Enable maven package upload

Author: ivo.liondov

.github/workflows/build_and_publish.yml

@@ -0,0 +1,86 @@
+name: Maven Publish
+
+on:
+  push:
+    tags:
+      - '[0-9]+.[0-9]+.[0-9]+' # Matches tags in the form 3.3.0
+
+jobs:
+  maven-publish:
+    runs-on: ubuntu-latest
+    timeout-minutes: 30
+    env:
+      WORKSPACE: "${{ github.workspace }}"
+      GIT_BRANCH: "${{ github.ref }}"
+      CURRENT_TAG: "${{ github.ref_name }}"
+      MAVEN_USERNAME: ${{ secrets.MAVEN_USERNAME }}
+      MAVEN_PASSWORD: ${{ secrets.MAVEN_PASSWORD }}
+      PGP_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
+      PGP_KEY_ID: ${{ secrets.PGP_KEY_ID }}
+      GPG_PASSWORD: ${{ secrets.GPG_PASSWORD }}
+    steps:
+    - name: Set up Git
+      run: git config --global --add safe.directory '*'
+      
+    - name: Checkout Repository
+      uses: actions/checkout@v3
+
+    - name: Set Up Java
+      uses: actions/setup-java@v3
+      with:
+        distribution: 'temurin' # Use Eclipse Temurin distribution
+        java-version: '11'      # Use Java 11 for Android builds
+    
+    - name: Install Android SDK
+      run: |
+          sudo apt-get update
+          sudo apt-get install -y unzip curl
+          mkdir -p $ANDROID_HOME/cmdline-tools
+          curl -o android-sdk.zip https://dl.google.com/android/repository/commandlinetools-linux-9123335_latest.zip
+          unzip -q android-sdk.zip -d $ANDROID_HOME/cmdline-tools
+          mv $ANDROID_HOME/cmdline-tools/cmdline-tools $ANDROID_HOME/cmdline-tools/tools
+          rm android-sdk.zip
+          echo "ANDROID_HOME=$ANDROID_HOME" >> $GITHUB_ENV
+          echo "PATH=$ANDROID_HOME/cmdline-tools/tools/bin:$ANDROID_HOME/platform-tools:$ANDROID_HOME/emulator:$PATH" >> $GITHUB_ENV
+    - name: Accept Android SDK Licenses
+      shell: bash
+      run: |
+          source $GITHUB_ENV
+          yes | sdkmanager --licenses || true
+    - name: Install Required SDK Packages
+      shell: bash
+      run: |
+          source $GITHUB_ENV
+          sdkmanager "platform-tools" "platforms;android-33" "build-tools;33.0.2"
+  
+  
+    - name: Install GPG
+      run: |
+          sudo apt-get update
+          sudo apt-get install -y gnupg
+    
+    - name: Import GPG Private Key
+      run: |
+        echo "${{ secrets.GPG_PRIVATE_KEY }}" > private.key
+        gpg --batch --import private.key
+        rm private.key
+
+    - name: Trust GPG Key
+      run: |
+        KEY_ID=$(gpg --list-keys --with-colons | grep pub | cut -d: -f5)
+        echo -e "trust\n5\ny\nquit" | gpg --batch --yes --command-fd 0 --edit-key $KEY_ID
+    
+    - name: Build AAR
+      run:  ./gradlew assembleRelease
+
+    - name: Create Package
+      run: cd .maven && ./build-and-sign.sh
+
+    - name: Publish Package
+      run: cd .maven && ./maven-publish.sh
+      
+    - name: Upload Artifact
+      uses: actions/upload-artifact@v3
+      with:
+        name: full-repo-artifact-${{ github.ref_name }}
+        path: ${{ github.workspace }}

.maven/build-and-sign.sh

@@ -0,0 +1,214 @@
+#!/bin/bash
+
+## set variables/constants required by the script
+
+# The version of the package that will be build and will be visible in maven central
+# For Approov SDK release 3.3.0 (library 7257) the version was 3.3.0
+# This is also used to rename the folder where the package is stored by replacing the TAG-RENAME-DIR
+# THE POM FILE MUST BE UPDATED WITH THE CORRECT VERSION WHICH MUST MATCH THIS VARIABLE
+VERSION="3.3.0"
+
+# Constant: current package name
+CURRENT_PACKAGE_NAME="service.httpsurlconn"
+
+# Constant: Required package subdir structure
+PACKAGE_DIR_STRUCTURE="io/approov/${CURRENT_PACKAGE_NAME}"
+
+# Constant: The file prefix for each file placed in the above directory
+# NOTE: This is also the name of the binary SDK file expected by Maven
+FILE_PREFIX="${CURRENT_PACKAGE_NAME}-${VERSION}"
+
+# The PGP Key ID to use for signing the package; set by CI/CD
+# export PGP_KEY_ID=""
+# Verify that the PGP_KEY_ID is set
+if [ -z "$PGP_KEY_ID" ]; then
+    echo "Error: PGP_KEY_ID is not set. This script requires a PGP key ID to be set."
+    exit 1
+fi
+# Password for the GPG key; set by CI/CD
+# export GPG_PASSWORD=""
+# Verify that the GPG_PASSWORD is set
+if [ -z "$GPG_PASSWORD" ]; then
+    echo "Error: GPG_PASSWORD is not set. This script requires a GPG password to be set."
+    exit 1
+fi
+
+# The full path to the service aar package generated by gradle build.
+AAR_PATH="../approov-service/build/outputs/aar/approov-service-release.aar"
+
+
+# The path to the javadoc.jar file that will be uploaded to maven central
+JAVADOC_JAR_PATH="../approov-service/docs/javadoc.jar"
+
+# Path to the POM file: YOU MUST UPDATE THIS FILE WITH THE CORRECT <version
+# which MUST match the VERSION variable above
+POM_FILE_PATH="../approov-service/pom.xml"
+
+# Check if the above files exist before proceeding further
+if [ ! -f ${AAR_PATH} ]; then
+    echo "File not found: ${AAR_PATH}"
+    echo "Please make sure the file exists or change the location in the script and try again"
+    exit 1
+fi
+
+if [ ! -f ${JAVADOC_JAR_PATH} ]; then
+    echo "File not found: ${JAVADOC_JAR_PATH}"
+    echo "Please make sure the file exists or change the location in the script and try again"
+    exit 1
+fi
+
+if [ ! -f ${POM_FILE_PATH} ]; then
+    echo "File not found: ${POM_FILE_PATH}"
+    echo "Please make sure the file exists or change the location in the script and try again"
+    exit 1
+fi
+
+
+# The destination directory to place all the files
+DESTINATION_DIR="${PACKAGE_DIR_STRUCTURE}/${VERSION}"
+
+echo "Will create destination directory: ${DESTINATION_DIR}"
+# Create destination directory in current location
+mkdir -p ${DESTINATION_DIR}
+# Check if the command was successful
+if [ $? -eq 0 ]; then
+    echo "File successfully created: ${DESTINATION_DIR}"
+else
+    echo "Failed to create directory ${DESTINATION_DIR}"
+    exit 1
+fi
+
+# Copy operations to destination directory
+# 1. Copy javadoc.jar file and rename to destination:
+# Maven expects for version 3.2.2 of the javadoc.jar the following file
+# service.httpsurlconn-3.2.2-javadoc.jar
+cp ${JAVADOC_JAR_PATH} ${DESTINATION_DIR}/${FILE_PREFIX}-javadoc.jar
+
+# Check if the command was successful
+if [ $? -eq 0 ]; then
+    echo "File successfully copied: ${DESTINATION_DIR}/${FILE_PREFIX}-javadoc.jar"
+else
+    echo "Failed to copy file as ${DESTINATION_DIR}/${FILE_PREFIX}-javadoc.jar"
+    exit 1
+fi
+
+# Sign the target javadoc file
+OUTPUT_SIGNATURE="${DESTINATION_DIR}/${FILE_PREFIX}-javadoc.jar.asc"
+gpg --batch --yes --passphrase "$GPG_PASSWORD" --pinentry-mode loopback --output "$OUTPUT_SIGNATURE" --detach-sign --local-user "$PGP_KEY_ID" "${DESTINATION_DIR}/${FILE_PREFIX}-javadoc.jar"
+
+# Check if the command was successful
+if [ $? -eq 0 ]; then
+    echo "File successfully signed: ${DESTINATION_DIR}/${FILE_PREFIX}-javadoc.jar.asc"
+else
+    echo "Failed to sign file as ${DESTINATION_DIR}/${FILE_PREFIX}-javadoc.jar.asc"
+    exit 1
+fi
+# Compute hashes for the javadoc file
+OUTPUT_FILE="${DESTINATION_DIR}/${FILE_PREFIX}-javadoc.jar.sha1"
+# Compute SHA-1 and extract only the hash
+shasum "${DESTINATION_DIR}/${FILE_PREFIX}-javadoc.jar" | awk '{print $1}' > "$OUTPUT_FILE"
+# sha256
+OUTPUT_FILE="${DESTINATION_DIR}/${FILE_PREFIX}-javadoc.jar.sha256"
+shasum -a 256 "${DESTINATION_DIR}/${FILE_PREFIX}-javadoc.jar" | awk '{print $1}' > "$OUTPUT_FILE"
+# sha512
+OUTPUT_FILE="${DESTINATION_DIR}/${FILE_PREFIX}-javadoc.jar.sha512"
+shasum -a 512 "${DESTINATION_DIR}/${FILE_PREFIX}-javadoc.jar" | awk '{print $1}' > "$OUTPUT_FILE"
+# md5
+OUTPUT_FILE="${DESTINATION_DIR}/${FILE_PREFIX}-javadoc.jar.md5"
+md5sum "${DESTINATION_DIR}/${FILE_PREFIX}-javadoc.jar" | awk '{print $1}' > "$OUTPUT_FILE"
+
+
+# 2. Copy the aar file and rename to destination:
+# Maven expects for version 3.2.2 of the aar file the following file
+# service.httpsurlconn-3.2.2.aar
+cp ${AAR_PATH} ${DESTINATION_DIR}/${FILE_PREFIX}.aar
+
+# Check if the command was successful
+if [ $? -eq 0 ]; then
+    echo "File successfully copied: ${DESTINATION_DIR}/${FILE_PREFIX}.aar"
+else
+    echo "Failed to copy file as ${DESTINATION_DIR}/${FILE_PREFIX}.aar"
+    exit 1
+fi
+
+# Sign the android SDK aar file
+OUTPUT_SIGNATURE="${DESTINATION_DIR}/${FILE_PREFIX}.aar.asc"
+gpg --batch --yes --passphrase "$GPG_PASSWORD" --pinentry-mode loopback --output "$OUTPUT_SIGNATURE" --detach-sign --local-user "$PGP_KEY_ID" "${DESTINATION_DIR}/${FILE_PREFIX}.aar"
+
+# Check if the command was successful
+if [ $? -eq 0 ]; then
+    echo "File successfully signed: ${DESTINATION_DIR}/${FILE_PREFIX}.aar.asc"
+else
+    echo "Failed to sign file as ${DESTINATION_DIR}/${FILE_PREFIX}.aar.asc"
+    exit 1
+fi
+
+# Compute hashes for the aar file
+OUTPUT_FILE="${DESTINATION_DIR}/${FILE_PREFIX}.aar.sha1"
+# Compute SHA-1 and extract only the hash
+shasum "${DESTINATION_DIR}/${FILE_PREFIX}.aar" | awk '{print $1}' > "$OUTPUT_FILE"
+# sha256
+OUTPUT_FILE="${DESTINATION_DIR}/${FILE_PREFIX}.aar.sha256"
+shasum -a 256 "${DESTINATION_DIR}/${FILE_PREFIX}.aar" | awk '{print $1}' > "$OUTPUT_FILE"
+# sha512
+OUTPUT_FILE="${DESTINATION_DIR}/${FILE_PREFIX}.aar.sha512"
+shasum -a 512 "${DESTINATION_DIR}/${FILE_PREFIX}.aar" | awk '{print $1}' > "$OUTPUT_FILE"
+# md5
+OUTPUT_FILE="${DESTINATION_DIR}/${FILE_PREFIX}.aar.md5"
+md5sum "${DESTINATION_DIR}/${FILE_PREFIX}.aar" | awk '{print $1}' > "$OUTPUT_FILE"
+
+
+# 3. Copy the pom file and rename to destination:
+# Maven expects for version 3.2.2 of the pom file the following file
+# service.httpsurlconn-3.2.2.pom
+cp ${POM_FILE_PATH} ${DESTINATION_DIR}/${FILE_PREFIX}.pom
+
+# Check if the command was successful
+if [ $? -eq 0 ]; then
+    echo "File successfully copied: ${DESTINATION_DIR}/${FILE_PREFIX}.pom"
+else
+    echo "Failed to copy file as ${DESTINATION_DIR}/${FILE_PREFIX}.pom"
+    exit 1
+fi
+
+# Sign the pom file
+OUTPUT_SIGNATURE="${DESTINATION_DIR}/${FILE_PREFIX}.pom.asc"
+gpg --batch --yes --passphrase "$GPG_PASSWORD" --pinentry-mode loopback --output "$OUTPUT_SIGNATURE" --detach-sign --local-user "$PGP_KEY_ID" "${DESTINATION_DIR}/${FILE_PREFIX}.pom"
+
+# Check if the command was successful
+if [ $? -eq 0 ]; then
+    echo "File successfully signed: ${DESTINATION_DIR}/${FILE_PREFIX}.pom.asc"
+else
+    echo "Failed to sign file as ${DESTINATION_DIR}/${FILE_PREFIX}.pom.asc"
+    exit 1
+fi
+
+# Compute hashes for the pom file
+OUTPUT_FILE="${DESTINATION_DIR}/${FILE_PREFIX}.pom.sha1"
+# Compute SHA-1 and extract only the hash
+shasum "${DESTINATION_DIR}/${FILE_PREFIX}.pom" | awk '{print $1}' > "$OUTPUT_FILE"
+# sha256
+OUTPUT_FILE="${DESTINATION_DIR}/${FILE_PREFIX}.pom.sha256"
+shasum -a 256 "${DESTINATION_DIR}/${FILE_PREFIX}.pom" | awk '{print $1}' > "$OUTPUT_FILE"
+# sha512
+OUTPUT_FILE="${DESTINATION_DIR}/${FILE_PREFIX}.pom.sha512"
+shasum -a 512 "${DESTINATION_DIR}/${FILE_PREFIX}.pom" | awk '{print $1}' > "$OUTPUT_FILE"
+# md5
+OUTPUT_FILE="${DESTINATION_DIR}/${FILE_PREFIX}.pom.md5"
+md5sum "${DESTINATION_DIR}/${FILE_PREFIX}.pom" | awk '{print $1}' > "$OUTPUT_FILE"
+
+# Force remove recursively all the .DS_Store files that might have been copied
+find "io/" -name ".DS_Store" -type f -delete
+# Finally zip the io/ directory and save it in current directory as ${FILE_PREFIX}.zip
+zip -r ${FILE_PREFIX}.zip "io"
+
+# Test if the zip file was created
+if [ -f "${FILE_PREFIX}.zip" ]; then
+    echo "Zip file created successfully: ${FILE_PREFIX}.zip"
+else
+    echo "Failed to create zip file: ${FILE_PREFIX}.zip"
+    exit 1
+fi
+
+# Copy the zip file to the destination directory to inspect
+cp ${FILE_PREFIX}.zip ../

.maven/maven-publish.sh

@@ -0,0 +1,32 @@
+#!/bin/bash
+
+## set variables/constants required by the script
+# The current tag of github's branch
+# Bail out if CURRENT_TAG is not set
+if [ -z "$CURRENT_TAG" ]; then
+  echo "Error: CURRENT_TAG is not set. This script requires a tag to be set."
+  exit 1
+fi
+
+# Check the MAVEN_USERNAME and MAVEN_PASSWORD are set
+if [ -z "$MAVEN_USERNAME" ]; then
+  echo "Error: MAVEN_USERNAME is not set. This script requires a username to be set."
+  exit 1
+fi
+
+if [ -z "$MAVEN_PASSWORD" ]; then
+  echo "Error: MAVEN_PASSWORD is not set. This script requires a password to be set."
+  exit 1
+fi
+
+# The body artifact name
+BODY_ARTIFACT="service.httpsurlconn-${CURRENT_TAG}.zip"
+
+# The username:password for the maven repository
+MAVEN_CREDENTIALS=$(printf "${MAVEN_USERNAME}:${MAVEN_PASSWORD}" | base64)
+# Publish the body artifact
+curl --request POST \
+  --verbose \
+  --header "Authorization: Bearer ${MAVEN_CREDENTIALS}" \
+  --form "bundle=@${BODY_ARTIFACT}" \
+  "https://central.sonatype.com/api/v1/publisher/upload?publishingType=USER_MANAGED&name=service.httpsurlconn"

approov-service/build.gradle

@@ -7,7 +7,6 @@ repositories {
     mavenCentral()
     google()
     jcenter()
-    maven { url "https://jitpack.io" }
 }
 
 group = 'com.github.approov'
@@ -34,18 +33,6 @@ android {
 
 dependencies {
     implementation 'com.squareup.okhttp3:okhttp:4.12.0'
-    implementation 'com.github.approov:approov-android-sdk:3.2.2'
+    implementation 'io.approov:approov-android-sdk:3.3.0'
 }
 
-afterEvaluate {
-    publishing {
-        publications {
-            release(MavenPublication) {
-                from components.release
-                groupId = 'com.github.approov'
-                artifactId = 'approov-service-httpsurlconn'
-                version = '3.2.2'
-            }
-        }
-    }
-}