jdaugherty commented on code in PR #6:
URL:
https://github.com/apache/incubator-grails-gradle-publish/pull/6#discussion_r2254147210
##########
.github/workflows/release.yaml:
##########
@@ -33,39 +34,34 @@ jobs:
target_branch: ${{ steps.extract_branch.outputs.value }}
extract_repository_name: ${{
steps.extract_repository_name.outputs.repository_name }}
steps:
- - name: "Output Agent IP" # in the event RAO blocks this agent, this can
be used to debug it
+ - name: "🌐 Output Agent IP" # in the event RAO blocks this agent, this
can be used to debug it
run: curl -s https://api.ipify.org
- - name: "Extract repository name"
+ - name: "📝 Extract repository name"
id: extract_repository_name
- run: |
- echo "repository_name=${GITHUB_REPOSITORY##*/}" >> $GITHUB_OUTPUT
+ run: echo "repository_name=${GITHUB_REPOSITORY##*/}" >> $GITHUB_OUTPUT
- name: "📥 Checkout repository"
uses: actions/checkout@v4
with:
- token: ${{ secrets.GITHUB_TOKEN }}
ref: ${{ github.ref }}
fetch-depth: 1
fetch-tags: true
- - name: 'Ensure Common Build Date' # to ensure a reproducible build
+ - name: "📅 Store common build date" # to ensure a reproducible build
run: echo "SOURCE_DATE_EPOCH=$(git log -1 --pretty=%ct)" >>
"$GITHUB_ENV"
- - name: "Ensure source files use common date"
- run: |
- find . -depth \( -type f -o -type d \) -exec touch -d
"@${SOURCE_DATE_EPOCH}" {} +
- - name: '🔐 Set up GPG'
+ - name: "📅 Ensure source files use common date"
+ run: find . -depth \( -type f -o -type d \) -exec touch -d
"@${SOURCE_DATE_EPOCH}" {} +
+ - name: "🔐 Set up GPG for signing"
run: |
echo "${{ secrets.GRAILS_GPG_KEY }}" | gpg --batch --import
gpg --list-keys
- env:
- GPG_KEY_ID: ${{ secrets.GPG_KEY_ID }}
- name: "☕️ Setup JDK"
uses: actions/setup-java@v4
with:
distribution: liberica
- java-version: '17.0.14' # this must be a specific version for
reproducible builds
+ java-version: 17.0.14 # this must be a specific version for
reproducible builds
Review Comment:
Does yaml trim strings when there's a space between the string and the
comment? I had added quotes to make it explicit
##########
.asf.yaml:
##########
@@ -3,7 +3,7 @@ github:
issues: true
projects: true
discussions: true
- description: "Apache Grails (incubating) - Gradle Plugin - Grails Publish"
+ description: "Apache Grails (incubating) - Grails Publish Gradle Plugin"
Review Comment:
I had issues with this file updating in this branch and had to create a main
branch with an asf.yaml file instead. Hopefully this works now and the initial
failures were related to the repo being new.
##########
.github/workflows/release.yaml:
##########
@@ -179,86 +153,107 @@ jobs:
- name: "📥 Checkout repository"
uses: actions/checkout@v4
with:
- token: ${{ secrets.GITHUB_TOKEN }}
ref: v${{ needs.publish.outputs.release_version }}
Review Comment:
I think the token is required?
##########
.github/workflows/release.yaml:
##########
@@ -404,9 +396,9 @@ jobs:
with:
develocity-access-key: ${{ secrets.GRAILS_DEVELOCITY_ACCESS_KEY }}
- name: "📖 Generate Documentation"
- run: ./gradlew grails-publish:groovydoc -PgithubBranch=${{
needs.publish.outputs.target_branch }}
- env:
- GRAILS_PUBLISH_RELEASE: 'true'
+ run: >
+ ./gradlew grails-publish:groovydoc
+ -PgithubBranch=${{ needs.publish.outputs.target_branch }}
Review Comment:
We should leave GRAILS_PUBLISH_RELEASE set here - so we consistently invoke
gradle with the same arguments for a release.
##########
gradle/signing-config.gradle:
##########
@@ -18,6 +18,10 @@
*/
import io.github.gradlenexus.publishplugin.InitializeNexusStagingRepository
+ext.set('signing.keyId', findProperty('signing.keyId') ?:
System.getenv('SIGNING_KEY'))
Review Comment:
We probably should only set these if it's a release version now.
##########
.github/vote_templates/staged.txt:
##########
@@ -19,20 +19,20 @@ Binary distributions:
https://dist.apache.org/repos/dist/dev/incubator/grails/gr
Release artifacts are signed with a key from the following file:
https://dist.apache.org/repos/dist/release/incubator/grails/KEYS
-Please vote on releasing this package as Apache Grails (incubating) - Gradle
Plugin - Grails Publish ${VERSION}.
+Please vote on releasing this package as Apache Grails (incubating) - Grails
Publish Gradle Plugin ${VERSION}.
Reminder on ASF release approval requirements for PPMC members:
https://www.apache.org/legal/release-policy.html#release-approval
Hints on validating checksums/signatures (but replace md5sum with sha512sum):
https://www.apache.org/info/verification.html
-The vote is open for the next 72 hours and passes if a majority of at least
+The vote is open for a minimum of 72 hours and passes if a majority of at least
Review Comment:
Can you submit a PR for similar changes to grails-core?
##########
.github/workflows/release.yaml:
##########
@@ -179,86 +153,107 @@ jobs:
- name: "📥 Checkout repository"
uses: actions/checkout@v4
with:
- token: ${{ secrets.GITHUB_TOKEN }}
ref: v${{ needs.publish.outputs.release_version }}
- path: "grails-publish"
+ path: 'grails-publish'
- name: "🗑️ Remove unnecessary files"
run: |
- rm -f grails-publish/gradle/wrapper/gradle-wrapper.jar
- rm -f grails-publish/gradle/wrapper/gradle-wrapper.properties
- rm -f grails-publish/gradlew
- - name: "Download CHECKSUMS.txt and rename to CHECKSUMS"
- working-directory: "grails-publish"
+ rm -f \
+ grails-publish/gradle/wrapper/gradle-wrapper.jar \
+ grails-publish/gradle/wrapper/gradle-wrapper.properties \
+ grails-publish/gradlew.bat \
+ grails-publish/gradlew
+ - name: "📥 Download CHECKSUMS.txt and rename to CHECKSUMS"
+ working-directory: 'grails-publish'
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
release_url=$(gh release view v${{
needs.publish.outputs.release_version }} --json assets --repo ${{
github.repository }} --jq '.assets[] | select(.name == "CHECKSUMS.txt") | .url')
curl -L -H "Authorization: token $GH_TOKEN" -o CHECKSUMS
"$release_url"
- - name: "Download PUBLISHED_ARTIFACTS.txt and rename to
PUBLISHED_ARTIFACTS"
- working-directory: "grails-publish"
+ - name: "📥 Download PUBLISHED_ARTIFACTS.txt and rename to
PUBLISHED_ARTIFACTS"
+ working-directory: 'grails-publish'
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
release_url=$(gh release view v${{
needs.publish.outputs.release_version }} --json assets --repo ${{
github.repository }} --jq '.assets[] | select(.name ==
"PUBLISHED_ARTIFACTS.txt") | .url')
curl -L -H "Authorization: token $GH_TOKEN" -o PUBLISHED_ARTIFACTS
"$release_url"
- - name: "Download BUILD_DATE.txt and rename to BUILD_DATE"
- working-directory: "grails-publish"
+ - name: "📥 Download BUILD_DATE.txt and rename to BUILD_DATE"
+ working-directory: 'grails-publish'
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
release_url=$(gh release view v${{
needs.publish.outputs.release_version }} --json assets --repo ${{
github.repository }} --jq '.assets[] | select(.name == "BUILD_DATE.txt") |
.url')
curl -L -H "Authorization: token $GH_TOKEN" -o BUILD_DATE
"$release_url"
- - name: "Ensure source files use common date"
+ - name: "📅 Ensure source files use common date"
run: |
SOURCE_DATE_EPOCH=$(cat grails-publish/BUILD_DATE)
find . -depth \( -type f -o -type d \) -exec touch -d
"@${SOURCE_DATE_EPOCH}" {} +
- name: "📦 Create source distribution ZIP"
run: |
- zip -r "apache-grails-publish-${{
needs.publish.outputs.release_version }}-incubating-src.zip" grails-publish -x
'grails-publish/.git/*' -x 'grails-publish/.github/*'
- - name: '🔐 Set up GPG'
+ zip -r \
+ "apache-grails-publish-${{ needs.publish.outputs.release_version
}}-incubating-src.zip" \
+ grails-publish \
+ -x 'grails-publish/.git/*' \
+ -x 'grails-publish/.github/*'
+ - name: '🔐 Set up GPG for signing artifacts'
run: |
echo "${{ secrets.GRAILS_GPG_KEY }}" | gpg --batch --import
gpg --list-keys
- env:
- GPG_KEY_ID: ${{ secrets.GPG_KEY_ID }}
- name: "🔏 Sign source distribution ZIP"
- env:
- GPG_KEY_ID: ${{ secrets.GPG_KEY_ID }}
run: |
- gpg --default-key "${GPG_KEY_ID}" --batch --yes --pinentry-mode
loopback --armor --detach-sign apache-grails-publish-${{
needs.publish.outputs.release_version }}-incubating-src.zip
+ gpg \
+ --default-key "${{ secrets.GPG_KEY_ID }}" \
+ --batch \
+ --yes \
+ --pinentry-mode loopback \
+ --armor \
+ --detach-sign apache-grails-publish-${{
needs.publish.outputs.release_version }}-incubating-src.zip
- name: "📦 Create source distribution checksum"
run: |
- sha512sum apache-grails-publish-${{
needs.publish.outputs.release_version }}-incubating-src.zip >
"apache-grails-publish-${{ needs.publish.outputs.release_version
}}-incubating-src.zip.sha512"
+ sha512sum "apache-grails-publish-${{
needs.publish.outputs.release_version }}-incubating-src.zip" \
+ > "apache-grails-publish-${{ needs.publish.outputs.release_version
}}-incubating-src.zip.sha512"
- name: "🚀 Upload ZIP and Signature to GitHub Release"
uses: softprops/action-gh-release@v2
with:
tag_name: v${{ needs.publish.outputs.release_version }}
files: |
apache-grails-publish-${{ needs.publish.outputs.release_version
}}-incubating-src.zip
- apache-grails-publish-${{ needs.publish.outputs.release_version
}}-incubating-src.zip.sha512
apache-grails-publish-${{ needs.publish.outputs.release_version
}}-incubating-src.zip.asc
- - name: "Remove CHECKSUMS.txt asset from release"
- working-directory: "grails-publish"
+ apache-grails-publish-${{ needs.publish.outputs.release_version
}}-incubating-src.zip.sha512
+ - name: "🗑️ Remove CHECKSUMS.txt asset from release"
+ working-directory: 'grails-publish'
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
set -e
- gh release --repo ${{ github.repository }} delete-asset v${{
needs.publish.outputs.release_version }} CHECKSUMS.txt --yes
- - name: "Remove BUILD_DATE.txt asset from release"
- working-directory: "grails-publish"
+ gh release delete-asset \
+ v${{ needs.publish.outputs.release_version }} \
+ CHECKSUMS.txt \
+ --repo ${{ github.repository }} \
Review Comment:
The help documentation lists --repo as an argument to the release command
and not the delete-asset command. Does this work on the end?
##########
.github/workflows/release.yaml:
##########
@@ -76,99 +72,77 @@ jobs:
- name: "📝 Store the current release version"
id: release_version
run: echo "value=${GITHUB_REF:11}" >> $GITHUB_OUTPUT
- - name: '⚙️ Run pre-release'
+ - name: "⚙️ Run pre-release"
uses: apache/grails-github-actions/pre-release@asf
env:
RELEASE_VERSION: ${{ steps.release_version.outputs.value }}
- RELEASE_SCRIPT_PATH: '.github/scripts/setReleasedGrailsVersion.sh'
- - name: 'Fetch release Commit Hash'
+ - name: "📝 Fetch release commit hash"
id: commit_hash
env:
OWNER: ${{ github.repository_owner }}
REPO: ${{ steps.extract_repository_name.outputs.repository_name }}
TAG: 'v${{ steps.release_version.outputs.value }}'
run: |
ref_json=$(gh api "repos/$OWNER/$REPO/git/ref/tags/$TAG")
-
type=$(jq -r '.object.type' <<<"$ref_json")
sha=$(jq -r '.object.sha' <<<"$ref_json")
-
if [ "$type" = "tag" ]; then
sha=$(gh api "repos/$OWNER/$REPO/git/tags/$sha" --jq '.object.sha')
fi
-
echo "Found Commit Sha: $sha"
-
echo "value=$sha" >>"$GITHUB_OUTPUT"
- name: "🧩 Run Assemble"
- run: ./gradlew assemble -PgithubBranch=${{
steps.extract_branch.outputs.value }}
- env:
- GRAILS_PUBLISH_RELEASE: "true"
+ run: >
+ ./gradlew assemble
+ -PgithubBranch=${{ steps.extract_branch.outputs.value }}
- name: "📦 Generate docs"
- run: ./gradlew grails-publish:groovydoc -PgithubBranch=${{
steps.extract_branch.outputs.value }}
- env:
- GRAILS_PUBLISH_RELEASE: "true"
- - name: "Create Staging Repository"
+ run: >
+ ./gradlew grails-publish:groovydoc
+ -PgithubBranch=${{ steps.extract_branch.outputs.value }}
+ - name: "✨ Create Staging Repository"
env:
- GRAILS_PUBLISH_RELEASE: "true"
NEXUS_PUBLISH_USERNAME: ${{ secrets.NEXUS_STAGE_DEPLOYER_USER }}
NEXUS_PUBLISH_PASSWORD: ${{ secrets.NEXUS_STAGE_DEPLOYER_PW }}
NEXUS_PUBLISH_URL: 'https://repository.apache.org/service/local/'
NEXUS_PUBLISH_STAGING_PROFILE_ID: ${{ secrets.STAGING_PROFILE_ID }}
NEXUS_PUBLISH_DESCRIPTION: '${{
steps.extract_repository_name.outputs.repository_name }}:${{
steps.release_version.outputs.value }}'
SIGNING_KEY: ${{ secrets.GPG_KEY_ID }}
- run: >
- ./gradlew initializeSonatypeStagingRepository
+ run: ./gradlew initializeSonatypeStagingRepository
- name: "📤 Publish"
env:
- GRAILS_PUBLISH_RELEASE: 'true'
NEXUS_PUBLISH_USERNAME: ${{ secrets.NEXUS_STAGE_DEPLOYER_USER }}
NEXUS_PUBLISH_PASSWORD: ${{ secrets.NEXUS_STAGE_DEPLOYER_PW }}
NEXUS_PUBLISH_URL: 'https://repository.apache.org/service/local/'
NEXUS_PUBLISH_STAGING_PROFILE_ID: ${{ secrets.STAGING_PROFILE_ID }}
NEXUS_PUBLISH_DESCRIPTION: '${{
steps.extract_repository_name.outputs.repository_name }}:${{
steps.release_version.outputs.value }}'
SIGNING_KEY: ${{ secrets.GPG_KEY_ID }}
run: >
- ./gradlew
- -x initializeSonatypeStagingRepository
- findSonatypeStagingRepository
+ ./gradlew findSonatypeStagingRepository
publishToSonatype
aggregateChecksums
aggregatePublishedArtifacts
- - name: "📤 Close Staging Repository"
+ -x initializeSonatypeStagingRepository
+ - name: "✅ Close Staging Repository"
env:
Review Comment:
GRAILS_PUBLISH_RELEASE must be true here
##########
.github/workflows/release.yaml:
##########
@@ -20,11 +20,12 @@ on:
permissions: { }
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ GRAILS_PUBLISH_RELEASE: 'true'
jobs:
publish:
- name: "Stage Files"
+ name: "Stage Artifacts for Release"
permissions:
- contents: write # to create release & upload wrapper
+ contents: write # to create, release and upload wrapper (TODO: there
is no wrapper in this project, is this needed?, can we re-phrase?)
Review Comment:
It's really:
# to stage distributions to the github release
##########
.github/workflows/release.yaml:
##########
@@ -76,99 +72,77 @@ jobs:
- name: "📝 Store the current release version"
id: release_version
run: echo "value=${GITHUB_REF:11}" >> $GITHUB_OUTPUT
- - name: '⚙️ Run pre-release'
+ - name: "⚙️ Run pre-release"
uses: apache/grails-github-actions/pre-release@asf
env:
RELEASE_VERSION: ${{ steps.release_version.outputs.value }}
- RELEASE_SCRIPT_PATH: '.github/scripts/setReleasedGrailsVersion.sh'
- - name: 'Fetch release Commit Hash'
+ - name: "📝 Fetch release commit hash"
id: commit_hash
env:
OWNER: ${{ github.repository_owner }}
REPO: ${{ steps.extract_repository_name.outputs.repository_name }}
TAG: 'v${{ steps.release_version.outputs.value }}'
run: |
ref_json=$(gh api "repos/$OWNER/$REPO/git/ref/tags/$TAG")
-
type=$(jq -r '.object.type' <<<"$ref_json")
sha=$(jq -r '.object.sha' <<<"$ref_json")
-
if [ "$type" = "tag" ]; then
sha=$(gh api "repos/$OWNER/$REPO/git/tags/$sha" --jq '.object.sha')
fi
-
echo "Found Commit Sha: $sha"
-
echo "value=$sha" >>"$GITHUB_OUTPUT"
- name: "🧩 Run Assemble"
- run: ./gradlew assemble -PgithubBranch=${{
steps.extract_branch.outputs.value }}
- env:
- GRAILS_PUBLISH_RELEASE: "true"
+ run: >
+ ./gradlew assemble
+ -PgithubBranch=${{ steps.extract_branch.outputs.value }}
- name: "📦 Generate docs"
- run: ./gradlew grails-publish:groovydoc -PgithubBranch=${{
steps.extract_branch.outputs.value }}
- env:
- GRAILS_PUBLISH_RELEASE: "true"
- - name: "Create Staging Repository"
+ run: >
+ ./gradlew grails-publish:groovydoc
+ -PgithubBranch=${{ steps.extract_branch.outputs.value }}
+ - name: "✨ Create Staging Repository"
env:
- GRAILS_PUBLISH_RELEASE: "true"
NEXUS_PUBLISH_USERNAME: ${{ secrets.NEXUS_STAGE_DEPLOYER_USER }}
NEXUS_PUBLISH_PASSWORD: ${{ secrets.NEXUS_STAGE_DEPLOYER_PW }}
NEXUS_PUBLISH_URL: 'https://repository.apache.org/service/local/'
NEXUS_PUBLISH_STAGING_PROFILE_ID: ${{ secrets.STAGING_PROFILE_ID }}
NEXUS_PUBLISH_DESCRIPTION: '${{
steps.extract_repository_name.outputs.repository_name }}:${{
steps.release_version.outputs.value }}'
SIGNING_KEY: ${{ secrets.GPG_KEY_ID }}
- run: >
- ./gradlew initializeSonatypeStagingRepository
+ run: ./gradlew initializeSonatypeStagingRepository
- name: "📤 Publish"
env:
- GRAILS_PUBLISH_RELEASE: 'true'
NEXUS_PUBLISH_USERNAME: ${{ secrets.NEXUS_STAGE_DEPLOYER_USER }}
Review Comment:
GRAILS_PUBLISH_RELEASE must be true here.
##########
.github/workflows/release.yaml:
##########
@@ -349,9 +341,9 @@ jobs:
echo "*************************************************"
echo "Body:"
echo "*************************************************"
- cat grails-core/.github/vote_templates/staged.txt | envsubst
+ cat .github/vote_templates/staged.txt | envsubst
Review Comment:
the checkout path is 'grails-publish', so I think grails-publish has to be
before .github
##########
.github/workflows/release.yaml:
##########
@@ -349,9 +341,9 @@ jobs:
echo "*************************************************"
echo "Body:"
echo "*************************************************"
- cat grails-core/.github/vote_templates/staged.txt | envsubst
+ cat .github/vote_templates/staged.txt | envsubst
Review Comment:
Same goes for the emails below (they still have grails-core in their path)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
