-
Notifications
You must be signed in to change notification settings - Fork 66
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
3a25461
commit 5fa0e4a
Showing
2 changed files
with
31 additions
and
35 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -5,11 +5,11 @@ Deploying to OSSRH from GitHub Actions | |
-------------------------------------- | ||
|
||
This page explains how to publish to <https://oss.sonatype.org> (a.k.a. OSSRH) from GitHub Actions, assuming you already | ||
can release to their manually. See their [Getting Started Guide](https://central.sonatype.org/publish/publish-guide/) if you do not | ||
have an account already. | ||
can release to there manually. See their [Getting Started Guide](https://central.sonatype.org/publish/publish-guide/) if | ||
you do not have an account already. | ||
|
||
In order to publish directly to OSSRH from GitHub Actions, you will need OSSRH credentials, a PGP key for signing | ||
artifacts, and the correct plugins set up. | ||
artifacts, and the correct plugins configured. | ||
|
||
$H$H$H Plugin setup | ||
|
||
|
@@ -33,8 +33,7 @@ a release. | |
</build> | ||
|
||
The release profile can just have the `maven-gpg-plugin` (used to sign all the generated artifacts) and the | ||
`nexus-staging-maven-plugin`. Note that both plugins will use secrets that are saved in `~/.m2/settings.xml` which | ||
is created in the `release.yaml` file described below. | ||
`nexus-staging-maven-plugin`. Note that both plugins will use secrets that will be managed by GitHub Actions. | ||
|
||
<profiles> | ||
<profile> | ||
|
@@ -44,19 +43,16 @@ is created in the `release.yaml` file described below. | |
<plugin> | ||
<groupId>org.apache.maven.plugins</groupId> | ||
<artifactId>maven-gpg-plugin</artifactId> | ||
<configuration> | ||
<gpgArguments> | ||
<arg>--pinentry-mode</arg> | ||
<arg>loopback</arg> | ||
</gpgArguments> | ||
</configuration> | ||
<executions> | ||
<execution> | ||
<id>sign-artifacts</id> | ||
<phase>verify</phase> | ||
<goals> | ||
<goal>sign</goal> | ||
</goals> | ||
<configuration> | ||
<signer>bc</signer> | ||
</configuration> | ||
</execution> | ||
</executions> | ||
</plugin> | ||
|
@@ -66,7 +62,7 @@ is created in the `release.yaml` file described below. | |
<extensions>true</extensions> | ||
<configuration> | ||
<serverId>ossrh</serverId> | ||
<nexusUrl>https://oss.sonatype.org/</nexusUrl> | ||
<nexusUrl>https://s01.oss.sonatype.org/</nexusUrl> | ||
<autoReleaseAfterClose>true</autoReleaseAfterClose> | ||
</configuration> | ||
</plugin> | ||
|
@@ -75,6 +71,8 @@ is created in the `release.yaml` file described below. | |
</profile> | ||
</profiles> | ||
|
||
*Note:* check the `nexusUrl` configuration value is correct for your project. | ||
|
||
You'll also need to enable the `maven-javadoc-plugin` and `maven-sources-plugin` as per OSSRH requirements. You can | ||
put these in your `release` profile or normal `build` section. | ||
|
||
|
@@ -84,8 +82,8 @@ Add the following secrets to your repository or organisation: | |
|
||
* **OSSRH_USERNAME** - the username you use to log in to OSS Nexus | ||
* **OSSRH_TOKEN** - the password for your OSSRH user | ||
* **OSSRH_GPG_SECRET_KEY** - your GPG key as described [here](https://gist.github.com/sualeh/ae78dc16123899d7942bc38baba5203c). | ||
* **OSSRH_GPG_SECRET_KEY_PASSWORD** - the password for your GPG key | ||
* **GPG_SECRET_KEY** - your GPG key as described [here](https://gist.github.com/sualeh/ae78dc16123899d7942bc38baba5203c). | ||
* **GPG_SECRET_KEY_PASSPHRASE** - the password for your GPG key | ||
|
||
$H$H$H Set your SCM plugin URLs to use HTTPS | ||
|
||
|
@@ -99,7 +97,7 @@ Make sure HTTPS is used in your `scm` section as SSH URLs will not work during t | |
$H$H$H Create a release workflow | ||
|
||
Create a file in your git repository at `.github/workflows/release.yaml` which has the following contents which will | ||
first test and verify your package using Java 11, and then release to OSSRH: | ||
first test and verify your package using Java 21, and then release to OSSRH: | ||
|
||
```yaml | ||
name: Publish to Maven Central Repository | ||
|
@@ -109,33 +107,26 @@ jobs: | |
publish: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- uses: actions/checkout@v3 | ||
- uses: actions/checkout@v4 | ||
with: | ||
fetch-depth: 0 | ||
- name: Install gpg secret key | ||
run: cat <(echo -e "${{ secrets.OSSRH_GPG_SECRET_KEY }}") | gpg --batch --import | ||
- name: Set up Maven Central Repository | ||
uses: actions/setup-java@v3 | ||
uses: actions/setup-java@v4 | ||
with: | ||
java-version: '11' | ||
java-version: '21' | ||
distribution: 'temurin' | ||
- name: Set up maven settings | ||
uses: s4u/[email protected] | ||
with: | ||
servers: | | ||
[{ | ||
"id": "ossrh", | ||
"username": "${{ secrets.OSSRH_USERNAME }}", | ||
"password": "${{ secrets.OSSRH_TOKEN }}" | ||
}, | ||
{ | ||
"id": "gpg.passphrase", | ||
"passphrase": "${{ secrets.OSSRH_GPG_SECRET_KEY_PASSWORD }}", | ||
"configuration": {} | ||
}] | ||
cache: 'maven' | ||
server-id: ossrh | ||
server-username: OSSRH_USERNAME | ||
server-password: OSSRH_TOKEN | ||
- name: Verify package | ||
run: mvn --batch-mode verify | ||
- name: Release package | ||
env: | ||
OSSRH_USERNAME: ${{ secrets.OSSRH_USERNAME }} | ||
OSSRH_TOKEN: ${{ secrets.OSSRH_TOKEN }} | ||
MAVEN_GPG_KEY: ${{ secrets.GPG_SECRET_KEY }} | ||
MAVEN_GPG_PASSPHRASE: ${{ secrets.GPG_SECRET_KEY_PASSPHRASE }} | ||
run: mvn --batch-mode -DskipTests=true releaser:release | ||
``` | ||
|
||
|