chore: Release please and github CI support. (#20)

.github/actions/ci/action.yml

@@ -0,0 +1,38 @@
+name: CI Workflow
+description: 'Shared CI workflow.'
+inputs:
+  run_tests:
+    description: 'If true, run unit tests, otherwise skip them.'
+    required: false
+    default: 'true'
+  java_version:
+    description: 'The Java version to use.'
+    required: true
+  java_distribution:
+    description: 'The Java distribution to use.'
+    required: false
+    default: 'temurin'
+
+runs:
+  using: composite
+  steps:
+    - name: Setup Java
+      uses: actions/setup-java@v4
+      with:
+        distribution: ${{ inputs.java_distribution }}
+        java-version: ${{ inputs.java_version }}
+
+    - name: Restore dependencies
+      shell: bash
+      id: restore
+      run: ./gradlew dependencies
+
+    - name: Build
+      shell: bash
+      id: build
+      run: ./gradlew jar
+
+    - name: Run Tests
+      if: steps.build.outcome == 'success' && inputs.run_tests == 'true'
+      shell: bash
+      run: ./gradlew test

.github/actions/publish/action.yml

@@ -0,0 +1,27 @@
+name: Publish Package
+description: 'Publish the package to Sonatype'
+inputs:
+  code_signing_keyring:
+    description: 'The path of the code signing keyring.'
+    required: true
+  prerelease:
+    description: 'Is this a prerelease. If so then it will be published to the staging repository only.'
+    required: true
+  dry_run:
+    description: 'Is this a dry run. If so no package will be published.'
+    required: true
+
+runs:
+  using: composite
+  steps:
+    - name: Publish Library
+      shell: bash
+      if: ${{ inputs.dry_run == 'false' }}
+      env:
+        LD_RELEASE_IS_PRERELEASE: ${{ inputs.prerelease }}
+      run: source $GITHUB_ACTION_PATH/publish.sh
+
+    - name: Dry Run Publish Library
+      shell: bash
+      if: ${{ inputs.dry_run == 'true' }}
+      run: echo "Dry run. Not publishing."

.github/actions/publish/publish.sh

@@ -0,0 +1,18 @@
+#!/bin/bash
+
+set -ue
+
+echo "Publishing to Sonatype"
+if [ "${LD_RELEASE_IS_PRERELEASE}" == "true" ]; then
+  echo "PRERELEASE"
+  ./gradlew publishToSonatype -Psigning.keyId="${SIGNING_KEY_ID}" -Psigning.secretKeyRingFile="${SIGNING_SECRET_KEY_RING_FILE}" -PossrhUsername="${SONATYPE_USER_NAME}" -PossrhPassword="${SONATYPE_PASSWORD}" || {
+    echo "Gradle publish/release faile" >&2
+    exit 1
+  }
+else
+  echo "RELEASE"
+  ./gradlew publishToSonatype closeAndReleaseSonatypeStagingRepository || {
+    echo "Gradle publish/release failed" >&2
+    exit 1
+  }
+fi

.github/workflows/ci.yml

@@ -0,0 +1,24 @@
+name: Build and Test
+on:
+  workflow_dispatch:
+  push:
+    branches: [ 'main' ]
+    paths-ignore:
+      - '**.md' # Do not need to run CI for markdown changes.
+  pull_request:
+    branches: [ 'main' ]
+    paths-ignore:
+      - '**.md'
+
+jobs:
+  ci-build:
+    strategy:
+      matrix:
+        java_version: ['11', '19']
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+      - uses: ./.github/actions/ci
+        with:
+          java_version: ${{ matrix.java_version }}

.github/workflows/lint-pr-title.yml

@@ -0,0 +1,12 @@
+name: Lint PR title
+
+on:
+  pull_request_target:
+    types:
+      - opened
+      - edited
+      - synchronize
+
+jobs:
+  lint-pr-title:
+    uses: launchdarkly/gh-actions/.github/workflows/lint-pr-title.yml@main

.github/workflows/publish.yml

@@ -0,0 +1,61 @@
+name: Publish Package
+on:
+  workflow_dispatch:
+    inputs:
+      run_tests:
+        description: 'If true, run unit tests, otherwise skip them.'
+        type: boolean
+        default: true
+      dry_run:
+        description: 'Is this a dry run. If so no package will be published.'
+        type: boolean
+        required: true
+      prerelease:
+        description: 'If true, then this is a prerelease and should be published to the staging repository only.'
+        type: boolean
+        required: true
+  workflow_call:
+    inputs:
+      run_tests:
+        description: 'If true, run unit tests, otherwise skip them.'
+        required: false
+        type: boolean
+        default: true
+      dry_run:
+        description: 'Is this a dry run. If so no package will be published.'
+        type: boolean
+        required: true
+      prerelease:
+        description: 'If true, then this is a prerelease and should be published to the staging repository only.'
+        type: boolean
+        required: true
+
+jobs:
+  build-and-publish:
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      contents: read
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: CI check
+        uses: ./.github/actions/ci
+        with:
+          run_tests: ${{ inputs.run_tests }}
+
+      - uses: launchdarkly/gh-actions/actions/[email protected]
+        name: Get secrets
+        with:
+          aws_assume_role: ${{ vars.AWS_ROLE_ARN }}
+          ssm_parameter_pairs: '/production/common/releasing/sonatype/username = SONATYPE_USER_NAME,
+          /production/common/releasing/sonatype/password = SONATYPE_PASSWORD
+          /production/common/releasing/java/keyId = SIGNING_KEY_ID'
+          s3_path_pairs: 'launchdarkly-releaser/java/code-signing-keyring.gpg = code-signing-keyring.gpg'
+
+      - name: Publish
+        uses: ./.github/actions/publish
+        with:
+          dry_run: ${{ inputs.dry_run }}
+          prerelease: ${{ inputs.prerelease }}
+          code_signing_keyring: 'code-signing-keyring.gpg'

.github/workflows/release-please.yml

@@ -0,0 +1,34 @@
+name: Run Release Please
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  release-please:
+    runs-on: ubuntu-latest
+
+    permissions:
+      id-token: write # Needed for OIDC to get release secrets.
+      contents: write # Contents and pull-requests are for release-please to make releases.
+      pull-requests: write
+
+    outputs:
+      releases_created: ${{ steps.release.outputs.releases_created }}
+
+    steps:
+      - uses: google-github-actions/release-please-action@v4
+        id: release
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          target-branch: ${{ github.ref_name }}
+
+  call-workflow-publish:
+    needs: release-please
+    uses: ./.github/workflows/publish.yml
+    if: ${{ needs.release-please.outputs.releases_created == 'true' }}
+    with:
+      run_tests: true
+      dry_run: false
+      prerelease: false

.release-please-manifest.json

@@ -0,0 +1,3 @@
+{
+  ".": "0.2.0"
+}

CONTRIBUTING.md

@@ -30,7 +30,7 @@ If you wish to clean your working directory between builds, you can clean it by
 
 If you wish to use your generated provider artifact by another Maven/Gradle project, you will likely want to publish the artifact to your local Maven repository so that your other project can access it.
 ```
-./gradlew publishToMavenLocal
+./gradlew publishToMavenLocal -PskipSigning=true
 ```
 
 ### Testing

build.gradle

@@ -93,24 +93,16 @@ publishing {
 }
 
 signing {
+    required { findProperty("skipSigning") != "true" }
     sign publishing.publications.mavenJava
 }
 
-tasks.withType(Sign) { t ->
-    onlyIf { !shouldSkipSigning() } // so we can build jars for testing in CI
-}
-
-def shouldSkipSigning() {
-    return "1".equals(project.findProperty("LD_SKIP_SIGNING")) ||
-            "1".equals(System.getenv("LD_SKIP_SIGNING"))
-}
-
 nexusPublishing {
     clientTimeout = java.time.Duration.ofMinutes(2) // we've seen extremely long delays in creating repositories
     repositories {
         sonatype {
-            username = ossrhUsername
-            password = ossrhPassword
+            username = findProperty("ossrhUsername")
+            password = findProperty("ossrhPassword")
         }
     }
 }