Skip to content

Commit

Permalink
feat(build): publish to OSSRH Snapshots and MavenCentral from GHA (#72)
Browse files Browse the repository at this point in the history
* feat(build): publish to OSSRH Snapshots and MavenCentral from GHA

* renamed file and job
  • Loading branch information
paullatzelsperger committed Sep 13, 2023
1 parent 2302287 commit ec430c3
Show file tree
Hide file tree
Showing 4 changed files with 81 additions and 37 deletions.
25 changes: 25 additions & 0 deletions .github/actions/import-gpg-key/action.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
name: "Import GPG Key"
description: "Imports a GPG key given in the input"
inputs:
gpg-private-key:
required: true
description: "The GPG Private Key in plain text. Can be a sub-key."
runs:
using: "composite"
steps:
# this is necessary because it creates gpg.conf, etc.
- name: List Keys
shell: bash
run: |
gpg -K --keyid-format=long
- name: Import GPG Private Key
shell: bash
run: |
echo "use-agent" >> ~/.gnupg/gpg.conf
echo "pinentry-mode loopback" >> ~/.gnupg/gpg.conf
echo -e "${{ inputs.gpg-private-key }}" | gpg --import --batch
for fpr in $(gpg --list-keys --with-colons | awk -F: '/fpr:/ {print $10}' | sort -u);
do
echo -e "5\\ny\\n" | gpg --batch --command-fd 0 --expert --edit-key $fpr trust;
done
2 changes: 1 addition & 1 deletion .github/workflows/_trigger-snapshot.yml
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ on:

jobs:
trigger-workflow:
uses: eclipse-edc/.github/.github/workflows/trigger-snapshot.yml@main
uses: eclipse-edc/.github/.github/workflows/publish-snapshot.yml@main
with:
github_repository: ${{ github.repository }}
secrets:
Expand Down
55 changes: 55 additions & 0 deletions .github/workflows/publish-snapshot.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
name: "Publish Snapshot Build"

on:
workflow_dispatch:
workflow_call:

jobs:
secrets-presence:
name: "Check for required credentials"
runs-on: ubuntu-latest
outputs:
HAS_OSSRH: ${{ steps.secret-presence.outputs.HAS_OSSRH }}
steps:
- name: Check whether secrets exist
id: secret-presence
run: |
[ ! -z "${{ secrets.ORG_GPG_PASSPHRASE }}" ] &&
[ ! -z "${{ secrets.ORG_GPG_PRIVATE_KEY }}" ] &&
[ ! -z "${{ secrets.ORG_OSSRH_USERNAME }}" ] && echo "HAS_OSSRH=true" >> $GITHUB_OUTPUT
exit 0
Publish-Snapshot:
name: "Publish artefacts to OSSRH Snapshots"
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
needs: [ secrets-presence ]

if: |
needs.secrets-presence.outputs.HAS_OSSRH
steps:
# Set-Up
- uses: actions/checkout@v4

# Import GPG Key
- uses: eclipse-edc/.github/.github/actions/import-gpg-key@main
name: "Import GPG Key"
with:
gpg-private-key: ${{ secrets.ORG_GPG_PRIVATE_KEY }}

- uses: eclipse-edc/.github/.github/actions/setup-build@main
- name: "Publish snapshot version"
env:
OSSRH_PASSWORD: ${{ secrets.ORG_OSSRH_PASSWORD }}
OSSRH_USER: ${{ secrets.ORG_OSSRH_USERNAME }}
run: |-
VERSION=$(./gradlew properties -q | grep "version:" | awk '{print $2}')
if [[ $VERSION != *-SNAPSHOT ]]
then
echo "::warning file=gradle.properties::$VERSION is not a snapshot version - will not publish!"
exit 0
fi
echo "Publishing Version $VERSION to Sonatype"
./gradlew publishToSonatype --no-parallel -Pversion=$VERSION -Psigning.gnupg.executable=gpg -Psigning.gnupg.passphrase="${{ secrets.ORG_GPG_PASSPHRASE }}"
36 changes: 0 additions & 36 deletions .github/workflows/trigger-snapshot.yml

This file was deleted.

0 comments on commit ec430c3

Please sign in to comment.