chore: test hardocded GH_TOKEN in actions settings #16
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: publish | |
| on: | |
| push: | |
| branches: | |
| - main | |
| workflow_dispatch: | |
| inputs: | |
| publish_maven: | |
| description: 'Publish to Maven' | |
| required: false | |
| type: boolean | |
| default: true | |
| publish_javadoc: | |
| description: 'Publish JavaDoc to gh-pages branch' | |
| required: false | |
| type: boolean | |
| default: true | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| # JavaDoc has not been published for a very long time. | |
| publish-javadoc: | |
| name: Publish Javadoc | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 30 | |
| # Only publish when semantic-release creates a release commit (starts with "chore(release):") | |
| if: (github.event_name == 'push' && startsWith(github.event.head_commit.message, 'chore(release):')) || (github.event_name == 'workflow_dispatch' && inputs.publish_javadoc) | |
| permissions: | |
| contents: write | |
| pages: write | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up Java 11 | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: '11' | |
| distribution: 'temurin' | |
| cache: 'maven' | |
| - name: Set artifact version to ${{ github.ref_name }} | |
| run: mvn -B versions:set -DnewVersion=${{ github.ref_name}} -DgenerateBackupPoms=false | |
| - name: Publish Javadocs | |
| env: | |
| GH_TOKEN: ${{ secrets.GH_TOKEN }} | |
| GITHUB_REPO_SLUG: ${{ github.repository }} | |
| GITHUB_TAG: ${{ github.ref_name}} | |
| run: | | |
| mvn clean javadoc:aggregate --settings build/.github.settings.xml | |
| build/publishJavadoc-gha.sh | |
| publish-maven-central: | |
| # Requires GPG_KEYNAME, GPG_PRIVATE_KEY, GPG_PASSPHRASE, CP_USERNAME, CP_PASSWORD | |
| # Missing: GPG_PRIVATE_KEY, GPG_PASSPHRASE, CP_PASSWORD | |
| name: Publish to Maven Central | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 30 | |
| # Only publish when semantic-release creates a release commit (starts with "chore(release):") | |
| if: (github.event_name == 'push' && startsWith(github.event.head_commit.message, 'chore(release):')) || (github.event_name == 'workflow_dispatch' && inputs.publish_maven) | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Java 11 | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: '11' | |
| distribution: 'temurin' | |
| cache: 'maven' | |
| - name: Import GPG key | |
| env: | |
| GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }} | |
| GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} | |
| run: | | |
| echo "$GPG_PRIVATE_KEY" | base64 --decode | gpg --batch --import | |
| gpg --list-secret-keys --keyid-format LONG | |
| - name: Set Maven version | |
| run: mvn versions:set -DnewVersion=${{ github.ref_name }} -DgenerateBackupPoms=false | |
| - name: Deploy to Maven Central | |
| env: | |
| # Required variables and secrets for publishing to Maven Central | |
| # GNU Privacy Guard variables | |
| GPG_KEYNAME: ${{ secrets.GPG_KEYNAME }} | |
| GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} | |
| # Central portal username and password | |
| CP_USERNAME: ${{ secrets.CP_USERNAME }} | |
| CP_PASSWORD: ${{ secrets.CP_PASSWORD }} | |
| run: | | |
| mvn deploy --settings build/.github.settings.xml -DskipTests -P central |