onixbyte-bom/.github/workflows/github-packages-publish.yml

# This workflow publishes one or all modules to Maven Central when a GitHub Release is published.
#
# Supported release tag formats:
#   <module-name>/v<version>  — publish a single module   (e.g. tuple/v3.3.1)
#   v<version>                — publish all modules       (e.g. v3.3.0, backward compat)
#
# Valid module names: common-toolbox, tuple, identity-generator, crypto-toolbox, math-toolbox, version-catalogue

name: Publish Packages to Maven Central

on:
  release:
    types:
      - published

jobs:
  publish:
    name: Build and Publish
    runs-on: ubuntu-latest
    permissions:
      contents: read
      packages: write

    steps:
      - name: Checkout
        uses: actions/checkout@v4.2.2

      - name: Parse Release Tag
        id: parse-tag
        run: |
          TAG="${{ github.event.release.tag_name }}"
          echo "Release tag: ${TAG}"

          # <module>/v<version> — single module
          if [[ "${TAG}" =~ ^([a-z][a-z0-9-]*)/v?([0-9]+\.[0-9]+\.[0-9]+.*)$ ]]; then
            MODULE="${BASH_REMATCH[1]}"
            VERSION="${BASH_REMATCH[2]}"

            case "${MODULE}" in
              common-toolbox)      PROP="commonToolboxVersion" ;;
              tuple)               PROP="tupleVersion" ;;
              identity-generator)  PROP="identityGeneratorVersion" ;;
              crypto-toolbox)      PROP="cryptoToolboxVersion" ;;
              math-toolbox)        PROP="mathToolboxVersion" ;;
              version-catalogue)   PROP="versionCatalogueVersion" ;;
              *)
                echo "::error::Unknown module: ${MODULE}"
                echo "Valid modules: common-toolbox, tuple, identity-generator, crypto-toolbox, math-toolbox, version-catalogue"
                exit 1
                ;;
            esac

            echo "module=${MODULE}"         >> $GITHUB_OUTPUT
            echo "version=${VERSION}"       >> $GITHUB_OUTPUT
            echo "gradle_property=${PROP}"  >> $GITHUB_OUTPUT
            echo "gradle_project=:${MODULE}" >> $GITHUB_OUTPUT
            echo "single_module=true"       >> $GITHUB_OUTPUT

            echo "→ Publishing single module: ${MODULE} @ ${VERSION}"

          # v<version> — all modules (backward compat)
          else
            VERSION="${TAG#v}"
            echo "version=${VERSION}"       >> $GITHUB_OUTPUT
            echo "single_module=false"      >> $GITHUB_OUTPUT
            echo "→ Publishing all modules @ ${VERSION}"
          fi

      - name: Setup GPG TTY
        run: export GPG_TTY=$(tty)

      - name: Import PGP Private Key
        uses: crazy-max/ghaction-import-gpg@v6.3.0
        with:
          gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
          passphrase: ${{ secrets.GPG_PASSPHRASE }}
          trust_level: 5

      - name: Creating PGP Ring Key
        run: |
          mkdir -p ~/.gnupg
          echo ${{ secrets.GPG_PASSPHRASE }} | gpg --batch --yes --pinentry-mode loopback --passphrase-fd 0 --export-secret-keys -o ~/.gnupg/gpg_key.ring

      - name: Restore gradle.properties
        env:
          GRADLE_PROPERTIES: ${{ secrets.GRADLE_PROPERTIES }}
        shell: bash
        run: |
          mkdir -p ~/.gradle/
          echo "GRADLE_USER_HOME=${HOME}/.gradle" >> $GITHUB_ENV
          echo "${GRADLE_PROPERTIES}" > ~/.gradle/gradle.properties

      - name: Set up JDK 17
        uses: actions/setup-java@v4
        with:
          java-version: "17"
          distribution: "corretto"

      - name: Setup Gradle
        uses: gradle/actions/setup-gradle@v4.4.1

      - name: Grant Execution Authority to Gradlew
        run: chmod +x ./gradlew

      - name: Build with Gradle
        env:
          SINGLE: ${{ steps.parse-tag.outputs.single_module }}
          PROJECT: ${{ steps.parse-tag.outputs.gradle_project }}
          PROPERTY: ${{ steps.parse-tag.outputs.gradle_property }}
          VERSION: ${{ steps.parse-tag.outputs.version }}
        run: |
          if [ "${SINGLE}" = "true" ]; then
            ./gradlew "${PROJECT}:build" "-P${PROPERTY}=${VERSION}"
          else
            ./gradlew build \
              -PcommonToolboxVersion="${VERSION}" \
              -PtupleVersion="${VERSION}" \
              -PidentityGeneratorVersion="${VERSION}" \
              -PcryptoToolboxVersion="${VERSION}" \
              -PmathToolboxVersion="${VERSION}" \
              -PversionCatalogueVersion="${VERSION}"
          fi

      - name: List Output Items
        run: ls -l ./**/build/libs

      - name: Publish to Maven Central
        env:
          SINGLE: ${{ steps.parse-tag.outputs.single_module }}
          PROJECT: ${{ steps.parse-tag.outputs.gradle_project }}
          PROPERTY: ${{ steps.parse-tag.outputs.gradle_property }}
          VERSION: ${{ steps.parse-tag.outputs.version }}
        run: |
          if [ "${SINGLE}" = "true" ]; then
            ./gradlew "${PROJECT}:publish" "-P${PROPERTY}=${VERSION}"
          else
            ./gradlew publish \
              -PcommonToolboxVersion="${VERSION}" \
              -PtupleVersion="${VERSION}" \
              -PidentityGeneratorVersion="${VERSION}" \
              -PcryptoToolboxVersion="${VERSION}" \
              -PmathToolboxVersion="${VERSION}" \
              -PversionCatalogueVersion="${VERSION}"
          fi

      - name: Create Deployment on Central Publisher Portal
        run: |
          curl --fail -X 'POST' \
            'https://ossrh-staging-api.central.sonatype.com/manual/upload/defaultRepository/com.onixbyte?publishing_type=user_managed' \
            -H 'accept: */*' \
            -H 'Authorization: Bearer ${{ secrets.MAVEN_PORTAL_TOKEN }}' \
            -d ''