95 lines
3.5 KiB
YAML
95 lines
3.5 KiB
YAML
# Expected secrets
|
|
# MAVEN_CENTRAL_USERNAME - Username for Maven Central.
|
|
# MAVEN_CENTRAL_PASSWORD - Password for Maven Central.
|
|
# MAVEN_SIGNING_KEY_ASCII - GPG key without a password which has ASCII-armored and then BASE64-encoded.
|
|
|
|
name: Deploy Release
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
|
|
concurrency: deploy_release
|
|
|
|
jobs:
|
|
validate_gradle_wrapper:
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
contents: read
|
|
steps:
|
|
- name: Checkout
|
|
timeout-minutes: 1
|
|
uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
|
|
# Gradle Wrapper validation can be flaky
|
|
# https://github.com/gradle/wrapper-validation-action/issues/40
|
|
- name: Gradle Wrapper Validation
|
|
timeout-minutes: 1
|
|
uses: gradle/wrapper-validation-action@e6e38bacfdf1a337459f332974bb2327a31aaf4b
|
|
|
|
check_secrets:
|
|
environment: deployment
|
|
permissions:
|
|
contents: read
|
|
runs-on: ubuntu-latest
|
|
outputs:
|
|
has-secrets: ${{ steps.check_secrets.outputs.defined }}
|
|
steps:
|
|
- id: check_secrets
|
|
env:
|
|
MAVEN_CENTRAL_USERNAME: ${{ secrets.MAVEN_CENTRAL_USERNAME }}
|
|
MAVEN_CENTRAL_PASSWORD: ${{ secrets.MAVEN_CENTRAL_PASSWORD }}
|
|
MAVEN_SIGNING_KEY: ${{ secrets.MAVEN_SIGNING_KEY_ASCII }}
|
|
if: "${{ env.MAVEN_CENTRAL_USERNAME != '' && env.MAVEN_CENTRAL_PASSWORD != '' && env.MAVEN_SIGNING_KEY != '' }}"
|
|
run: echo "::set-output name=defined::true"
|
|
|
|
deploy_release:
|
|
environment: deployment
|
|
if: needs.check_secrets.outputs.has-secrets == 'true'
|
|
needs: [validate_gradle_wrapper, check_secrets]
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
contents: read
|
|
steps:
|
|
- name: Checkout
|
|
timeout-minutes: 1
|
|
uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
|
|
- name: Setup
|
|
id: setup
|
|
timeout-minutes: 30
|
|
uses: ./.github/actions/setup
|
|
# While not strictly necessary, this sanity checks the build before attempting to upload.
|
|
# This adds minimal additional build time, since most of the work is cached and re-used
|
|
# in the next step.
|
|
- name: Deploy to Maven Local
|
|
timeout-minutes: 25
|
|
env:
|
|
ORG_GRADLE_PROJECT_IS_SNAPSHOT: false
|
|
ORG_GRADLE_PROJECT_ZCASH_ASCII_GPG_KEY: ${{ secrets.MAVEN_SIGNING_KEY_ASCII }}
|
|
run: |
|
|
./gradlew publishAllPublicationsToMavenLocalRepository --no-parallel
|
|
- name: Deploy to Maven Central
|
|
timeout-minutes: 5
|
|
env:
|
|
ORG_GRADLE_PROJECT_ZCASH_MAVEN_PUBLISH_USERNAME: ${{ secrets.MAVEN_CENTRAL_USERNAME }}
|
|
ORG_GRADLE_PROJECT_ZCASH_MAVEN_PUBLISH_PASSWORD: ${{ secrets.MAVEN_CENTRAL_PASSWORD }}
|
|
ORG_GRADLE_PROJECT_ZCASH_ASCII_GPG_KEY: ${{ secrets.MAVEN_SIGNING_KEY_ASCII }}
|
|
ORG_GRADLE_PROJECT_IS_SNAPSHOT: false
|
|
run: |
|
|
./gradlew publishAllPublicationsToMavenCentralRepository --no-parallel
|
|
- name: Collect Artifacts
|
|
timeout-minutes: 1
|
|
if: ${{ always() }}
|
|
env:
|
|
ARTIFACTS_DIR_PATH: ${{ format('{0}/artifacts', env.home) }}
|
|
BINARIES_ZIP_PATH: ${{ format('{0}/artifacts/release_binaries.zip', env.home) }}
|
|
run: |
|
|
mkdir ${ARTIFACTS_DIR_PATH}
|
|
|
|
zip -r ${BINARIES_ZIP_PATH} . -i *build/libs/*
|
|
- name: Upload Artifacts
|
|
if: ${{ always() }}
|
|
uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8
|
|
timeout-minutes: 1
|
|
with:
|
|
name: Release binaries
|
|
path: ~/artifacts
|