_NAME_PART\")))[0].id"`
result="$?"
if [ "$result" -ne 0 ]; then
echo "jq returned '$result': Bad release (was '$RELEASE') or bad file (was '$FILE_NAME_PART')"
cat releases.json
exit $result
fi
if [ "$asset_id" == "null" ]; then
echo "jq returned asset id '$asset_id': Bad release (was '$RELEASE') or bad file (was '$FILE_NAME_PART')"
cat releases.json
exit 1
fi
set -e
fi
echo "Asset id for release $RELEASE file $FILE_NAME_PART is $asset_id"
wget --header='Accept:application/octet-stream' https://api.github.com/repos/$REPO/releases/assets/$asset_id -O asset.zip
- name: Examine asset
run: |
ls
mkdir unpacked
cd unpacked
unzip -q ../asset.zip
head CHANGELOG.md
- name: GPG sign all Maven files
run: |
cd unpacked/maven
find . -type f -not -name \*.asc | xargs -n 1 -I % gpg --output %.asc --detach-sig %
- name: Checksum all Maven files
run: |
cd unpacked/maven
find . -type f -not -name \*.asc -not -name \*.md5 -not -name \*.sha1 | xargs -n 1 -I % sh -c "md5sum % | cut -d' ' -f1 > %.md5"
find . -type f -not -name \*.asc -not -name \*.md5 -not -name \*.sha1 | xargs -n 1 -I % sh -c "sha1sum % | cut -d' ' -f1 > %.sha1"
find .
- name: Staging artifacts in SonaType
run: |
# Code mostly by mezzargh
set -e
WD=`pwd`
# we use the description field for cross identification between APIs (I could not find an alternative yet), so we can fetch correct repo for promotion.
START_XML=$(cat << EOF
<promoteRequest>
<data>
<description>${{github.repository}}-${{github.run_id}}-${{github.run_attempt}}</description>
</data>
</promoteRequest>
EOF
)
printf "$START_XML" > start.xml
ls -lahn
cat start.xml
cd unpacked/maven/repository
cp $WD/start.xml start.xml
cat start.xml
curl -sS --fail -v -X POST -d @start.xml -H "Content-Type:application/xml" -H "Authorization: Bearer ${{ secrets.PORTAL_ACCESS_TOKEN }}" https://ossrh-staging-api.central.sonatype.com/service/local/staging/profiles/b39883a429024e/start -o $WD/finish.xml
rm start.xml
curl --fail -H "Accept:application/json" -H "Authorization: Bearer ${{ secrets.PORTAL_ACCESS_TOKEN }}" 'https://ossrh-staging-api.central.sonatype.com/manual/search/repositories?state=open' -o results.json
SELECTOR="${{github.repository}}-${{github.run_id}}-${{github.run_attempt}}"
repository_namespace=`cat results.json | jq -jr --arg SELECTOR $SELECTOR ".repositories[] | select(.description == \"$SELECTOR\").key" | jq -jRrs "@uri"`
echo $repository_namespace
rm results.json
ls -lahn $WD
cat $WD/finish.xml
staging_dir=$(echo $(awk -F '[<>]' '/stagedRepositoryId/{print $3}' $WD/finish.xml))
rm $WD/finish.xml
echo "Staging dir is '${staging_dir}'"
find . -type f | sed -E s'@./@@' | grep -v start.xml > $WD/artifacts.list
ls -lahn $WD
echo "Uploading $(wc -l $WD/artifacts.list | sed "s/^ *\([0-9]*\) .*$/\1/") artifacts"
awk '{printf "%5d\t%s\n", NR, $0}' < $WD/artifacts.list
cat $WD/artifacts.list | xargs -n 1 -I {} curl -sS --fail -H "Authorization: Bearer ${{ secrets.PORTAL_ACCESS_TOKEN }}" --upload-file {} https://ossrh-staging-api.central.sonatype.com/service/local/staging/deployByRepositoryId/${staging_dir}/{}
curl -s -X POST -H "Accept:application/json" -H "Authorization: Bearer ${{ secrets.PORTAL_ACCESS_TOKEN }}" https://ossrh-staging-api.central.sonatype.com/manual/upload/repository/${repository_namespace}?publishing_type=user_managed
while [[ $(curl -sS --fail -H "Accept:application/json" -H "Authorization: Bearer ${{ secrets.PORTAL_ACCESS_TOKEN }}" 'https://ossrh-staging-api.central.sonatype.com/manual/search/repositories' | jq -r ".repositories[] | select(.description == \"$SELECTOR\").portal_deployment_id") == "null" ]]; do
echo "Waiting for deployment ID...";
curl -s -X POST -H "Accept:application/json" -H "Authorization: Bearer ${{ secrets.PORTAL_ACCESS_TOKEN }}" https://ossrh-staging-api.central.sonatype.com/manual/upload/repository/$repository_namespace?publishing_type=user_managed;
sleep 5;
done
curl -sS --fail -H "Accept:application/json" -H "Authorization: Bearer ${{ secrets.PORTAL_ACCESS_TOKEN }}" 'https://ossrh-staging-api.central.sonatype.com/manual/search/repositories' -o final_result.json
portal_id=`cat final_result.json | jq -jr ".repositories[] | select(.description == \"$SELECTOR\").portal_deployment_id"`
echo "Closing OSSRH staging repo $repository_namespace, and continueing with Portal APIs"
echo "Promotion to Portal deployment staging '$portal_id' is pending ...";
while [[ $(curl -sS -X 'POST' -H 'Accept:application/json' -H "Authorization: Bearer ${{ secrets.PORTAL_ACCESS_TOKEN }}" "https://central.sonatype.com/api/v1/publisher/status?id=$portal_id" | jq -r '.deploymentState') == "PENDING" ]]; do
echo "..."
sleep 5;
done
echo "Validing Portal deployement ...";
while [[ $(curl -sS -X 'POST' -H 'Accept:application/json' -H "Authorization: Bearer ${{ secrets.PORTAL_ACCESS_TOKEN }}" "https://central.sonatype.com/api/v1/publisher/status?id=$portal_id" | jq -r '.deploymentState') == "VALIDATING" ]]; do
echo "..."
sleep 5;
done
echo "Dropping OSSRH staging repo: $repository_namespace"
curl -sS -X 'DELETE' -H "Authorization: Bearer ${{ secrets.PORTAL_ACCESS_TOKEN }}" https://ossrh-staging-api.central.sonatype.com/manual/drop/repository/$repository_namespace
curl -sS -X 'POST' -H 'Accept:application/json' -H "Authorization: Bearer ${{ secrets.PORTAL_ACCESS_TOKEN }}" "https://central.sonatype.com/api/v1/publisher/status?id=$portal_id" | jq -e 'if .deploymentState == "FAILED" then error(.errors | tostring) else .deploymentState end'
echo "Portal Staging repository: https://central.sonatype.com/api/v1/publisher/deployment/$portal_id/download/"