chore: Update signing key and keyring to be consistent (#70) #47
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release Please | ||
| on: | ||
| workflow_dispatch: | ||
| push: | ||
| branches: | ||
| - main | ||
| jobs: | ||
| release-please: | ||
| runs-on: ubuntu-latest | ||
| outputs: | ||
| package-sdk-common-released: ${{ steps.release.outputs['lib/shared/common--release_created'] }} | ||
| package-sdk-internal-released: ${{ steps.release.outputs['lib/shared/internal--release_created'] }} | ||
| package-server-sdk-released: ${{ steps.release.outputs['lib/sdk/server--release_created'] }} | ||
| package-server-sdk-otel-released: ${{ steps.release.outputs['lib/java-server-sdk-otel--release_created'] }} | ||
| package-server-sdk-redis-store-released: ${{ steps.release.outputs['lib/java-server-sdk-redis-store--release_created'] }} | ||
| steps: | ||
| - uses: googleapis/release-please-action@v4 | ||
| id: release | ||
| with: | ||
| token: ${{ secrets.GITHUB_TOKEN }} | ||
| target-branch: ${{ github.ref_name }} | ||
| release-server-sdk: | ||
| runs-on: ubuntu-latest | ||
| needs: release-please | ||
| permissions: | ||
| id-token: write | ||
| contents: write | ||
| pull-requests: write | ||
| if: ${{ needs.release-please.outputs.package-server-sdk-released == 'true'}} | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| - uses: launchdarkly/gh-actions/actions/[email protected] | ||
| name: Get secrets | ||
| with: | ||
| aws_assume_role: ${{ vars.AWS_ROLE_ARN }} | ||
| ssm_parameter_pairs: '/production/common/releasing/sonatype/username = SONATYPE_USER_NAME, | ||
| /production/common/releasing/sonatype/password = SONATYPE_PASSWORD' | ||
| /production/common/releasing/java/keyId = SIGNING_KEY_ID, | ||
| s3_path_pairs: 'launchdarkly-releaser/java/code-signing-keyring.gpg = code-signing-keyring.gpg' | ||
| - uses: ./.github/actions/full-release | ||
| with: | ||
| workspace_path: lib/sdk/server | ||
| dry_run: false | ||
| prerelease: false | ||
| code_signing_keyring: ${{ github.workspace }}/code-signing-keyring.gpg | ||
| signing_key_id: ${{ env.SIGNING_KEY_ID }} | ||
| signing_key_passphrase: '' | ||
| sonatype_username: ${{ env.SONATYPE_USER_NAME }} | ||
| sonatype_password: ${{ env.SONATYPE_PASSWORD }} | ||
| aws_role: ${{ vars.AWS_ROLE_ARN }} | ||
| token: ${{ secrets.GITHUB_TOKEN }} | ||
| release-server-sdk-otel: | ||
| runs-on: ubuntu-latest | ||
| needs: release-please | ||
| permissions: | ||
| id-token: write | ||
| contents: write | ||
| pull-requests: write | ||
| if: ${{ needs.release-please.outputs.package-server-sdk-otel-released == 'true'}} | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| - uses: launchdarkly/gh-actions/actions/[email protected] | ||
| name: Get secrets | ||
| with: | ||
| aws_assume_role: ${{ vars.AWS_ROLE_ARN }} | ||
| ssm_parameter_pairs: '/production/common/releasing/sonatype/username = SONATYPE_USER_NAME, | ||
| /production/common/releasing/sonatype/password = SONATYPE_PASSWORD' | ||
| /production/common/releasing/java/keyId = SIGNING_KEY_ID, | ||
| s3_path_pairs: 'launchdarkly-releaser/java/code-signing-keyring.gpg = code-signing-keyring.gpg' | ||
| - uses: ./.github/actions/full-release | ||
| with: | ||
| workspace_path: lib/java-server-sdk-otel | ||
| dry_run: false | ||
| prerelease: false | ||
| code_signing_keyring: ${{ github.workspace }}/code-signing-keyring.gpg | ||
| signing_key_id: ${{ env.SIGNING_KEY_ID }} | ||
| signing_key_passphrase: '' | ||
| sonatype_username: ${{ env.SONATYPE_USER_NAME }} | ||
| sonatype_password: ${{ env.SONATYPE_PASSWORD }} | ||
| aws_role: ${{ vars.AWS_ROLE_ARN }} | ||
| token: ${{ secrets.GITHUB_TOKEN }} | ||
| release-server-sdk-redis-store: | ||
| runs-on: ubuntu-latest | ||
| needs: release-please | ||
| permissions: | ||
| id-token: write | ||
| contents: write | ||
| pull-requests: write | ||
| if: ${{ needs.release-please.outputs.package-server-sdk-redis-store-released == 'true'}} | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| - uses: launchdarkly/gh-actions/actions/[email protected] | ||
| name: Get secrets | ||
| with: | ||
| aws_assume_role: ${{ vars.AWS_ROLE_ARN }} | ||
| ssm_parameter_pairs: '/production/common/releasing/sonatype/username = SONATYPE_USER_NAME, | ||
| /production/common/releasing/sonatype/password = SONATYPE_PASSWORD' | ||
| /production/common/releasing/java/keyId = SIGNING_KEY_ID, | ||
| s3_path_pairs: 'launchdarkly-releaser/java/code-signing-keyring.gpg = code-signing-keyring.gpg' | ||
| - uses: ./.github/actions/full-release | ||
| with: | ||
| workspace_path: lib/java-server-sdk-redis-store | ||
| dry_run: false | ||
| prerelease: false | ||
| code_signing_keyring: ${{ github.workspace }}/code-signing-keyring.gpg | ||
| signing_key_id: ${{ env.SIGNING_KEY_ID }} | ||
| signing_key_passphrase: '' | ||
| sonatype_username: ${{ env.SONATYPE_USER_NAME }} | ||
| sonatype_password: ${{ env.SONATYPE_PASSWORD }} | ||
| aws_role: ${{ vars.AWS_ROLE_ARN }} | ||
| token: ${{ secrets.GITHUB_TOKEN }} | ||
| release-sdk-internal: | ||
| runs-on: ubuntu-latest | ||
| needs: release-please | ||
| permissions: | ||
| id-token: write | ||
| contents: write | ||
| pull-requests: write | ||
| if: ${{ needs.release-please.outputs.package-sdk-internal-released == 'true'}} | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| - uses: launchdarkly/gh-actions/actions/[email protected] | ||
| name: Get secrets | ||
| with: | ||
| aws_assume_role: ${{ vars.AWS_ROLE_ARN }} | ||
| ssm_parameter_pairs: '/production/common/releasing/sonatype/username = SONATYPE_USER_NAME, | ||
| /production/common/releasing/sonatype/password = SONATYPE_PASSWORD' | ||
| /production/common/releasing/java/keyId = SIGNING_KEY_ID, | ||
| s3_path_pairs: 'launchdarkly-releaser/java/code-signing-keyring.gpg = code-signing-keyring.gpg' | ||
| - uses: ./.github/actions/full-release | ||
| with: | ||
| workspace_path: lib/shared/internal | ||
| dry_run: false | ||
| prerelease: false | ||
| code_signing_keyring: ${{ github.workspace }}/code-signing-keyring.gpg | ||
| signing_key_id: ${{ env.SIGNING_KEY_ID }} | ||
| signing_key_passphrase: '' | ||
| sonatype_username: ${{ env.SONATYPE_USER_NAME }} | ||
| sonatype_password: ${{ env.SONATYPE_PASSWORD }} | ||
| aws_role: ${{ vars.AWS_ROLE_ARN }} | ||
| token: ${{ secrets.GITHUB_TOKEN }} | ||
| release-sdk-common: | ||
| runs-on: ubuntu-latest | ||
| needs: release-please | ||
| permissions: | ||
| id-token: write | ||
| contents: write | ||
| pull-requests: write | ||
| if: ${{ needs.release-please.outputs.package-sdk-common-released == 'true'}} | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| - uses: launchdarkly/gh-actions/actions/[email protected] | ||
| name: Get secrets | ||
| with: | ||
| aws_assume_role: ${{ vars.AWS_ROLE_ARN }} | ||
| ssm_parameter_pairs: '/production/common/releasing/sonatype/username = SONATYPE_USER_NAME, | ||
| /production/common/releasing/sonatype/password = SONATYPE_PASSWORD' | ||
| /production/common/releasing/java/keyId = SIGNING_KEY_ID, | ||
| s3_path_pairs: 'launchdarkly-releaser/java/code-signing-keyring.gpg = code-signing-keyring.gpg' | ||
| - uses: ./.github/actions/full-release | ||
| with: | ||
| workspace_path: lib/shared/common | ||
| dry_run: false | ||
| prerelease: false | ||
| code_signing_keyring: ${{ github.workspace }}/code-signing-keyring.gpg | ||
| signing_key_id: ${{ env.SIGNING_KEY_ID }} | ||
| signing_key_passphrase: '' | ||
| sonatype_username: ${{ env.SONATYPE_USER_NAME }} | ||
| sonatype_password: ${{ env.SONATYPE_PASSWORD }} | ||
| aws_role: ${{ vars.AWS_ROLE_ARN }} | ||
| token: ${{ secrets.GITHUB_TOKEN }} | ||
