Test and Release in Github CI

Author: tschuchortdev

.github/workflows/ci.yml

@@ -1,18 +1,146 @@
-name: Java CI
+name: Continuous Integration
 on: [push, pull_request]
 jobs:
-  build:
+  check_duplicate_workflows:
+    name: Check for duplicate workflows
     runs-on: ubuntu-latest
+    if: ${{ !contains(github.event.head_commit.message, '[skip ci]') }}
+    # Map a step output to a job output
+    outputs:
+      should_skip: ${{ steps.skip_check.outputs.should_skip }}
+    steps:
+      - id: skip_check
+        uses: fkirc/skip-duplicate-actions@master
+        with:
+          paths_ignore: '["**/*.md"]'
+  build:
+    name: Build
+    runs-on: ${{ matrix.platform }}
+    needs: [check_duplicate_workflows]
+    if: ${{ needs.check_duplicate_workflows.outputs.should_skip != 'true' }}
     strategy:
       matrix:
         java: [ '8', '11', '15' ]
+        platform: ['windows-latest', 'ubuntu-latest']
     steps:
-    - uses: actions/checkout@v1
+    - uses: actions/checkout@v2
     - name: Set up JDK ${{ matrix.java }}
       uses: actions/setup-java@v1
       with:
         java-version: ${{ matrix.java }}
+    - name: Cache Gradle packages
+      uses: actions/cache@v2
+      with:
+        path: ~/.gradle/caches
+        key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle') }}
+        restore-keys: ${{ runner.os }}-gradle
     - name: print Java version
       run: java -version
-    - name: Build with Gradle
-      run: ./gradlew clean build
+    - name: Run build
+      run: ./gradlew clean assemble --info
+
+  test:
+    name: Test
+    runs-on: ${{ matrix.platform }}
+    needs: [build]
+    strategy:
+      matrix:
+        java: [ '8', '11', '15' ]
+        platform: ['windows-latest', 'ubuntu-latest']
+    steps:
+      - uses: actions/checkout@v2
+      - name: Set up JDK
+        uses: actions/setup-java@v1
+        with:
+          java-version: ${{ matrix.java }}
+      - name: Cache Gradle packages
+        uses: actions/cache@v2
+        with:
+          path: ~/.gradle/caches
+          key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle') }}
+          restore-keys: ${{ runner.os }}-gradle
+      - name: print Java version
+        run: java -version
+      - name: Run test
+        run: ./gradlew check --info
+
+  publish:
+    name : Publish
+    runs-on: ubuntu-latest
+    needs: [ test ]
+    if: github.ref == 'refs/heads/master'
+    env:
+      # https://proandroiddev.com/publishing-a-maven-artifact-3-3-step-by-step-instructions-to-mavencentral-publishing-bd661081645d
+      SONATYPE_NEXUS_USERNAME: ${{ secrets.SONATYPE_NEXUS_USERNAME }}
+      SONATYPE_NEXUS_PASSWORD: ${{ secrets.SONATYPE_NEXUS_PASSWORD }}
+      # https://blog.solidsoft.pl/2020/06/03/simpler-and-safer-artifact-signing-on-ci-server-with-gradle/
+      # https://stackoverflow.com/questions/57921325/gradle-signarchives-unable-to-read-secret-key
+      ORG_GRADLE_PROJECT_signingPassword: ${{ secrets.SONATYPE_SIGNING_KEY_PASSWORD }}
+      ORG_GRADLE_PROJECT_signingKey: ${{ secrets.SONATYPE_SIGNING_PRIVATE_KEY }}
+    steps:
+      - uses: actions/checkout@v2
+      - name: Set up JDK
+        uses: actions/setup-java@v1
+        with:
+          java-version: 11
+      - name: Cache Gradle packages
+        uses: actions/cache@v2
+        with:
+          path: ~/.gradle/caches
+          key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle') }}
+          restore-keys: ${{ runner.os }}-gradle
+      - name: Set git config
+        run: |
+          git config user.name github-actions
+          git config user.email [email protected]
+      - name: Check if snapshot version
+        run: |
+          VERSION_NAME=$(./gradlew -q printVersionName | tail -n 1)
+          echo "VERSION_NAME=$VERSION_NAME" >> $GITHUB_ENV
+          IS_SNAPSHOT_VERSION=$([[ "$VERSION_NAME" =~ ^[0-9]+\.[0-9]+\.[0-9]+-SNAPSHOT$ ]] && echo "true" || echo "false")
+          echo "IS_SNAPSHOT_VERSION=$IS_SNAPSHOT_VERSION" >> $GITHUB_ENV
+      - name: Publish to Sonatype Nexus
+        run: |
+          ./gradlew publish --info
+
+          if [[ "$IS_SNAPSHOT_VERSION" == "true" ]]; then
+            echo "Version is a snapshot. No closing of the repository is necessary."
+          elif [[ "$IS_SNAPSHOT_VERSION" == "false" ]]; then
+            echo "Version is not a snapshot. Trying to close and release repository."
+            ./gradlew closeAndReleaseRepository --info
+          else
+            echo "IS_SNAPSHOT_VERSION has unknown value: $IS_SNAPSHOT_VERSION"
+            exit 1
+          fi
+      - name: Make github snapshot release
+        uses: "marvinpinto/action-automatic-releases@latest"
+        if: ${{ env.IS_SNAPSHOT_VERSION == 'true' }}
+        with:
+          repo_token: ${{ secrets.GITHUB_TOKEN }}
+          automatic_release_tag: "latest"
+          prerelease: true
+          title: "Latest Snapshot"
+          files: |
+            LICENSE
+            core/build/libs/*.*
+            ksp/build/libs/*.*
+      - name: Make github release
+        uses: "marvinpinto/action-automatic-releases@latest"
+        if: ${{ env.IS_SNAPSHOT_VERSION == 'false' }}
+        with:
+          repo_token: ${{ secrets.GITHUB_TOKEN }}
+          automatic_release_tag: $VERSION_NAME
+          prerelease: false
+          title: $VERSION_NAME
+          files: |
+            LICENSE
+            core/build/libs/*.*
+            ksp/build/libs/*.*
+      - name: Set next snapshot version
+        if: ${{ env.IS_SNAPSHOT_VERSION == 'false' }}
+        run: |
+          echo "Setting next snapshot version"
+          ./gradlew incrementPatchVersion setSnapshotVersionSuffix --info
+          git add gradle.properties
+          git commit -m "Setting next snapshot version [skip ci]"
+          git push

Releasing.md

@@ -0,0 +1,23 @@
+# Making a release
+
+The CI is configured to publish a release to Sonatype Nexus on every push to master. If the version name in gradle.properties has the SNAPSHOT suffix, then a snapshot release will be published on Sonatype and a pre-release with tag "latest" will be created/replaced on Github. If, on the other hand, the version name does not have the SNAPSHOT suffix, a proper release with that version name will be made on Sonatype and Github and subsequently, the version name in gradle.properties is updated to the SNAPSHOT of the next semantic patch version. In both cases, the Github release notes are created automatically from commit messages. Thus, to make a release it is sufficient (and recommended) to make a commit to master which only updates gradle.properties to the desired version. If a release is published manually and not through CI, it is important that the version be set to the next SNAPSHOT patch version, so that snapshot releases can continue to be published by the CI (otherwise CI will fail because the version already exist).
+
+
+## Manual release
+
+Releasing is done through the `nexus-staging` Gradle plugin in combination with the `signing` and `maven-publish` plugins.
+
+See: https://proandroiddev.com/publishing-a-maven-artifact-3-3-step-by-step-instructions-to-mavencentral-publishing-bd661081645d
+
+Steps:
+- `./gradlew publish`
+- `./gradlew closeAndReleaseRepository` (not necessary for SNAPSHOT releases)
+
+The following environment variables have to be defined:
+- `SONATYPE_NEXUS_USERNAME`
+- `SONATYPE_NEXUS_PASSWORD`
+
+In `/home/<user>/.gradle/gradle.properties` the following properties have to be defined:
+- `signing.keyId` (last 8 digits of the RSA certify/signing-key's id/fingerprint)
+- `signing.password` (password for the GPG signing key)
+- `signing.secretKeyRingFile` (path to the armored GPG signing key)

build.gradle

@@ -134,8 +134,18 @@ subprojects {
 
     signing {
         // Skip signing if publishing to mavenLocal and credentials are not available
-        // so that jitpack works correctly
-        required { !gradle.taskGraph.hasTask("publishToMavenLocal") }
+        required { !gradle.taskGraph.hasTask("publishToMavenLocal") && project.hasProperty("signing.keyId") }
+
+        if (!project.hasProperty("signing.secretKeyRingFile") && !project.hasProperty("signing.password")) {
+            /* If in CI, the signing password and signing key are defined in the environment variables
+             ORG_GRADLE_PROJECT_signingPassword and ORG_GRADLE_PROJECT_signingKey
+             (https://blog.solidsoft.pl/2020/06/03/simpler-and-safer-artifact-signing-on-ci-server-with-gradle/,
+             https://stackoverflow.com/questions/57921325/gradle-signarchives-unable-to-read-secret-key).
+             Otherwise they are defined in the user's home directory gradle.properties.
+             */
+            useInMemoryPgpKeys(findProperty("signingKey"), findProperty("signingPassword"))
+        }
+
         sign publishing.publications.mavenJava
     }