search

siom79 / japicmp

Comparison of two versions of a jar archive
https://siom79.github.io/japicmp
Apache License 2.0
701 stars 107 forks source link

Add release workflow #316

Closed scordio closed 2 years ago

scordio commented 2 years ago

Once merged, the release can be triggered via manual action under the workflow page.

The version should be set before triggering the release as no special parameter is exposed (the released version will be the one set in the POM and the next development version will have the patch number increased).

The following secrets should be added to the repository configuration:

siom79 commented 2 years ago

I have to upload my private GPG key to github? Sounds not so good.

You have removed the profile to sign the artifacts. Where will the artifacts now get signed? Without it the OSS repository will reject them.

scordio commented 2 years ago

I have to upload my private GPG key to github? Sounds not so good.

That's pretty much standard secret management, see more at https://docs.github.com/en/actions/security-guides/encrypted-secrets.

An important aspect is that GitHub uses a libsodium sealed box to help ensure that secrets are encrypted before they reach GitHub and remain encrypted until you use them in a workflow.

You have removed the profile to sign the artifacts. Where will the artifacts now get signed? Without it the OSS repository will reject them.

That was a duplicate, already declared in the release profile: https://github.com/siom79/japicmp/blob/62c69c4d9199eaef8173841803fad2590c9046b7/pom.xml#L518-L531

siom79 commented 2 years ago

How do I specify the version to release?

scordio commented 2 years ago

By default, the maven-release-plugin takes the version you have in the POM and removes the snapshot part, i.e.: 0.15.7 would be the current result.

If you want a different version, the POM should be updated in advance or the release workflow could be enhanced to accept parameters.

BTW I see that the release failed during the build of japicmp-ant-task with

org.apache.tools.ant.BuildException: Dependencies not found in Maven cache

Do you know already why? Otherwise I can look at it.

siom79 commented 2 years ago

I have found the issue.

But it took me 10 tries to get it working. ;) The final point missing was to align the repository id in the distributionManagement of the root pom with the server-id in the release.yml. Otherwise you just get a authorization failure.

Thanks again for setting everything up.

scordio commented 2 years ago

Great catch and sorry for missing that!