staging-client-java/.github/workflows/publish.yml at ea9157c4a0dc653ad9db0b3c1f3b1cd549bec066 · imsweb/staging-client-java · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
# Publish to Maven Central (Maven)
#
# Non-SNAPSHOT releases are done automatically on Git tag. SNAPSHOT releases are not handled by CI; use
# the following command to release a SNAPSHOT (ensure the version in pom.xml is a SNAPSHOT version):
#
# $ .\mvnw.cmd deploy -DskipTests
#
# Note that to release locally you will need to set up a settings.xml file in you user
# home .m2 directory. The username and password is generated at:
#
#    https://central.sonatype.com/usertoken.
#
# Here is the settings.xml file:
#
#  <settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
#            xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
#            xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0
#                                https://maven.apache.org/xsd/settings-1.0.0.xsd">
#     <servers>
#        <server>
#        <!-- must match <id>ossrh</id> in distributionManagement -->
#           <id>central</id>
#           <username>USERNAME FROM GENERATED TOKEN</username>
#           <password>PASSWORD FROM GENERATED TOKEN</password>
#        </server>
#     </servers>
#  </settings>

name: publish

on:
  repository_dispatch:
    types: manual-publish
  release:
    types: [ published ]

jobs:
  publish:
    runs-on: ubuntu-latest

    permissions:
      contents: read

    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Set up JDK 21 for Maven Central
        uses: actions/setup-java@v4
        with:
          distribution: 'temurin'
          java-version: '21'
          cache: 'maven'

          # Must match <id> in <distributionManagement>
          server-id: central

          # These are Maven properties in settings.xml; values come from env below
          server-username: MAVEN_CENTRAL_USERNAME
          server-password: MAVEN_CENTRAL_PASSWORD

          # GPG setup (uses your in-memory private key)
          gpg-private-key: ${{ secrets.SIGNING_KEY }}

          # Name of env var that holds the passphrase (see pom passphraseEnvName)
          gpg-passphrase: MAVEN_GPG_PASSPHRASE

      - name: Publish to Maven Central
        run: mvn -B -ntp clean deploy -P release -DskipTests -Dspotbugs.skip=true -Djacoco.skip=true
        env:
          # Sonatype / Central credentials
          MAVEN_CENTRAL_USERNAME: ${{ secrets.MAVEN_CENTRAL_USERNAME }}
          MAVEN_CENTRAL_PASSWORD: ${{ secrets.MAVEN_CENTRAL_PASSWORD }}

          # GPG passphrase (referenced by MAVEN_GPG_PASSPHRASE name)
          MAVEN_GPG_PASSPHRASE: ${{ secrets.SIGNING_PASSWORD }}