-
Notifications
You must be signed in to change notification settings - Fork 3
89 lines (85 loc) · 3.59 KB
/
deploy-snapshot.yml
File metadata and controls
89 lines (85 loc) · 3.59 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
name: Publish Snapshot
concurrency:
group: deploy-master
cancel-in-progress: false
on:
push:
branches:
- master
- 187-create-mobilitydata-maven-packages # TEMPORARY: remove after testing
workflow_dispatch: # Manual trigger
env:
java_version: '17'
java_distribution: 'zulu'
jobs:
publish-snapshot:
if: "github.event_name == 'workflow_dispatch' || !contains(github.event.head_commit.message, 'ci skip')"
runs-on: ubuntu-24.04
env:
HAS_1PASSWORD: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN != '' && vars.ONE_PASSWORD_SECRET_REFERENCES != '' }}
steps:
- uses: actions/checkout@v5
with:
fetch-depth: 0
- name: Set up JDK ${{ env.java_version }}-${{ env.java_distribution }}
uses: actions/setup-java@v5
with:
java-version: ${{ env.java_version }}
distribution: ${{ env.java_distribution }}
- name: Cache Maven dependencies
uses: actions/cache@v4
with:
path: ~/.m2/repository
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
restore-keys: |
${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
${{ runner.os }}-maven-
${{ runner.os }}-
- name: Load secrets from 1Password
if: env.HAS_1PASSWORD == 'true'
uses: MobilityData/gtfs-validator/.github/actions/extract-1password-secret@master
with:
OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
VARIABLES_TO_EXTRACT: 'MAVEN_GPG_PASSPHRASE, MAVEN_GPG_PRIVATE_KEY, MAVEN_CENTRAL_PORTAL_TOKEN_USERNAME, MAVEN_CENTRAL_PORTAL_TOKEN_PASSWORD'
ONE_PASSWORD_SECRET_REFERENCES: ${{ vars.ONE_PASSWORD_SECRET_REFERENCES }}
- name: Load secrets from GitHub secrets (fallback for forks without 1Password)
if: env.HAS_1PASSWORD != 'true'
env:
GPG_KEY: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }}
GPG_PASS: ${{ secrets.MAVEN_GPG_PASSPHRASE }}
MVN_USER: ${{ secrets.MAVEN_CENTRAL_PORTAL_TOKEN_USERNAME }}
MVN_PASS: ${{ secrets.MAVEN_CENTRAL_PORTAL_TOKEN_PASSWORD }}
run: |
{
echo "MAVEN_GPG_PASSPHRASE=$GPG_PASS"
echo "MAVEN_GPG_PRIVATE_KEY<<GPG_EOF"
echo "$GPG_KEY"
echo "GPG_EOF"
echo "MAVEN_CENTRAL_PORTAL_TOKEN_USERNAME=$MVN_USER"
echo "MAVEN_CENTRAL_PORTAL_TOKEN_PASSWORD=$MVN_PASS"
} >> "$GITHUB_ENV"
- name: Setup GPG and JReleaser credentials
run: |
echo "$MAVEN_GPG_PRIVATE_KEY" | gpg --batch --import
GPG_KEY_ID=$(gpg --list-secret-keys --keyid-format LONG | grep '^sec' | awk '{print $2}' | cut -d'/' -f2 | head -1)
{
echo "JRELEASER_GPG_PUBLIC_KEY<<GPG_EOF"
gpg --armor --export "$GPG_KEY_ID"
echo "GPG_EOF"
echo "JRELEASER_GPG_SECRET_KEY<<GPG_EOF"
gpg --armor --export-secret-keys "$GPG_KEY_ID"
echo "GPG_EOF"
echo "JRELEASER_GPG_PASSPHRASE=$MAVEN_GPG_PASSPHRASE"
echo "JRELEASER_NEXUS2_MAVEN_CENTRAL_USERNAME=$MAVEN_CENTRAL_PORTAL_TOKEN_USERNAME"
echo "JRELEASER_NEXUS2_MAVEN_CENTRAL_PASSWORD=$MAVEN_CENTRAL_PORTAL_TOKEN_PASSWORD"
} >> "$GITHUB_ENV"
- name: Stage artifacts
run: mvn deploy -Ppublication -Dprettier.skip=true
- name: Publish snapshot to Maven Central
run: mvn jreleaser:deploy -Djreleaser.output.directory=out
- name: Upload JReleaser output
if: always()
uses: actions/upload-artifact@v4
with:
name: jreleaser-snapshot-logs
path: out/