Setup release publishing (#18)

* add scmInfo for Sonatype; update sigmastate to v3.2.1; * add snapshot and release workflows; * add ci/import_gpg.sh; * add signing key in build.sbt; * remove `pgp*Ring` vars in build.sbt; * remove .travis.yml;
ergoplatform · Jul 14, 2020 · e777ebd · e777ebd
1 parent 1399537
commit e777ebd
Show file tree

Hide file tree

Showing 5 changed files with 99 additions and 44 deletions.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -0,0 +1,22 @@
+name: Release
+on:
+  release:
+    types: [published]
+jobs:
+  publish_release:
+    name: Publish release to Sonatype
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: olafurpg/setup-scala@v5
+      - name: Import GPG key
+        run: ci/import_gpg.sh
+        env:
+          GPG_SIGNING_KEY: ${{ secrets.GPG_SIGNING_KEY }}
+      - name: Publish release ${{ github.ref }}
+        run: sbt publishSigned sonatypeBundleRelease
+        env:
+          PGP_PASSPHRASE: ${{ secrets.PGP_PASSPHRASE }}
+          SONATYPE_PASSWORD: ${{ secrets.SONATYPE_PASSWORD }}
+          SONATYPE_USERNAME: ${{ secrets.SONATYPE_USERNAME }}
+
diff --git a/.github/workflows/snapshot.yml b/.github/workflows/snapshot.yml
@@ -0,0 +1,37 @@
+name: Snapshot
+on:
+  push:
+    branches: ["*"]
+    tags-ignore: ["v*"]
+jobs:
+  formatting:
+    name: Check code formatting
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: olafurpg/setup-scala@v5
+      - name: Run scalafmt
+        run: sbt scalafmtCheck
+
+  build:
+    name: Build and run tests
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: olafurpg/setup-scala@v5
+      - name: Run tests
+        run: sbt test
+
+  snapshot:
+    name: Publish snapshot to Sonatype
+    needs: [build, formatting]
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: olafurpg/setup-scala@v5
+      - name: Publish snapshot ${{ github.ref }}
+        run: sbt publish
+        env:
+          SONATYPE_PASSWORD: ${{ secrets.SONATYPE_PASSWORD }}
+          SONATYPE_USERNAME: ${{ secrets.SONATYPE_USERNAME }}
+
diff --git a/.travis.yml b/.travis.yml
diff --git a/build.sbt b/build.sbt
@@ -7,7 +7,7 @@ lazy val commonSettings = Seq(
   resolvers += Resolver.sonatypeRepo("public"),
   licenses := Seq("CC0" -> url("https://creativecommons.org/publicdomain/zero/1.0/legalcode")),
   homepage := Some(url("https://github.com/ergoplatform/ergo-scala-compiler")),
-  description := "ErgoScala to ErgoTree compiler",
+  description := "ErgoScala and ErgoScript to ErgoTree compiler",
   pomExtra :=
       <developers>
         <developer>
@@ -17,7 +17,14 @@ lazy val commonSettings = Seq(
         </developer>
       </developers>,
   publishMavenStyle := true,
-  publishTo := sonatypePublishToBundle.value
+  publishTo := sonatypePublishToBundle.value,
+  scmInfo := Some(
+    ScmInfo(
+      url("https://github.com/ergoplatform/ergo-scala-compiler"),
+      "scm:git@github.com:ergoplatform/ergo-scala-compiler.git"
+    )
+  ),
+
 )
 
 // prefix version with "-SNAPSHOT" for builds without a git tag
@@ -27,7 +34,7 @@ dynverSeparator in ThisBuild := "-"
 
 lazy val allConfigDependency = "compile->compile;test->test"
 
-val sigmaStateVersion = "add-ergotree-template-0e547557-SNAPSHOT"
+val sigmaStateVersion = "3.2.1"
 
 lazy val dependencies = Seq(
   "org.scorexfoundation" %% "sigma-state" % sigmaStateVersion % allConfigDependency,
@@ -95,10 +102,10 @@ lazy val commonScalacOptions = List(
 // signing is done by sbt-pgp plugin
 // how to generate a key - https://central.sonatype.org/pages/working-with-pgp-signatures.html
 // how to export a key and use it with Travis - https://docs.scala-lang.org/overviews/contributors/index.html#export-your-pgp-key-pair
-// pgpPublicRing := file("ci/pubring.asc")
-// pgpSecretRing := file("ci/secring.asc")
-// pgpPassphrase := sys.env.get("PGP_PASSPHRASE").map(_.toArray)
-// usePgpKeyHex("")
+// public key should be submitted to any public key server e.g. http://pgp.mit.edu/pks/add
+// on macOS: gpg --armor --export [id] | pbcopy
+pgpPassphrase := sys.env.get("PGP_PASSPHRASE").map(_.toArray)
+usePgpKeyHex("E56DB59CB6F7C723F4F6A44F5A02421A8A54A977")
 
 lazy val credentialFile = Path.userHome / ".sbt" / ".sigma-sonatype-credentials"
 credentials ++= (for {

diff --git a/ci/import_gpg.sh b/ci/import_gpg.sh
@@ -0,0 +1,26 @@
+#!/bin/bash
+# setting up gpg2 for reading passphrase from parameters
+# via https://github.com/beautiful-scala/scalastyle/blob/master/.github/workflows/release.yml#L16
+# from https://github.com/olafurpg/sbt-ci-release/issues/95
+
+# setup gpg
+mkdir ~/.gnupg && chmod 700 ~/.gnupg
+echo use-agent >> ~/.gnupg/gpg.conf
+echo pinentry-mode loopback >> ~/.gnupg/gpg.conf
+echo allow-loopback-pinentry >> ~/.gnupg/gpg-agent.conf
+chmod 600 ~/.gnupg/*
+echo RELOADAGENT | gpg-connect-agent
+
+# public key should be submitted to any public key server
+# e.g. http://pgp.mit.edu/pks/add
+# on macOS: gpg --armor --export [id] | pbcopy
+
+# decode private key
+# private key should be previously exported with (macOS):
+# gpg --export-secret-keys [id] | base64 | pbcopy
+# and stored as github repository secret under the following name (see env var name below)
+printf "$GPG_SIGNING_KEY" | base64 --decode > ~/.gnupg/private.key
+
+# import key
+gpg --no-tty --batch --yes --import ~/.gnupg/private.key
+