-
Notifications
You must be signed in to change notification settings - Fork 33
141 lines (136 loc) · 4.98 KB
/
ci-release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
---
name: 'CI - Release'
on:
pull_request: #FIXME: remove anything but workflow_dispatch
workflow_dispatch:
inputs:
releaseBranch:
description: 'The branch on which a release is based.'
required: false
default: master
releaseVersion:
description: 'Version to be used as tag and release'
required: true
default: X.Y.Z
developmentVersion:
description: 'Post-release Development version'
required: true
default: X.Y.Z-SNAPSHOT
permissions:
id-token: write # This is required for requesting the AWS IAM OIDC JWT
contents: read # This is required for actions/checkout
env:
# AWS Code Artifact Repository
CA_REPOSITORY: bfd-release-hackathon #FIXME
CA_DOMAIN: bfd-mgmt
BRANCH_REF: ${{ format('refs/heads/{0}', github.event.pull_request.head.ref) }}
jobs:
mvn-release:
runs-on: ubuntu-latest
steps:
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v2
with:
role-to-assume: ${{ secrets.GHA_AWS_IAM_ROLE_ARN }}
role-session-name: ci-release
aws-region: us-east-1
- name: Login to ECR
uses: aws-actions/amazon-ecr-login@v1
with:
mask-password: 'true'
- name: Dispatched Checkout
if: github.event_name == 'workflow_dispatch'
uses: actions/checkout@v3
with:
fetch-depth: 0
ref: ${{ inputs.releaseBranch }}
- name: Pull Checkout
if: github.event_name == 'pull_request'
uses: actions/checkout@v3
with:
fetch-depth: 0
ref: ${{ env.BRANCH_REF}}
- name: Setup JDK
uses: actions/setup-java@v3
with:
java-version: '17'
distribution: corretto
- name: Configure the git user
run: |
git config --global user.email "[email protected]"
git config --global user.name "GitHub Actions"
- name: Generate maven toolchain config
run: |
cat << EOF > ~/.m2/toolchains.xml
<toolchains>
<toolchain>
<type>jdk</type>
<provides>
<version>17</version>
<vendor>OpenJDK</vendor>
</provides>
<configuration>
<jdkHome>$JAVA_HOME</jdkHome>
</configuration>
</toolchain>
</toolchains>
EOF
- name: Set Authorization Token
#FIXME: Use non-hackathon domain/repository
run: >-
echo CODEARTIFACT_AUTH_TOKEN="$(aws codeartifact get-authorization-token
--domain "$CA_DOMAIN" --domain-owner ${{ secrets.AWS_ACCOUNT_ID }}
--query authorizationToken
--output text
--region us-east-1)" >> $GITHUB_ENV
- name: Get Repository Endpoint
run: >-
echo CA_REPOSITORY_ENDPOINT="$(aws codeartifact get-repository-endpoint
--domain "$CA_DOMAIN" --repository "$CA_REPOSITORY" --format maven
--query repositoryEndpoint --output text)" >> $GITHUB_ENV
- name: Configure additional maven settings.xml
run: |-
cat <<"EOF" > ~/.m2/settings.xml
<settings xmlns="http://maven.apache.org/settings/1.0.0" xmlns:xsi="http://www.w3.org/2001/xmlschema-instance"
xsi:schemalocation="http://maven.apache.org/settings/1.0.0 https://maven.apache.org/xsd/settings-1.0.0.xsd">
<servers>
<server>
<username>aws</username>
<password>${env.CODEARTIFACT_AUTH_TOKEN}</password>
<id>${env.CA_DOMAIN}-${env.CA_REPOSITORY}</id>
</server>
<server>
<id>github</id>
<username>${env.GITHUB_ACTOR}</username>
<password>${env.GITHUB_TOKEN}</password>
</server>
</servers>
</settings>
EOF
- name: Diagnostics
run: cat ~/.m2/settings.xml
#FIXME: Remove this PULL_REQUEST release
- name: 'Prepare and Perform PULL_REQUEST Release'
if: github.event_name == 'pull_request'
run: |-
mvn --batch-mode --activate-profiles test-release release:prepare release:perform
working-directory: ./apps
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: 'Prepare and Perform DISPATCHED Release'
if: github.event_name == 'workflow_dispatch'
run: |-
mvn --batch-mode --activate-profiles test-release \
-Dtag="$BFD_RELEASE" \
-DreleaseVersion="$BFD_RELEASE" \
-DdevelopmentVersion="$BFD_DEV_VERSION" \
release:prepare release:perform
working-directory: ./apps
env:
BFD_RELEASE: ${{ inputs.releaseVersion }}
BFD_DEV_VERSION: ${{ inputs.developmentVersion }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: 'Perform Exceptional Rollback'
if: failure()
run: mvn release:rollback
working-directory: ./apps