|
20 | 20 | jobs: |
21 | 21 | # This workflow contains a single job called "build" |
22 | 22 | build: |
23 | | - # TODO: If this runs in an environment, set this value |
| 23 | + # NOTE: If this runs in an environment, set this value (where "MC-Action" is the environment name) |
24 | 24 | # environment: MC-Action |
25 | 25 |
|
26 | 26 | # The type of runner that the job will run on |
@@ -56,11 +56,17 @@ jobs: |
56 | 56 | echo "RELEASE=$RELEASE" >> $GITHUB_ENV |
57 | 57 | echo "REPO=$REPO" >> $GITHUB_ENV |
58 | 58 | echo "FILE_NAME_PART=$FILE_NAME_PART" >> $GITHUB_ENV |
59 | | - - name: Configure GPG Key |
| 59 | + - name: Check credentials |
| 60 | + run: | |
| 61 | + set -e |
| 62 | + echo "Checking SonaType SONATYPE_BASIC_AUTH_CREDENTIALS" |
| 63 | + curl --fail -X GET -H "Content-Type:application/xml" -u "${{ secrets.SONATYPE_BASIC_AUTH_CREDENTIALS }}" https://oss.sonatype.org/service/local/staging/profiles/b39883a429024e > /dev/null |
| 64 | + echo "Checking GitHub ACCESS_TOKEN" |
| 65 | + curl -f -H "Authorization: Bearer ${{ secrets.ACCESS_TOKEN }}" -H 'Accept: application/vnd.github.v3.raw' -s https://api.github.com/repos/$REPO > /dev/null |
| 66 | + - name: Configure GPG key |
60 | 67 | env: |
61 | 68 | MCKEY: ${{ secrets.MCKEY }} |
62 | 69 | run: | |
63 | | - set -x |
64 | 70 | mkdir -p ~/.gnupg/ |
65 | 71 | chown -R $(whoami) ~/.gnupg/ |
66 | 72 | chmod 700 ~/.gnupg |
|
71 | 77 | ls ~/.gnupg |
72 | 78 | gpg --import ~/.gnupg/mckey_private.key |
73 | 79 | gpg --list-keys |
| 80 | + - name: Install packages |
| 81 | + run: | |
| 82 | + sudo apt-get install -y jq |
| 83 | + shell: bash |
74 | 84 | - name: Download the release asset |
75 | 85 | env: |
76 | 86 | ACCESS_TOKEN: ${{ secrets.ACCESS_TOKEN }} |
@@ -122,16 +132,57 @@ jobs: |
122 | 132 | fi |
123 | 133 | echo "Asset id for release $RELEASE file $FILE_NAME_PART is $asset_id" |
124 | 134 | wget -q --header="Authorization: Bearer $ACCESS_TOKEN" --auth-no-challenge --header='Accept:application/octet-stream' https://api.github.com/repos/$REPO/releases/assets/$asset_id -O asset.zip |
125 | | - - name: Examine artifact |
| 135 | + - name: Examine asset |
126 | 136 | run: | |
127 | 137 | ls |
128 | 138 | mkdir unpacked |
129 | 139 | cd unpacked |
130 | 140 | unzip -q ../asset.zip |
| 141 | + head CHANGELOG.md |
131 | 142 | find . |
132 | 143 | - name: GPG sign all Maven files |
133 | 144 | run: | |
134 | | - set -x |
135 | 145 | cd unpacked/maven |
136 | 146 | find . -type f -not -name \*.asc | xargs -n 1 -I % gpg --output %.asc --detach-sig % |
137 | 147 | find . |
| 148 | + - name: Checksum all Maven files |
| 149 | + run: | |
| 150 | + cd unpacked/maven |
| 151 | + find . -type f -not -name \*.asc -not -name \*.md5 -not -name \*.sha1 | xargs -n 1 -I % sh -c "md5sum % | cut -d' ' -f1 > %.md5" |
| 152 | + find . -type f -not -name \*.asc -not -name \*.md5 -not -name \*.sha1 | xargs -n 1 -I % sh -c "sha1sum % | cut -d' ' -f1 > %.sha1" |
| 153 | + find . |
| 154 | + - name: Staging artifacts in SonaType |
| 155 | + run: | |
| 156 | + # Code mostly by mezzargh |
| 157 | + set -x |
| 158 | + set -e |
| 159 | + WD=`pwd` |
| 160 | + START_XML=$(cat << EOF |
| 161 | + <promoteRequest> |
| 162 | + <data> |
| 163 | + <description>Publish ${GITHUB_REPOSITORY} ${RELEASE} Artifacts</description> |
| 164 | + </data> |
| 165 | + </promoteRequest> |
| 166 | + EOF |
| 167 | + ) |
| 168 | + printf "$START_XML" > start.xml |
| 169 | + ls -lahn |
| 170 | + cat start.xml |
| 171 | + cd unpacked/maven/repository |
| 172 | + cp $WD/start.xml start.xml |
| 173 | + cat start.xml |
| 174 | + curl --fail -v -X POST -d @start.xml -H "Content-Type:application/xml" -u "${{ secrets.SONATYPE_BASIC_AUTH_CREDENTIALS }}" https://oss.sonatype.org/service/local/staging/profiles/b39883a429024e/start -o $WD/finish.xml |
| 175 | + rm start.xml |
| 176 | + ls -lahn $WD |
| 177 | + cat $WD/finish.xml |
| 178 | + staging_dir=$(echo $(awk -F '[<>]' '/stagedRepositoryId/{print $3}' $WD/finish.xml)) |
| 179 | + echo "Staging dir is '${staging_dir}'" |
| 180 | + find . -type f | sed -E s'@./@@' | grep -v start.xml > $WD/artifacts.list |
| 181 | + ls -lahn $WD |
| 182 | + echo "Uploading $(wc -l $WD/artifacts.list | sed "s/^ *\([0-9]*\) .*$/\1/") artifacts" |
| 183 | + awk '{printf "%5d\t%s\n", NR, $0}' < $WD/artifacts.list |
| 184 | + cat $WD/artifacts.list | xargs -n 1 -I {} curl --fail -u "${{ secrets.SONATYPE_BASIC_AUTH_CREDENTIALS }}" --upload-file {} https://oss.sonatype.org/service/local/staging/deployByRepositoryId/${staging_dir}/{} |
| 185 | + cp $WD/finish.xml finish.xml |
| 186 | + cat finish.xml |
| 187 | + curl --fail -X POST -d @finish.xml -H "Content-Type:application/xml" -u "${{ secrets.SONATYPE_BASIC_AUTH_CREDENTIALS }}" -H "Content-Type:application/xml" https://oss.sonatype.org/service/local/staging/profiles/b39883a429024e/finish |
| 188 | + echo https://oss.sonatype.org/content/repositories/${staging_dir} |
0 commit comments