From 6ec04c8d4a0f8711c31bbcc61db4aecdd2c39d1a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ullrich=20Sch=C3=A4fer?= Date: Fri, 11 Oct 2024 10:18:30 +0200 Subject: [PATCH] wip --- .github/workflows/changeset.yml | 25 ++--- .../gradle-dependency-submission.yml | 27 ------ .github/workflows/gradle-test.yml | 51 ---------- .github/workflows/gradle.yml | 95 +++++++++++++++++++ .gitignore | 3 + gradle-mvn-push.gradle | 17 ++-- scripts/publish-mvn.sh | 23 +++++ 7 files changed, 144 insertions(+), 97 deletions(-) delete mode 100644 .github/workflows/gradle-dependency-submission.yml delete mode 100644 .github/workflows/gradle-test.yml create mode 100644 .github/workflows/gradle.yml create mode 100755 scripts/publish-mvn.sh diff --git a/.github/workflows/changeset.yml b/.github/workflows/changeset.yml index d0096a6..d410547 100644 --- a/.github/workflows/changeset.yml +++ b/.github/workflows/changeset.yml @@ -3,13 +3,15 @@ on: push: branches: - main - - ullrich/add-changesets + - ullrich/publish-via-ci concurrency: ${{ github.workflow }}-${{ github.ref }} jobs: release: runs-on: ubuntu-latest + permissions: + contents: write # allows the action to create a release steps: - uses: actions/checkout@v4 with: @@ -19,15 +21,16 @@ jobs: with: node-version: 20 - - uses: bahmutov/npm-install@v1 + # - uses: bahmutov/npm-install@v1 - name: Create release PR or publish release - uses: changesets/action@v1 - with: - version: yarn changeset version - publish: yarn changeset publish - commit: 'chore: version package' - title: 'chore: version package' - createGithubReleases: true - env: - GITHUB_TOKEN: ${{ secrets.BELLA_ACTION_TOKEN }} \ No newline at end of file + run: echo "FAKE - RELEASE" + # uses: changesets/action@v1 + # with: + # version: yarn changeset version + # publish: yarn changeset publish + # commit: 'chore: version package' + # title: 'chore: version package' + # createGithubReleases: true + # env: + # GITHUB_TOKEN: ${{ secrets.BELLA_ACTION_TOKEN }} diff --git a/.github/workflows/gradle-dependency-submission.yml b/.github/workflows/gradle-dependency-submission.yml deleted file mode 100644 index ba97368..0000000 --- a/.github/workflows/gradle-dependency-submission.yml +++ /dev/null @@ -1,27 +0,0 @@ -name: Gradle Dependency Submission - -on: - push: - branches: [ "main" ] - -jobs: - dependency-submission: - runs-on: ubuntu-latest - permissions: - contents: write - - steps: - - uses: actions/checkout@v4 - - - name: Set up JDK 17 - uses: actions/setup-java@v4 - with: - java-version: '17' - distribution: 'temurin' - - # Generates and submits a dependency graph, enabling Dependabot Alerts for all project dependencies. - # See: https://github.com/gradle/actions/blob/main/dependency-submission/README.md - - name: Generate and submit dependency graph - uses: gradle/actions/dependency-submission@v4 - with: - cache-read-only: true diff --git a/.github/workflows/gradle-test.yml b/.github/workflows/gradle-test.yml deleted file mode 100644 index 9cd436d..0000000 --- a/.github/workflows/gradle-test.yml +++ /dev/null @@ -1,51 +0,0 @@ -name: Gradle Build and Tests - -on: - push: - branches: [ "main" ] - pull_request: - -jobs: - build-and-test: - runs-on: ubuntu-latest - permissions: - contents: read - checks: write - pull-requests: write - - steps: - - uses: actions/checkout@v4 - - - name: Set up JDK 17 - uses: actions/setup-java@v4 - with: - java-version: '17' - distribution: 'temurin' - - - name: Setup Gradle - uses: gradle/actions/setup-gradle@v4 - - - name: Adding Google Services - env: - DATA: ${{ secrets.GOOGLE_SERVICES }} - run: echo $DATA | base64 -di > ./example/google-services.json - - - name: Build with Gradle Wrapper - run: ./gradlew build - - - name: Test with Gradle Wrapper - run: ./gradlew test - - - name: Publish Test Report - uses: mikepenz/action-junit-report@v4 - if: success() || failure() # always run even if the previous step fails - with: - report_paths: '**/build/test-results/test*/TEST-*.xml' - - - name: Publish Lint Report - uses: yutailang0119/action-android-lint@v4 - if: success() || failure() # always run even if the previous step fails - with: - report-path: '**/build/reports/lint-results-*.xml' - ignore-warnings: false - continue-on-error: false # If annotations contain error of severity, action-android-lint exit 1. \ No newline at end of file diff --git a/.github/workflows/gradle.yml b/.github/workflows/gradle.yml new file mode 100644 index 0000000..ac1921c --- /dev/null +++ b/.github/workflows/gradle.yml @@ -0,0 +1,95 @@ +name: Gradle Build, Tests and Publish + +# Runs on Pull Requests and on the `main` branch after the `changeset` workflow ran (see `publish` job) +on: + workflow_run: + workflows: [ Changeset ] + types: + - completed + pull_request: + +jobs: + + build: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + + - name: Set up JDK 17 + uses: actions/setup-java@v4 + with: + java-version: '17' + distribution: 'temurin' + + - name: Setup Gradle + uses: gradle/actions/setup-gradle@v4 + + - name: Adding Google Services + env: + DATA: ${{ secrets.GOOGLE_SERVICES }} + run: echo $DATA | base64 -di > ./example/google-services.json + + - name: Build with Gradle Wrapper + run: echo "FAKE -- BUILD" + # run: ./gradlew build -xlint + + + test: + runs-on: ubuntu-latest + permissions: + checks: write + pull-requests: write + needs: [ "build" ] + steps: + - name: Test with Gradle Wrapper + run: echo "FAKE -- TEST" + # run: ./gradlew test + + # - name: Publish Test Report + # uses: mikepenz/action-junit-report@v4 + # if: success() || failure() # always run even if the previous step fails + # with: + # report_paths: '**/build/test-results/test*/TEST-*.xml' + + lint: + runs-on: ubuntu-latest + permissions: + checks: write + pull-requests: write + needs: [ "build" ] + steps: + - name: Lint with Gradle Wrapper + run: echo "FAKE -- LINT" + # run: ./gradlew lint + # - name: Publish Lint Report + # uses: yutailang0119/action-android-lint@v4 + # if: success() || failure() # always run even if the previous step fails + # with: + # report-path: '**/build/reports/lint-results-*.xml' + # ignore-warnings: false + # continue-on-error: false # If annotations contain error of severity, action-android-lint exit 1. + + + + publish: + runs-on: ubuntu-latest + needs: [ "build", "test", "lint" ] + steps: + - name: Publish to Maven + run: echo "FAKE - PUBLISH" + + dependency-submission: + runs-on: ubuntu-latest + permissions: + contents: write + + needs: ["publish"] # only submit dependencies for published releases + + steps: + # Generates and submits a dependency graph, enabling Dependabot Alerts for all project dependencies. + # See: https://github.com/gradle/actions/blob/main/dependency-submission/README.md + - name: Generate and submit dependency graph + run: echo "FAKE - DEPENDENCY SUBMISSION" + # uses: gradle/actions/dependency-submission@v4 + # with: + # cache-read-only: true diff --git a/.gitignore b/.gitignore index 2ff58e7..41d2c79 100644 --- a/.gitignore +++ b/.gitignore @@ -27,6 +27,9 @@ output.json # Google Services (e.g. APIs or Firebase) google-services.json +# Maven publishing secret +publish-mvn.asc + # Android Profiling *.hprof diff --git a/gradle-mvn-push.gradle b/gradle-mvn-push.gradle index fa01d36..43d6230 100644 --- a/gradle-mvn-push.gradle +++ b/gradle-mvn-push.gradle @@ -9,29 +9,27 @@ def isReleaseBuild() { } def getReleaseRepositoryUrl() { - return hasProperty('RELEASE_REPOSITORY_URL') ? RELEASE_REPOSITORY_URL - : "https://s01.oss.sonatype.org/service/local/staging/deploy/maven2/" + return findProperty('RELEASE_REPOSITORY_URL') ?: "https://s01.oss.sonatype.org/service/local/staging/deploy/maven2/" } def getSnapshotRepositoryUrl() { - return hasProperty('SNAPSHOT_REPOSITORY_URL') ? SNAPSHOT_REPOSITORY_URL - : "https://s01.oss.sonatype.org/content/repositories/snapshots/" + return findProperty('SNAPSHOT_REPOSITORY_URL') ?: "https://s01.oss.sonatype.org/content/repositories/snapshots/" } def getRepositoryUsername() { - return hasProperty('NEXUS_USERNAME') ? NEXUS_USERNAME : "" + return findProperty('NEXUS_USERNAME') ?: "" } def getRepositoryPassword() { - return hasProperty('NEXUS_PASSWORD') ? NEXUS_PASSWORD : "" + return findProperty('NEXUS_PASSWORD') ?: "" } def getGpgKey() { - return hasProperty('SIGNING_KEY') ? SIGNING_KEY : "" + return findProperty('SIGNING_KEY') ?: "" } def getGpgPassphrase() { - return hasProperty('PASSPHRASE') ? PASSPHRASE : "" + return findProperty('PASSPHRASE') ?: "" } def configurePom(pom) { @@ -92,6 +90,9 @@ afterEvaluate { project -> } signing { + logger.quiet('A message which is logged at QUIET level ' + + getRepositoryUsername()) + required { isReleaseBuild() } def gpgKey = getGpgKey() def gpgPassphrase = getGpgPassphrase() diff --git a/scripts/publish-mvn.sh b/scripts/publish-mvn.sh new file mode 100755 index 0000000..8db039b --- /dev/null +++ b/scripts/publish-mvn.sh @@ -0,0 +1,23 @@ +#!/usr/bin/env bash + +# make sure the script runs relative to the repo root +set -euo pipefail && cd "$(dirname "${BASH_SOURCE[0]}")/.." + +info() { printf "%s\n" "$*" >&1; } +error() { printf "%s\n" "$*" >&2; } +trap 'echo Changeset interrupted >&2; exit 2' INT TERM + + +info "Publishing via gradle publish task" +ORG_GRADLE_PROJECT_NEXUS_USERNAME="lol-yo" ./gradlew publish \ + -Psigning.secretKeyRingFile="../publish-mvn.asc \ + -Psigning.keyId="4AE5701C" \ + -Psigning.password="A/4DBzp2wAbmnSEip+Erb8Hx3oJckCYdbKxQgsvKE4MZa/iI6usCg2404wcOxPNC" + +# NEXUS_USERNAME=josuemontano +# NEXUS_PASSWORD=h5,K/9GC&gQZ;?>C=^:4 + +# 403DC5174AE5701C +# signing.keyId=4AE5701C +# signing.password=A/4DBzp2wAbmnSEip+Erb8Hx3oJckCYdbKxQgsvKE4MZa/iI6usCg2404wcOxPNC +# signing.secretKeyRingFile=/Users/ullrich/Projects/magicbell-android/foobar.gpg