Skip to content
PIPELINE

fix #7

Sign in to view logs

fix

fix #7

Workflow file for this run

.github/workflows/pipeline.yml at 8fcfde5
name: PIPELINE
on:
push:
branches:
- 'master'
workflow_dispatch:
jobs:
bump:
uses: UnterrainerInformatik/bump-semver-workflow/.github/workflows/workflow.yml@master
build:
name: Build and publish to Maven Central 🔨
runs-on: [self-hosted, Linux, X64]
env:
MAVEN_PROFILES: release-to-sonatype
MAVEN_ARGS: -Dmaven.test.skip=true
needs: [bump]
steps:
- name: Pre-fetch upload-artifact action (self-hosted only) ⚙️
if: contains(runner.labels, 'self-hosted')
run: |
mkdir -p ~/.setup-actions
cd ~/.setup-actions
if [ ! -d "upload-artifact" ]; then
echo "Cloning upload-artifact@v4..."
git clone --depth=1 --branch v4 https://github.com/actions/upload-artifact.git upload-artifact
echo "✅ upload-artifact@v4 cloned manually!"
else
echo "✅ upload-artifact already fetched."
fi
- name: Checkout repo 📦
uses: actions/checkout@v4
- name: Cache Maven packages 💾
uses: actions/cache@v3
with:
path: ~/.m2/repository
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
restore-keys: ${{ runner.os }}-maven-
- name: Set up JDK 21 ⚙️
uses: actions/setup-java@v4
with:
java-version: '21'
distribution: 'temurin'
server-id: maven
server-username: ${{ secrets.SONATYPE_USERNAME }}
server-password: ${{ secrets.SONATYPE_PASSWORD }}
- name: Set up GPG for CI 🔐
run: |
which gpg2 || sudo apt update && sudo apt install -y gnupg2
mkdir -p ~/.gnupg
chmod 700 ~/.gnupg
echo "use-agent" >> ~/.gnupg/gpg.conf
echo "pinentry-mode loopback" >> ~/.gnupg/gpg.conf
echo "allow-loopback-pinentry" >> ~/.gnupg/gpg-agent.conf
echo "default-cache-ttl 600" >> ~/.gnupg/gpg-agent.conf
echo "max-cache-ttl 7200" >> ~/.gnupg/gpg-agent.conf
gpgconf --kill gpg-agent
gpgconf --launch gpg-agent
echo "${{ secrets.GPG_SECRET_KEY }}" | base64 --decode | gpg2 --batch --yes --import
echo "${{ secrets.GPG_OWNERTRUST }}" | base64 --decode | gpg2 --import-ownertrust
export GPG_TTY=$(tty)
- name: Write .m2/settings.xml 💾
run: |
mkdir -p ~/.m2
cat <<EOF > ~/.m2/settings.xml
<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 https://maven.apache.org/xsd/settings-1.0.0.xsd">
<servers>
<server>
<id>maven</id>
<username>${{ secrets.SONATYPE_USERNAME }}</username>
<password>${{ secrets.SONATYPE_PASSWORD }}</password>
</server>
</servers>
</settings>
EOF
- name: Conditionally setup Maven ⚙️
run: |
wihch mvn || (sudo apt update && sudo apt install -y maven)
- name: Update pom.xml version 💾
run: |
mvn versions:set -DnewVersion=${{ needs.bump.outputs.major_version }}.${{ needs.bump.outputs.minor_version }}.${{ needs.bump.outputs.build_version }} -DgenerateBackupPoms=false
- name: Build and publish with Maven 🔨
env:
MAVEN_GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
run: mvn clean deploy --batch-mode --update-snapshots -P${{ env.MAVEN_PROFILES }} $MAVEN_ARGS
- name: List signed files 🐞
run: |
echo "📦 Contents of target/:"
ls -lh target/
echo ""
echo "🔍 GPG signatures:"
find target/ -type f -name "*.asc" -exec echo "✔ Found:" {} \;
echo ""
echo "❓ Missing POM signature?" && test ! -f target/*pom.asc && echo "❌ No POM signature found!" || echo "✅ POM is signed."
- name: Upload build artifacts ⬆️
if: ${{ always() && hashFiles('target/*.jar') != '' }}
uses: actions/upload-artifact@v4
with:
name: maven-artifacts
path: target/*.jar