This repo is equiped with a fully one-click deployment process.
.github/workflows/publish.yml
is the key to how this works.
It has 3 variables:
publish
: defaults toNo
, needs to beYes
to publish and commit changes; Else will do a 'dry-run'.releaseVersion
: defaults to next 'minor' release i.e.1.0.5
, edit accordingly based on Semantic Versioning.developmentVersion
: defaults to next 'minor' SNAPSHOT version i.e.1.0.6-SNAPSHOT
, edit accordingly based on Semantic Versioning.
If you have the correct permissions, you can kick of a version deployment by going to https://github.com/qld-gov-au/kiteworks-integration/actions/workflows/publish.yml
and using the 'workflow_dispatch' Run the workflow by clicking Run workflow
green button once you have altered the vairables above to your liking
If you use Sonatype's Nexus repository manager, you may want to add proxy entries to your Nexus configuration for the GitHub repositories. Here are a few notes to keep in mind:
GitHub's repositories don't contain indices so do set it high in your loop and ensure Not found cache enabled
is disabled
Nexus should still be able to access specific artifact, pom and checksum file URLs despite the missing directory listings.
It may look like it is not working due to it not pre-fetching, it will only show artifacts that it has 'cached' via Nexus lookup.
Below has been tested to work when creating a github package manager link
-
Remote Storage
https://maven.pkg.github.com/${org}/${repo}/ i.e. https://maven.pkg.github.com/qld-gov-au/kiteworks-integration/ -
Online
ticked -
Layout policy:
Permissive -
Not found cache enabled:
un-ticked -
Strict Content Type Validation:
optional: un-ticked -
Create a service GitHub account, generate an access key that is only set to
package: read
-
Inside Nexus: Authentication: username (GitHub username) password (access key generated)
-
Use pre-emptive authentication
ticked -
Enable circular redirects:
ticked -
Enable Cookies:
ticked
You may want to use the more advanced features such as Routing Rule to limit the group id's that would go to your repo's. Reason being is that it will only provide answers for the versions you have published and nothing more.
Ensure these secrets are set up on your repo:
Secrets:
-
DEPLOY_KEY
: private ssh key that is associated with your service worker. -
GPG_EMAIL
: the email address against the GPG cert. -
GPG_KEY
: the base64 encoded private key without passphrase.you can set one if you wish and configure an additional steps to unlock it on usage .
-
GPG_KEY_ID
: The unique id of the GPG key.
Variables:
GPG_NAME
: The name assicated with the GPG key.
Copy the .github folder to your own repository.
- Update dependabot 'reviewers'
In your pom.xml files, update to match your org and repo.
In this example the org is qld-gov-au
and the repo is kiteworks-integration
<scm>
<connection>scm:git:${project.scm.url}</connection>
<developerConnection>scm:git:${project.scm.url}</developerConnection>
<url>[email protected]:qld-gov-au/kiteworks-integration.git</url>
<tag>HEAD</tag>
</scm>
<distributionManagement>
<repository>
<id>github</id>
<name>GitHub Packages</name>
<url>https://maven.pkg.github.com/qld-gov-au/kiteworks-integration</url>
</repository>
<snapshotRepository>
<id>github</id>
<name>GitHub Packages</name>
<url>https://maven.pkg.github.com/qld-gov-au/kiteworks-integration</url>
</snapshotRepository>
</distributionManagement>