From 7a373bc57e9776811ac8cabdeb5f989f1544b189 Mon Sep 17 00:00:00 2001 From: Sanjay Vasandani Date: Mon, 8 Jul 2024 13:32:06 -0700 Subject: [PATCH] Publish Maven artifacts on release. (#1680) --- .github/workflows/publish-maven-artifacts.yml | 103 ++++++++++++++++++ 1 file changed, 103 insertions(+) create mode 100644 .github/workflows/publish-maven-artifacts.yml diff --git a/.github/workflows/publish-maven-artifacts.yml b/.github/workflows/publish-maven-artifacts.yml new file mode 100644 index 00000000000..221f7f15d40 --- /dev/null +++ b/.github/workflows/publish-maven-artifacts.yml @@ -0,0 +1,103 @@ +# Copyright 2024 The Cross-Media Measurement Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +on: + release: + types: [published] + workflow_dispatch: + inputs: + base-version: + description: Base artifact version, which will be suffixed with "-SNAPSHOT" + required: true + +jobs: + publish-artifacts: + name: Publish Maven artifacts + runs-on: ubuntu-22.04 + permissions: + id-token: write + steps: + - uses: actions/checkout@v4 + + - id: get-artifact-version + env: + BASE_VERSION: ${{ inputs.base-version }} + run: | + declare artifact_version + if [[ "$GITHUB_EVENT_NAME" == 'release' ]]; then + artifact_version="${GITHUB_REF_NAME#v}" + else + artifact_version="${BASE_VERSION}-SNAPSHOT" + fi + + echo "artifact-version=${artifact_version}" >> "$GITHUB_OUTPUT" + + - name: Set up Bazel + uses: world-federation-of-advertisers/actions/setup-bazel@v2 + + - name: Set up Buildozer + uses: world-federation-of-advertisers/actions/setup-buildozer@v2 + with: + version: 7.1.2 + sha256: 8d5c459ab21b411b8be059a8bdf59f0d3eabf9dff943d5eccb80e36e525cc09d + + # Authenticate to Google Cloud for access to remote cache. + - name: Authenticate to Google Cloud + uses: google-github-actions/auth@v2 + with: + workload_identity_provider: ${{ vars.BAZEL_BUILD_WORKLOAD_IDENTITY_PROVIDER }} + service_account: ${{ vars.BAZEL_BUILD_SERVICE_ACCOUNT }} + + - name: Write ~/.bazelrc + run: | + cat << EOF > ~/.bazelrc + common --config=ci + common --config=remote-cache + EOF + + - name: Get Bazel cache params + id: get-cache-params + run: | + repo_cache_path="$(bazelisk info repository_cache)" + echo "repo-cache-path=${repo_cache_path}" >> $GITHUB_OUTPUT + + - name: Restore repository cache + uses: actions/cache/restore@v4 + with: + path: ${{ steps.get-cache-params.outputs.repo-cache-path }} + key: ${{ vars.BAZEL_REPO_CACHE_KEY }} + + # Patch MODULE.bazel and MODULE.bazel.lock to specify version. + # TODO(bazelbuild/bazel#22919): Use alternative mechanism when available. + - name: Patch module version + env: + ARTIFACT_VERSION: ${{ steps.get-artifact-version.outputs.artifact-version }} + run: | + # Make sure lockfile is still valid before changing anything. + bazel mod deps --lockfile_mode=error + + # Update MODULE.bazel. + buildozer "set version $ARTIFACT_VERSION" //MODULE.bazel:%module + + # Update lockfile to pick up changes. + bazel mod deps --lockfile_mode=update + + - name: Publish artifacts + env: + MAVEN_REPO: https://maven.pkg.github.com/${{ github.repository }} + # TODO(bazelbuild/rules_jvm_external#1186): Use GITHUB_TOKEN instead. + MAVEN_USER: ${{ vars.MAVEN_USER }} + MAVEN_PASSWORD: ${{ secrets.MAVEN_PASSWORD }} + run: | + bazel query "kind('^maven_publish', //src/main/...)" | xargs bazel run \ No newline at end of file