# Every night, at midnight, we want to run a SNAPSHOT publish of HAPI schedules: - cron: "0 0 * * *" #midnight displayName: Nightly SNAPSHOT Publish branches: include: - master always: false #set this to true if you want this job to run even when no changes where made to the code # This is manually run to deploy SNAPSHOT versions of HAPI to oss.sonaypte.org # We don't need to trigger on any pull request or branch change, so we disable such behavior pr: none trigger: none # We'll run the process on the latest version of unbuntu because they tend to be the fastest pool: vmImage: 'ubuntu-latest' # We cannot store things like gpg passwords and sonatype credentials as plain text within the # pipeline's yaml file, so we've created variable groups in our library to store sensitive variables. # Pipelines do not load these groups by default, and we need to define which groups to load before # running any steps. variables: - group: GPG_VARIABLE_GROUP - group: SONATYPE_VARIABLE_GROUP container: maven:3.9-eclipse-temurin-21-jammy steps: # We need a valid signing key to sign our builds for deployment to sonatype. We have uploaded # both our private and public keys to Azure as 'secure files' that we load into individual pipelines. # 1. Load the public key file - task: DownloadSecureFile@1 displayName: 'Load public key from secure files.' inputs: secureFile: public.key # 2. Load the private key file - task: DownloadSecureFile@1 displayName: 'Load private key from secure files.' inputs: secureFile: private.key # Although we have imported the key files into our workspace, GPG has no knowledge that these keys exist. # We use a bash script to import both the private and puablic keys into gpg for future signing. # 3. Import keys into gpg - bash: | sudo apt update sudo apt install -y gpg gpg --import --no-tty --batch --yes $(Agent.TempDirectory)/public.key gpg --import --no-tty --batch --yes $(Agent.TempDirectory)/private.key gpg --list-keys --keyid-format LONG gpg --list-secret-keys --keyid-format LONG displayName: 'Import signing keys into gpg.' # For creating a snapshot release with maven, we need to build a fake settings.xml file locally where # we can set our credentials for both sonatype and gpg. Then maven can read # for it to read from. This is done for the master branch merges only. # 4. Create local settings.xml file - bash: | cat >$(System.DefaultWorkingDirectory)/settings.xml < ossrh $(SONATYPE_USERNAME) $(SONATYPE_PASSWORD) SIGN_ARTIFACTS true $(GPG_PASSPHRASE) EOL displayName: 'Create .mvn/settings.xml' # With our settings.xml created locally, we can now run maven (pointing to our created settings.xml file) to deploy # the HAPI SNAPSHOT build. # 5. Deploy SNAPSHOT build to sonatype - task: Maven@3 env: JAVA_HOME_11_X64: /opt/java/openjdk displayName: 'Deploy to Sonatype staging' inputs: mavenPomFile: '$(System.DefaultWorkingDirectory)/pom.xml' goals: deploy options: '--settings $(System.DefaultWorkingDirectory)/settings.xml -P DIST -DskipTests' publishJUnitResults: false