-
Notifications
You must be signed in to change notification settings - Fork 1.3k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Still have to enable tests. They are only disabled now so I can run this multiple times quickly to test deployment. [skip ci]
- Loading branch information
1 parent
341eb40
commit 7f3e072
Showing
1 changed file
with
89 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,89 @@ | ||
# This is manually run to deploy SNAPSHOT versions of HAPI to oss.sonaypte.org | ||
# We don't need to trigger on any pull request or branch change, so we disable such behavior | ||
pr: none | ||
trigger: none | ||
|
||
# We'll run the process on the latest version of unbuntu because they tend to be the fastest | ||
pool: | ||
vmImage: 'ubuntu-latest' | ||
|
||
# We cannot store things like gpg passwords and sonatype credentials as plain text within the | ||
# pipeline's yaml file, so we've created variable groups in our library to store sensitive variables. | ||
# Pipelines do not load these groups by default, and we need to define which groups to load before | ||
# running any steps. | ||
variables: | ||
- group: GPG_VARIABLE_GROUP | ||
- group: SONATYPE_VARIABLE_GROUP | ||
|
||
steps: | ||
|
||
# We need a valid signing key to sign our builds for deployment to sonatype. We have uploaded | ||
# both our private and public keys to Azure as 'secure files' that we load into individual pipelines. | ||
|
||
# 1. Load the public key file | ||
- task: DownloadSecureFile@1 | ||
displayName: 'Load public key from secure files.' | ||
inputs: | ||
secureFile: public.pgp | ||
|
||
# 2. Load the private key file | ||
- task: DownloadSecureFile@1 | ||
displayName: 'Load private key from secure files.' | ||
inputs: | ||
secureFile: private.pgp | ||
|
||
# Although we have imported the key files into our workspace, GPG has no knowledge that these keys exist. | ||
# We use a bash script to import both the private and puablic keys into gpg for future signing. | ||
|
||
# 3. Import keys into gpg | ||
- bash: | | ||
gpg --import --no-tty --batch --yes $(Agent.TempDirectory)/public.key | ||
gpg --import --no-tty --batch --yes $(Agent.TempDirectory)/private.key | ||
gpg --list-keys --keyid-format LONG | ||
gpg --list-secret-keys --keyid-format LONG | ||
displayName: 'Import signing keys into gpg.' | ||
# For creating a snapshot release with maven, we need to build a fake settings.xml file locally where | ||
# we can set our credentials for both sonatype and gpg. Then maven can read | ||
# for it to read from. This is done for the master branch merges only. | ||
|
||
# 4. Create local settings.xml file | ||
- bash: | | ||
cat >$(System.DefaultWorkingDirectory)/settings.xml <<EOL | ||
<settings xmlns="http:https://maven.apache.org/SETTINGS/1.0.0" | ||
xmlns:xsi="http:https://www.w3.org/2001/XMLSchema-instance" | ||
xsi:schemaLocation="http:https://maven.apache.org/SETTINGS/1.0.0 | ||
https://maven.apache.org/xsd/settings-1.0.0.xsd"> | ||
<servers> | ||
<server> | ||
<id>ossrh</id> | ||
<username>$(SONATYPE_USER)</username> | ||
<password>$(SONATYPE_PASS)</password> | ||
</server> | ||
</servers> | ||
<profiles> | ||
<profile> | ||
<id>SIGN_ARTIFACTS</id> | ||
<activation> | ||
<activeByDefault>true</activeByDefault> | ||
</activation> | ||
<properties> | ||
<gpg.passphrase>$(GPG_PASSPHRASE)</gpg.passphrase> | ||
</properties> | ||
</profile> | ||
</profiles> | ||
</settings> | ||
EOL | ||
displayName: 'Create .mvn/settings.xml' | ||
# With our settings.xml created locally, we can now run maven (pointing to our created settings.xml file) to deploy | ||
# the HAPI SNAPSHOT build. | ||
|
||
# 5. Deploy SNAPSHOT build to sonatype | ||
- task: Maven@3 | ||
displayName: 'Deploy to Sonatype staging' | ||
inputs: | ||
mavenPomFile: '$(System.DefaultWorkingDirectory)/pom.xml' | ||
goals: deploy | ||
options: '--settings $(System.DefaultWorkingDirectory)/settings.xml -DskipTests -P DIST,ALLMODULES' | ||
publishJUnitResults: false |