Skip to content

Commit

Permalink
ci: use centralised maven workflows with secret inherit (#29)
Browse files Browse the repository at this point in the history
  • Loading branch information
@BernhardFuchs
BernhardFuchs authored Jan 14, 2025
1 parent 27585df commit 5efbd16
Show file tree
Hide file tree
Showing 2 changed files with 13 additions and 73 deletions.
49 changes: 7 additions & 42 deletions .github/workflows/maven-release.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ name: Maven release
on:
workflow_dispatch:
inputs:
version-core:
release_type:
description: 'Major, Minor or Patch release'
type: choice
required: true
Expand All @@ -14,44 +14,9 @@ on:
- "patch"

jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@master

- name: Import Secrets
uses: hashicorp/[email protected]
with:
url: ${{ secrets.VAULT_ADDR }}
token: ${{ secrets.CI_SECRET_READER_PERIODIC_TOKEN }}
caCertificate: ${{ secrets.VAULTCA }}
secrets: |
ci/data/gh-workflows/maven-danubetech-nexus username | MAVEN_USERNAME ;
ci/data/gh-workflows/maven-danubetech-nexus password | MAVEN_PASSWORD ;
ci/data/gh-workflows/maven-release-workflow token | TOKEN
- name: Release to Danubetech Nexus
uses: BernhardFuchs/docker-maven-release@use-dynamic-input
with:
release-branch-name: main
maven-repo-server-id: danubetech-maven-releases
maven-repo-server-username: ${{ env.MAVEN_USERNAME }}
maven-repo-server-password: ${{ env.MAVEN_PASSWORD }}
access-token: ${{ env.TOKEN }}
version-core: ${{ github.event.inputs.version-core }}
maven-development-version-format-minor: ${parsedVersion.majorVersion}.${parsedVersion.nextMinorVersion}-SNAPSHOT
maven-development-version-format-major: ${parsedVersion.nextMajorVersion}.1-SNAPSHOT
maven-release-version-format-minor: ${parsedVersion.majorVersion}.${parsedVersion.minorVersion}.0
maven-release-version-format-major: ${parsedVersion.nextMajorVersion}.0.0
git-release-bot-name: "admin-bot"
git-release-bot-email: "[email protected]"
maven-args: "-Dmaven.javadoc.skip=true -DskipITs"

- name: Slack notification
if: failure()
uses: 8398a7/action-slack@v3
with:
status: ${{ job.status }}
fields: repo,commit,action,eventName,ref,workflow
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
maven-release:
uses: danubetech/workflows/.github/workflows/maven-release.yml@main
with:
MAVEN_REPO_SERVER_ID: 'danubetech-maven-releases'
RELEASE_TYPE: ${{ github.event.inputs.release_type }}
secrets: inherit
37 changes: 6 additions & 31 deletions .github/workflows/maven-snapshot.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,37 +7,12 @@ on:
- 'README.md'
- 'LICENSE'
- 'docs'
branches: [main]
branches: [ main ]
workflow_dispatch:

jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@master
- name: Import Secrets
uses: hashicorp/[email protected]
with:
url: ${{ secrets.VAULT_ADDR }}
token: ${{ secrets.CI_SECRET_READER_PERIODIC_TOKEN }}
caCertificate: ${{ secrets.VAULTCA }}
secrets: |
ci/data/gh-workflows/maven-danubetech-nexus username | MAVEN_USERNAME ;
ci/data/gh-workflows/maven-danubetech-nexus password | MAVEN_PASSWORD
- name: Run maven deploy action
uses: danubetech/github-action-maven-deploy@master
with:
server_id: danubetech-maven-snapshots
env:
MAVEN_USERNAME: ${{ env.MAVEN_USERNAME }}
MAVEN_PASSWORD: ${{ env.MAVEN_PASSWORD }}

- name: Slack notification
if: failure()
uses: 8398a7/action-slack@v3
with:
status: ${{ job.status }}
fields: repo,commit,action,eventName,ref,workflow
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
maven-snapshot:
uses: danubetech/workflows/.github/workflows/maven-snapshot.yml@main
with:
MAVEN_REPO_SERVER_ID: 'danubetech-maven-snapshots'
secrets: inherit

0 comments on commit 5efbd16

Please sign in to comment.