Fix permission to write to releases. Use the gh tool to upload assets…

… since there are no appropriate actions.
statisticsnorway · Nov 10, 2023 · 49fdace · 49fdace
1 parent 2e40c2c
commit 49fdace
Showing 1 changed file with 13 additions and 14 deletions.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -9,7 +9,7 @@ jobs:
   release:
     runs-on: ubuntu-latest
     permissions:
-      contents: read
+      contents: write
       id-token: write
       packages: write
 
@@ -52,7 +52,8 @@ jobs:
           git config user.name "dapla-bot[bot]"
           git config user.email "143391972+dapla-bot[bot]@users.noreply.github.com"
 
-      - uses: s4u/maven-settings-action@v2.8.0
+      - name: Setup Maven authentication to GitHub packages
+        uses: s4u/maven-settings-action@v2.8.0
         id: maven_settings
         with:
           servers: '[{"id": "github","configuration": {"httpHeaders": {"property": {"name": "Authorization","value": "Bearer ${{ secrets.GITHUB_TOKEN }}"}}}}]'
@@ -63,13 +64,9 @@ jobs:
           GITHUB_TOKEN: ${{ steps.app-token.outputs.token }}
         run: |
           mvn --batch-mode release:prepare -Darguments="-Dmaven.deploy.skip=true -DskipTests"
+          mvn --batch-mode release:perform
           TAG=$(git describe --abbrev=0 --tags)
           echo "tag=${TAG}" >> $GITHUB_OUTPUT
-          mvn --batch-mode release:perform
-          ARTIFACT_ID=$(mvn help:evaluate -Dexpression=project.artifactId -q -DforceStdout)
-          echo "artifact_id=${ARTIFACT_ID}" >> $GITHUB_OUTPUT
-          ARTIFACT_PATH=$(realpath "./target/$ARTIFACT_ID*.jar")
-          echo "artifact_path=${ARTIFACT_PATH}" >> $GITHUB_OUTPUT
 
       - name: Create GitHub release draft
         uses: release-drafter/release-drafter@v5
@@ -79,15 +76,17 @@ jobs:
         with:
           tag: ${{ steps.release_jar.outputs.tag }}
 
-      - name: Upload assets to GitHub release
-        uses: actions/upload-release-asset@v1
+      - name: Upload assets to GitHub release draft
         env:
           GITHUB_TOKEN: ${{ steps.app-token.outputs.token }}
-        with:
-          asset_path: ${{ steps.release_jar.outputs.artifact_path }}
-          asset_name: ${{ steps.release_jar.outputs.artifact_id }}.jar
-          asset_content_type: application/java-archive
-          upload_url: ${{ steps.create_github_release.outputs.upload_url }}
+        run: |
+          ARTIFACT_ID=$(mvn help:evaluate -Dexpression=project.artifactId -q -DforceStdout)
+          VERSION=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)
+          # Get all files matching the artifact id and version (source, javadoc, etc.)
+          ARTIFACT_GLOB=$(realpath ./target/$ARTIFACT_ID-$VERSION*.jar)
+          for file in $ARTIFACT_GLOB; do
+            gh release upload ${{ steps.create_github_release.outputs.tag_name }} $file
+          done
 
       - name: Publish GitHub release
         uses: eregon/publish-release@v1