From 5efbd16c4f4b4b96dc2740ce1d454d53b2759ad2 Mon Sep 17 00:00:00 2001 From: Bernhard Fuchs Date: Tue, 14 Jan 2025 09:30:55 +0100 Subject: [PATCH] ci: use centralised maven workflows with secret inherit (#29) --- .github/workflows/maven-release.yml | 49 ++++------------------------ .github/workflows/maven-snapshot.yml | 37 ++++----------------- 2 files changed, 13 insertions(+), 73 deletions(-) diff --git a/.github/workflows/maven-release.yml b/.github/workflows/maven-release.yml index e860ea8..966996a 100644 --- a/.github/workflows/maven-release.yml +++ b/.github/workflows/maven-release.yml @@ -3,7 +3,7 @@ name: Maven release on: workflow_dispatch: inputs: - version-core: + release_type: description: 'Major, Minor or Patch release' type: choice required: true @@ -14,44 +14,9 @@ on: - "patch" jobs: - build: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@master - - - name: Import Secrets - uses: hashicorp/vault-action@v2.3.0 - with: - url: ${{ secrets.VAULT_ADDR }} - token: ${{ secrets.CI_SECRET_READER_PERIODIC_TOKEN }} - caCertificate: ${{ secrets.VAULTCA }} - secrets: | - ci/data/gh-workflows/maven-danubetech-nexus username | MAVEN_USERNAME ; - ci/data/gh-workflows/maven-danubetech-nexus password | MAVEN_PASSWORD ; - ci/data/gh-workflows/maven-release-workflow token | TOKEN - - - name: Release to Danubetech Nexus - uses: BernhardFuchs/docker-maven-release@use-dynamic-input - with: - release-branch-name: main - maven-repo-server-id: danubetech-maven-releases - maven-repo-server-username: ${{ env.MAVEN_USERNAME }} - maven-repo-server-password: ${{ env.MAVEN_PASSWORD }} - access-token: ${{ env.TOKEN }} - version-core: ${{ github.event.inputs.version-core }} - maven-development-version-format-minor: ${parsedVersion.majorVersion}.${parsedVersion.nextMinorVersion}-SNAPSHOT - maven-development-version-format-major: ${parsedVersion.nextMajorVersion}.1-SNAPSHOT - maven-release-version-format-minor: ${parsedVersion.majorVersion}.${parsedVersion.minorVersion}.0 - maven-release-version-format-major: ${parsedVersion.nextMajorVersion}.0.0 - git-release-bot-name: "admin-bot" - git-release-bot-email: "admin@danubetech.com" - maven-args: "-Dmaven.javadoc.skip=true -DskipITs" - - - name: Slack notification - if: failure() - uses: 8398a7/action-slack@v3 - with: - status: ${{ job.status }} - fields: repo,commit,action,eventName,ref,workflow - env: - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + maven-release: + uses: danubetech/workflows/.github/workflows/maven-release.yml@main + with: + MAVEN_REPO_SERVER_ID: 'danubetech-maven-releases' + RELEASE_TYPE: ${{ github.event.inputs.release_type }} + secrets: inherit diff --git a/.github/workflows/maven-snapshot.yml b/.github/workflows/maven-snapshot.yml index bb4880d..cf789e6 100644 --- a/.github/workflows/maven-snapshot.yml +++ b/.github/workflows/maven-snapshot.yml @@ -7,37 +7,12 @@ on: - 'README.md' - 'LICENSE' - 'docs' - branches: [main] + branches: [ main ] workflow_dispatch: jobs: - build: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@master - - name: Import Secrets - uses: hashicorp/vault-action@v2.3.0 - with: - url: ${{ secrets.VAULT_ADDR }} - token: ${{ secrets.CI_SECRET_READER_PERIODIC_TOKEN }} - caCertificate: ${{ secrets.VAULTCA }} - secrets: | - ci/data/gh-workflows/maven-danubetech-nexus username | MAVEN_USERNAME ; - ci/data/gh-workflows/maven-danubetech-nexus password | MAVEN_PASSWORD - - - name: Run maven deploy action - uses: danubetech/github-action-maven-deploy@master - with: - server_id: danubetech-maven-snapshots - env: - MAVEN_USERNAME: ${{ env.MAVEN_USERNAME }} - MAVEN_PASSWORD: ${{ env.MAVEN_PASSWORD }} - - - name: Slack notification - if: failure() - uses: 8398a7/action-slack@v3 - with: - status: ${{ job.status }} - fields: repo,commit,action,eventName,ref,workflow - env: - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + maven-snapshot: + uses: danubetech/workflows/.github/workflows/maven-snapshot.yml@main + with: + MAVEN_REPO_SERVER_ID: 'danubetech-maven-snapshots' + secrets: inherit