.github/workflows/build_and_release_github.yml

name: Build and deploy releases to GitHub

on:
  push:
    tags:
      - '*'

jobs:
  tagged-release:
    name: "Tagged Release"
    runs-on: "ubuntu-latest"

    steps:
      - uses: "marvinpinto/action-automatic-releases@latest"
        id: create_release
        with:
          repo_token: "${{ secrets.GITHUB_TOKEN }}"
          prerelease: false
          draft: true

      - name: Output Release URL File
        run: echo "${{ steps.create_release.outputs.upload_url }}" > release_url.txt

      - name: Save Release URL file for publish
        uses: actions/upload-artifact@v3
        with:
          name: release_url
          path: release_url.txt

      - uses: little-core-labs/get-git-tag@v3.0.2
        id: tagName

      - name: Output git tag
        run: echo "${{ steps.tagName.outputs.tag }}" > git_tag.txt

      - name: Save git tag file for publish
        uses: actions/upload-artifact@v3
        with:
          name: git_tag
          path: git_tag.txt

  build_and_upload:
    needs: tagged-release
    name: build_and_upload
    runs-on: ubuntu-latest
    steps:
      - name: maven-settings-xml-action
        uses: whelk-io/maven-settings-xml-action@v21
        with:
          repositories: >
            [
              {
                "id": "central",
                "url": "https://repo1.maven.org/maven2"
              },
              {
                "id": "github",
                "url": "https://maven.pkg.github.com/bitwarden/sdk",
                "releases": {
                    "enabled": "true"
                },
                "snapshots": {
                    "enabled": "true"
                }
              }
            ]
          servers: >
            [
              {
                "id": "github",
                "username": "${env.PACKAGES_USER}",
                "password": "${env.PACKAGES_ACCESS_TOKEN}",
                "configuration": {
                  "httpConfiguration": {
                    "all": {
                      "usePreemptive": "true"
                    }
                  }
                }
              }
            ]
          profiles: >
            [
              {
                "id": "github"
              }
            ]
          active_profiles: >
            [
              "github"
            ]
          output_file: .m2/settings.xml
      - uses: actions/checkout@v4
      - uses: actions/setup-java@v4
        with:
          distribution: 'temurin'
          java-version: '20'
          cache: 'maven'
          overwrite-settings: 'false'
      - name: Set up GPG
        run: |
          echo "$GPG_PRIVATE_KEY" | gpg --batch --import
        env:
          GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
      - name: Build with Maven
        run: mvn -B -Psign -Dgpg.passphrase=${GPG_PASSPHRASE} -Dtest=org.purejava.integrations.keychain.BitwardenAccessTest install --file pom.xml
        env:
          GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
          PACKAGES_USER: ${{ secrets.PACKAGES_USER }}
          PACKAGES_ACCESS_TOKEN: ${{ secrets.PACKAGES_ACCESS_TOKEN }}

      - name: Load Release URL File from release job
        uses: actions/download-artifact@v3
        with:
          name: release_url
      - name: Get Release File Name & Upload URL
        id: get_release_info
        run: |
          value=`cat release_url/release_url.txt`
          echo ::set-output name=upload_url::$value
      - name: Load git tag from release job
        uses: actions/download-artifact@v3
        with:
          name: git_tag
      - name: Get git tag info
        id: get_tag_info
        run: |
          value=`cat git_tag/git_tag.txt`
          echo ::set-output name=git_tag::$value

      - name: Sign uber jar with key 5BFB2076ABC48776
        run: |
          echo "${GPG_PASSPHRASE}" | gpg --batch --quiet --passphrase-fd 0 --pinentry-mode loopback -u 5BFB2076ABC48776 --detach-sign ./target/cryptomator-bitwarden-${{ steps.get_tag_info.outputs.git_tag }}.jar
        env:
          GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
      - name: Sign source tarball with key 5BFB2076ABC48776
        if: startsWith(github.ref, 'refs/tags/')
        run: |
          git archive --prefix="cryptomator-bitwarden-${{ github.ref_name }}/" -o "cryptomator-bitwarden-${{ github.ref_name }}.tar.gz" ${{ github.ref }}
          echo "${GPG_PASSPHRASE}" | gpg --batch --quiet --passphrase-fd 0 --pinentry-mode loopback -u 5BFB2076ABC48776 --detach-sign cryptomator-bitwarden-*.tar.gz
        env:
          GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}

      - name: Upload uber jar
        id: upload-release-asset
        uses: actions/upload-release-asset@v1.0.2
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
          upload_url: ${{ steps.get_release_info.outputs.upload_url }}
          asset_path: ./target/cryptomator-bitwarden-${{ steps.get_tag_info.outputs.git_tag }}.jar
          asset_name: cryptomator-bitwarden-${{ steps.get_tag_info.outputs.git_tag }}.jar
          asset_content_type: application/java-archive

      - name: Upload signature file for uber jar
        id: upload-signature-file-for-uber-jar
        uses: actions/upload-release-asset@v1.0.2
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
          upload_url: ${{ steps.get_release_info.outputs.upload_url }}
          asset_path: ./target/cryptomator-bitwarden-${{ steps.get_tag_info.outputs.git_tag }}.jar.sig
          asset_name: cryptomator-bitwarden-${{ steps.get_tag_info.outputs.git_tag }}.jar.sig
          asset_content_type: application/pgp-signature

      - name: Upload tarball
        id: upload-release-asset-2
        uses: actions/upload-release-asset@v1.0.2
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
          upload_url: ${{ steps.get_release_info.outputs.upload_url }}
          asset_path: ./cryptomator-bitwarden-${{ steps.get_tag_info.outputs.git_tag }}.tar.gz
          asset_name: cryptomator-bitwarden-${{ steps.get_tag_info.outputs.git_tag }}.tar.gz
          asset_content_type: application/tar+gzip

      - name: Upload signature file for source tarball
        id: upload-signature-file-for-source-tarball
        uses: actions/upload-release-asset@v1.0.2
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
          upload_url: ${{ steps.get_release_info.outputs.upload_url }}
          asset_path: ./cryptomator-bitwarden-${{ steps.get_tag_info.outputs.git_tag }}.tar.gz.sig
          asset_name: cryptomator-bitwarden-${{ steps.get_tag_info.outputs.git_tag }}.tar.gz.sig
          asset_content_type: application/pgp-signature