181 lines
6.0 KiB
YAML
181 lines
6.0 KiB
YAML
# This workflow publishes one or more modules to Maven Central when a version tag is pushed
|
|
# to the main branch.
|
|
#
|
|
# Supported tag formats:
|
|
# <module>/v<version> — publish a single module (e.g. tuple/v3.3.1)
|
|
# <module>+<module>/v<version> — publish multiple modules (e.g. tuple+crypto-toolbox/v3.3.1)
|
|
# v<version> — publish all modules (e.g. v3.4.0)
|
|
#
|
|
# Valid module names: common-toolbox, tuple, identity-generator, crypto-toolbox, math-toolbox, version-catalogue
|
|
|
|
name: Publish Packages to Maven Central
|
|
|
|
on:
|
|
push:
|
|
tags:
|
|
- 'v[0-9]*.[0-9]*.[0-9]*'
|
|
- '*/v[0-9]*.[0-9]*.[0-9]*'
|
|
|
|
jobs:
|
|
publish:
|
|
name: Build and Publish
|
|
runs-on: self-hosted
|
|
permissions:
|
|
contents: read
|
|
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4.2.2
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
- name: Verify Tag is on Main Branch
|
|
run: |
|
|
if ! git merge-base --is-ancestor HEAD origin/main; then
|
|
echo "::error::Tag ${{ github.ref_name }} does not point to a commit on the main branch"
|
|
echo "Tags must be pushed after the commit is merged to main."
|
|
exit 1
|
|
fi
|
|
echo "✓ Tag ${{ github.ref_name }} is on main"
|
|
|
|
- name: Parse Tag
|
|
id: parse-tag
|
|
run: |
|
|
declare -A MODULE_PROPS=(
|
|
["common-toolbox"]="commonToolboxVersion"
|
|
["tuple"]="tupleVersion"
|
|
["identity-generator"]="identityGeneratorVersion"
|
|
["crypto-toolbox"]="cryptoToolboxVersion"
|
|
["math-toolbox"]="mathToolboxVersion"
|
|
["version-catalogue"]="versionCatalogueVersion"
|
|
)
|
|
|
|
TAG="${{ github.ref_name }}"
|
|
echo "Tag: ${TAG}"
|
|
|
|
# <module>[+<module>...]/v<version> — one or more specific modules
|
|
if [[ "${TAG}" =~ ^([a-z][a-z0-9-]+(\+[a-z][a-z0-9-]+)*)/v?([0-9]+\.[0-9]+\.[0-9]+.*)$ ]]; then
|
|
IFS='+' read -ra MODULES <<< "${BASH_REMATCH[1]}"
|
|
VERSION="${BASH_REMATCH[3]}"
|
|
|
|
# v<version> — all modules
|
|
else
|
|
MODULES=("common-toolbox" "tuple" "identity-generator" "crypto-toolbox" "math-toolbox" "version-catalogue")
|
|
VERSION="${TAG#v}"
|
|
fi
|
|
|
|
# Validate all modules
|
|
for m in "${MODULES[@]}"; do
|
|
if [ -z "${MODULE_PROPS[$m]}" ]; then
|
|
echo "::error::Unknown module: ${m}"
|
|
echo "Valid modules: ${!MODULE_PROPS[*]}"
|
|
exit 1
|
|
fi
|
|
done
|
|
|
|
echo "version=${VERSION}" >> $GITHUB_OUTPUT
|
|
echo "count=${#MODULES[@]}" >> $GITHUB_OUTPUT
|
|
|
|
for m in "${MODULES[@]}"; do
|
|
echo "→ ${m} @ ${VERSION}"
|
|
done
|
|
|
|
# Store module list as a multi-line output
|
|
{
|
|
echo "modules<<MODULES_EOF"
|
|
printf '%s\n' "${MODULES[@]}"
|
|
echo "MODULES_EOF"
|
|
} >> $GITHUB_OUTPUT
|
|
|
|
# Store property mappings
|
|
{
|
|
echo "props<<PROPS_EOF"
|
|
for m in "${MODULES[@]}"; do
|
|
echo "${m}=${MODULE_PROPS[$m]}"
|
|
done
|
|
echo "PROPS_EOF"
|
|
} >> $GITHUB_OUTPUT
|
|
|
|
- name: Setup GPG TTY
|
|
run: export GPG_TTY=$(tty)
|
|
|
|
- name: Import PGP Private Key
|
|
uses: crazy-max/ghaction-import-gpg@v6.3.0
|
|
with:
|
|
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
|
|
passphrase: ${{ secrets.GPG_PASSPHRASE }}
|
|
trust_level: 5
|
|
|
|
- name: Creating PGP Ring Key
|
|
run: |
|
|
mkdir -p ~/.gnupg
|
|
echo ${{ secrets.GPG_PASSPHRASE }} | gpg --batch --yes --pinentry-mode loopback --passphrase-fd 0 --export-secret-keys -o ~/.gnupg/gpg_key.ring
|
|
|
|
- name: Restore gradle.properties
|
|
env:
|
|
GRADLE_PROPERTIES: ${{ secrets.GRADLE_PROPERTIES }}
|
|
shell: bash
|
|
run: |
|
|
mkdir -p ~/.gradle/
|
|
echo "GRADLE_USER_HOME=${HOME}/.gradle" >> $GITHUB_ENV
|
|
echo "${GRADLE_PROPERTIES}" > ~/.gradle/gradle.properties
|
|
|
|
- name: Set up JDK 17
|
|
uses: actions/setup-java@v4
|
|
with:
|
|
java-version: "17"
|
|
distribution: "corretto"
|
|
|
|
- name: Setup Gradle
|
|
uses: gradle/actions/setup-gradle@v4.4.1
|
|
|
|
- name: Grant Execution Authority to Gradlew
|
|
run: chmod +x ./gradlew
|
|
|
|
- name: Build with Gradle
|
|
env:
|
|
MODULES: ${{ steps.parse-tag.outputs.modules }}
|
|
PROPS: ${{ steps.parse-tag.outputs.props }}
|
|
VERSION: ${{ steps.parse-tag.outputs.version }}
|
|
run: |
|
|
declare -A MODULE_PROPS
|
|
while IFS='=' read -r key value; do
|
|
MODULE_PROPS[$key]="$value"
|
|
done <<< "$PROPS"
|
|
|
|
while IFS= read -r MODULE; do
|
|
echo "::group::Building ${MODULE}"
|
|
PROP="${MODULE_PROPS[$MODULE]}"
|
|
./gradlew ":${MODULE}:build" "-P${PROP}=${VERSION}"
|
|
echo "::endgroup::"
|
|
done <<< "$MODULES"
|
|
|
|
- name: List Output Items
|
|
run: ls -l ./**/build/libs
|
|
|
|
- name: Publish to Maven Central
|
|
env:
|
|
MODULES: ${{ steps.parse-tag.outputs.modules }}
|
|
PROPS: ${{ steps.parse-tag.outputs.props }}
|
|
VERSION: ${{ steps.parse-tag.outputs.version }}
|
|
run: |
|
|
declare -A MODULE_PROPS
|
|
while IFS='=' read -r key value; do
|
|
MODULE_PROPS[$key]="$value"
|
|
done <<< "$PROPS"
|
|
|
|
while IFS= read -r MODULE; do
|
|
echo "::group::Publishing ${MODULE}"
|
|
PROP="${MODULE_PROPS[$MODULE]}"
|
|
./gradlew ":${MODULE}:publish" "-P${PROP}=${VERSION}"
|
|
echo "::endgroup::"
|
|
done <<< "$MODULES"
|
|
|
|
- name: Create Deployment on Central Publisher Portal
|
|
run: |
|
|
curl --fail -X 'POST' \
|
|
'https://ossrh-staging-api.central.sonatype.com/manual/upload/defaultRepository/com.onixbyte?publishing_type=user_managed' \
|
|
-H 'accept: */*' \
|
|
-H 'Authorization: Bearer ${{ secrets.MAVEN_PORTAL_TOKEN }}' \
|
|
-d ''
|