|
1 | | -name: Manual Release |
| 1 | +name: Publish Java Library to Maven Central |
2 | 2 |
|
3 | 3 | on: |
4 | 4 | workflow_dispatch: |
5 | 5 |
|
6 | 6 | jobs: |
7 | | - release: |
| 7 | + publish: |
8 | 8 | runs-on: ubuntu-latest |
9 | | - permissions: |
10 | | - contents: write # To allow pushing tags and commits |
| 9 | + |
11 | 10 | steps: |
12 | | - - name: Checkout code |
| 11 | + - name: Checkout repository |
13 | 12 | uses: actions/checkout@v4 |
14 | | - with: |
15 | | - persist-credentials: false # Recommended for security |
16 | 13 |
|
17 | | - - name: Set up Java JDK |
| 14 | + - name: Set up JDK, GPG, and Maven Central Authentication |
18 | 15 | uses: actions/setup-java@v4 |
19 | 16 | with: |
20 | | - java-version: '21' # Use the Java version from your pom.xml |
| 17 | + java-version: '21' |
21 | 18 | distribution: 'temurin' |
| 19 | + # Configure server for Sonatype OSSRH |
| 20 | + server-id: ossrh |
| 21 | + server-username: SONATYPE_USERNAME # Env var for username |
| 22 | + server-password: SONATYPE_KEY # Env var for password/token |
| 23 | + # Import GPG key for signing |
| 24 | + gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }} |
| 25 | + gpg-passphrase: GPG_PASSPHRASE # Env var for passphrase |
22 | 26 |
|
23 | | - - name: Set up GPG |
24 | | - run: | |
25 | | - echo "${{ secrets.GPG_PRIVATE_KEY }}" | gpg --batch --import |
26 | | - echo "${{ secrets.GPG_PASSPHRASE }}" | gpg --batch --passphrase-fd 0 --edit-key "${{ secrets.GPG_KEY_ID }}" trust |
27 | | - gpg --export-secret-keys -o secring.gpg |
28 | | - gpg --export --armor "${{ secrets.GPG_KEY_ID }}" > pubring.gpg |
29 | | -
|
30 | | - - name: Build and Release |
| 27 | + - name: Publish package to Maven Central |
| 28 | + run: mvn --batch-mode -P release deploy |
31 | 29 | env: |
32 | | - MAVEN_GPG_SECRET_KEYRING_FILE: secring.gpg |
33 | | - MAVEN_GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} |
34 | | - MAVEN_GPG_PUBLIC_KEYRING_FILE: pubring.gpg |
35 | | - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # For pushing tags |
36 | | - run: | |
37 | | - mvn --batch-mode -DskipTests -Darguments="-Dgpg.executable=gpg -Dgpg.secretKeyringFile=$MAVEN_GPG_SECRET_KEYRING_FILE -Dgpg.passphrase=$MAVEN_GPG_PASSPHRASE -Dgpg.publicKeyringFile=$MAVEN_GPG_PUBLIC_KEYRING_FILE" release:prepare release:perform |
38 | | -
|
39 | | - - name: Clean up GPG files |
40 | | - if: always() |
41 | | - run: | |
42 | | - rm -f secring.gpg pubring.gpg |
| 30 | + SONATYPE_USERNAME: ${{ secrets.OSSRH_USERNAME }} |
| 31 | + SONATYPE_KEY: ${{ secrets.OSSRH_TOKEN }} |
| 32 | + GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} |
0 commit comments