.github/workflows/release.yml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107

name: Release
# This workflow is triggered when publishing a GitHub release
on:
  release:
    types:
    - published

env:
  PYTHONUNBUFFERED: 1

jobs:
  run_release:
    runs-on: ubuntu-latest
    name: Start release process
    timeout-minutes: 60
    steps:
    - name: Run release action
      id: run_release
      uses: SonarSource/gh-action_release/main@v3
      with:
        distribute: true
        publish_to_binaries: true
        attach_artifacts_to_github_release: true
        run_rules_cov: false
        slack_channel: sonarqube-build
      env:
        ARTIFACTORY_API_KEY: ${{ secrets.ARTIFACTORY_API_KEY }}
        BURGRX_USER: ${{ secrets.BURGRX_USER }}
        BURGRX_PASSWORD: ${{ secrets.BURGRX_PASSWORD }}
        CIRRUS_TOKEN: ${{ secrets.CIRRUS_TOKEN }}
        PATH_PREFIX: ${{ secrets.BINARIES_PATH_PREFIX }}
        GITHUB_TOKEN: ${{ secrets.RELEASE_GITHUB_TOKEN }}
        RELEASE_SSH_USER: ${{ secrets.RELEASE_SSH_USER }}
        RELEASE_SSH_KEY: ${{ secrets.RELEASE_SSH_KEY }}
        SLACK_API_TOKEN: ${{secrets.SLACK_API_TOKEN }}
    - name: Log outputs
      if: always()
      run: |
        echo "${{ steps.run_release.outputs.releasability }}"
        echo "${{ steps.run_release.outputs.release }}"
        echo "${{ steps.run_release.outputs.distribute_release }}"
    - name: Notify success on Slack
      uses: Ilshidur/action-slack@2.0.0
      env:
        SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
      with:
        args: "Release successful for {{ GITHUB_REPOSITORY }} by {{ GITHUB_ACTOR }}"
    - name: Create Release for Docker Image
      id: create_release
      uses: actions/create-release@v1
      env:
        GITHUB_TOKEN: ${{ secrets.RELEASE_GITHUB_TOKEN }}
      with:
        tag_name: ${{ github.event.release.tag_name }}
        release_name: ${{ github.event.release.tag_name }}
        body: Release containing ScannerCLI version ${{ github.event.release.tag_name }}
        draft: false
        prerelease: false
        repo: SonarSource/sonar-scanner-cli-docker
    - name: Notify failures on Slack
      uses: Ilshidur/action-slack@2.0.0
      if: failure()
      env:
        SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
      with:
        args: "Release failed, see the logs at https://github.com/{{ GITHUB_REPOSITORY }}/actions by {{ GITHUB_ACTOR }}"
  maven-central-sync:
    runs-on: ubuntu-latest
    needs:
      - run_release
    steps:
      - name: Setup JFrog CLI
        uses: jfrog/setup-jfrog-cli@v1
      - name: JFrog config
        run: jfrog rt config repox --url https://repox.jfrog.io/artifactory/ --apikey $ARTIFACTORY_API_KEY --basic-auth-only
        env:
          ARTIFACTORY_API_KEY: ${{ secrets.ARTIFACTORY_API_KEY }}
      - name: Get the version
        id: get_version
        run: |
          IFS=. read major minor patch build <<< "${{ github.event.release.tag_name }}"
          echo ::set-output name=build::"${build}"
      - name: Create local repository directory
        id: local_repo
        run: echo ::set-output name=dir::"$(mktemp -d repo.XXXXXXXX)"
      - name: Download Artifacts
        uses: SonarSource/gh-action_release/download-build@v3
        with:
          build-number: ${{ steps.get_version.outputs.build }}
          local-repo-dir: ${{ steps.local_repo.outputs.dir }}
      - name: Maven Central Sync
        id: maven-central-sync
        continue-on-error: true
        uses: SonarSource/gh-action_release/maven-central-sync@v3
        with:
          local-repo-dir: ${{ steps.local_repo.outputs.dir }}
        env:
          OSSRH_USERNAME: ${{ secrets.OSSRH_USERNAME }}
          OSSRH_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
      - name: Notify on failure
        if: ${{ failure() || steps.maven-central-sync.outcome == 'failure' }}
        uses: 8398a7/action-slack@v3
        with:
          status: failure
          fields: repo,author,eventName
        env:
          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_BUILD_WEBHOOK }}