fix: test release script

Author: lojzatran

.github/workflows/cd.yml

@@ -2,8 +2,8 @@ name: CD
 
 on:
   push:
-    tags:
-      - '*.*.*'
+    branches:
+      - test-new-release-branch
 
 jobs:
   benchmark_tests:
@@ -47,24 +47,29 @@ jobs:
         with:
           java-version: 11
           distribution: 'zulu'
-      - name: status
-        run: echo Build is tagged. Uploading artifact ${{ steps.vars.outputs.tag }} to maven central.
-      - name: Publish GitHub Pages
-        run: ./gradlew --info -Dbuild.version="${{ steps.vars.outputs.tag }}" mkdocsPublish
-      - name: deploy to sonatype and publish to maven central
-        run: ./gradlew setLibraryVersion -Dbuild.version="${{ steps.vars.outputs.tag }}" publishToSonatype closeAndReleaseSonatypeStagingRepository
+      - run: scripts/setup-signing-key.sh
         env:
-          GITHUB_TAG: ${{ steps.vars.outputs.tag }}
-          MAVEN_USERNAME: ${{ secrets.MAVEN_USERNAME }}
-          MAVEN_PASSWORD: ${{ secrets.MAVEN_PASSWORD }}
-          PGP_KEY: ${{ secrets.PGP_KEY }}
-          PGP_PASSWORD: ${{ secrets.PGP_PASSWORD }}
-      - name: Slack notification
-        if: success() # only when previous step succeeds
-        env:
-          SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
-          SLACK_USERNAME: Github Release Action.
-          SLACK_CHANNEL: java-sync
-        uses: Ilshidur/action-slack@master
-        with:
-          args: 'Version: <https://github.com/commercetools/commercetools-sync-java/releases/tag/${{ steps.vars.outputs.tag }}|${{ steps.vars.outputs.tag }}> of the library has been published to the <https://repo1.maven.org/maven2/com/commercetools/commercetools-sync-java/|Maven Central>.'
+          DECRYPTER: ${{ secrets.DECRYPTER }}
+          SIGNING_KEY: ${{ secrets.SIGNING_KEY }}
+          PASSPHRASE: ${{ secrets.PASSPHRASE }}
+#      - name: status
+#        run: echo Build is tagged. Uploading artifact ${{ steps.vars.outputs.tag }} to maven central.
+#      - name: Publish GitHub Pages
+#        run: ./gradlew --info -Dbuild.version="${{ steps.vars.outputs.tag }}" mkdocsPublish
+#      - name: deploy to sonatype and publish to maven central
+#        run: ./gradlew setLibraryVersion -Dbuild.version="${{ steps.vars.outputs.tag }}" publishToSonatype closeAndReleaseSonatypeStagingRepository
+#        env:
+#          GITHUB_TAG: ${{ steps.vars.outputs.tag }}
+#          MAVEN_USERNAME: ${{ secrets.MAVEN_USERNAME }}
+#          MAVEN_PASSWORD: ${{ secrets.MAVEN_PASSWORD }}
+#          PGP_KEY: ${{ secrets.PGP_KEY }}
+#          PGP_PASSWORD: ${{ secrets.PGP_PASSWORD }}
+#      - name: Slack notification
+#        if: success() # only when previous step succeeds
+#        env:
+#          SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
+#          SLACK_USERNAME: Github Release Action.
+#          SLACK_CHANNEL: java-sync
+#        uses: Ilshidur/action-slack@master
+#        with:
+#          args: 'Version: <https://github.com/commercetools/commercetools-sync-java/releases/tag/${{ steps.vars.outputs.tag }}|${{ steps.vars.outputs.tag }}> of the library has been published to the <https://repo1.maven.org/maven2/com/commercetools/commercetools-sync-java/|Maven Central>.'

.github/workflows/ci.yml

@@ -1,68 +1,68 @@
-name: CI
-
-on: [push]
-
-jobs:
-  checks:
-    name: Code Checks
-    runs-on: ubuntu-latest
-    steps:
-      - name: Git Checkout
-        uses: actions/checkout@v4
-      - name: Generate Dependency Updates Report
-        run: ./gradlew clean dependencyUpdates
-      - name: Code formatting
-        run: ./gradlew spotlessCheck
-      - name: PMD
-        run: ./gradlew pmdBenchmark pmdIntegrationTest pmdMain pmdTest
-      - name: Spotbugs
-        run: ./gradlew spotbugsBenchmark spotbugsIntegrationTest spotbugsMain spotbugsTest
-      - name: mkdocsBuild
-        run: ./gradlew mkdocsBuild
-  tests:
-    name: Tests
-    concurrency: tests
-    needs: checks
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-java@v4
-        with:
-          java-version: 11
-          distribution: 'zulu'
-      - name: Build with Gradle
-        run: ./gradlew clean setLibraryVersion test integrationTest jacocoTestCoverageVerification jacocoTestReport
-        env:
-          SOURCE_PROJECT_KEY: java-sync-source
-          SOURCE_CLIENT_ID:  ${{ secrets.SOURCE_CLIENT_ID }}
-          SOURCE_CLIENT_SECRET:  ${{ secrets.SOURCE_CLIENT_SECRET }}
-          TARGET_PROJECT_KEY: java-sync-target
-          TARGET_CLIENT_ID: ${{ secrets.TARGET_CLIENT_ID }}
-          TARGET_CLIENT_SECRET: ${{ secrets.TARGET_CLIENT_SECRET }}
-      - name: Codecov
-        uses: codecov/codecov-action@v4
-  benchmark_tests:
-    name: benchmark tests
-    concurrency: benchmark_tests
-    needs: tests
-    runs-on: ubuntu-latest
-    env:
-      SOURCE_PROJECT_KEY: java-sync-target-dev2
-      SOURCE_CLIENT_ID: ${{ secrets.TARGET_CLIENT_ID_2 }}
-      SOURCE_CLIENT_SECRET: ${{ secrets.TARGET_CLIENT_SECRET_2 }}
-      TARGET_PROJECT_KEY: java-sync-target-dev2
-      TARGET_CLIENT_ID: ${{ secrets.TARGET_CLIENT_ID_2 }}
-      TARGET_CLIENT_SECRET: ${{ secrets.TARGET_CLIENT_SECRET_2 }}
-      GRGIT_USER: ${{ secrets.GRGIT_USER }}
-      SUBMIT_BENCHMARK_RESULT: false
-    steps:
-      - name: Git Checkout
-        uses: actions/checkout@v4
-      - name: Fetch Library version
-        id: vars
-        run: echo ::set-output name=libVersion::${GITHUB_REF#refs/*/}
-      - name: benchmark test
-        if: ${{ success() }}
-        run: ./gradlew clean setLibraryVersion benchmark
-        env:
-          GITHUB_TAG: ${{ steps.vars.outputs.libVersion }}
+#name: CI
+#
+#on: [push]
+#
+#jobs:
+#  checks:
+#    name: Code Checks
+#    runs-on: ubuntu-latest
+#    steps:
+#      - name: Git Checkout
+#        uses: actions/checkout@v4
+#      - name: Generate Dependency Updates Report
+#        run: ./gradlew clean dependencyUpdates
+#      - name: Code formatting
+#        run: ./gradlew spotlessCheck
+#      - name: PMD
+#        run: ./gradlew pmdBenchmark pmdIntegrationTest pmdMain pmdTest
+#      - name: Spotbugs
+#        run: ./gradlew spotbugsBenchmark spotbugsIntegrationTest spotbugsMain spotbugsTest
+#      - name: mkdocsBuild
+#        run: ./gradlew mkdocsBuild
+#  tests:
+#    name: Tests
+#    concurrency: tests
+#    needs: checks
+#    runs-on: ubuntu-latest
+#    steps:
+#      - uses: actions/checkout@v4
+#      - uses: actions/setup-java@v4
+#        with:
+#          java-version: 11
+#          distribution: 'zulu'
+#      - name: Build with Gradle
+#        run: ./gradlew clean setLibraryVersion test integrationTest jacocoTestCoverageVerification jacocoTestReport
+#        env:
+#          SOURCE_PROJECT_KEY: java-sync-source
+#          SOURCE_CLIENT_ID:  ${{ secrets.SOURCE_CLIENT_ID }}
+#          SOURCE_CLIENT_SECRET:  ${{ secrets.SOURCE_CLIENT_SECRET }}
+#          TARGET_PROJECT_KEY: java-sync-target
+#          TARGET_CLIENT_ID: ${{ secrets.TARGET_CLIENT_ID }}
+#          TARGET_CLIENT_SECRET: ${{ secrets.TARGET_CLIENT_SECRET }}
+#      - name: Codecov
+#        uses: codecov/codecov-action@v4
+#  benchmark_tests:
+#    name: benchmark tests
+#    concurrency: benchmark_tests
+#    needs: tests
+#    runs-on: ubuntu-latest
+#    env:
+#      SOURCE_PROJECT_KEY: java-sync-target-dev2
+#      SOURCE_CLIENT_ID: ${{ secrets.TARGET_CLIENT_ID_2 }}
+#      SOURCE_CLIENT_SECRET: ${{ secrets.TARGET_CLIENT_SECRET_2 }}
+#      TARGET_PROJECT_KEY: java-sync-target-dev2
+#      TARGET_CLIENT_ID: ${{ secrets.TARGET_CLIENT_ID_2 }}
+#      TARGET_CLIENT_SECRET: ${{ secrets.TARGET_CLIENT_SECRET_2 }}
+#      GRGIT_USER: ${{ secrets.GRGIT_USER }}
+#      SUBMIT_BENCHMARK_RESULT: false
+#    steps:
+#      - name: Git Checkout
+#        uses: actions/checkout@v4
+#      - name: Fetch Library version
+#        id: vars
+#        run: echo ::set-output name=libVersion::${GITHUB_REF#refs/*/}
+#      - name: benchmark test
+#        if: ${{ success() }}
+#        run: ./gradlew clean setLibraryVersion benchmark
+#        env:
+#          GITHUB_TAG: ${{ steps.vars.outputs.libVersion }}

scripts/setup-signing-key.sh

@@ -0,0 +1,50 @@
+#!/bin/bash
+
+set -e
+
+# Decrypt credentials
+echo ${DECRYPTER} | base64 --decode > decrypter.json
+echo ${SIGNING_KEY} | base64 --decode > signing_key.enc
+echo ${PASSPHRASE} | base64 --decode > signing_passphrase.enc
+
+gcloud auth activate-service-account --key-file decrypter.json
+
+echo "Decrypt signing secrets"
+
+gcloud kms decrypt \
+  --project=commercetools-platform \
+  --location=global \
+  --keyring=devtooling \
+  --key=java-sdk-v2 \
+  --ciphertext-file=signing_key.enc \
+  --plaintext-file=signing_key.asc
+
+gcloud kms decrypt \
+  --project=commercetools-platform \
+  --location=global \
+  --keyring=devtooling \
+  --key=java-sdk-v2 \
+  --ciphertext-file=signing_passphrase.enc \
+  --plaintext-file=signing_passphrase.txt
+
+# Import the GPG key
+set +e
+echo "Importing the signing key"
+gpg --import --no-tty --batch --yes signing_key.asc
+echo " - done"
+set -e
+
+# List available GPG keys
+gpg -K
+
+KEYNAME=`gpg --with-colons --keyid-format long --list-keys [email protected] | grep fpr | cut -d ':' -f 10`
+
+mkdir -p ~/.gradle
+touch ~/.gradle/gradle.properties
+
+echo "signing.gnupg.executable=gpg" >> ~/.gradle/gradle.properties
+echo "signing.gnupg.keyName=$KEYNAME" >> ~/.gradle/gradle.properties
+echo "signing.gnupg.passphrase=$(<signing_passphrase.txt)" >> ~/.gradle/gradle.properties
+
+rm -rf signing_passphrase.txt signing_passphrase.enc signing_key.enc decrypter.json signing_key.asc
+