Release #3
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | |
| on: | |
| # run manually on default branch | |
| workflow_dispatch: | |
| inputs: | |
| dryRun: | |
| type: boolean | |
| description: "Dry-Run" | |
| default: false | |
| includeTests: | |
| type: boolean | |
| description: Include tests | |
| default: true | |
| concurrency: | |
| # only run one publishing at a time to avoid conflicts | |
| group: publish-${{ github.ref }} | |
| env: | |
| # instead of embedded Maven use local Maven CLI | |
| # HALE_BUILD_MAVEN_EMBEDDED: 'false' | |
| # renovate: datasource=npm depName=@semantic-release/changelog | |
| SEMANTIC_RELEASE_CHANGELOG_VERSION: 6.0.3 | |
| # renovate: datasource=npm depName=@semantic-release/exec | |
| SEMANTIC_RELEASE_EXEC_VERSION: 6.0.3 | |
| # renovate: datasource=npm depName=@semantic-release/git | |
| SEMANTIC_RELEASE_GIT_VERSION: 10.0.1 | |
| # renovate: datasource=npm depName=conventional-changelog-conventionalcommits | |
| CONVENTIONAL_CHANGELOG_CONVENTIONALCOMMITS_VERSION: 7.0.2 | |
| jobs: | |
| release: | |
| # Only on main repository (don't release on forks) | |
| if: github.repository_owner == 'halestudio' | |
| name: Release | |
| runs-on: ubuntu-latest | |
| outputs: | |
| release-published: ${{ steps.release.outputs.new_release_published }} | |
| release-version: ${{ steps.release.outputs.new_release_version }} | |
| steps: | |
| - name: Determine app token for release | |
| uses: actions/create-github-app-token@c8f55efbd427e7465d6da1106e7979bc8aaee856 # v1.10.1 | |
| id: app-token | |
| with: | |
| app-id: ${{ secrets.WE_RELEASE_GITHUB_APP_ID }} | |
| private-key: "${{ secrets.WE_RELEASE_GITHUB_PRIVATE_KEY }}" | |
| - name: Setup Maven | |
| uses: s4u/setup-maven-action@489441643219d2b93ee2a127b2402eb640a1b947 # v1.13.0 | |
| # uses: stempler/setup-maven-action@feat/cache-save-always | |
| with: | |
| java-version: 17 | |
| java-distribution: temurin | |
| maven-version: 3.9.6 | |
| checkout-fetch-depth: 0 # make sure to check out all tags | |
| checkout-token: ${{ steps.app-token.outputs.token }} | |
| checkout-persist-credentials: true # token and persisted credentials required for push (to protected branch) | |
| # Note: currently not working because of https://github.com/actions/cache/issues/1315 | |
| # Fix in https://github.com/actions/cache/pull/1325 not merged yet | |
| # cache-save-always: true | |
| - name: Install genisoimage # required for Mac build | |
| run: sudo apt-get install -y genisoimage | |
| - name: Clean | |
| run: ./build.sh clean | |
| working-directory: ./build | |
| - name: Create hale-docker.conf file | |
| run: | | |
| mkdir -p ~/.hale | |
| cat <<EOF > ~/.hale/hale-docker.conf | |
| global { | |
| dockerHost="unix:///var/run/docker.sock" | |
| } | |
| EOF | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 | |
| with: | |
| username: ${{ secrets.DOCKER_HUB_USERNAME }} | |
| password: ${{ secrets.DOCKER_HUB_PASSWORD }} | |
| - name: Test | |
| if: ${{ inputs.includeTests }} | |
| run: ./build.sh integrationStage | |
| working-directory: ./build | |
| - name: Publish Test Report | |
| uses: mikepenz/action-junit-report@ac30be7acb0a361e5492575ab42e47fcadec4928 # v4.2.2 | |
| if: ${{ always() && inputs.includeTests }} | |
| with: | |
| # fail if there are no test results | |
| require_tests: true | |
| # Workaround for check that is additionally created being associated | |
| # to the wrong workflow/run. Instead no additional check is created. | |
| # See https://github.com/mikepenz/action-junit-report/issues/40 | |
| annotate_only: true | |
| detailed_summary: true | |
| report_paths: 'build/target/testReports/*.xml' | |
| - name: Install NodeJs | |
| uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 | |
| with: | |
| node-version: 20 | |
| - name: Install AWS CLI # Required for uploading update site | |
| uses: unfor19/install-aws-cli-action@e8b481e524a99f37fbd39fdc1dcb3341ab091367 # v1.0.7 | |
| with: | |
| version: 1 | |
| - name: Release | |
| id: release | |
| uses: cycjimmy/semantic-release-action@cb425203a562475bca039ba4dbf90c7f9ac790f4 # v4.1.0 | |
| env: | |
| # Permissions needed | |
| # contents: write | |
| # issues: write | |
| # pull-requests: write | |
| GITHUB_TOKEN: ${{ steps.app-token.outputs.token }} | |
| GIT_AUTHOR_NAME: wetransform Bot | |
| GIT_AUTHOR_EMAIL: [email protected] | |
| GIT_COMMITTER_NAME: wetransform Bot | |
| GIT_COMMITTER_EMAIL: [email protected] | |
| RUNNER_DEBUG: 1 | |
| # For release commands execution | |
| # Upload update site | |
| # AWS_ACCESS_KEY_ID: ${{ secrets.BUILD_ARCHIVE_ACCESS_KEY }} | |
| # AWS_SECRET_ACCESS_KEY: ${{ secrets.BUILD_ARCHIVE_SECRET_KEY }} | |
| # Deploy artifacts | |
| # WETF_ARTIFACTORY_USER: ${{ secrets.WETF_ARTIFACTORY_USER }} | |
| # WETF_ARTIFACTORY_PASSWORD: ${{ secrets.WETF_ARTIFACTORY_PASSWORD }} | |
| JAVA_TOOL_OPTIONS: '-Dmaven.wagon.httpconnectionManager.ttlSeconds=120' | |
| with: | |
| dry_run: ${{ inputs.dryRun }} | |
| semantic_version: 23.1.1 | |
| extra_plugins: | |
| "@semantic-release/changelog@\ | |
| ${{ env.SEMANTIC_RELEASE_CHANGELOG_VERSION }} \ | |
| @semantic-release/exec@\ | |
| ${{ env.SEMANTIC_RELEASE_EXEC_VERSION }} \ | |
| @semantic-release/git@\ | |
| ${{ env.SEMANTIC_RELEASE_GIT_VERSION }} \ | |
| conventional-changelog-conventionalcommits@\ | |
| ${{ env.CONVENTIONAL_CHANGELOG_CONVENTIONALCOMMITS_VERSION }} \ | |
| " | |
| # https://github.com/marketplace/actions/slack-notify-build | |
| - name: Notify failure to Slack | |
| if: failure() | |
| env: | |
| SLACK_BOT_TOKEN: ${{ secrets.SLACK_NOTIFICATIONS_BOT_TOKEN }} | |
| uses: voxmedia/github-action-slack-notify-build@3665186a8c1a022b28a1dbe0954e73aa9081ea9e # v1.6.0 | |
| with: | |
| channel: build-failures | |
| status: FAILED | |
| color: danger | |
| # Note: one reason deploy artifacts is handled as separate job is that it currently usually fails (connection reset issue) | |
| # and should not impact the main release job | |
| deploy-artifacts: | |
| name: Deploy Maven artifacts | |
| runs-on: ubuntu-latest | |
| needs: [release] | |
| if: ${{ !inputs.dryRun && needs.release.outputs.release-published != 'false' }} | |
| steps: | |
| - name: Setup Maven | |
| uses: s4u/setup-maven-action@489441643219d2b93ee2a127b2402eb640a1b947 # v1.13.0 | |
| with: | |
| java-version: 17 | |
| java-distribution: temurin | |
| maven-version: 3.9.6 | |
| checkout-ref: refs/tags/v${{needs.release.outputs.release-version}} # check out release tag | |
| - name: Deploy Artifacts | |
| env: | |
| WETF_ARTIFACTORY_USER: ${{ secrets.WETF_ARTIFACTORY_USER }} | |
| WETF_ARTIFACTORY_PASSWORD: ${{ secrets.WETF_ARTIFACTORY_PASSWORD }} | |
| JAVA_TOOL_OPTIONS: '-Dmaven.wagon.httpconnectionManager.ttlSeconds=120' | |
| run: ./build.sh deployArtifacts | |
| working-directory: ./build | |
| # https://github.com/marketplace/actions/slack-notify-build | |
| - name: Notify failure to Slack | |
| if: failure() | |
| env: | |
| SLACK_BOT_TOKEN: ${{ secrets.SLACK_NOTIFICATIONS_BOT_TOKEN }} | |
| uses: voxmedia/github-action-slack-notify-build@3665186a8c1a022b28a1dbe0954e73aa9081ea9e # v1.6.0 | |
| with: | |
| channel: build-failures | |
| status: FAILED | |
| color: danger | |
| publish-products: | |
| name: Publish products and update site | |
| runs-on: ubuntu-latest | |
| needs: [release] | |
| if: ${{ !inputs.dryRun && needs.release.outputs.release-published != 'false' }} | |
| steps: | |
| - name: Setup Maven | |
| uses: s4u/setup-maven-action@489441643219d2b93ee2a127b2402eb640a1b947 # v1.13.0 | |
| with: | |
| java-version: 17 | |
| java-distribution: temurin | |
| maven-version: 3.9.6 | |
| checkout-ref: refs/tags/v${{needs.release.outputs.release-version}} # check out release tag | |
| - name: Install genisoimage # required for Mac build | |
| run: sudo apt-get install -y genisoimage | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 | |
| with: | |
| username: ${{ secrets.DOCKER_HUB_USERNAME }} | |
| password: ${{ secrets.DOCKER_HUB_PASSWORD }} | |
| - name: Install AWS CLI # Required for uploading update site | |
| uses: unfor19/install-aws-cli-action@e8b481e524a99f37fbd39fdc1dcb3341ab091367 # v1.0.7 | |
| with: | |
| version: 1 | |
| - name: Clean | |
| run: ./build.sh clean | |
| working-directory: ./build | |
| - name: Build products | |
| run: | | |
| ./build.sh product --arch x86_64 --os linux HALE | |
| ./build.sh product --arch x86_64 --os windows HALE | |
| ./build.sh product --arch x86_64 --os macosx HALE | |
| ./build.sh product --arch x86_64 --os linux --publish Infocenter | |
| working-directory: ./build | |
| # use GitHub CLI to upload asset to release | |
| # see https://cli.github.com/manual/gh_release_upload | |
| - name: Add HALE products to release | |
| env: | |
| GH_TOKEN: ${{ github.token }} | |
| run: | | |
| echo "Adding to release assets..." | |
| gh release upload v${{needs.release.outputs.release-version}} build/target/*.tar.gz --repo ${{ github.repository }} | |
| gh release upload v${{needs.release.outputs.release-version}} build/target/*.zip --repo ${{ github.repository }} | |
| gh release upload v${{needs.release.outputs.release-version}} build/target/*.dmg --repo ${{ github.repository }} | |
| shell: bash | |
| - name: Upload update site | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ secrets.BUILD_ARCHIVE_ACCESS_KEY }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.BUILD_ARCHIVE_SECRET_KEY }} | |
| run: ./upload-site.sh | |
| working-directory: ./build | |
| # https://github.com/marketplace/actions/slack-notify-build | |
| - name: Notify failure to Slack | |
| if: failure() | |
| env: | |
| SLACK_BOT_TOKEN: ${{ secrets.SLACK_NOTIFICATIONS_BOT_TOKEN }} | |
| uses: voxmedia/github-action-slack-notify-build@3665186a8c1a022b28a1dbe0954e73aa9081ea9e # v1.6.0 | |
| with: | |
| channel: build-failures | |
| status: FAILED | |
| color: danger | |
| windows-build: | |
| name: Build Windows installer | |
| runs-on: windows-latest | |
| needs: [release] | |
| if: ${{ !inputs.dryRun && needs.release.outputs.release-published != 'false' }} | |
| steps: | |
| - name: Setup Maven | |
| uses: s4u/setup-maven-action@489441643219d2b93ee2a127b2402eb640a1b947 # v1.13.0 | |
| with: | |
| java-version: 17 | |
| java-distribution: temurin | |
| maven-version: 3.9.6 | |
| checkout-ref: refs/tags/v${{needs.release.outputs.release-version}} # check out release tag | |
| # WiX is already installed on default Windows runner (currently WiX 3.x) | |
| # Note: adding to path not required as our build looks for the installation folder | |
| # | |
| # - name: Add WiX toolkit to PATH | |
| # shell: bash | |
| # run: echo "${WIX}bin" >> $GITHUB_PATH | |
| - name: Build installer | |
| run: | | |
| build.bat product -o windows -a x86_64 HALE | |
| shell: cmd | |
| # use GitHub CLI to upload asset to release | |
| # see https://cli.github.com/manual/gh_release_upload | |
| - name: Add installer to release | |
| env: | |
| GH_TOKEN: ${{ github.token }} | |
| run: | | |
| echo "Adding to release assets..." | |
| gh release upload v${{needs.release.outputs.release-version}} build/target/*.msi --repo ${{ github.repository }} | |
| shell: bash | |
| # https://github.com/marketplace/actions/slack-notify-build | |
| - name: Notify failure to Slack | |
| if: failure() | |
| env: | |
| SLACK_BOT_TOKEN: ${{ secrets.SLACK_NOTIFICATIONS_BOT_TOKEN }} | |
| uses: voxmedia/github-action-slack-notify-build@3665186a8c1a022b28a1dbe0954e73aa9081ea9e # v1.6.0 | |
| with: | |
| channel: build-failures | |
| status: FAILED | |
| color: danger |