Attach Artifacts To Draft Release #453
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Attach Artifacts To Draft Release | |
on: | |
workflow_dispatch: | |
inputs: | |
version: | |
description: 'Version (example: 4.8.2)' | |
required: true | |
branch: | |
description: 'Branch to release (Defaults to master)' | |
required: false | |
runId: | |
description: 'RunId of liquibase/liquibase artifacts to attach' | |
required: true | |
standaloneZip: | |
description: 'This only generates a zip file with all extension artifacts' | |
required: false | |
type: boolean | |
default: false | |
env: | |
DEPENDENCIES: "liquibase-bigquery" # Comma separated list of dependencies to release the extensions list | |
EXTENSIONS: "liquibase-commercial-bigquery" # Comma separated list of extensions to release to GPM | |
jobs: | |
setup: | |
name: Setup | |
runs-on: ubuntu-22.04 | |
outputs: | |
version: ${{ steps.collect-data.outputs.version }} | |
branch: ${{ steps.collect-data.outputs.branch }} | |
runId: ${{ steps.collect-data.outputs.runId }} | |
uber_jar_runId: ${{ steps.get_run_id.outputs.run_id }} | |
dependencies: ${{ env.DEPENDENCIES }} | |
extensions: ${{ env.EXTENSIONS }} | |
steps: | |
- name: Collect Data | |
id: collect-data | |
uses: actions/github-script@v7 | |
with: | |
script: | | |
core.setOutput("version", context.payload.inputs.version); | |
core.setOutput("branch", context.payload.inputs.branch || "master"); | |
core.setOutput("runId", context.payload.inputs.runId); | |
- run: | | |
echo "Creating version ${{ steps.collect-data.outputs.version }} from ${{ steps.collect-data.outputs.branch }} with artifacts from build ${{ steps.collect-data.outputs.runId }} " | |
build-azure-uber-jar: | |
needs: [ setup ] | |
uses: liquibase/liquibase/.github/workflows/build-azure-uber-jar.yml@master | |
with: | |
branch: ${{ needs.setup.outputs.branch }} | |
liquibase-version: ${{ needs.setup.outputs.version }} | |
secrets: inherit | |
build-extension-jars: | |
needs: [ setup ] | |
uses: liquibase/liquibase/.github/workflows/build-extension-jars.yml@master | |
with: | |
liquibase-version: ${{ needs.setup.outputs.version }} | |
dependencies: ${{ needs.setup.outputs.dependencies }} | |
extensions: ${{ needs.setup.outputs.extensions }} | |
secrets: inherit | |
reversion: | |
needs: [ setup, build-azure-uber-jar, build-extension-jars] | |
name: Re-version artifacts ${{ needs.setup.outputs.version }} | |
runs-on: ubuntu-22.04 | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/checkout@v4 | |
name: Checkout liquibase-pro | |
with: | |
repository: liquibase/liquibase-pro | |
ref: "${{ needs.setup.outputs.branch }}" | |
path: download/repo/liquibase-pro | |
token: ${{ secrets.BOT_TOKEN }} | |
- name: Download liquibase-artifacts | |
uses: liquibase/action-download-artifact@v2-liquibase | |
with: | |
workflow: run-tests.yml | |
run_id: ${{ needs.setup.outputs.runId }} | |
name: liquibase-artifacts | |
path: download/liquibase-artifacts | |
- name: Get Current Run ID | |
id: get_run_id | |
run: | | |
run_id=${{ github.run_id }} | |
echo "uber_jar_runId=${run_id}" >> $GITHUB_OUTPUT | |
- name: Download liquibase-pro-azure-artifacts | |
uses: liquibase/action-download-artifact@v2-liquibase | |
with: | |
workflow: build-azure-uber-jar.yml | |
run_id: ${{ steps.get_run_id.outputs.run_id }} | |
name: liquibase-pro-azure-artifacts | |
path: liquibase-pro/liquibase-azure-deps | |
- name: Generate repositories and servers JSON | |
id: generate-json | |
run: | | |
IFS=',' read -ra EXT <<< "${{ needs.setup.outputs.extensions }}" | |
repositories="" | |
servers="" | |
for i in "${EXT[@]}"; do | |
repositories+="{\"id\": \"$i\",\"url\": \"https://maven.pkg.github.com/liquibase/$i\",\"releases\": {\"enabled\": \"true\"},\"snapshots\": {\"enabled\": \"true\",\"updatePolicy\": \"always\"}}," | |
servers+="{\"id\": \"$i\",\"username\": \"liquibot\",\"password\": \"${{ secrets.LIQUIBOT_PAT_GPM_ACCESS }}\"}," | |
done | |
# Remove trailing comma and wrap with brackets | |
repositories="["${repositories::-1}"]" | |
servers="["${servers::-1}"]" | |
echo "REPOSITORIES_JSON=$repositories" >> $GITHUB_ENV | |
echo "SERVERS_JSON=$servers" >> $GITHUB_ENV | |
- name: maven-settings-xml-action | |
uses: whelk-io/maven-settings-xml-action@v22 | |
with: | |
repositories: ${{ env.REPOSITORIES_JSON }} | |
servers: ${{ env.SERVERS_JSON }} | |
- name: Get extensions artifacts | |
run: | | |
IFS=',' read -ra ADDR <<< "${{ needs.setup.outputs.extensions }}" | |
for extension in "${ADDR[@]}"; do | |
mvn dependency:get -DgroupId=org.liquibase.ext -DartifactId=$extension -Dversion=${{ needs.setup.outputs.version }} -Dtransitive=false || echo "Failed to download $extension artifact" | |
done | |
- name: Set up JDK | |
uses: actions/setup-java@v4 | |
with: | |
java-version: '8' | |
distribution: 'adopt' | |
gpg-private-key: ${{ secrets.GPG_SECRET }} | |
gpg-passphrase: GPG_PASSPHRASE | |
env: | |
GPG_PASSWORD: ${{ secrets.GPG_PASSPHRASE }} | |
- name: Re-version Artifacts | |
env: | |
GPG_PASSWORD: ${{ secrets.GPG_PASSPHRASE }} | |
run: | | |
scripts_branch=${{ github.ref }} | |
mkdir -p $PWD/.github/util/ | |
# Download a script (re-version.sh) from a URL and save it to the specified directory | |
curl -o $PWD/.github/util/re-version.sh https://raw.githubusercontent.com/liquibase/liquibase/$scripts_branch/.github/util/re-version.sh | |
# Download another script (sign-artifacts.sh) from a URL and save it to the specified directory | |
curl -o $PWD/.github/util/sign-artifacts.sh https://raw.githubusercontent.com/liquibase/liquibase/$scripts_branch/.github/util/sign-artifacts.sh | |
curl -o $PWD/.github/util/ManifestReversion.java https://raw.githubusercontent.com/liquibase/liquibase/$scripts_branch/.github/util/ManifestReversion.java | |
chmod +x $PWD/.github/util/re-version.sh | |
chmod +x $PWD/.github/util/ManifestReversion.java | |
chmod +x $PWD/.github/util/sign-artifacts.sh | |
$PWD/.github/util/re-version.sh download/liquibase-artifacts "${{ needs.setup.outputs.version }}" "${{ needs.setup.outputs.branch }}" | |
# Execute the sign-artifacts.sh script with specific arguments | |
$PWD/.github/util/sign-artifacts.sh download/liquibase-artifacts "${{ needs.setup.outputs.version }}" "${{ needs.setup.outputs.branch }}" | |
## Sign Files | |
## liquibase-azure-deps and liquibase extensions are already on its correct version. Check reusable workflow: build-azure-uber-jar.yml and build-extension-jars.yml | |
mv liquibase-pro/liquibase-azure-deps/* re-version/out | |
# Get extensions defined in needs.setup.outputs.extensions from the local maven repository | |
IFS=',' read -ra EXT <<< "${{ needs.setup.outputs.extensions }}" | |
for i in "${EXT[@]}"; do | |
mv ~/.m2/repository/org/liquibase/ext/$i/${{ needs.setup.outputs.version }}/$i-${{ needs.setup.outputs.version }}.jar re-version/out | |
done | |
$PWD/.github/util/sign-artifacts.sh re-version/out | |
# Move files to a specific directory | |
mkdir re-version/final | |
mv re-version/out/liquibase-core-${{ needs.setup.outputs.version }}.jar re-version/final | |
mv re-version/out/liquibase-commercial-${{ needs.setup.outputs.version }}.jar re-version/final | |
mv re-version/out/liquibase-${{ needs.setup.outputs.version }}.tar.gz re-version/final | |
mv re-version/out/liquibase-${{ needs.setup.outputs.version }}.zip re-version/final | |
mv re-version/out/liquibase-azure-deps-${{ needs.setup.outputs.version }}.jar re-version/final/liquibase-azure-deps-${{ needs.setup.outputs.version }}.jar | |
IFS=',' read -ra EXT <<< "${{ needs.setup.outputs.extensions }}" | |
for i in "${EXT[@]}"; do | |
mv re-version/out/$i-${{ needs.setup.outputs.version }}.jar re-version/final/$i-${{ needs.setup.outputs.version }}.jar | |
done | |
(cd re-version/out/ && zip liquibase-additional-${{ needs.setup.outputs.version }}.zip *) | |
mv re-version/out/liquibase-additional-${{ needs.setup.outputs.version }}.zip re-version/final | |
- name: Cache Completed Artifacts | |
uses: actions/cache@v4.0.2 | |
with: | |
key: completed-artifacts-${{ github.run_number }}-${{ github.run_attempt }} | |
path: re-version/final | |
- name: Set repository tags | |
if: ${{ inputs.standaloneZip == 'false' }} | |
run: | | |
git tag -f v${{ needs.setup.outputs.version }} | |
git push -f origin v${{ needs.setup.outputs.version }} | |
(cd download/repo/liquibase-pro && git tag -f v${{ needs.setup.outputs.version }}) | |
(cd download/repo/liquibase-pro && git push -f origin v${{ needs.setup.outputs.version }}) | |
- name: Attach standalone zip file | |
if: ${{ inputs.standaloneZip == 'true' }} | |
uses: actions/upload-artifact@v4 | |
with: | |
name: liquibase-standalone-${{ needs.setup.outputs.version }}.zip | |
path: re-version/final/*.zip | |
build-installers: | |
if: ${{ inputs.standaloneZip == 'false' }} | |
permissions: | |
contents: write # for softprops/action-gh-release to create GitHub release | |
needs: [ setup, reversion ] | |
name: Build Installers | |
runs-on: macos-13 #needs macos for apple notarization | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Restore Completed Artifacts | |
uses: actions/cache@v4.0.2 | |
with: | |
key: completed-artifacts-${{ github.run_number }}-${{ github.run_attempt }} | |
path: re-version/final | |
- name: Set up JDK for GPG | |
uses: actions/setup-java@v4 | |
with: | |
java-version: '8' | |
distribution: 'adopt' | |
gpg-private-key: ${{ secrets.GPG_SECRET }} | |
gpg-passphrase: GPG_PASSPHRASE | |
env: | |
GPG_PASSWORD: ${{ secrets.GPG_PASSPHRASE }} | |
- name: Re-version Installers | |
env: | |
INSTALL4J_10_LICENSE: ${{ secrets.INSTALL4J_10_LICENSE }} | |
INSTALL4J_APPLE_KEY: ${{ secrets.INSTALL4J_APPLE_KEY }} | |
INSTALL4J_APPLE_KEY_PASSWORD: ${{ secrets.INSTALL4J_APPLE_KEY_PASSWORD }} | |
INSTALL4J_APPLE_ID: ${{ secrets.INSTALL4J_APPLE_ID }} | |
INSTALL4J_APPLE_ID_PASSWORD: ${{ secrets.INSTALL4J_APPLE_ID_PASSWORD }} | |
INSTALL4J_WINDOWS_KEY: ${{ secrets.INSTALL4J_WINDOWS_KEY }} | |
INSTALL4J_WINDOWS_KEY_PASSWORD: ${{ secrets.INSTALL4J_WINDOWS_KEY_PASSWORD }} | |
GPG_PASSWORD: ${{ secrets.GPG_PASSPHRASE }} | |
run: | | |
mkdir -p liquibase-dist/target/keys | |
echo "Saving apple key" | |
echo "$INSTALL4J_APPLE_KEY" | base64 -d > liquibase-dist/target/keys/datical_apple.p12 | |
echo "Saving windows key" | |
echo "$INSTALL4J_WINDOWS_KEY" | base64 -d > liquibase-dist/target/keys/datical_windows.pfx | |
version="${{ needs.setup.outputs.version }}" | |
##### Rebuild installers | |
tarFile=$(pwd)/re-version/final/liquibase-$version.tar.gz | |
scriptDir=$(pwd)/.github/util/ | |
mkdir -p liquibase-dist/target/liquibase-$version | |
(cd liquibase-dist/target/liquibase-$version && tar xfz $tarFile) | |
(cd liquibase-dist && $scriptDir/package-install4j.sh $version) | |
mv liquibase-dist/target/liquibase-*-installer-* re-version/final | |
##Sign Files | |
$PWD/.github/util/sign-artifacts.sh re-version/final | |
(cd re-version/final && zip liquibase-additional-$version.zip *.asc *.md5 *.sha1) | |
rm re-version/final/*.asc | |
rm re-version/final/*.md5 | |
rm re-version/final/*.sha1 | |
- name: Attach Files to Draft Release | |
uses: softprops/action-gh-release@v2 | |
with: | |
tag_name: v${{ needs.setup.outputs.version }} | |
fail_on_unmatched_files: true | |
body: Liquibase ${{ needs.setup.outputs.version }} | |
generate_release_notes: true | |
draft: true | |
files: re-version/final/* | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |