-
Notifications
You must be signed in to change notification settings - Fork 4
63 lines (52 loc) · 2.55 KB
/
publish.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
name: Publish
on:
push:
branches: [master]
jobs:
publish:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
submodules: 'true'
- uses: actions/setup-java@v4
with:
java-version: 11
distribution: zulu
cache: gradle
- name: Decrypt CloudRepo credentials
run: ./config/scripts/decrypt.sh "$CLOUDREPO_CREDENTIALS_KEY" ./.github/keys/cloudrepo.properties.gpg ./cloudrepo.properties
env:
CLOUDREPO_CREDENTIALS_KEY: ${{ secrets.CLOUDREPO_CREDENTIALS_KEY }}
- name: Decrypt Git SSH credentials
run: ./config/scripts/decrypt.sh "$GIT_CREDENTIALS_KEY" ./.github/keys/deploy_key_rsa.gpg ./deploy_key_rsa
env:
GIT_CREDENTIALS_KEY: ${{ secrets.GIT_CREDENTIALS_KEY }}
# Make sure the SSH key is not "too visible". SSH agent will not accept it otherwise.
- name: Set file system permissions
run: chmod 400 ./deploy_key_rsa && chmod +x ./config/scripts/register-ssh-key.sh
- name: Decrypt GCS credentials
run: ./config/scripts/decrypt.sh "$GCS_CREDENTIALS_KEY" ./.github/keys/gcs-auth-key.json.gpg ./gcs-auth-key.json
env:
GCS_CREDENTIALS_KEY: ${{ secrets.GCS_CREDENTIALS_KEY }}
- name: Decrypt GCAR credentials
run: ./config/scripts/decrypt.sh "$MAVEN_PUBLISHER_KEY" ./.github/keys/maven-publisher.json.gpg ./maven-publisher.json
env:
MAVEN_PUBLISHER_KEY: ${{ secrets.MAVEN_PUBLISHER_KEY }}
- name: Decrypt Git SSH credentials
run: ./config/scripts/decrypt.sh "$GRADLE_PORTAL_CREDENTIALS_KEY" ./.github/keys/gradle-plugin-portal.secret.properties.gpg ./gradle-plugin-portal.secret.properties
env:
GRADLE_PORTAL_CREDENTIALS_KEY: ${{ secrets.GRADLE_PORTAL_CREDENTIALS_KEY }}
- name: Append Gradle properties
run: cat ./gradle-plugin-portal.secret.properties >> ./gradle.properties
- name: Publish artifacts to Maven
# Since we're in the `master` branch already, this means that tests of a PR passed.
# So, no need to run the tests again when publishing.
run: ./gradlew publish -x test --stacktrace
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
FORMAL_GIT_HUB_PAGES_AUTHOR: [email protected]
# https://docs.github.com/en/actions/reference/environment-variables
REPO_SLUG: $GITHUB_REPOSITORY # e.g. SpineEventEngine/core-java
GOOGLE_APPLICATION_CREDENTIALS: ./maven-publisher.json
NPM_TOKEN: ${{ secrets.NPM_SECRET }}