Publish packages to the Maven Central Repository #52
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Publish packages to the Maven Central Repository | |
| on: | |
| push: | |
| tags: | |
| - '*' | |
| jobs: | |
| create_staging_repository: | |
| runs-on: ubuntu-latest | |
| name: Create staging repository | |
| outputs: | |
| repository_id: ${{ steps.create.outputs.repository_id }} | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0 | |
| with: | |
| egress-policy: audit | |
| - id: create | |
| uses: nexus-actions/create-nexus-staging-repo@990063f02160c633c168037b8b3e8585c76469fe # v1.3.0 | |
| with: | |
| # The username you use to connect to Sonatype's Jira | |
| username: ${{ secrets.OSSRH_USERNAME }} | |
| password: ${{ secrets.OSSRH_TOKEN }} | |
| # Your staging profile ID. You can get it at https://oss.sonatype.org/#stagingProfiles;$staginProfileId | |
| staging_profile_id: ${{ secrets.SONATYPE_STAGING_PROFILE_ID }} | |
| description: Created by Github Action | |
| publish-dmn-check: | |
| runs-on: ubuntu-latest | |
| needs: create_staging_repository | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0 | |
| with: | |
| egress-policy: audit | |
| - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| - name: Set up Maven Central Repository | |
| uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1 | |
| with: | |
| java-version: '17' | |
| distribution: 'adopt' | |
| cache: maven | |
| server-id: ossrh | |
| server-username: MAVEN_USERNAME | |
| server-password: MAVEN_PASSWORD | |
| - id: install-secret-key | |
| name: Install gpg secret key | |
| run: | | |
| cat <(echo -e "${{ secrets.OSSRH_GPG_SECRET_KEY }}") | gpg --batch --import | |
| gpg --list-secret-keys --keyid-format LONG | |
| - name: Publish package | |
| run: | | |
| mvn clean deploy \ | |
| --batch-mode \ | |
| --update-snapshots \ | |
| --activate-profiles release \ | |
| -DstagingRepositoryId=${{ needs.create_staging_repository.outputs.repository_id }} \ | |
| -Dgpg.passphrase=${{ secrets.OSSRH_GPG_SECRET_KEY_PASSWORD }} | |
| env: | |
| MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }} | |
| MAVEN_PASSWORD: ${{ secrets.OSSRH_TOKEN }} | |
| publish-gradle-plugin: | |
| runs-on: ubuntu-latest | |
| needs: publish-dmn-check | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0 | |
| with: | |
| egress-policy: audit | |
| - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| - name: Set up Java | |
| uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1 | |
| with: | |
| java-version: '17' | |
| distribution: 'adopt' | |
| cache: maven | |
| - name: Publish package | |
| # Note that until #19 is done, the publishToSonatype closeAndReleaseSonatypeStagingRepository tasks have to be executed in the same Gradle invocation because closeAndRelease relies on information that is not persisted between calls to Gradle. | |
| # https://github.com/gradle-nexus/publish-plugin | |
| run: cd gradle-plugin && ./gradlew publishToSonatype closeAndReleaseSonatypeStagingRepository | |
| env: | |
| ORG_GRADLE_PROJECT_sonatypeUsername: ${{ secrets.OSSRH_USERNAME }} | |
| ORG_GRADLE_PROJECT_sonatypePassword: ${{ secrets.OSSRH_TOKEN }} | |
| ORG_GRADLE_PROJECT_signingPassword: ${{ secrets.OSSRH_GPG_SECRET_KEY_PASSWORD }} | |
| ORG_GRADLE_PROJECT_signingKey: ${{ secrets.GPG_KEY_NEW }} | |
| finalize: | |
| runs-on: ubuntu-latest | |
| needs: [create_staging_repository, publish-dmn-check, publish-gradle-plugin] | |
| if: ${{ always() && needs.create_staging_repository.result == 'success' }} | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0 | |
| with: | |
| egress-policy: audit | |
| - name: Discard | |
| if: ${{ needs.publish-dmn-check.result != 'success' || needs.publish-gradle-plugin.result != 'success' }} | |
| uses: nexus-actions/drop-nexus-staging-repo@c27212525c2a475b7f87728fefd2f899002183fa # v1.1.0 | |
| with: | |
| username: ${{ secrets.OSSRH_USERNAME }} | |
| password: ${{ secrets.OSSRH_TOKEN }} | |
| staging_repository_id: ${{ needs.create_staging_repository.outputs.repository_id }} | |
| - name: Release | |
| if: ${{ needs.publish-dmn-check.result == 'success' && needs.publish-gradle-plugin.result == 'success' }} | |
| uses: nexus-actions/release-nexus-staging-repo@6632a81bfab63557b2717e8423b0a620ae5aa414 # v1.3.0 | |
| with: | |
| username: ${{ secrets.OSSRH_USERNAME }} | |
| password: ${{ secrets.OSSRH_TOKEN }} | |
| staging_repository_id: ${{ needs.create_staging_repository.outputs.repository_id }} |