-
Notifications
You must be signed in to change notification settings - Fork 180
76 lines (66 loc) · 3.02 KB
/
maven-release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
#
# Copyright 2017-2020 Adobe.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-maven
name: Maven Release
on: workflow_dispatch
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
with:
egress-policy: audit
- uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
with:
fetch-depth: 0
- name: Set up JDK
uses: actions/setup-java@b36c23c0d998641eff861008f374ee103c25ac73 # v4.4.0
with:
java-version: 21
distribution: 'temurin'
# The release build pushes a Docker image to Docker Hub, so we need to log in
- name: Perform docker login
env:
DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
DOCKERHUB_PASSWORD: ${{ secrets.DOCKERHUB_PASSWORD }}
run: echo $DOCKERHUB_PASSWORD | docker login -u $DOCKERHUB_USERNAME --password-stdin
# Import GPG key used during the release to sign the artifacts (required by Sonatype)
- name: Import GPG key
env:
GPG_SECRET_KEYS: ${{ secrets.GPG_SECRET_KEYS }}
GPG_OWNERTRUST: ${{ secrets.GPG_OWNERTRUST }}
run: |
echo $GPG_SECRET_KEYS | base64 --decode | gpg --import --no-tty --batch --yes
echo $GPG_OWNERTRUST | base64 --decode | gpg --import-ownertrust --no-tty --batch --yes
# The release plugin creates two commits, let's attribute them nicely to the Adobe Bot
- name: Configure git user for release commits
env:
X_GITHUB_USERNAME: ${{ secrets.ADOBE_BOT_GITHUB_USERNAME }}
run: |
git config user.email "[email protected]"
git config user.name "${X_GITHUB_USERNAME}"
- name: Set up QEMU
uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0
# Run the actual Maven command
- name: Release with Maven
env:
GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
ADOBE_BOT_GITHUB_USERNAME: ${{ secrets.ADOBE_BOT_GITHUB_USERNAME }}
ADOBE_BOT_GITHUB_PASSWORD: ${{ secrets.ADOBE_BOT_GITHUB_PASSWORD }}
SONATYPE_USERNAME: ${{ secrets.SONATYPE_USERNAME }}
SONATYPE_PASSWORD: ${{ secrets.SONATYPE_PASSWORD }}
run: ./mvnw -B -V --settings ./.github/workflows/settings.xml release:prepare release:perform