valueclasses/Taskfile.yaml at master · tguzik/valueclasses · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
# yaml-language-server: $schema=https://taskfile.dev/schema.json
# ---
# Docs:
# https://taskfile.dev/
# https://taskfile.dev/docs/reference/schema
version: '3'

tasks:
  default:
    silent: true
    cmd: |
      echo "List all available tests with:"
      echo "[$] task --list-all"

  build:
    desc: Builds the library, runs unit tests and static analysis
    cmds:
      - cmd: mvn clean verify

  upgrades:
    desc: Searches newer versions of Maven dependencies
    cmds:
      - cmd: mvn -Pupgrades

  release:changelog:
    desc: Creates list of changes since the last release tag
    vars:
      FLAG_UNRELEASED:
        # If we included the --unreleased flag while on a commit that belongs to any tag, we would get an empty list. If this
        # task was only used to generate release notes in the GH-A workflow, right on a release tag, not including the flag
        # would've been just fine.
        # On the other hand, being able to easily create a one-off preview of what would be generated without having to
        # create a local tag is pretty useful too.
        # Regular `git log --oneline` should still be the daily driver, though.
        sh: |
          TAGS_CURRENT_COMMIT_BELONGS_TO=$(git tag --contains)
          if [ -z "${TAGS_CURRENT_COMMIT_BELONGS_TO}" ]; then
            # Current commit does not belong to any tags - include commits since last release/tag
            echo "--unreleased"
          else
            # Current commit is pointed to by at least one tag - do not include the flag
            echo ""
          fi
    cmds:
      - cmd: git-cliff --latest {{ .FLAG_UNRELEASED }} --output {{ .FILE | default "-" | shellQuote }}

  release:check-reproducibility:
    # See https://maven.apache.org/guides/mini/guide-reproducible-builds.html
    desc: Check if artifacts are reproducible
    cmds:
      - cmd: mvn artifact:check-buildplan
      - cmd: mvn clean install
      - cmd: mvn clean verify artifact:compare
      - cmd: mvn clean

  release:create:
    desc: Cuts off a new release and deploys artifacts to Sonatype Maven Central
    summary: |
      This task verifies that appropriate credentials have been entered, cuts off a new
      release, kicks off build and uploads artifacts to Sonatype Maven Central.

      NOTE: Depending on settings manual action may be needed to publish the artifacts.

      Docs:
      https://central.sonatype.org/register/central-portal/
      https://central.sonatype.org/publish/publish-portal-guide/
      https://central.sonatype.org/publish/publish-portal-maven/

      Tokens page:
      https://central.sonatype.com/usertoken
    env:
      # Good 80% of the reason why these are defined here is to be really, *really* explicit with required
      # environment variables/secrets. The remapping from pre-existing environment variables is just a
      # cherry on top.
      # These secrets are stored in an encrypted form and decrypted only when strictly necessary, obviously.
      MAVEN_SONATYPE_CENTRAL_USERNAME:
        sh: echo "${PUBLISHER_SONATYPE_CENTRAL_TOKEN_USER}"
      MAVEN_SONATYPE_CENTRAL_PASSWORD:
        sh: echo "${PUBLISHER_SONATYPE_CENTRAL_TOKEN_PASS}"
      MAVEN_GPG_KEY:
        sh: echo "${PUBLISHER_GPG_KEY}"
      MAVEN_GPG_PASSPHRASE:
        sh: echo "${PUBLISHER_GPG_PASSPHRASE}"
    vars:
      SETTINGS_FILE: ".mvn/publish-on-sonatype-central.settings.xml"
    preconditions:
      - sh: test -n "${MAVEN_SONATYPE_CENTRAL_USERNAME}"
        msg: Environment variable with Sonatype Maven Central token username is missing or empty
      - sh: test -n "${MAVEN_SONATYPE_CENTRAL_PASSWORD}"
        msg: Environment variable with Sonatype Maven Central token password is missing or empty
      - sh: test -n "${MAVEN_GPG_KEY}"
        msg: Environment variable with release signing GnuPG key name is missing or empty
      - sh: test -n "${MAVEN_GPG_PASSPHRASE}"
        msg: Environment variable with release signing GnuPG key passphrase is missing or empty
    cmds:
      - silent: true
        cmd: |
          echo "Identities recognized by ssh agent:"
          ssh-add -L
          echo -e "\nIdentities recognized by gpg agent:"
          gpg-connect-agent 'keyinfo --list' '/bye'
          echo
          read -p "If that list looks okay, press enter to continue " -s
          echo

      - cmd: echo "This step primes GnuPG cache so it can be used in non-interactive mode" | gpg --clearsign
      - task: release:check-reproducibility
      - cmd: mvn --settings={{ .SETTINGS_FILE | shellQuote }} -Prelease -DdryRun=true
      - cmd: mvn --settings={{ .SETTINGS_FILE | shellQuote }} -Prelease
      - silent: true
        cmd: |
          echo -e "\n\nDone!"
          echo "Depending on auto-publishing settings you may need push the butan on"
          echo " https://central.sonatype.com/publishing/deployments "

# eof