From 708d1a5f78720a1523bc03bd7b865c6e74739bca Mon Sep 17 00:00:00 2001
From: marko-bekhta <marko.prykladna@gmail.com>
Date: Tue, 5 Nov 2024 17:57:13 +0100
Subject: [PATCH 1/2] Split release and build jobs

---
 Jenkinsfile            | 65 ++--------------------------------
 ci/release/Jenkinsfile | 80 ++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 82 insertions(+), 63 deletions(-)
 create mode 100644 ci/release/Jenkinsfile

diff --git a/Jenkinsfile b/Jenkinsfile
index 73e8980..ec12623 100644
--- a/Jenkinsfile
+++ b/Jenkinsfile
@@ -1,4 +1,4 @@
-@Library('hibernate-jenkins-pipeline-helpers@1.5') _
+@Library('hibernate-jenkins-pipeline-helpers@1.17') _
 
 import org.hibernate.jenkins.pipeline.helpers.version.Version
 
@@ -14,25 +14,6 @@ pipeline {
         buildDiscarder logRotator(daysToKeepStr: '30', numToKeepStr: '10')
         disableConcurrentBuilds(abortPrevious: false)
     }
-    parameters {
-        string(
-                name: 'RELEASE_VERSION',
-                defaultValue: '',
-                description: 'The version to be released, e.g. 1.0.0.Final.',
-                trim: true
-        )
-        string(
-                name: 'DEVELOPMENT_VERSION',
-                defaultValue: '',
-                description: 'The next version to be used after the release, e.g. 1.0.1-SNAPSHOT.',
-                trim: true
-        )
-        booleanParam(
-                name: 'RELEASE_DRY_RUN',
-                defaultValue: false,
-                description: 'If true, just simulate the release, without pushing any commits or tags, and without uploading any artifacts.'
-        )
-    }
     stages {
         stage('Build') {
             steps {
@@ -41,47 +22,5 @@ pipeline {
                 }
             }
         }
-        stage('Release') {
-            when {
-                beforeAgent true
-                // Releases must be triggered explicitly with parameters
-                expression { return params.RELEASE_VERSION }
-            }
-            steps {
-                script {
-                    // Check that all the necessary parameters are set
-                    if (!params.RELEASE_VERSION) {
-                        throw new IllegalArgumentException("Missing value for parameter RELEASE_VERSION.")
-                    }
-                    if (!params.DEVELOPMENT_VERSION) {
-                        throw new IllegalArgumentException("Missing value for parameter DEVELOPMENT_VERSION.")
-                    }
-
-                    def releaseVersion = Version.parseReleaseVersion(params.RELEASE_VERSION)
-                    def developmentVersion = Version.parseDevelopmentVersion(params.DEVELOPMENT_VERSION)
-                    echo "Performing full release for version ${releaseVersion.toString()}"
-
-                    withMaven(mavenSettingsConfig: params.RELEASE_DRY_RUN ? null : 'ci-hibernate.deploy.settings.maven',
-                            mavenLocalRepo: env.WORKSPACE_TMP + '/.m2repository') {
-                        configFileProvider([configFile(fileId: 'release.config.ssh', targetLocation: env.HOME + '/.ssh/config'),
-                                            configFile(fileId: 'release.config.ssh.knownhosts', targetLocation: env.HOME + '/.ssh/known_hosts')]) {
-                            sshagent(['ed25519.Hibernate-CI.github.com']) {
-                                sh 'cat $HOME/.ssh/config'
-                                sh """ \
-                                    ./mvnw release:prepare \
-                                    -Dtag=${releaseVersion.toString()} \
-                                    -DreleaseVersion=${releaseVersion.toString()} \
-                                    -DdevelopmentVersion=${developmentVersion.toString()} \
-                                    -Prelease \
-                                """
-                                sh """ \
-                                    ./mvnw release:perform ${params.RELEASE_DRY_RUN ? '-DdryRun' : ''} -Prelease \
-                                """
-                            }
-                        }
-                    }
-                }
-            }
-        }
     }
-}
\ No newline at end of file
+}
diff --git a/ci/release/Jenkinsfile b/ci/release/Jenkinsfile
new file mode 100644
index 0000000..d2c30f3
--- /dev/null
+++ b/ci/release/Jenkinsfile
@@ -0,0 +1,80 @@
+@Library('hibernate-jenkins-pipeline-helpers@1.17') _
+
+import org.hibernate.jenkins.pipeline.helpers.version.Version
+
+pipeline {
+    agent {
+        label 'Worker&&Containers'
+    }
+    tools {
+        maven 'Apache Maven 3.8'
+        jdk 'OpenJDK 17 Latest'
+    }
+    options {
+        buildDiscarder logRotator(daysToKeepStr: '30', numToKeepStr: '10')
+        disableConcurrentBuilds(abortPrevious: false)
+    }
+    parameters {
+        string(
+                name: 'RELEASE_VERSION',
+                defaultValue: '',
+                description: 'The version to be released, e.g. 1.0.0.Final.',
+                trim: true
+        )
+        string(
+                name: 'DEVELOPMENT_VERSION',
+                defaultValue: '',
+                description: 'The next version to be used after the release, e.g. 1.0.1-SNAPSHOT.',
+                trim: true
+        )
+        booleanParam(
+                name: 'RELEASE_DRY_RUN',
+                defaultValue: false,
+                description: 'If true, just simulate the release, without pushing any commits or tags, and without uploading any artifacts.'
+        )
+    }
+    stages {
+        stage('Release') {
+            when {
+                beforeAgent true
+                // Releases must be triggered explicitly with parameters
+                expression { return params.RELEASE_VERSION }
+            }
+            steps {
+                script {
+                    // Check that all the necessary parameters are set
+                    if (!params.RELEASE_VERSION) {
+                        throw new IllegalArgumentException("Missing value for parameter RELEASE_VERSION.")
+                    }
+                    if (!params.DEVELOPMENT_VERSION) {
+                        throw new IllegalArgumentException("Missing value for parameter DEVELOPMENT_VERSION.")
+                    }
+
+                    def releaseVersion = Version.parseReleaseVersion(params.RELEASE_VERSION)
+                    def developmentVersion = Version.parseDevelopmentVersion(params.DEVELOPMENT_VERSION)
+                    echo "Performing full release for version ${releaseVersion.toString()}"
+
+                    withMaven(mavenSettingsConfig: params.RELEASE_DRY_RUN ? null : 'ci-hibernate.deploy.settings.maven',
+                            mavenLocalRepo: env.WORKSPACE_TMP + '/.m2repository') {
+                        configFileProvider([configFile(fileId: 'release.config.ssh', targetLocation: env.HOME + '/.ssh/config'),
+                                            configFile(fileId: 'release.config.ssh.knownhosts', targetLocation: env.HOME + '/.ssh/known_hosts')]) {
+                            sshagent(['ed25519.Hibernate-CI.github.com']) {
+                                sh 'cat $HOME/.ssh/config'
+                                sh """ \
+                                    ./mvnw release:prepare \
+                                    -Dtag=${releaseVersion.toString()} \
+                                    -DreleaseVersion=${releaseVersion.toString()} \
+                                    -DdevelopmentVersion=${developmentVersion.toString()} \
+                                    -Prelease \
+                                """
+                                sh """ \
+                                    ./mvnw release:perform ${params.RELEASE_DRY_RUN ? '-DdryRun' : ''} -Prelease \
+                                """
+                            }
+                        }
+                    }
+                }
+            }
+        }
+    }
+}

From f3dd3c11a4fd2490ae05f9a57e305edb2fd7f5a8 Mon Sep 17 00:00:00 2001
From: marko-bekhta <marko.prykladna@gmail.com>
Date: Tue, 5 Nov 2024 18:47:40 +0100
Subject: [PATCH 2/2] Add gpg signing and use release scripts

---
 ci/release/Jenkinsfile | 25 +++++++++++++------------
 pom.xml                | 42 +++++++++++++++++++++++++++++++-----------
 2 files changed, 44 insertions(+), 23 deletions(-)

diff --git a/ci/release/Jenkinsfile b/ci/release/Jenkinsfile
index d2c30f3..8bfad4b 100644
--- a/ci/release/Jenkinsfile
+++ b/ci/release/Jenkinsfile
@@ -58,18 +58,19 @@ pipeline {
                             mavenLocalRepo: env.WORKSPACE_TMP + '/.m2repository') {
                         configFileProvider([configFile(fileId: 'release.config.ssh', targetLocation: env.HOME + '/.ssh/config'),
                                             configFile(fileId: 'release.config.ssh.knownhosts', targetLocation: env.HOME + '/.ssh/known_hosts')]) {
-                            sshagent(['ed25519.Hibernate-CI.github.com']) {
-                                sh 'cat $HOME/.ssh/config'
-                                sh """ \
-                                    ./mvnw release:prepare \
-                                    -Dtag=${releaseVersion.toString()} \
-                                    -DreleaseVersion=${releaseVersion.toString()} \
-                                    -DdevelopmentVersion=${developmentVersion.toString()} \
-                                    -Prelease \
-                                """
-                                sh """ \
-                                    ./mvnw release:perform ${params.RELEASE_DRY_RUN ? '-DdryRun' : ''} -Prelease \
-                                """
+                            // using MAVEN_GPG_PASSPHRASE (the default env variable name for passphrase in maven gpg plugin)
+                            withCredentials([file(credentialsId: 'release.gpg.private-key', variable: 'RELEASE_GPG_PRIVATE_KEY_PATH'),
+                                             string(credentialsId: 'release.gpg.passphrase', variable: 'MAVEN_GPG_PASSPHRASE')]) {
+                                sshagent(['ed25519.Hibernate-CI.github.com']) {
+                                    sh 'mvn -v'
+                                    sh 'cat $HOME/.ssh/config'
+                                    sh 'git clone https://github.com/hibernate/hibernate-release-scripts.git'
+                                    env.RELEASE_GPG_HOMEDIR = env.WORKSPACE_TMP + '/.gpg'
+                                    sh """
+										bash -xe hibernate-release-scripts/release.sh ${params.RELEASE_DRY_RUN ? '-d' : ''} \
+												infra-develocity ${releaseVersion.toString()} ${developmentVersion.toString()}
+									"""
+                                }
                             }
                         }
                     }
diff --git a/pom.xml b/pom.xml
index 7322f35..7a7eee1 100644
--- a/pom.xml
+++ b/pom.xml
@@ -22,11 +22,13 @@
         <maven.compiler.source>17</maven.compiler.source>
         <maven.compiler.release>17</maven.compiler.release>
         <maven.compiler.parameters>true</maven.compiler.parameters>
-        <maven-release-plugin.version>3.1.1</maven-release-plugin.version>
         <nexus-staging-maven-plugin.version>1.7.0</nexus-staging-maven-plugin.version>
         <maven-javadoc-plugin.version>3.11.1</maven-javadoc-plugin.version>
         <maven-source-plugin.version>3.3.1</maven-source-plugin.version>
         <maven-shade-plugin.version>3.6.0</maven-shade-plugin.version>
+        <version.gpg.plugin>3.2.7</version.gpg.plugin>
+
+        <gpg.sign.skip>true</gpg.sign.skip>
 
         <!-- Repository Deployment URLs -->
         <ossrh.releases.repo.id>ossrh</ossrh.releases.repo.id>
@@ -152,6 +154,25 @@
                     </transformers>
                 </configuration>
             </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-gpg-plugin</artifactId>
+                <version>${version.gpg.plugin}</version>
+                <executions>
+                    <execution>
+                        <id>sign-artifacts</id>
+                        <phase>verify</phase>
+                        <goals>
+                            <goal>sign</goal>
+                        </goals>
+                        <configuration>
+                            <skip>${gpg.sign.skip}</skip>
+                            <homedir>${env.RELEASE_GPG_HOMEDIR}</homedir>
+                            <bestPractices>true</bestPractices>
+                        </configuration>
+                    </execution>
+                </executions>
+            </plugin>
         </plugins>
     </build>
 
@@ -206,18 +227,17 @@
     <profiles>
         <profile>
             <id>release</id>
+            <activation>
+                <property>
+                    <name>performRelease</name>
+                    <value>true</value>
+                </property>
+            </activation>
+            <properties>
+                <gpg.sign.skip>false</gpg.sign.skip>
+            </properties>
             <build>
                 <plugins>
-                    <plugin>
-                        <groupId>org.apache.maven.plugins</groupId>
-                        <artifactId>maven-release-plugin</artifactId>
-                        <version>${maven-release-plugin.version}</version>
-                        <configuration>
-                            <autoVersionSubmodules>true</autoVersionSubmodules>
-                            <tagNameFormat>@{project.version}</tagNameFormat>
-                            <localCheckout>true</localCheckout>
-                        </configuration>
-                    </plugin>
                     <plugin>
                         <groupId>org.sonatype.plugins</groupId>
                         <artifactId>nexus-staging-maven-plugin</artifactId>