Manual GitHub Release Trigger #10
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Manual GitHub Release Trigger | |
on: | |
workflow_dispatch: | |
env: | |
MAVEN_OPTS: ${{ vars.MAVEN_OPTS }} | |
jobs: | |
release: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: Set up JDK 11 | |
uses: actions/setup-java@v3 | |
with: | |
java-version: '11' | |
distribution: 'temurin' | |
cache: maven | |
server-id: ossrh | |
server-username: MAVEN_USERNAME | |
server-password: MAVEN_PASSWORD | |
- name: Cache Maven packages | |
uses: actions/cache@v3 | |
with: | |
path: ~/.m2 | |
key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} | |
restore-keys: ${{ runner.os }}-m2 | |
- name: Prepare Maven settings.xml | |
run: | | |
cat "${{ github.workspace }}/.github/settings.xml" > ~/.m2/settings.xml | |
- name: Get Maven Project Version | |
run: | | |
echo "RELEASE_VERSION=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)" >> $GITHUB_ENV | |
- name: Manual Release Approval | |
uses: trstringer/[email protected] | |
timeout-minutes: 60 | |
with: | |
secret: ${{ github.TOKEN }} | |
approvers: oranheim | |
issue-title: "Approve release of ${{ env.RELEASE_VERSION }}" | |
- name: Configure Git User | |
run: | | |
git config user.email "[email protected]" | |
git config user.name "GitHub Actions" | |
- name: Configure GPG | |
run: | | |
mkdir -p ~/.gnupg | |
chmod 700 ~/.gnupg | |
echo "allow-loopback-pinentry" >> ~/.gnupg/gpg-agent.conf | |
echo "pinentry-mode loopback" >> ~/.gnupg/gpg.conf | |
echo "use-agent" >> ~/.gnupg/gpg.conf | |
echo "batch" >> ~/.gnupg/gpg.conf | |
echo "no-tty" >> ~/.gnupg/gpg.conf | |
gpg-connect-agent reloadagent /bye | |
echo "GPG configuration completed" | |
- name: Import GPG key | |
env: | |
GPG_SECRET: ${{ secrets.GPG_SECRET }} | |
run: | | |
echo "$GPG_SECRET" | gpg --batch --import | |
gpg --list-secret-keys --keyid-format LONG | |
echo "GPG key imported successfully" | |
- name: Debug GPG | |
run: | | |
gpg --version | |
gpg-agent --version | |
echo "GNUPGHOME=$GNUPGHOME" | |
ls -la ~/.gnupg | |
cat ~/.gnupg/gpg.conf | |
cat ~/.gnupg/gpg-agent.conf | |
- name: Release with Maven | |
env: | |
MAVEN_USERNAME: ${{ secrets.OSSRH_USER }} | |
MAVEN_PASSWORD: ${{ secrets.OSSRH_TOKEN }} | |
GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} | |
GPG_KEY_ID: ${{ secrets.GPG_KEY_ID }} | |
run: | | |
mvn --batch-mode release:clean release:prepare release:perform \ | |
-Darguments="-Dgpg.passphrase=${GPG_PASSPHRASE} -Dgpg.keyname=${GPG_KEY_ID} -Dgpg.pinentry-mode=loopback" \ | |
-DskipTests \ | |
-P oss-maven-central | |
- name: Cleanup GPG keys | |
if: always() | |
run: | | |
gpg --delete-secret-keys ${{ secrets.GPG_KEY_ID }} | |
gpg --delete-keys ${{ secrets.GPG_KEY_ID }} | |
- name: Notify on success | |
if: success() | |
run: | | |
echo "Release ${{ env.RELEASE_VERSION }} has been successfully deployed to Maven Central." | |
- name: Notify on failure | |
if: failure() | |
run: | | |
echo "Release ${{ env.RELEASE_VERSION }} failed. Please check the logs for more information." |