-
Notifications
You must be signed in to change notification settings - Fork 22
Expand file tree
/
Copy path.gitlab-ci.yml
More file actions
68 lines (55 loc) · 2.13 KB
/
.gitlab-ci.yml
File metadata and controls
68 lines (55 loc) · 2.13 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
stages:
- build
- deploy
- generate-signing-key
variables:
REGISTRY: 486234852809.dkr.ecr.us-east-1.amazonaws.com
.common: &common
tags: ["docker-in-docker:amd64"]
.gradle_build: &gradle_build
<<: *common
image: registry.ddbuild.io/images/mirror/gradle:7.0.0-jdk8
build:
<<: *gradle_build
stage: build
script:
- ./gradlew clean build --stacktrace --no-daemon
deploy_to_sonatype:
<<: *gradle_build
stage: deploy
rules:
# All releases are manual
- when: manual
allow_failure: true
script:
# Ensure we don't print commands being run to the logs during credential operations
- set +x
- echo "Installing AWSCLI..."
- apt update
- apt install -y python3 python3-pip
- python3 -m pip install awscli
- echo "Fetching Sonatype username..."
- export SONATYPE_USERNAME=$(aws ssm get-parameter --region us-east-1 --name ci.sketches-java.publishing.sonatype_username --with-decryption --query "Parameter.Value" --out text)
- echo "Fetching Sonatype password..."
- export SONATYPE_PASSWORD=$(aws ssm get-parameter --region us-east-1 --name ci.sketches-java.publishing.sonatype_password --with-decryption --query "Parameter.Value" --out text)
- echo "Fetching signing key..."
- export GPG_PRIVATE_KEY=$(aws ssm get-parameter --region us-east-1 --name ci.sketches-java.signing.gpg_private_key --with-decryption --query "Parameter.Value" --out text)
- echo "Fetching signing key passphrase..."
- export GPG_PASSPHRASE=$(aws ssm get-parameter --region us-east-1 --name ci.sketches-java.signing.gpg_passphrase --with-decryption --query "Parameter.Value" --out text)
- set -x
- echo "Building and publishing release..."
- ./gradlew -PbuildInfo.build.number=$CI_JOB_ID publishToSonatype closeSonatypeStagingRepository --max-workers=1 --build-cache --stacktrace --no-daemon
create_key:
<<: *common
stage: generate-signing-key
when: manual
variables:
PROJECT_NAME: "sketches-java"
EXPORT_TO_KEYSERVER: "true"
image: $REGISTRY/ci/agent-key-management-tools/gpg:1
script:
- /create.sh
artifacts:
expire_in: 13 mos
paths:
- ./pubkeys/