cd #5356
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Note: additional setup is required, see https://www.jenkins.io/redirect/continuous-delivery-of-plugins | |
name: cd | |
on: | |
workflow_dispatch: | |
check_run: | |
types: | |
- completed | |
env: | |
REGISTRY: ghcr.io | |
IMAGE_NAME: ${{ github.repository }} | |
DOCKER_BUILDKIT: 1 | |
GHCR_USERNAME: ${{ github.repository_owner }} | |
GHCR_TOKEN: ${{ secrets.GHCR_TOKEN }} | |
permissions: | |
checks: read | |
contents: write | |
packages: write | |
jobs: | |
validate: | |
runs-on: ubuntu-latest | |
outputs: | |
should_release: ${{ steps.verify-ci-status.outputs.result == 'success' && steps.interesting-categories.outputs.interesting == 'true' }} | |
steps: | |
- name: Verify CI status | |
uses: jenkins-infra/[email protected] | |
id: verify-ci-status | |
with: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
output_result: true | |
- name: Release Drafter | |
uses: release-drafter/release-drafter@3f0f87098bd6b5c5b9a36d49c41d998ea58f9348 # v6 | |
id: draft | |
if: steps.verify-ci-status.outputs.result == 'success' | |
with: | |
name: next | |
tag: next | |
version: next | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Check interesting categories | |
uses: jenkins-infra/[email protected] | |
id: interesting-categories | |
if: steps.verify-ci-status.outputs.result == 'success' | |
with: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
RELEASE_DRAFT_BODY: ${{ steps.draft.outputs.body }} | |
release: | |
outputs: | |
version: ${{ steps.extract-version.outputs.version }} | |
runs-on: ubuntu-latest | |
needs: [validate] | |
if: needs.validate.outputs.should_release == 'true' | |
steps: | |
- name: Check out | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Set up JDK | |
uses: actions/setup-java@v4 | |
with: | |
distribution: temurin | |
java-version: 21 | |
# https://github.com/jenkins-infra/github-reusable-workflows/issues/36 | |
- name: Set up Maven | |
run: | | |
wget --no-verbose "https://dlcdn.apache.org/maven/maven-3/$MAVEN_VERSION/binaries/apache-maven-$MAVEN_VERSION-bin.tar.gz" | |
echo "$CHECKSUM" "apache-maven-$MAVEN_VERSION-bin.tar.gz" | sha512sum --check | |
tar xzf "apache-maven-$MAVEN_VERSION-bin.tar.gz" | |
rm "apache-maven-$MAVEN_VERSION-bin.tar.gz" | |
sudo mv "apache-maven-$MAVEN_VERSION" /opt/maven | |
sudo rm -f /usr/bin/mvn | |
sudo ln -s /opt/maven/bin/mvn /usr/bin/mvn | |
mvn --version | |
env: | |
MAVEN_VERSION: 3.9.9 | |
# https://downloads.apache.org/maven/maven-3/3.9.9/binaries/apache-maven-3.9.9-bin.tar.gz.sha512 | |
CHECKSUM: a555254d6b53d267965a3404ecb14e53c3827c09c3b94b5678835887ab404556bfaf78dcfe03ba76fa2508649dca8531c74bca4d5846513522404d48e8c4ac8b | |
- name: Release | |
uses: jenkins-infra/[email protected] | |
with: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
MAVEN_USERNAME: ${{ secrets.MAVEN_USERNAME }} | |
MAVEN_TOKEN: ${{ secrets.MAVEN_TOKEN }} | |
- name: Extract version | |
id: extract-version | |
run: | | |
VERSION="$(mvn -q -Dset.changelist -Dignore.dirt -DforceStdout org.apache.maven.plugins:maven-help-plugin:evaluate -Dexpression=project.version)" | |
echo "VERSION=$VERSION" | |
echo "version=$VERSION" >> "$GITHUB_OUTPUT" | |
- name: Attach jar to release | |
with: | |
arguments: release | |
setup-java: false | |
uses: jreleaser/release-action@v2 | |
env: | |
JRELEASER_PROJECT_VERSION: ${{ steps.extract-version.outputs.version }} | |
JRELEASER_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Generate Homebrew token | |
uses: tibdex/github-app-token@v2 | |
id: generate_homebrew_token | |
with: | |
app_id: ${{ secrets.GORELEASER_APP_ID }} | |
private_key: ${{ secrets.GORELEASER_APP_PRIVKEY }} | |
- name: Publish release | |
with: | |
arguments: publish | |
setup-java: false | |
uses: jreleaser/release-action@v2 | |
env: | |
JRELEASER_PROJECT_VERSION: ${{ steps.extract-version.outputs.version }} | |
JRELEASER_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
JRELEASER_HOMEBREW_GITHUB_TOKEN: ${{ steps.generate_homebrew_token.outputs.token }} | |
- name: Archive output | |
if: always() | |
uses: actions/upload-artifact@v4 | |
with: | |
name: jreleaser-release | |
path: | | |
out/jreleaser/trace.log | |
out/jreleaser/output.properties | |
- name: Upload built jar | |
uses: actions/upload-artifact@v4 | |
with: | |
name: built-jar | |
retention-days: 1 | |
path: | | |
plugin-modernizer-cli/target/jenkins-plugin-modernizer-${{ steps.extract-version.outputs.version }}.jar | |
plugin-modernizer-core/target/plugin-modernizer-core-${{ steps.extract-version.outputs.version }}.jar | |
docker: | |
runs-on: ubuntu-latest | |
needs: [release] | |
steps: | |
- name: Free Disk Space (Ubuntu) | |
uses: jlumbroso/free-disk-space@main | |
# Required: Free up ~6GB for Docker build | |
with: | |
# this might remove tools that are actually needed, | |
# when set to "true" but frees about 6 GB | |
tool-cache: true | |
# all of these default to true, but feel free to set to | |
# "false" if necessary for your workflow | |
android: true | |
dotnet: true | |
haskell: true | |
large-packages: true | |
swap-storage: true | |
- name: Check out | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Download built jar | |
uses: actions/download-artifact@v4 | |
with: | |
name: built-jar | |
path: . # Explicitly set to root to match Dockerfile COPY paths | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v3 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Login to GitHub Container Registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ${{ env.REGISTRY }} | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Extract metadata (tags, labels) for Docker | |
id: meta | |
uses: docker/metadata-action@v5 | |
with: | |
images: ghcr.io/${{ github.repository }} | |
tags: | | |
type=semver,pattern={{version}},value=${{ needs.release.outputs.version }} | |
type=raw,value=latest | |
- name: Build and push Docker image | |
id: push | |
uses: docker/build-push-action@v6 | |
with: | |
context: . | |
push: true | |
platforms: ${{ vars.DOCKER_PLATFORMS || 'linux/amd64,linux/arm64' }} | |
tags: ${{ steps.meta.outputs.tags }} | |
labels: ${{ steps.meta.outputs.labels }} | |
cache-from: type=gha | |
cache-to: type=gha,mode=max,keep-days=30 | |
provenance: true | |
sbom: true | |
build-args: | | |
MAVEN_CACHE=.m2 | |
VERSION=${{ needs.release.outputs.version }} |