Skip to content

cd

cd #5377

Workflow file for this run

# Note: additional setup is required, see https://www.jenkins.io/redirect/continuous-delivery-of-plugins
name: cd
on:
workflow_dispatch:
check_run:
types:
- completed
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
DOCKER_BUILDKIT: 1
GHCR_USERNAME: ${{ github.repository_owner }}
GHCR_TOKEN: ${{ secrets.GHCR_TOKEN }}
permissions:
checks: read
contents: write
packages: write
jobs:
validate:
runs-on: ubuntu-latest
outputs:
should_release: ${{ steps.verify-ci-status.outputs.result == 'success' && steps.interesting-categories.outputs.interesting == 'true' }}
steps:
- name: Verify CI status
uses: jenkins-infra/[email protected]
id: verify-ci-status
with:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
output_result: true
- name: Release Drafter
uses: release-drafter/release-drafter@3f0f87098bd6b5c5b9a36d49c41d998ea58f9348 # v6
id: draft
if: steps.verify-ci-status.outputs.result == 'success'
with:
name: next
tag: next
version: next
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Check interesting categories
uses: jenkins-infra/[email protected]
id: interesting-categories
if: steps.verify-ci-status.outputs.result == 'success'
with:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
RELEASE_DRAFT_BODY: ${{ steps.draft.outputs.body }}
release:
outputs:
version: ${{ steps.extract-version.outputs.version }}
runs-on: ubuntu-latest
needs: [validate]
if: needs.validate.outputs.should_release == 'true'
steps:
- name: Check out
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set up JDK
uses: actions/setup-java@v4
with:
distribution: temurin
java-version: 21
# https://github.com/jenkins-infra/github-reusable-workflows/issues/36
- name: Set up Maven
run: |
wget --no-verbose "https://dlcdn.apache.org/maven/maven-3/$MAVEN_VERSION/binaries/apache-maven-$MAVEN_VERSION-bin.tar.gz"
echo "$CHECKSUM" "apache-maven-$MAVEN_VERSION-bin.tar.gz" | sha512sum --check
tar xzf "apache-maven-$MAVEN_VERSION-bin.tar.gz"
rm "apache-maven-$MAVEN_VERSION-bin.tar.gz"
sudo mv "apache-maven-$MAVEN_VERSION" /opt/maven
sudo rm -f /usr/bin/mvn
sudo ln -s /opt/maven/bin/mvn /usr/bin/mvn
mvn --version
env:
MAVEN_VERSION: 3.9.9
# https://downloads.apache.org/maven/maven-3/3.9.9/binaries/apache-maven-3.9.9-bin.tar.gz.sha512
CHECKSUM: a555254d6b53d267965a3404ecb14e53c3827c09c3b94b5678835887ab404556bfaf78dcfe03ba76fa2508649dca8531c74bca4d5846513522404d48e8c4ac8b
- name: Release
uses: jenkins-infra/[email protected]
with:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
MAVEN_USERNAME: ${{ secrets.MAVEN_USERNAME }}
MAVEN_TOKEN: ${{ secrets.MAVEN_TOKEN }}
- name: Extract version
id: extract-version
run: |
VERSION="$(mvn -q -Dset.changelist -Dignore.dirt -DforceStdout org.apache.maven.plugins:maven-help-plugin:evaluate -Dexpression=project.version)"
echo "VERSION=$VERSION"
echo "version=$VERSION" >> "$GITHUB_OUTPUT"
- name: Attach jar to release
with:
arguments: release
setup-java: false
uses: jreleaser/release-action@v2
env:
JRELEASER_PROJECT_VERSION: ${{ steps.extract-version.outputs.version }}
JRELEASER_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Generate Homebrew token
uses: tibdex/github-app-token@v2
id: generate_homebrew_token
with:
app_id: ${{ secrets.GORELEASER_APP_ID }}
private_key: ${{ secrets.GORELEASER_APP_PRIVKEY }}
- name: Publish release
with:
arguments: publish
setup-java: false
uses: jreleaser/release-action@v2
env:
JRELEASER_PROJECT_VERSION: ${{ steps.extract-version.outputs.version }}
JRELEASER_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
JRELEASER_HOMEBREW_GITHUB_TOKEN: ${{ steps.generate_homebrew_token.outputs.token }}
- name: Archive output
if: always()
uses: actions/upload-artifact@v4
with:
name: jreleaser-release
path: |
out/jreleaser/trace.log
out/jreleaser/output.properties
- name: Upload built jar
uses: actions/upload-artifact@v4
with:
name: built-jar
retention-days: 1
path: |
plugin-modernizer-cli/target/jenkins-plugin-modernizer-${{ steps.extract-version.outputs.version }}.jar
plugin-modernizer-core/target/plugin-modernizer-core-${{ steps.extract-version.outputs.version }}.jar
docker:
runs-on: ubuntu-latest
needs: [release]
steps:
- name: Free Disk Space (Ubuntu)
uses: jlumbroso/free-disk-space@main
# Required: Free up ~6GB for Docker build
with:
# this might remove tools that are actually needed,
# when set to "true" but frees about 6 GB
tool-cache: true
# all of these default to true, but feel free to set to
# "false" if necessary for your workflow
android: true
dotnet: true
haskell: true
large-packages: true
swap-storage: true
- name: Check out
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Download built jar
uses: actions/download-artifact@v4
with:
name: built-jar
path: . # Explicitly set to root to match Dockerfile COPY paths
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@v5
with:
images: ghcr.io/${{ github.repository }}
tags: |
type=semver,pattern={{version}},value=${{ needs.release.outputs.version }}
type=raw,value=latest
- name: Build and push Docker image
id: push
uses: docker/build-push-action@v6
with:
context: .
push: true
platforms: ${{ vars.DOCKER_PLATFORMS || 'linux/amd64,linux/arm64' }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max,keep-days=30
provenance: true
sbom: true
build-args: |
MAVEN_CACHE=.m2
VERSION=${{ needs.release.outputs.version }}