ci: check dependencies on release preparation (#143) #3
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Prepare Release | |
| on: | |
| workflow_call: | |
| inputs: | |
| version: | |
| description: the version to be released. If it ends with '.0' a proper release is created, bugfix otherwise | |
| required: true | |
| type: string | |
| jobs: | |
| Dependency-Validation: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout$4 | |
| - name: check for restricted / rejected dependencies | |
| run: | | |
| grep -hs -e restricted -e rejected DEPENDENCIES > unacceptable-dependencies | |
| if [ -s unacceptable-dependencies ]; then | |
| echo "Some dependencies are not in the expected status:" | |
| cat unacceptable-dependencies | |
| fi | |
| Prepare-Release: | |
| needs: [ Dependency-Validation ] | |
| runs-on: ubuntu-latest | |
| outputs: | |
| RELEASE_REF: ${{ steps.commit-changes.outputs.RELEASE_REF }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: set release type | |
| shell: bash | |
| id: vars | |
| run: | | |
| type=bugfix | |
| if [[ ${{ inputs.version }} == *0 ]] | |
| then | |
| type=release | |
| fi | |
| echo "type=$type" >> $GITHUB_OUTPUT | |
| - uses: eclipse-edc/.github/.github/actions/set-project-version@main | |
| with: | |
| version: ${{ inputs.version }}-SNAPSHOT | |
| - name: Commit changes on ${{ steps.vars.outputs.type }}/${{ inputs.version }} branch | |
| shell: bash | |
| id: commit-changes | |
| run: | | |
| git config user.name "eclipse-edc-bot" | |
| git config user.email "[email protected]" | |
| RELEASE_REF=${{ steps.vars.outputs.type }}/${{ inputs.version }} | |
| git checkout -b $RELEASE_REF | |
| git add . | |
| git commit -m "Prepare ${{ steps.vars.outputs.type }} ${{ inputs.version }}" | |
| git push origin $RELEASE_REF | |
| echo "RELEASE_REF=$RELEASE_REF" >> $GITHUB_OUTPUT | |
| Bump-Main-Version: | |
| if: github.ref_name == 'main' | |
| needs: [ Prepare-Release ] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| ref: main | |
| - uses: eclipse-edc/.github/.github/actions/bump-version@main | |
| with: | |
| base_version: ${{ inputs.version }} | |
| Publish-Main-Snapshot: | |
| # publish snapshot artifacts for the next x.y.0 version | |
| if: github.ref_name == 'main' | |
| needs: [ Bump-Main-Version ] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| ref: main | |
| - uses: eclipse-edc/.github/.github/actions/publish-maven-artifacts@main | |
| with: | |
| gpg-private-key: ${{ secrets.ORG_GPG_PRIVATE_KEY }} | |
| gpg-passphrase: ${{ secrets.ORG_GPG_PASSPHRASE }} | |
| osshr-username: ${{ secrets.ORG_OSSRH_USERNAME }} | |
| osshr-password: ${{ secrets.ORG_OSSRH_PASSWORD }} | |
| Publish-Bugfix-Snapshot: | |
| # publish snapshot artifacts from the bugfix branch (RELEASE_REF) only for bugfix releases (that does not start from main) | |
| if: github.ref_name != 'main' | |
| needs: [ Prepare-Release ] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ needs.Prepare-Release.outputs.RELEASE_REF }} | |
| - uses: eclipse-edc/.github/.github/actions/publish-maven-artifacts@main | |
| with: | |
| gpg-private-key: ${{ secrets.ORG_GPG_PRIVATE_KEY }} | |
| gpg-passphrase: ${{ secrets.ORG_GPG_PASSPHRASE }} | |
| osshr-username: ${{ secrets.ORG_OSSRH_USERNAME }} | |
| osshr-password: ${{ secrets.ORG_OSSRH_PASSWORD }} | |