Skip to content

[maven-release-plugin] prepare release jackson-core-2.17.3 #31

[maven-release-plugin] prepare release jackson-core-2.17.3

[maven-release-plugin] prepare release jackson-core-2.17.3 #31

Workflow file for this run

# This workflow publishes a new release to Maven central.
#
# The release MUST be initiated by running the release.sh script. That script will run
# ./mvnw release:prepare and make the necessary changes for this workflow to then take
# over and perform the actual release.
name: Publish new release
on:
push:
tags:
- "*"
- "!*.pr*"
- "!*b"
permissions:
contents: read
jobs:
release:
runs-on: "ubuntu-20.04"
env:
JAVA_OPTS: "-XX:+TieredCompilation -XX:TieredStopAtLevel=1"
TAG: ${{ github.ref_name }}
outputs:
hash: ${{ steps.hash.outputs.hash }}
artifact_name: ${{ steps.hash.outputs.artifact_name }}
steps:
- name: Validate version name
run: |
[[ "$TAG" =~ jackson-core-[0-9]+\.[0-9]+\.[0-9]+(-rc[0-9]+)? ]] || exit 1
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Set up JDK
uses: actions/setup-java@9704b39bf258b59bc04b50fa2dd55e9ed76b47a8 # v4.1.0
with:
distribution: "temurin"
java-version: "8"
cache: "maven"
server-id: sonatype-nexus-staging
server-username: CI_DEPLOY_USERNAME
server-password: CI_DEPLOY_PASSWORD
# See https://github.com/actions/setup-java/blob/v2/docs/advanced-usage.md#Publishing-using-Apache-Maven
gpg-private-key: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }} # Value of the GPG private key to import
gpg-passphrase: MAVEN_GPG_PASSPHRASE # env variable for GPG private key passphrase
- name: Perform release
env:
CI_DEPLOY_USERNAME: ${{ secrets.CI_DEPLOY_USERNAME }}
CI_DEPLOY_PASSWORD: ${{ secrets.CI_DEPLOY_PASSWORD }}
MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }}
# The following command will only succeed if the preparation was done via the
# release.sh script.
run: ./mvnw -B -q -ff -ntp release:perform -DlocalCheckout=true
- name: Generate hash
id: hash
run: |
ARTIFACT_NAME="$( \
./mvnw help:evaluate \
-Dexpression=project.artifactId -q -DforceStdout)-$( \
./mvnw help:evaluate \
-Dexpression=project.version -q -DforceStdout)"
echo "artifact_name=$ARTIFACT_NAME" >> "$GITHUB_OUTPUT"
cd ./checkout/target
echo "hash=$( \
sha256sum $ARTIFACT_NAME*.jar | \
base64 -w0 \
)" >> "$GITHUB_OUTPUT"
echo "DEBUG: After SLSA hash generation we have:"
echo "DEBUG: ARTIFACT_NAME = $ARTIFACT_NAME"
ls ./checkout
ls ./checkout/target
provenance:
needs: [release]
permissions:
actions: read # To read the workflow path.
id-token: write # To sign the provenance.
contents: write # To add assets to a release.
uses: slsa-framework/slsa-github-generator/.github/workflows/[email protected]
with:
base64-subjects: "${{ needs.release.outputs.hash }}"
provenance-name: "${{ needs.release.outputs.artifact_name }}.jar.intoto.jsonl"
upload-assets: true # Optional: Upload to a new release