104 lines
3.9 KiB
YAML
104 lines
3.9 KiB
YAML
# Every night, at midnight, we want to run a SNAPSHOT publish of HAPI
|
|
schedules:
|
|
- cron: "0 0 * * *" #midnight
|
|
displayName: Nightly SNAPSHOT Publish
|
|
branches:
|
|
include:
|
|
- master
|
|
always: false #set this to true if you want this job to run even when no changes where made to the code
|
|
|
|
# This is manually run to deploy SNAPSHOT versions of HAPI to oss.sonaypte.org
|
|
# We don't need to trigger on any pull request or branch change, so we disable such behavior
|
|
pr: none
|
|
trigger: none
|
|
|
|
# We'll run the process on the latest version of unbuntu because they tend to be the fastest
|
|
pool:
|
|
vmImage: 'ubuntu-latest'
|
|
|
|
# We cannot store things like gpg passwords and sonatype credentials as plain text within the
|
|
# pipeline's yaml file, so we've created variable groups in our library to store sensitive variables.
|
|
# Pipelines do not load these groups by default, and we need to define which groups to load before
|
|
# running any steps.
|
|
variables:
|
|
- group: GPG_VARIABLE_GROUP
|
|
- group: SONATYPE_VARIABLE_GROUP
|
|
|
|
container: maven:3.9-eclipse-temurin-21-jammy
|
|
steps:
|
|
|
|
# We need a valid signing key to sign our builds for deployment to sonatype. We have uploaded
|
|
# both our private and public keys to Azure as 'secure files' that we load into individual pipelines.
|
|
|
|
# 1. Load the public key file
|
|
- task: DownloadSecureFile@1
|
|
displayName: 'Load public key from secure files.'
|
|
inputs:
|
|
secureFile: public.key
|
|
|
|
# 2. Load the private key file
|
|
- task: DownloadSecureFile@1
|
|
displayName: 'Load private key from secure files.'
|
|
inputs:
|
|
secureFile: private.key
|
|
|
|
# Although we have imported the key files into our workspace, GPG has no knowledge that these keys exist.
|
|
# We use a bash script to import both the private and puablic keys into gpg for future signing.
|
|
|
|
# 3. Import keys into gpg
|
|
- bash: |
|
|
apt update
|
|
apt install -y gpg
|
|
gpg --import --no-tty --batch --yes $(Agent.TempDirectory)/public.key
|
|
gpg --import --no-tty --batch --yes $(Agent.TempDirectory)/private.key
|
|
gpg --list-keys --keyid-format LONG
|
|
gpg --list-secret-keys --keyid-format LONG
|
|
displayName: 'Import signing keys into gpg.'
|
|
|
|
# For creating a snapshot release with maven, we need to build a fake settings.xml file locally where
|
|
# we can set our credentials for both sonatype and gpg. Then maven can read
|
|
# for it to read from. This is done for the master branch merges only.
|
|
|
|
# 4. Create local settings.xml file
|
|
- bash: |
|
|
cat >$(System.DefaultWorkingDirectory)/settings.xml <<EOL
|
|
<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
|
|
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
|
xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0
|
|
https://maven.apache.org/xsd/settings-1.0.0.xsd">
|
|
<servers>
|
|
<server>
|
|
<id>ossrh</id>
|
|
<username>$(SONATYPE_USERNAME)</username>
|
|
<password>$(SONATYPE_PASSWORD)</password>
|
|
</server>
|
|
</servers>
|
|
<profiles>
|
|
<profile>
|
|
<id>SIGN_ARTIFACTS</id>
|
|
<activation>
|
|
<activeByDefault>true</activeByDefault>
|
|
</activation>
|
|
<properties>
|
|
<gpg.passphrase>$(GPG_PASSPHRASE)</gpg.passphrase>
|
|
</properties>
|
|
</profile>
|
|
</profiles>
|
|
</settings>
|
|
EOL
|
|
displayName: 'Create .mvn/settings.xml'
|
|
|
|
# With our settings.xml created locally, we can now run maven (pointing to our created settings.xml file) to deploy
|
|
# the HAPI SNAPSHOT build.
|
|
|
|
# 5. Deploy SNAPSHOT build to sonatype
|
|
- task: Maven@3
|
|
env:
|
|
JAVA_HOME_11_X64: /opt/java/openjdk
|
|
displayName: 'Deploy to Sonatype staging'
|
|
inputs:
|
|
mavenPomFile: '$(System.DefaultWorkingDirectory)/pom.xml'
|
|
goals: deploy
|
|
options: '--settings $(System.DefaultWorkingDirectory)/settings.xml -P DIST -DskipTests'
|
|
publishJUnitResults: false
|