Skip to content

Commit

Permalink
Sign artifacts
Browse files Browse the repository at this point in the history
  • Loading branch information
henryju committed Apr 30, 2021
1 parent fd18b20 commit b66ddc8
Show file tree
Hide file tree
Showing 2 changed files with 50 additions and 7 deletions.
48 changes: 42 additions & 6 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -23,23 +23,59 @@ jobs:
slack_channel: sonarlint-java
env:
ARTIFACTORY_API_KEY: ${{ secrets.ARTIFACTORY_API_KEY }}
BINTRAY_USER: ${{ secrets.BINTRAY_USER }}
BINTRAY_TOKEN: ${{ secrets.BINTRAY_TOKEN }}
BURGRX_USER: ${{ secrets.BURGRX_USER }}
BURGRX_PASSWORD: ${{ secrets.BURGRX_PASSWORD }}
CENTRAL_USER: ${{ secrets.CENTRAL_USER }}
CENTRAL_PASSWORD: ${{ secrets.CENTRAL_PASSWORD }}
GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
PATH_PREFIX: ${{ secrets.BINARIES_PATH_PREFIX }}
GITHUB_TOKEN: ${{ secrets.RELEASE_GITHUB_TOKEN }}
RELEASE_SSH_USER: ${{ secrets.RELEASE_SSH_USER }}
RELEASE_SSH_KEY: ${{ secrets.RELEASE_SSH_KEY }}
SLACK_API_TOKEN: ${{secrets.SLACK_API_TOKEN }}
# Put your action repo here
uses: SonarSource/gh-action_LT_release@v2
uses: SonarSource/gh-action_release/main@v3

- name: Check outputs
if: always()
run: |
echo "${{ steps.sl_release.outputs.releasability }}"
echo "${{ steps.sl_release.outputs.release }}"
maven-central-sync:
runs-on: ubuntu-latest
needs:
- sonar_release
steps:
- name: Setup JFrog CLI
uses: jfrog/setup-jfrog-cli@v1
- name: JFrog config
run: jfrog rt config repox --url https://repox.jfrog.io/artifactory/ --apikey $ARTIFACTORY_API_KEY --basic-auth-only
env:
ARTIFACTORY_API_KEY: ${{ secrets.ARTIFACTORY_API_KEY }}
- name: Get the version
id: get_version
run: |
IFS=. read major minor patch build <<< "${{ github.event.release.tag_name }}"
echo ::set-output name=build::"${build}"
- name: Create local repository directory
id: local_repo
run: echo ::set-output name=dir::"$(mktemp -d repo.XXXXXXXX)"
- name: Download Artifacts
uses: SonarSource/gh-action_release/download-build@v3
with:
build-number: ${{ steps.get_version.outputs.build }}
local-repo-dir: ${{ steps.local_repo.outputs.dir }}
- name: Maven Central Sync
id: maven-central-sync
continue-on-error: true
uses: SonarSource/gh-action_release/maven-central-sync@v3
with:
local-repo-dir: ${{ steps.local_repo.outputs.dir }}
env:
OSSRH_USERNAME: ${{ secrets.OSSRH_USERNAME }}
OSSRH_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
- name: Notify on failure
if: ${{ failure() || steps.maven-central-sync.outcome == 'failure' }}
uses: 8398a7/action-slack@v3
with:
status: failure
fields: repo,author,eventName
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_BUILD_WEBHOOK }}
9 changes: 8 additions & 1 deletion azure-pipelines.yml
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,11 @@ stages:
name: jks
inputs:
secureFile: 'SonarSource-2019-2021.jks'
- task: DownloadSecureFile@1
displayName: 'Download the sign key'
name: pgpSignKey
inputs:
secureFile: 'sign-key.asc'
- template: update-maven-version-steps.yml
parameters:
mavenSettingsFilePath: $(mavenSettings.secureFilePath)
Expand All @@ -62,14 +67,16 @@ stages:
env:
ARTIFACTORY_DEPLOY_USERNAME: $(ARTIFACTORY_DEPLOY_USERNAME)
ARTIFACTORY_DEPLOY_PASSWORD: $(ARTIFACTORY_DEPLOY_PASSWORD)
PGP_PASSPHRASE: $(PGP_PASSPHRASE)
GIT_SHA1: $(Build.SourceVersion)
GITHUB_BRANCH: $(fixedBranch)
inputs:
goals: 'deploy'
options: >-
$(commonMavenArguments)
--settings $(mavenSettings.secureFilePath)
-Prelease
-Prelease,sign
-Dsign.keyFile=$(pgpSignKey.secureFilePath)
-Djarsigner.skip=false
-Dsonarsource.keystore.path=$(jks.secureFilePath)
-Dsonarsource.keystore.password=$(jksPassword)
Expand Down

0 comments on commit b66ddc8

Please sign in to comment.