Update docs #225

Workflow file for this run

	#
	# Licensed to the Apache Software Foundation (ASF) under one or more
	# contributor license agreements. See the NOTICE file distributed with
	# this work for additional information regarding copyright ownership.
	# The ASF licenses this file to you under the Apache License, Version 2.0
	# (the "License"); you may not use this file except in compliance with
	# the License. You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing, software
	# distributed under the License is distributed on an "AS IS" BASIS,
	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	# See the License for the specific language governing permissions and
	# limitations under the License.
	#

	name: build

	on:
	push:
	# Avoid workflow run for _merged_ `dependabot` PRs.
	# They were (hopefully!) already tested in PR-triggered workflow.
	branches-ignore: "dependabot/**"
	pull_request:
	paths-ignore:
	- "**.adoc"
	- "**.md"
	- "**.txt"

	permissions:
	contents: write
	pull-requests: write

	jobs:

	build:

	runs-on: ${{ matrix.os }}

	strategy:
	matrix:
	os: [ macos-latest, ubuntu-latest, windows-latest ]

	steps:

	- name: Checkout repository
	uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # 3.5.3

	- name: Set up Java
	uses: actions/setup-java@cd89f46ac9d01407894225f350157564c9c7cee2 # 3.7.0
	with:
	distribution: temurin
	java-version: 17
	java-package: jdk
	architecture: x64
	cache: maven

	# We could have used `verify`, but `clean install` is required while generating the build reproducibility report, which is performed in the next step.
	# For details, see: https://maven.apache.org/guides/mini/guide-reproducible-builds.html#how-to-test-my-maven-build-reproducibility
	- name: Build
	shell: bash
	run: \|
	./mvnw \
	--show-version --batch-mode --errors --no-transfer-progress \
	-DtrimStackTrace=false \
	-DinstallAtEnd=true \
	clean install

	# `clean verify artifact:compare` is required to generate the build reproducibility report.
	# For details, see: https://maven.apache.org/guides/mini/guide-reproducible-builds.html#how-to-test-my-maven-build-reproducibility
	- name: Report build reproducibility
	shell: bash
	run: \|
	./mvnw \
	--show-version --batch-mode --errors --no-transfer-progress \
	-DskipTests=true \
	clean verify artifact:compare

	- name: Verify build reproducibility
	shell: bash
	run: \|
	for report_file in target/.buildcompare /target/.buildcompare; do
	if ! grep -q "^ko=0$" "$report_file"; then
	echo "Spotted build reproducibility failure in \`$report_file\`:"
	cat "$report_file"
	exit 1
	fi
	done

	merge:

	runs-on: ubuntu-latest
	needs: build

	steps:

	- name: "[dependabot] Fetch metadata"
	id: metadata
	if: github.event_name == 'pull_request' && github.actor == 'dependabot[bot]'
	uses: dependabot/fetch-metadata@v1.6.0
	with:
	github-token: "${{ secrets.GITHUB_TOKEN }}"

	- name: "[dependabot] Auto-merge the PR"
	if: github.event_name == 'pull_request' && github.actor == 'dependabot[bot]'
	run: gh pr merge --auto --squash "$PR_URL"
	env:
	PR_URL: ${{ github.event.pull_request.html_url }}
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

	deploy:

	runs-on: ubuntu-latest
	needs: merge
	if: github.repository == 'apache/logging-log4j-tools' && (github.ref == 'refs/heads/main' \|\| startsWith(github.ref, 'refs/heads/release/'))

	steps:

	- name: Checkout repository
	uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # 3.5.3

	- name: Set up Java & GPG
	uses: actions/setup-java@cd89f46ac9d01407894225f350157564c9c7cee2 # 3.7.0
	with:
	distribution: temurin
	java-version: 17
	java-package: jdk
	architecture: x64
	cache: maven
	server-id: ${{ github.ref == 'refs/heads/main' && 'apache.snapshots.https' \|\| 'apache.releases.https' }}
	server-username: NEXUS_USERNAME
	server-password: NEXUS_PASSWORD
	# We won't use `maven-gpg-plugin`, but this is convenient to import the GPG secret key
	gpg-private-key: ${{ secrets.GPG_SECRET_KEY }}

	- name: Export version
	run: \|
	export PROJECT_VERSION=$(./mvnw \
	--quiet --batch-mode -DforceStdout=true \
	-Dexpression=project.version \
	help:evaluate \
	\| tail -n 1)
	echo "PROJECT_VERSION=$PROJECT_VERSION" >> $GITHUB_ENV

	- name: Check version (SNAPSHOT)
	if: github.ref == 'refs/heads/main'
	run: \|
	[[ "$PROJECT_VERSION" =~ ^[0-9]+\.[0-9]+\.[0-9]+-SNAPSHOT$ ]] \|\| {
	echo "was expecting a snapshot version, found: \"$PROJECT_VERSION\"" 1>&2
	exit 1
	}

	- name: Check version (RELEASE)
	if: startsWith(github.ref, 'refs/heads/release/')
	run: \|
	[[ "${GITHUB_REF/refs\/heads\/release\//}" == "$PROJECT_VERSION" ]] \|\| {
	echo "git ref \"$GITHUB_REF\" mismatches with the version: \"$PROJECT_VERSION\"" 1>&2
	exit 1
	}
	[[ "$PROJECT_VERSION" =~ ^(0\|[1-9]\d)\.(0\|[1-9]\d)\.(0\|[1-9]\d(-[a-zA-Z][0-9a-zA-Z-])?)$ ]] \|\| {
	echo "invalid release version: \"$PROJECT_VERSION\"" 1>&2
	exit 1
	}

	- name: Upload to Nexus
	run: \|
	gpg --list-secret-keys
	./mvnw \
	--show-version --batch-mode --errors --no-transfer-progress \
	-P deploy
	env:
	# `NEXUS_USERNAME` and `NEXUS_PASSWORD` are used in `~/.m2/settings.xml` created by `setup-java` action
	NEXUS_USERNAME: ${{ github.ref == 'refs/heads/main' && secrets.NEXUS_USER \|\| secrets.LOGGING_STAGE_DEPLOYER_USER }}
	NEXUS_PASSWORD: ${{ github.ref == 'refs/heads/main' && secrets.NEXUS_PW \|\| secrets.LOGGING_STAGE_DEPLOYER_PW }}
	# `SIGN_KEY` is used by `sign-maven-plugin`
	SIGN_KEY: ${{ secrets.GPG_SECRET_KEY }}

	- name: Create the distribution (RELEASE)
	if: startsWith(github.ref, 'refs/heads/release/')
	run: \|
	./mvnw \
	--show-version --batch-mode --errors --no-transfer-progress \
	--non-recursive -P distribution
	export DIST_FILENAME_PREFIX="apache-log4j-tools"
	export DIST_FILENAME_VERSIONED_PREFIX="${DIST_FILENAME_PREFIX}-${PROJECT_VERSION}"
	export DIST_FILEPATH="/tmp/${DIST_FILENAME_VERSIONED_PREFIX}.zip"
	mv "target/dist.zip" "$DIST_FILEPATH"
	gpg --armor --detach-sign --yes --pinentry-mode error "$DIST_FILEPATH"
	sha512sum "$DIST_FILEPATH" > "$DIST_FILEPATH.sha512"
	cat >> $GITHUB_ENV << EOF
	DIST_FILENAME_PREFIX=$DIST_FILENAME_PREFIX
	DIST_FILENAME_VERSIONED_PREFIX=$DIST_FILENAME_VERSIONED_PREFIX
	DIST_FILEPATH=$DIST_FILEPATH
	EOF

	- name: Upload to Subversion (RELEASE)
	if: startsWith(github.ref, 'refs/heads/release/')
	run: \|

	# Checkout the SVN repository
	export SVN_DIR="/tmp/svn-repo"
	svn co \
	--depth files \
	https://dist.apache.org/repos/dist/dev/logging/log4j \
	"$SVN_DIR"
	cd "$SVN_DIR"

	# Clean up old files
	find . -name "${DIST_FILENAME_PREFIX}*" -type f -print0 \| xargs -0 -r svn delete

	# Generate emails
	for EMAIL_TYPE in vote announce; do
	"$GITHUB_WORKSPACE/.github/generate-email.sh" $EMAIL_TYPE $PROJECT_VERSION $GITHUB_SHA \
	> "${DIST_FILENAME_VERSIONED_PREFIX}-email-${EMAIL_TYPE}.txt"
	done

	# Copy the distribution
	cp "$DIST_FILEPATH"* .

	# Add & commit changes
	svn add "${DIST_FILENAME_PREFIX}"*
	svn commit \
	--username "$SVN_USERNAME" \
	--password "$SVN_PASSWORD" \
	-m "Added fake \`${DIST_FILENAME_PREFIX}\` artifacts for release \`${PROJECT_VERSION}\`"

	env:
	SVN_USERNAME: ${{ secrets.SVN_USERNAME }}
	SVN_PASSWORD: ${{ secrets.SVN_PASSWORD }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update docs #225

Workflow file

Update docs #225

Jobs

Run details

Workflow file for this run