From 083829a3104154ddfb6cb9a9c04eec0c93378fb4 Mon Sep 17 00:00:00 2001 From: Chris Aslanoglou Date: Thu, 22 Jun 2023 00:23:40 +0300 Subject: [PATCH 1/5] chore: upgrade Maven publish plugin to 0.25.2 [no-jira] --- core/build.gradle.kts | 8 +------- gradle.properties | 6 ++++++ 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/core/build.gradle.kts b/core/build.gradle.kts index b5ff02a..e884c09 100644 --- a/core/build.gradle.kts +++ b/core/build.gradle.kts @@ -9,7 +9,7 @@ plugins { jacoco id("io.gitlab.arturbosch.detekt") id("org.jetbrains.dokka") version "1.5.31" - id("com.vanniktech.maven.publish") version "0.18.0" + id("com.vanniktech.maven.publish") version "0.25.2" id("org.jetbrains.kotlin.plugin.allopen") version "1.8.0" } @@ -103,9 +103,3 @@ apply(plugin = "com.vanniktech.maven.publish") tasks.dokkaHtml.configure { outputDirectory.set(buildDir.resolve("dokka-html")) } - -plugins.withId("com.vanniktech.maven.publish") { - mavenPublish { - sonatypeHost = com.vanniktech.maven.publish.SonatypeHost.S01 - } -} diff --git a/gradle.properties b/gradle.properties index d53c87a..9f62266 100644 --- a/gradle.properties +++ b/gradle.properties @@ -18,3 +18,9 @@ jacksonVersion=2.14.1 # Slf4j properties slf4jVersion=2.0.5 + +# Publish plugin configuration +# https://vanniktech.github.io/gradle-maven-publish-plugin/central/#publishing-releases +SONATYPE_HOST=S01 +RELEASE_SIGNING_ENABLED=true +SONATYPE_AUTOMATIC_RELEASE=true From 37c033fe86a82bdb65ffa08bc3d32f635c05dc96 Mon Sep 17 00:00:00 2001 From: Chris Aslanoglou Date: Wed, 22 Mar 2023 10:45:18 +0200 Subject: [PATCH 2/5] chore(ci): Add release pipeline We can now release a new artifact by pushing a tag. In upcoming commits, this will be simplified to releasing upon a commit bumping the library version. [no-jira] --- .github/workflows/release.yml | 30 ++++++++++++++++++++++++++++++ core/build.gradle.kts | 8 ++++++++ 2 files changed, 38 insertions(+) create mode 100644 .github/workflows/release.yml diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..f66cdbc --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,30 @@ +name: Release +on: + push: + tags: + - '*' +jobs: + release-core: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + with: + ref: ${{ github.ref }} + - name: Setup Java + uses: actions/setup-java@v3 + with: + java-version: 17.0.1 + distribution: 'zulu' + - name: Build and test + run: ./gradlew core:build + - name: Publish package + uses: gradle/gradle-build-action@v2.4.2 + env: + # https://docs.gradle.org/current/userguide/signing_plugin.html#sec:in-memory-keys + ORG_GRADLE_PROJECT_signingKey: ${{ secrets.SIGNING_KEY }} + ORG_GRADLE_PROJECT_signingPassword: ${{ secrets.SIGNING_PASSWORD }} + ORG_GRADLE_PROJECT_mavenCentralUsername: ${{ secrets.SONATYPE_USERNAME }} + ORG_GRADLE_PROJECT_mavenCentralPassword: ${{ secrets.SONATYPE_PASSWORD }} + with: + arguments: core:publishAllPublicationsToMavenCentral --no-configuration-cache diff --git a/core/build.gradle.kts b/core/build.gradle.kts index e884c09..9a26aca 100644 --- a/core/build.gradle.kts +++ b/core/build.gradle.kts @@ -103,3 +103,11 @@ apply(plugin = "com.vanniktech.maven.publish") tasks.dokkaHtml.configure { outputDirectory.set(buildDir.resolve("dokka-html")) } + +signing { + // This is required to allow using the signing key via the CI in ASCII armored format. + // https://docs.gradle.org/current/userguide/signing_plugin.html#sec:in-memory-keys + val signingKey: String? by project + val signingPassword: String? by project + useInMemoryPgpKeys(signingKey, signingPassword) +} From a7f043b6e8b2c4ea0caed49b7ed2d1450d109960 Mon Sep 17 00:00:00 2001 From: Chris Aslanoglou Date: Mon, 26 Jun 2023 17:45:58 +0300 Subject: [PATCH 3/5] chore: Update README instructions for publishing Due to the upgrade of the `com.vanniktech.maven.publish` plugin and our configuration, the release process has been simplified to a command. [no-jira] --- README.md | 35 ++++++++++++++++++++++++++--------- 1 file changed, 26 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index 7934f0c..02b9ce6 100644 --- a/README.md +++ b/README.md @@ -209,11 +209,32 @@ implementation(files("../../../transactional-outbox/core/build/libs/core-x.y.z.j ``` ## Publishing -* Bump version in `gradle.properties` of `core` module. +Firstly, bump version in `gradle.properties` of `core` module, commit and push a PR. Once it gets merged, follow one of the two options below. + + +Now, you can either: +1. publish via GitHub, or +2. locally from your machine + +### Publish via GitHub +Using this method has the benefit of not having to provide any secrets whatsoever. +Simply, push a git tag **after** a PR is merged, which will trigger the +[release.yml](.github/workflows/release.yml) pipeline. +Said pipeline, will publish the artifact. + +Please note that this will be automated in future work. + +#### Tag formatting +To tag, please follow a format like `v0.4.0`, that is prefixed with `v` and the version number of the artifact you're +about to release. + +### Publish via your workstation + +* Having built the artifact * Execute the following to upload artifact: ```shell -$ ./gradlew :core:publish \ - --no-daemon --no-parallel \ +$ ./gradlew publishAllPublicationsToMavenCentral \ + --no-configuration-cache \ -Psigning.secretKeyRingFile= \ -Psigning.password= \ -Psigning.keyId= \ @@ -221,12 +242,8 @@ $ ./gradlew :core:publish \ -PmavenCentralPassword= ``` -After this operation finishes, you can promote the artifact to be released with: -```shell -$ ./gradlew closeAndReleaseRepository \ - -PmavenCentralUsername= \ - -PmavenCentralPassword= -``` +Note that if you maintain the properties above (`-P`) in your local `gradle.properties` file, you can omit them from the +command. ## Maintainers From 01524bdc1234c8ee5b5cb1161018706934ff0739 Mon Sep 17 00:00:00 2001 From: Chris Aslanoglou Date: Mon, 26 Jun 2023 23:17:36 +0300 Subject: [PATCH 4/5] chore(release): restrict releases to tags incl. refs merged in main [no-jira] --- .github/workflows/release.yml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index f66cdbc..4e26b73 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -11,6 +11,17 @@ jobs: uses: actions/checkout@v3 with: ref: ${{ github.ref }} + - name: Issue a release only if a tag is based on a merged commit in `main` branch + run: | + tag_commit=$(git rev-parse ${{ github.ref }}) + merged_commit=$(git rev-parse main) + + if git merge-base --is-ancestor $tag_commit $merged_commit; then + echo "Tag is based on a merged commit in the main branch" + else + echo "Tag is not based on a merged commit in the main branch. Exiting." + exit 0 + fi - name: Setup Java uses: actions/setup-java@v3 with: From c269904cdd740c518be4b94f21b758412c55d0bf Mon Sep 17 00:00:00 2001 From: Chris Aslanoglou Date: Mon, 26 Jun 2023 23:42:19 +0300 Subject: [PATCH 5/5] chore(release): enforce pattern of tag name [no-jira] --- .github/workflows/release.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 4e26b73..65bb166 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -22,6 +22,12 @@ jobs: echo "Tag is not based on a merged commit in the main branch. Exiting." exit 0 fi + - name: Check tag name pattern follows `vX.Y.Z` + run: | + if [[ ! "$GITHUB_REF" =~ ^refs/tags/v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then + echo "Tag name does not match the pattern 'vX.Y.Z'. Exiting." + exit 0 + fi - name: Setup Java uses: actions/setup-java@v3 with: