Maven Manual Deploy #3
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This workflow will build a package using Maven and then publish it to GitHub packages when a release is created | |
| ## For more information see: https://github.com/actions/setup-java/blob/main/docs/advanced-usage.md#apache-maven-with-a-settings-path | |
| name: Maven Manual Deploy | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| ref: | |
| description: "Git ref to release" | |
| required: true | |
| version: | |
| description: "Maven version to release (without 'v' prefix)" | |
| required: true | |
| deployArgs: | |
| description: "Additional Maven deploy arguments (e.g. '--debug -DautoReleaseAfterClose=false')" | |
| required: false | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| env: | |
| SONATYPE_USER: ${{secrets.BUF_SONATYPE_USER}} | |
| SONATYPE_PASSWORD: ${{secrets.BUF_SONATYPE_PASSWORD}} | |
| GPG_KEY_NAME: ${{secrets.GPG_KEY_NAME}} | |
| GPG_PASSPHRASE: ${{secrets.GPG_PASSPHRASE}} | |
| MAVEN_OPTS: "--add-opens=java.base/java.util=ALL-UNNAMED --add-opens=java.base/java.lang.reflect=ALL-UNNAMED --add-opens=java.base/java.text=ALL-UNNAMED --add-opens=java.desktop/java.awt.font=ALL-UNNAMED" | |
| REF_NAME: ${{ inputs.ref }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ inputs.ref }} | |
| - uses: actions/setup-go@v5 | |
| with: | |
| go-version: 'stable' | |
| - name: Set VERSION variable from tag | |
| run: | | |
| echo "VERSION=${{ inputs.VERSION }}" >> $GITHUB_ENV | |
| - name: 'Configure GPG signing' | |
| env: | |
| GPG_KEY: ${{ secrets.GPG_PRIVATE_KEY }} | |
| GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} | |
| run: | | |
| # https://github.com/keybase/keybase-issues/issues/2798 | |
| export GPG_TTY=$(tty) | |
| # Import gpg keys and warm the passphrase to avoid the gpg | |
| # passphrase prompt when initating a deploy | |
| # `--pinentry-mode=loopback` could be needed to ensure we | |
| # suppress the gpg prompt | |
| echo $GPG_KEY | base64 --decode > signing-key | |
| gpg --passphrase $GPG_PASSPHRASE --batch --import signing-key | |
| shred signing-key | |
| - name: Configure GIT | |
| run: | | |
| git config --global user.email "envoy-bot@users.noreply.github.com" | |
| git config --global user.name "envoy-bot" | |
| - name: Set up JDK | |
| uses: actions/setup-java@v4 | |
| with: | |
| distribution: 'temurin' | |
| java-version: '17' | |
| cache: 'maven' | |
| server-id: ossrh | |
| server-username: ${ env.SONATYPE_USER } | |
| server-password: ${ env.SONATYPE_PASSWORD } | |
| gpg-private-key: ${{ secrets.GPG_SECRET_KEY }} | |
| gpg-passphrase: ${ env.GPG_PASSPHRASE } | |
| - name: Update version in pom | |
| working-directory: ${{ github.workspace }}/java | |
| run: ./mvnw -B versions:set -DnewVersion=${{ env.VERSION }} -DgenerateBackupPoms=false | |
| - name: Publish to Maven Packages Apache Maven | |
| working-directory: ${{ github.workspace }}/java | |
| run: | | |
| ./mvnw -B -s settings.xml ${{ inputs.deployArgs }} clean deploy \ | |
| -Darguments="-s settings.xml" \ | |
| -DreleaseVersion=${{ env.VERSION }} \ | |
| -DdevelopmentVersion=${{ env.VERSION }}-SNAPSHOT \ | |
| -DscmCommentPrefix="java release: " | |
| env: | |
| MAVEN_USERNAME: ${{ env.SONATYPE_USER }} | |
| MAVEN_CENTRAL_TOKEN: ${{ env.SONATYPE_PASSWORD }} | |
| MAVEN_GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} |