diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
new file mode 100644
index 00000000000..53426d55bce
--- /dev/null
+++ b/.github/workflows/release.yml
@@ -0,0 +1,47 @@
+name: Release
+
+on:
+ push:
+ tags:
+ - '*.*.*'
+
+jobs:
+ release:
+ runs-on: ubuntu-latest
+ steps:
+ - name: Git checkout
+ uses: actions/checkout@v2
+ with:
+ persist-credentials: false
+ - name: Set version
+ id: setup
+ run: echo ::set-output name=version::${GITHUB_REF#refs/*/}
+ - name: Set up JDK 8
+ uses: actions/setup-java@v1
+ with:
+ java-version: 8
+ - name: Cache Maven Repository
+ uses: actions/cache@v1
+ with:
+ path: ~/.m2
+ key: release-${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
+ restore-keys: release-${{ runner.os }}-m2
+ - name: Perform release
+ env:
+ DOCKER_USER: ${{ secrets.DOCKER_USER }}
+ DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
+ QUAYIO_USER: ${{ secrets.QUAYIO_USER }}
+ QUAYIO_PASSWORD: ${{ secrets.QUAYIO_PASSWORD }}
+ SYNDESISCI_TOKEN: ${{ secrets.SYNDESISCI_TOKEN }}
+ GPG_KEYNAME: ${{ secrets.GPG_KEYNAME }}
+ GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
+ GPG_KEY: ${{ secrets.GPG_KEY }}
+ OSSRH_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
+ run: |
+ git config --global user.email ci@syndesis.io
+ git config --global user.name 'Syndesis CI'
+ git config --global 'http.https://github.com/.extraheader' "Authorization: basic $(echo -n x-access-token:${SYNDESISCI_TOKEN}|base64 --wrap=0)"
+ echo ${SYNDESIS_GPG_KEY}
+ gpg --batch --import <(echo "${GPG_KEY}")
+ export GPG_TTY=$(tty)
+ tools/bin/syndesis release --dry-run --release-version ${{ steps.setup.outputs.version }} --git-remote origin --docker-user "${DOCKER_USER}" --docker-password "${DOCKER_PASSWORD}" --github-user syndesisci --github-token "${SYNDESISCI_TOKEN}" --quayio-user "${QUAYIO_USER}" --quayio-password "${QUAYIO_PASSWORD}" --gpg-keyname "${GPG_KEYNAME}"--gpg-passphrase "${GPG_PASSPHRASE}" --ossrh-user syndesisci --ossrh-password "${OSSRH_PASSWORD}"
diff --git a/app/.mvn/settings.release.xml b/app/.mvn/settings.release.xml
new file mode 100644
index 00000000000..4e46dd6bc5e
--- /dev/null
+++ b/app/.mvn/settings.release.xml
@@ -0,0 +1,62 @@
+
+
+
+
+
+ oss-sonatype-staging
+ ${ossrh.user}
+ ${ossrh.password}
+
+
+
+
+ disable-apache-snapshots-repository
+
+ true
+
+
+
+ apache.snapshots
+ http://repository.apache.org/snapshots/
+
+ false
+ never
+
+
+ false
+ never
+
+
+
+
+
+ apache.snapshots
+ http://repository.apache.org/snapshots/
+
+ false
+ never
+
+
+ false
+ never
+
+
+
+
+
+
diff --git a/app/pom.xml b/app/pom.xml
index 64817977100..7ff2f136fa5 100644
--- a/app/pom.xml
+++ b/app/pom.xml
@@ -353,6 +353,10 @@
1.6
false
+
+ --pinentry-mode
+ loopback
+
diff --git a/tools/bin/commands/release b/tools/bin/commands/release
index bc4652ae958..4382602222e 100644
--- a/tools/bin/commands/release
+++ b/tools/bin/commands/release
@@ -36,6 +36,10 @@ release::usage() {
--git-remote Name of the git remote to push to. If not given, its trying to be pushed
to the git remote to which the currently checked out branch is attached to.
Works only when on a branch, not when checked out directly.
+ --gpg-keyname Name of the GPG key to sign with (USER-ID)
+ --gpg-passphrase Passphrase used to unlock the GPG key
+ --ossrh-user Username for oss.sonatype.org
+ --ossrh-password Password for oss.sonatype.org
--log Write full log to , only print progress to screen
--skip-tests Do not run tests
--no-strict-checksums Do not insist on strict checksum policy for downloaded Maven artifacts
@@ -88,15 +92,9 @@ release::run() {
# Verify that there are no modified file in git repo
check_git_clean "$topdir"
- # Temporary local repository to guarantee a clean build
- local local_maven_repo=$(readopt --local-maven-repo)
- if [ -z "$local_maven_repo" ]; then
- local_maven_repo=$(mktemp -d 2>/dev/null || mktemp -d -t 'maven_repo')
- trap "echo 'Removing temp maven repo $local_maven_repo' && rm -rf $local_maven_repo" "EXIT"
- fi
-
# Calculate common maven options
- local maven_opts="$(extract_maven_opts $local_maven_repo)"
+ local maven_opts
+ maven_opts="$(extract_maven_opts "${topdir}")"
# Set pom.xml version to the given release_version
update_pom_versions "$topdir" "$release_version" "$maven_opts"
@@ -543,26 +541,56 @@ drop_staging_repo() {
# Helper
extract_maven_opts() {
- local maven_opts="-Dmaven.repo.local=$1 --batch-mode -V -e"
+ local topdir="$1"
+
+ local maven_opts
+ maven_opts="--batch-mode -V -e"
- if [ $(hasflag --quiet -q) ]; then
+ if [ "$(hasflag --quiet -q)" ]; then
maven_opts="$maven_opts -q"
fi
- local settings_xml=$(readopt --settings-xml --settings)
+ local settings_xml
+ settings_xml=$(readopt --settings-xml --settings)
if [ -n "${settings_xml}" ]; then
maven_opts="$maven_opts -s $settings_xml"
fi
- if [ $(hasflag --skip-tests) ]; then
+ if [ "$(hasflag --skip-tests)" ]; then
maven_opts="$maven_opts -DskipTests -DskipITs"
fi
- if [ ! $(hasflag --no-strict-checksums) ]; then
+ if [ ! "$(hasflag --no-strict-checksums)" ]; then
maven_opts="$maven_opts -C"
fi
- echo $maven_opts
+ local ossrh_user
+ ossrh_user=$(readopt --ossrh-user)
+
+ local ossrh_password
+ ossrh_password=$(readopt --ossrh-password)
+
+ if [ -n "${ossrh_user}" ] && [ -n "${ossrh_password}" ]; then
+ maven_opts+=" -Dossrh.user=${ossrh_user} -Dossrh.password=${ossrh_password}"
+ fi
+
+ local gpg_keyname
+ gpg_keyname=$(readopt --gpg-keyname)
+
+ local gpg_passphrase
+ gpg_passphrase=$(readopt --gpg-passphrase)
+
+ if [ -n "${gpg_keyname}" ] && [ -n "${gpg_passphrase}" ]; then
+ maven_opts+=" -Dgpg.keyname=${gpg_keyname} -Dgpg.passphrase=${gpg_passphrase}"
+ fi
+
+ # the settings.release.xml contains placeholders, only if we have these defined
+ # we can use it
+ if [ -z "${settings_xml}" ] && [ -n "${ossrh_user}" ] && [ -n "${ossrh_password}" ]; then
+ maven_opts+=" -s "${topdir}/app/.mvn/settings.release.xml""
+ fi
+
+ echo "${maven_opts}"
}
git_commit() {