forked from HL7/fhir-ig-publisher
-
Notifications
You must be signed in to change notification settings - Fork 0
/
master-branch-pipeline.yml
113 lines (103 loc) · 3.8 KB
/
master-branch-pipeline.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
# This pipeline produces a SNAPSHOT build for each of the sub modules in
# the ig library, and publishes them to ossrh.
pr: none
trigger:
- master
pool:
vmImage: "ubuntu-20.04"
variables:
- group: PGP_VAR_GROUP
- group: SONATYPE_VAR_GROUP
- group: GIT_VAR_GROUP
steps:
# For creating the snapshot release with maven, we need to build a fake settings.xml for it to read from.
# This is done for the master branch merges only.
- bash: |
cat >$(System.DefaultWorkingDirectory)/settings.xml <<EOL
<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0
https://maven.apache.org/xsd/settings-1.0.0.xsd">
<servers>
<server>
<id>github</id>
<username>$(GIT_USER_NAME)</username>
<password>$(GIT_PAT)</password>
</server>
<server>
<id>ossrh</id>
<username>$(SONATYPE_USER)</username>
<password>$(SONATYPE_PASS)</password>
</server>
<server>
<id>$(PGP_KEYNAME)</id>
<passphrase>$(PGP_PASSPHRASE)</passphrase>
</server>
<server>
<id>github-releases</id>
<username>markiantorno</username>
<password>$(GIT_PACKAGE_PAT)</password>
</server>
</servers>
<profiles>
<profile>
<id>release</id>
<activation>
<activeByDefault>true</activeByDefault>
</activation>
<properties>
<gpg.keyname>$(PGP_KEYNAME)</gpg.keyname>
</properties>
</profile>
</profiles>
</settings>
EOL
displayName: 'Create .mvn/settings.xml'
# Runs 'mvn package'
- task: Maven@3
inputs:
mavenPomFile: 'pom.xml'
mavenOptions: '-Xmx3072m'
options: '--settings $(System.DefaultWorkingDirectory)/settings.xml'
javaHomeOption: 'JDKVersion'
jdkVersionOption: '1.11'
jdkArchitectureOption: 'x64'
publishJUnitResults: true
testResultsFiles: '**/surefire-reports/TEST-*.xml'
goals: 'package'
# Signing, for now, occurs for all builds, SNAPSHOT or release. So we need a valid
# signing key. The next two steps download the public and private keys from the
# secure library files.
- task: DownloadSecureFile@1
displayName: 'Download public key.'
inputs:
secureFile: public.key
- task: DownloadSecureFile@1
displayName: 'Download private key.'
inputs:
secureFile: private.key
# Import both the private and public keys into gpg for signing.
- bash: |
gpg --import --no-tty --batch --yes $(Agent.TempDirectory)/public.key
gpg --import --no-tty --batch --yes $(Agent.TempDirectory)/private.key
gpg --list-keys --keyid-format LONG
gpg --list-secret-keys --keyid-format LONG
displayName: 'Import signing keys.'
# Deploy the SNAPSHOT artifact to sonatype nexus.
# This is done for the master branch merges only.
- task: Maven@3
displayName: 'Deploy to Sonatype staging'
inputs:
mavenPomFile: '$(System.DefaultWorkingDirectory)/pom.xml'
goals: deploy
options: '--settings $(System.DefaultWorkingDirectory)/settings.xml -DdeployToSonatype -e'
publishJUnitResults: false
# Deploy the SNAPSHOT artifact to GitHub packages.
# This is done for the master branch merges only.
- task: Maven@3
displayName: 'Deploy to GitHub Packages'
inputs:
mavenPomFile: '$(System.DefaultWorkingDirectory)/pom.xml'
goals: deploy
options: '--settings $(System.DefaultWorkingDirectory)/settings.xml -Dmaven.test.skip -pl "!org.hl7.fhir.publisher.cli" -DdeployToGitHub -e'
publishJUnitResults: false