name: Release # This workflow is triggered when publishing a GitHub release on: release: types: - published env: PYTHONUNBUFFERED: 1 jobs: run_release: runs-on: ubuntu-latest name: Start release process timeout-minutes: 60 steps: - name: Configure AWS Credentials uses: aws-actions/configure-aws-credentials@v1 with: aws-access-key-id: ${{ secrets.BINARIES_AWS_ACCESS_KEY_ID }} aws-secret-access-key: ${{ secrets.BINARIES_AWS_SECRET_ACCESS_KEY }} aws-region: ${{ secrets.BINARIES_AWS_REGION }} - name: Run release action id: run_release uses: SonarSource/gh-action_release/main@v4 with: distribute: true publish_to_binaries: true attach_artifacts_to_github_release: true run_rules_cov: false slack_channel: sonarqube-build env: ARTIFACTORY_API_KEY: ${{ secrets.ARTIFACTORY_API_KEY }} BURGRX_USER: ${{ secrets.BURGRX_USER }} BURGRX_PASSWORD: ${{ secrets.BURGRX_PASSWORD }} CIRRUS_TOKEN: ${{ secrets.CIRRUS_TOKEN }} PATH_PREFIX: ${{ secrets.BINARIES_PATH_PREFIX }} GITHUB_TOKEN: ${{ secrets.RELEASE_GITHUB_TOKEN }} RELEASE_SSH_USER: ${{ secrets.RELEASE_SSH_USER }} RELEASE_SSH_KEY: ${{ secrets.RELEASE_SSH_KEY }} SLACK_API_TOKEN: ${{secrets.SLACK_API_TOKEN }} - name: Log outputs if: always() run: | echo "${{ steps.run_release.outputs.releasability }}" echo "${{ steps.run_release.outputs.release }}" echo "${{ steps.run_release.outputs.distribute_release }}" - name: Notify success on Slack uses: Ilshidur/action-slack@2.0.0 env: SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} with: args: "Release successful for {{ GITHUB_REPOSITORY }} by {{ GITHUB_ACTOR }}" - name: Create Release for Docker Image id: create_release uses: softprops/action-gh-release@v1 env: GITHUB_TOKEN: ${{ secrets.RELEASE_GITHUB_TOKEN }} GITHUB_REPOSITORY: SonarSource/sonar-scanner-cli-docker with: tag_name: ${{ github.event.release.tag_name }} body: Release containing ScannerCLI version ${{ github.event.release.tag_name }} draft: false prerelease: false - name: Notify failures on Slack uses: Ilshidur/action-slack@2.0.0 if: failure() env: SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} with: args: "Release failed, see the logs at https://github.com/{{ GITHUB_REPOSITORY }}/actions by {{ GITHUB_ACTOR }}" maven-central-sync: runs-on: ubuntu-latest needs: - run_release steps: - name: Setup JFrog CLI uses: jfrog/setup-jfrog-cli@v1 - name: JFrog config run: jfrog rt config repox --url https://repox.jfrog.io/artifactory/ --apikey $ARTIFACTORY_API_KEY --basic-auth-only env: ARTIFACTORY_API_KEY: ${{ secrets.ARTIFACTORY_API_KEY }} - name: Get the version id: get_version run: | IFS=. read major minor patch build <<< "${{ github.event.release.tag_name }}" echo ::set-output name=build::"${build}" - name: Create local repository directory id: local_repo run: echo ::set-output name=dir::"$(mktemp -d repo.XXXXXXXX)" - name: Download Artifacts uses: SonarSource/gh-action_release/download-build@v4 with: build-number: ${{ steps.get_version.outputs.build }} local-repo-dir: ${{ steps.local_repo.outputs.dir }} - name: Maven Central Sync id: maven-central-sync continue-on-error: true uses: SonarSource/gh-action_release/maven-central-sync@v4 with: local-repo-dir: ${{ steps.local_repo.outputs.dir }} env: OSSRH_USERNAME: ${{ secrets.OSSRH_USERNAME }} OSSRH_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} - name: Notify on failure if: ${{ failure() || steps.maven-central-sync.outcome == 'failure' }} uses: 8398a7/action-slack@v3 with: status: failure fields: repo,author,eventName env: SLACK_WEBHOOK_URL: ${{ secrets.SLACK_BUILD_WEBHOOK }}