Build and Deploy to Maven Central for aigenpipeline-2.1.0 #12
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This builds develop and deploys a release to maven central | |
| # See also https://docs.github.com/en/actions/publishing-packages/publishing-java-packages-with-maven | |
| # https://github.com/actions/setup-java | |
| # https://github.com/actions/setup-java/blob/main/docs/advanced-usage.md?tab=readme-ov-file#Publishing-using-Apache-Maven | |
| # https://central.sonatype.org/publish-ea/publish-ea-guide/ | |
| name: Build and Deploy to Maven Central | |
| run-name: Build and Deploy to Maven Central for ${{ github.ref_name }} | |
| on: | |
| workflow_dispatch: | |
| jobs: | |
| buildAndDeploy: | |
| runs-on: ubuntu-latest | |
| env: | |
| SUBDIR: ${{ github.event.inputs.subdir }} | |
| MVNCMD: mvn -B -ntp -P release | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| GITHUB_ACTOR: ${{ github.actor }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 3 | |
| - name: print configuration | |
| run: | | |
| echo "MVNCMD: $MVNCMD" | |
| echo "dryrun: ${{ github.event.inputs.dryrun }}" | |
| - name: Set up JDK 11 | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: '11' | |
| distribution: 'temurin' | |
| cache: maven | |
| server-id: central | |
| server-username: OSSRH_USER | |
| server-password: OSSRH_PASSWD | |
| # gpg-private-key: ${{ secrets.GPG_SECRET_KEYS }} | |
| gpg-passphrase: GPG_PASSPHRASE | |
| - name: Dump settings | |
| run: cat $HOME/.m2/settings.xml | |
| - name: Dump event context for debugging | |
| continue-on-error: true # Debugging output only, and this annoyingly fails when the commit messge has a ( | |
| run: | | |
| echo '${{ github.event_name }} for ${{ github.ref_type }} ${{ github.ref_name }} or ${{ github.event.ref }}' | |
| # https://docs.github.com/en/developers/webhooks-and-events/webhooks/webhook-events-and-payloads#push | |
| echo 'github.event:' | |
| echo '${{ toJSON(github.event) }}' | |
| - name: Dump github context for debugging | |
| continue-on-error: true # Debugging output only, and this annoyingly fails when the commit message has a ( | |
| run: | | |
| echo '${{ toJSON(github) }}' | |
| - name: Try to set a master password | |
| run: | | |
| MASTERPWD=$(openssl rand -base64 25) | |
| echo "<settingsSecurity> <master>$(mvn --encrypt-master-password "$MASTERPWD")</master></settingsSecurity>" > $HOME/.m2/settings-security.xml | |
| # echo "MASTERPWD=\"$MASTERPWD\"" >> $GITHUB_ENV | |
| # The master password isn't actually used, but the maven-gpg-plugin complains otherwise. | |
| - name: Git & Maven Status | |
| run: | | |
| $MVNCMD -version | |
| git remote -v | |
| git status --untracked-files --ignored | |
| git log -3 --no-color --decorate | |
| $MVNCMD -version | |
| find . -name 'settings*xml' | |
| find /home/runner/work/ -name 'settings*xml' | |
| - name: Mvn Effective POM | |
| run: $MVNCMD -N help:effective-pom | |
| - name: Mvn Effective Settings | |
| run: $MVNCMD -N help:effective-settings | |
| - name: Import GPG key | |
| env: | |
| GPG_SECRET_KEYS: ${{ secrets.GPG_SECRET_KEYS }} | |
| GPG_OWNERTRUST: ${{ secrets.GPG_OWNERTRUST }} | |
| run: | | |
| echo $GPG_SECRET_KEYS | base64 --decode | gpg --import --no-tty --batch --yes | |
| echo $GPG_OWNERTRUST | base64 --decode | gpg --import-ownertrust --no-tty --batch --yes | |
| gpg -v --refresh-keys | |
| gpg --list-secret-keys --keyid-format LONG | |
| - name: Configure git user for release commits | |
| # specific to repository - we don't want that to be the same thing in a fork. | |
| env: | |
| X_RELEASE_USERNAME: ${{ vars.RELEASE_USERNAME }} | |
| X_RELEASE_USEREMAIL: ${{ vars.RELEASE_USEREMAIL }} | |
| run: | | |
| git config --global user.email "${X_RELEASE_USERNAME}" | |
| git config --global user.name "${X_RELEASE_USEREMAIL}" | |
| - name: Check that we are on a release branch before trying to deploy | |
| run: | | |
| echo "Version: " | |
| $MVNCMD help:evaluate -Dexpression=project.version -q -DforceStdout | |
| $MVNCMD enforcer:enforce -Denforcer.rules=requireReleaseVersion | |
| - name: Build with Maven | |
| env: | |
| GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} | |
| # When parent-2:1.7 is active, -P ensureSnapshots will do a sanity check of the version number | |
| run: $MVNCMD install | |
| - name: Deploy with Maven | |
| env: | |
| OSSRH_USER: ${{ secrets.OSSRH_USER }} | |
| OSSRH_PASSWD: ${{ secrets.OSSRH_PASSWD }} | |
| GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} | |
| run: $MVNCMD deploy | |
| - name: List target files even if recipe fails | |
| if: always() | |
| run: | | |
| pwd | |
| ls -ld | |
| ls -ld target | |
| find . -type d -name target | |
| ls -l ./target/checkout/target || true | |
| ls -l ./target/checkout/commons/target || true |