-
Notifications
You must be signed in to change notification settings - Fork 56
140 lines (128 loc) · 5.13 KB
/
publish.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
#################################################################################
# Copyright (c) 2023 ZF Friedrichshafen AG
# Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH
# Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
# Copyright (c) 2021,2023 Contributors to the Eclipse Foundation
#
# See the NOTICE file(s) distributed with this work for additional
# information regarding copyright ownership.
#
# This program and the accompanying materials are made available under the
# terms of the Apache License, Version 2.0 which is available at
# https://www.apache.org/licenses/LICENSE-2.0.
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# SPDX-License-Identifier: Apache-2.0
#################################################################################
---
name: "Publish Artefacts"
on:
workflow_run:
workflows: [ "Run-All-Tests" ]
branches:
- main
- releases
- release/*
- hotfix/*
types:
- completed
release:
types:
- published
workflow_dispatch:
concurrency:
# cancel only running jobs on pull requests
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
jobs:
secret-presence:
runs-on: ubuntu-latest
outputs:
DOCKER_HUB_TOKEN: ${{ steps.secret-presence.outputs.DOCKER_HUB_TOKEN }}
HAS_OSSRH: ${{ steps.secret-presence.outputs.HAS_OSSRH }}
HAS_SWAGGER: ${{ steps.secret-presence.outputs.HAS_SWAGGER }}
steps:
- name: Check whether secrets exist
id: secret-presence
run: |
[ ! -z "${{ secrets.DOCKER_HUB_TOKEN }}" ] && echo "DOCKER_HUB_TOKEN=true" >> $GITHUB_OUTPUT
[ ! -z "${{ secrets.ORG_GPG_PASSPHRASE }}" ] &&
[ ! -z "${{ secrets.ORG_GPG_PRIVATE_KEY }}" ] &&
[ ! -z "${{ secrets.ORG_OSSRH_USERNAME }}" ] &&
[ ! -z "${{ secrets.ORG_OSSRH_PASSWORD }}" ] && echo "HAS_OSSRH=true" >> $GITHUB_OUTPUT
[ ! -z "${{ secrets.SWAGGERHUB_API_KEY }}" ] &&
[ ! -z "${{ secrets.SWAGGERHUB_USER }}" ] && echo "HAS_SWAGGER=true" >> $GITHUB_OUTPUT
exit 0
build-docker-images:
name: "Create Docker Images"
runs-on: ubuntu-latest
needs: [ secret-presence ]
if: |
needs.secret-presence.outputs.DOCKER_HUB_TOKEN
strategy:
fail-fast: false
matrix:
variant: [ { dir: edc-controlplane, img: edc-runtime-memory },
{ dir: edc-controlplane, img: edc-controlplane-postgresql-hashicorp-vault },
{ dir: edc-controlplane, img: edc-controlplane-postgresql-azure-vault },
{ dir: edc-dataplane, img: edc-dataplane-azure-vault },
{ dir: edc-dataplane, img: edc-dataplane-hashicorp-vault } ]
permissions:
contents: write
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/publish-docker-image
name: Publish ${{ matrix.variant.img }}
with:
docker_tag: ${{ needs.release-version.outputs.RELEASE_VERSION }}
rootDir: ${{ matrix.variant.dir }}/${{ matrix.variant.img }}
imagename: ${{ matrix.variant.img }}
docker_user: ${{ secrets.DOCKER_HUB_USER }}
docker_token: ${{ secrets.DOCKER_HUB_TOKEN }}
do_push: ${{ github.event_name != 'pull_request' }}
publish-to-sonatype:
name: "Publish artefacts to OSSRH Snapshots / MavenCentral"
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
needs: [ secret-presence ]
# do not run on PR branches, do not run on releases
if: |
needs.secret-presence.outputs.HAS_OSSRH && github.event_name != 'pull_request' && github.ref != 'refs/heads/releases'
steps:
# Set-Up
- uses: actions/checkout@v4
# Import GPG Key
- uses: ./.github/actions/import-gpg-key
name: "Import GPG Key"
with:
gpg-private-key: ${{ secrets.ORG_GPG_PRIVATE_KEY }}
- uses: ./.github/actions/setup-java
# publish snapshots or releases
- name: Publish version
env:
OSSRH_PASSWORD: ${{ secrets.ORG_OSSRH_PASSWORD }}
OSSRH_USER: ${{ secrets.ORG_OSSRH_USERNAME }}
run: |-
VERSION=$(./gradlew properties -q | grep "version:" | awk '{print $2}')
cmd=""
if [[ $VERSION != *-SNAPSHOT ]]
then
cmd="closeAndReleaseSonatypeStagingRepository";
fi
echo "Publishing Version $VERSION to Sonatype"
./gradlew publishToSonatype ${cmd} --no-parallel -Pversion=$VERSION -Psigning.gnupg.executable=gpg -Psigning.gnupg.passphrase="${{ secrets.ORG_GPG_PASSPHRASE }}"
publish-to-swaggerhub:
name: "Publish OpenAPI spec to Swaggerhub"
permissions:
contents: read
needs: [ secret-presence ]
if: needs.secret-presence.outputs.HAS_SWAGGER
uses: ./.github/workflows/publish-swaggerhub.yaml
secrets: inherit