Is invoked from the command line via:
bb publishThe publish task locally validates:
-
local git
-
you are not on a fork
-
you are on master branch
-
do not have any uncommitted code
-
do not have any unpushed commits
-
local head sha matches matches remote head sha
-
-
changelog
-
Has an "Unreleased" section with content
-
|
Tip
|
to run these validations without publishing, run bb pubcheck
|
Then also locally:
-
bumps the version
<release count>(our scheme ismajor.minor.<release count>)-
Our version is stored in
deps.ednunder:aliases:neil:project:version
-
-
applies version to:
-
doc/01-user-guide.adoc -
CHANGELOG.adoc
-
-
git commits:
deps.edndoc/01-user-guide.adocCHANGELOG.adoc -
git tags with release tag
v<version> -
pushes commit
-
pushes tag
Then up on CI, the CI publish workflow is only triggered when it sees a release tag:
-
CI tests workflow is invoked
-
a release jar is published to clojars
-
a GitHub release is created
-
cljdoc is informed of the new release
Scripts:
-
bb.edn- tasks entry point -
script/publish.clj- client side work -
script/ci_publish.clj- ci side work
CI - We use GitHub Actions for this project
-
.github/workflows/tests.yml -
.github/workflows/publish.yml
Clojars secrets are protected under the publish environment which is only referenced by publish.yml.
The nvd api token is stored under the nvd environment and refernced by nvd_scanner.yml.
Should you need to update the token, you can request one here: https://nvd.nist.gov/developers/request-an-api-key.
If you are using gmail, you can request a unique token for pomegranate CI by including +pomegranate in your email address, ex. [email protected] becomes [email protected].
When publishing, you will see both the tests workflow triggered and the publish workflow triggered (which also invokes the tests workflow).
This extra running of the tests workflow is GitHub Actions responding to changes committed as part of the publishing work.
A bit annoying, but harmless.