Bump version to 0.5.0 across all modules.
#1
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | |
| on: | |
| push: | |
| tags: | |
| - 'v*' | |
| workflow_dispatch: | |
| inputs: | |
| version: | |
| description: 'Release version (e.g., 1.0.0)' | |
| required: true | |
| type: string | |
| dry_run: | |
| description: 'Dry run (skip actual deployment)' | |
| required: false | |
| type: boolean | |
| default: false | |
| # Minimal global permissions - jobs request additional permissions as needed | |
| permissions: | |
| contents: read | |
| env: | |
| JAVA_VERSION: '21' | |
| jobs: | |
| validate: | |
| name: Validate Release | |
| runs-on: ubuntu-latest | |
| outputs: | |
| version: ${{ steps.version.outputs.version }} | |
| should_deploy: ${{ steps.deploy-check.outputs.should_deploy }} | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Determine version | |
| id: version | |
| run: | | |
| if [ "${{ github.event_name }}" == "push" ]; then | |
| VERSION="${GITHUB_REF#refs/tags/v}" | |
| else | |
| VERSION="${{ github.event.inputs.version }}" | |
| fi | |
| echo "version=$VERSION" >> $GITHUB_OUTPUT | |
| echo "Release version: $VERSION" | |
| - name: Check deployment condition | |
| id: deploy-check | |
| run: | | |
| # Tag push: always deploy | |
| # Manual dispatch: only if dry_run is not true | |
| if [ "${{ github.event_name }}" == "push" ]; then | |
| echo "should_deploy=true" >> $GITHUB_OUTPUT | |
| echo "Deployment: enabled (tag push)" | |
| elif [ "${{ github.event.inputs.dry_run }}" != "true" ]; then | |
| echo "should_deploy=true" >> $GITHUB_OUTPUT | |
| echo "Deployment: enabled (manual trigger, dry_run=false)" | |
| else | |
| echo "should_deploy=false" >> $GITHUB_OUTPUT | |
| echo "Deployment: disabled (dry run mode)" | |
| fi | |
| - name: Set up JDK ${{ env.JAVA_VERSION }} | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: ${{ env.JAVA_VERSION }} | |
| distribution: 'temurin' | |
| cache: 'maven' | |
| - name: Validate build | |
| run: mvn -B clean verify -DskipTests | |
| test: | |
| name: Run Tests | |
| runs-on: ubuntu-latest | |
| needs: validate | |
| strategy: | |
| matrix: | |
| java: [ '17', '21' ] | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Set up JDK ${{ matrix.java }} | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: ${{ matrix.java }} | |
| distribution: 'temurin' | |
| cache: 'maven' | |
| - name: Run tests | |
| run: mvn -B clean test | |
| deploy: | |
| name: Deploy to Maven Central | |
| runs-on: ubuntu-latest | |
| needs: [ validate, test ] | |
| if: needs.validate.outputs.should_deploy == 'true' | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Set up JDK ${{ env.JAVA_VERSION }} | |
| uses: actions/setup-java@v4 | |
| env: | |
| CENTRAL_USERNAME: ${{ secrets.CENTRAL_USERNAME }} | |
| CENTRAL_TOKEN: ${{ secrets.CENTRAL_TOKEN }} | |
| GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} | |
| with: | |
| java-version: ${{ env.JAVA_VERSION }} | |
| distribution: 'temurin' | |
| cache: 'maven' | |
| server-id: central | |
| server-username: CENTRAL_USERNAME | |
| server-password: CENTRAL_TOKEN | |
| gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }} | |
| gpg-passphrase: GPG_PASSPHRASE | |
| - name: Deploy to Maven Central | |
| run: mvn -B clean deploy -Prelease -DskipTests -Dgpg.useAgent=false | |
| sbom: | |
| name: Generate SBOM | |
| runs-on: ubuntu-latest | |
| needs: [ validate, test ] | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Set up JDK ${{ env.JAVA_VERSION }} | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: ${{ env.JAVA_VERSION }} | |
| distribution: 'temurin' | |
| cache: 'maven' | |
| - name: Generate SBOM | |
| run: mvn -B cyclonedx:makeAggregateBom -Pqa | |
| - name: Upload SBOM artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: sbom | |
| path: target/bom.* | |
| retention-days: 90 | |
| github-release: | |
| name: Create GitHub Release | |
| runs-on: ubuntu-latest | |
| needs: [ validate, deploy, sbom ] | |
| if: needs.validate.outputs.should_deploy == 'true' && needs.deploy.result == 'success' | |
| # Only this job needs write access to create the release | |
| permissions: | |
| contents: write | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Download SBOM | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: sbom | |
| path: sbom/ | |
| - name: Read release notes | |
| id: release-notes | |
| run: | | |
| if [ ! -f "RELEASE.md" ]; then | |
| echo "Error: RELEASE.md not found" | |
| exit 1 | |
| fi | |
| echo "body<<EOF" >> $GITHUB_OUTPUT | |
| cat RELEASE.md >> $GITHUB_OUTPUT | |
| echo "EOF" >> $GITHUB_OUTPUT | |
| - name: Create GitHub Release | |
| uses: softprops/action-gh-release@v2 | |
| with: | |
| tag_name: v${{ needs.validate.outputs.version }} | |
| name: Release v${{ needs.validate.outputs.version }} | |
| body: ${{ steps.release-notes.outputs.body }} | |
| files: | | |
| sbom/bom.json | |
| sbom/bom.xml | |
| draft: false | |
| prerelease: ${{ contains(needs.validate.outputs.version, '-') }} | |
| generate_release_notes: false |