diff --git a/.github/workflows/maven-deploy.yaml b/.github/workflows/maven-deploy.yaml index 961a4dab5..eb7e66d9d 100644 --- a/.github/workflows/maven-deploy.yaml +++ b/.github/workflows/maven-deploy.yaml @@ -5,8 +5,6 @@ name: Maven Deploy on: push: - branches: - - main tags: - 'v*.*.*' @@ -14,45 +12,60 @@ jobs: build: runs-on: ubuntu-latest env: + SONATYPE_USER: ${{secrets.SONATYPE_USER}} + SONATYPE_PASSWORD: ${{secrets.SONATYPE_PASSWORD}} GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }} GPG_KEY_NAME: ${{secrets.GPG_KEY_NAME}} GPG_PASSPHRASE: ${{secrets.GPG_PASSPHRASE}} + MAVEN_USERNAME: ${ SONATYPE_USER } + MAVEN_CENTRAL_TOKEN: ${ SONATYPE_PASSWORD } + MAVEN_GPG_PASSPHRASE: ${ GPG_PASSPHRASE } + MAVEN_OPTS: "--add-opens=java.base/java.util=ALL-UNNAMED --add-opens=java.base/java.lang.reflect=ALL-UNNAMED --add-opens=java.base/java.text=ALL-UNNAMED --add-opens=java.desktop/java.awt.font=ALL-UNNAMED" steps: - uses: actions/checkout@v3 - - name: Set up JDK 11 + + - name: 'Configure gpg signing' + env: + GPG_KEY: ${{ secrets.GPG_PRIVATE_KEY }} + GPG_KEY_NAME: ${{ secrets.GPG_KEY_NAME }} + GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} + run: | + # https://github.com/keybase/keybase-issues/issues/2798 + export GPG_TTY=$(tty) + # Import gpg keys and warm the passphrase to avoid the gpg + # passphrase prompt when initating a deploy + # `--pinentry-mode=loopback` could be needed to ensure we + # suppress the gpg prompt + echo $GPG_KEY | base64 --decode > signing-key + gpg --passphrase $GPG_PASSPHRASE --batch --import signing-key + shred signing-key + + - name: Configure GIT + run: | + git config --global user.email "envoy-bot@users.noreply.github.com" + git config --global user.name "envoy-bot" + + - name: Set up JDK uses: actions/setup-java@v3 with: distribution: 'temurin' java-version: '17' - gpg-private-key: ${{ env.GPG_PRIVATE_KEY }} - gpg-passphrase: ${{ env.GPG_PASSPHRASE }} + server-id: sonatype-nexus-staging # Value of the distributionManagement/repository/id field of the pom.xml + server-username: ${ env.SONATYPE_USER } # env variable for username in deploy + server-password: ${ env.SONATYPE_PASSWORD } # env variable for token in deploy + gpg-private-key: ${{ secrets.GPG_SECRET_KEY }} # Value of the GPG private key to import - without any modification + gpg-passphrase: ${ env.GPG_PASSPHRASE } # env variable for GPG private key passphrase - - name: Build with Maven + - name: Publish to Maven Packages Apache Maven working-directory: ${{ github.workspace }}/java - run: mvn -B package --file pom.xml - - - name: Publish to GitHub Packages Apache Maven - working-directory: ${{ github.workspace }}/java - run: mvn deploy -s settings.xml + run: | + mvn -B -s settings.xml clean release:prepare \ + -Darguments="-s settings.xml" \ + -DreleaseVersion=${{ github.ref_name }} \ + -DdevelopmentVersion=${{ github.ref_name }}-SNAPSHOT \ + -DscmCommentPrefix="java release: " env: - GITHUB_TOKEN: ${{ github.token }} # GITHUB_TOKEN is the default env for the password - -# - name: Set up Apache Maven Central -# uses: actions/setup-java@v3 -# with: # running setup-java again overwrites the settings.xml -# distribution: 'temurin' -# java-version: '11' -# server-id: sonatype-nexus-snapshots # Value of the distributionManagement/repository/id field of the pom.xml -# server-username: ${{ env.SONATYPE_USER }} # env variable for username in deploy -# server-password: ${{ env.SONATYPE_PASSWORD }} # env variable for token in deploy -# gpg-private-key: ${{ env.GPG_PRIVATE_KEY }} # Value of the GPG private key to import -# gpg-passphrase: ${{ env.GPG_PASSPHRASE }} # env variable for GPG private key passphrase -# -# - name: Publish to Apache Maven Central -# working-directory: ${{ github.workspace }}/java -# run: mvn deploy -s settings.xml -# env: -# MAVEN_USERNAME: ${{ env.SONATYPE_USER }} -# MAVEN_CENTRAL_TOKEN: ${{ env.SONATYPE_PASSWORD }} -# MAVEN_GPG_PASSPHRASE: ${{ env.GPG_PASSPHRASE }} + MAVEN_USERNAME: ${{ secrets.SONATYPE_USER }} + MAVEN_CENTRAL_TOKEN: ${{ secrets.SONATYPE_PASSWORD }} + MAVEN_GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} diff --git a/.github/workflows/maven-publish.yaml b/.github/workflows/maven-publish.yaml deleted file mode 100644 index 920092ade..000000000 --- a/.github/workflows/maven-publish.yaml +++ /dev/null @@ -1,109 +0,0 @@ -# This workflow will build a package using Maven and then publish it to GitHub packages when a release is created -## For more information see: https://github.com/actions/setup-java/blob/main/docs/advanced-usage.md#apache-maven-with-a-settings-path - -name: Maven Deploy - -on: - push: - tags: - - 'v*.*.*' - -jobs: - deploy: - runs-on: ubuntu-latest - env: - SONATYPE_USER: ${{secrets.SONATYPE_USER}} - SONATYPE_PASSWORD: ${{secrets.SONATYPE_PASSWORD}} - GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }} - GPG_KEY_NAME: ${{secrets.GPG_KEY_NAME}} - GPG_PASSPHRASE: ${{secrets.GPG_PASSPHRASE}} - MAVEN_USERNAME: ${ SONATYPE_USER } - MAVEN_CENTRAL_TOKEN: ${ SONATYPE_PASSWORD } - MAVEN_GPG_PASSPHRASE: ${ GPG_PASSPHRASE } - permissions: - contents: read - packages: write - - steps: - - uses: actions/checkout@v3 - with: - ref: ${{ github.ref_name }} - - name: Set up JDK 17 - uses: actions/setup-java@v3 - with: - java-version: "17" - distribution: "temurin" - server-id: sonatype-nexus-snapshots - server-username: ${{ env.SONATYPE_USER }} - server-password: ${{ env.SONATYPE_PASSWORD }} - gpg-private-key: ${{ env.GPG_PRIVATE_KEY }} - gpg-passphrase: ${{ env.GPG_PASSPHRASE }} - - - name: Configure Git User - run: | - git config --global user.email "envoy-bot@users.noreply.github.com" - git config --global user.name "envoy-bot" - - - name: Install with Maven - working-directory: ${{ github.workspace }}/java - run: mvn -B install - - - name: 'Configure gpg signing' - env: - GPG_KEY: ${{ secrets.gpg_key }} - GPG_KEY_NAME: ${{ secrets.gpg_key_name }} - GPG_PASSPHRASE: ${{ secrets.gpg_passphrase }} - run: | - # https://github.com/keybase/keybase-issues/issues/2798 - export GPG_TTY=$(tty) - # Import gpg keys and warm the passphrase to avoid the gpg - # passphrase prompt when initating a deploy - # `--pinentry-mode=loopback` could be needed to ensure we - # suppress the gpg prompt - echo $GPG_KEY | base64 --decode > signing-key - gpg --passphrase $GPG_PASSPHRASE --batch --import signing-key - shred signing-key - - find . -type f \( -iname "pom.xml" -o -iname "*.jar" \) -print0 | while read -d $'\0' file - do - gpg --pinentry-mode=loopback --passphrase $GPG_PASSPHRASE -ab $file - done - - - name: 'Release to sonatype repository' - working-directory: ${{ github.workspace }}/java - env: - READWRITE_USER: ${{ secrets.SONATYPE_USER }} - READWRITE_API_KEY: ${{ secrets.SONATYPE_PASSWORD }} - ENVOY_PROXY_PROFILE_ID: ${{ secrets.ENVOY_PROXY_PROFILE_ID }} - run: | - python sonatype_nexus_upload.py \ - --profile_id=$ENVOY_PROXY_PROFILE_ID \ - --version=${{ github.ref_name }} \ - --files \ - ./pgv-test-coverage-report/pom.xml \ - ./pgv-java-grpc/pom.xml \ - ./pom.xml \ - ./pgv-java-validation/pom.xml \ - ./pgv-artifacts/pom.xml \ - ./pgv-java-stub/pom.xml \ - ./pgv-test-coverage-report/target/pgv-test-coverage-report-0.6.9-rc.0-SNAPSHOT.jar \ - ./pgv-java-grpc/target/pgv-java-grpc-0.6.9-rc.0-SNAPSHOT.jar \ - ./pgv-java-grpc/target/pgv-java-grpc-0.6.9-rc.0-SNAPSHOT-sources.jar \ - ./pgv-java-validation/target/pgv-java-validation-0.6.9-rc.0-SNAPSHOT-sources.jar \ - ./pgv-java-validation/target/pgv-java-validation-0.6.9-rc.0-SNAPSHOT.jar \ - ./pgv-java-stub/target/pgv-java-stub-0.6.9-rc.0-SNAPSHOT.jar \ - ./pgv-java-stub/target/pgv-java-stub-0.6.9-rc.0-SNAPSHOT-sources.jar \ - --signed_files \ - ./pgv-test-coverage-report/pom.xml.asc \ - ./pgv-java-grpc/pom.xml.asc \ - ./pom.xml.asc \ - ./pgv-java-validation/pom.xml.asc \ - ./pgv-artifacts/pom.xml.asc \ - ./pgv-java-stub/pom.xml.asc \ - ./pgv-test-coverage-report/target/pgv-test-coverage-report-0.6.9-rc.0-SNAPSHOT.jar.asc \ - ./pgv-java-grpc/target/pgv-java-grpc-0.6.9-rc.0-SNAPSHOT.jar.asc \ - ./pgv-java-grpc/target/pgv-java-grpc-0.6.9-rc.0-SNAPSHOT-sources.jar.asc \ - ./pgv-java-validation/target/pgv-java-validation-0.6.9-rc.0-SNAPSHOT.jar.asc \ - ./pgv-java-validation/target/pgv-java-validation-0.6.9-rc.0-SNAPSHOT-sources.jar.asc \ - ./pgv-java-stub/target/pgv-java-stub-0.6.9-rc.0-SNAPSHOT.jar.asc \ - ./pgv-java-stub/target/pgv-java-stub-0.6.9-rc.0-SNAPSHOT-sources.jar.asc diff --git a/java/pgv-artifacts/pom.xml b/java/pgv-artifacts/pom.xml index d4c11597e..8884b2d96 100644 --- a/java/pgv-artifacts/pom.xml +++ b/java/pgv-artifacts/pom.xml @@ -3,7 +3,7 @@ pgv-java io.envoyproxy.protoc-gen-validate - 0.6.9-rc.0 + 0.6.9-rc.0-SNAPSHOT 4.0.0 diff --git a/java/pgv-java-grpc/pom.xml b/java/pgv-java-grpc/pom.xml index d05d60ba4..3e0947642 100644 --- a/java/pgv-java-grpc/pom.xml +++ b/java/pgv-java-grpc/pom.xml @@ -3,7 +3,7 @@ pgv-java io.envoyproxy.protoc-gen-validate - 0.6.9-rc.0 + 0.6.9-rc.0-SNAPSHOT 4.0.0 diff --git a/java/pgv-java-stub/pom.xml b/java/pgv-java-stub/pom.xml index ab796c375..6bc565747 100644 --- a/java/pgv-java-stub/pom.xml +++ b/java/pgv-java-stub/pom.xml @@ -3,7 +3,7 @@ pgv-java io.envoyproxy.protoc-gen-validate - 0.6.9-rc.0 + 0.6.9-rc.0-SNAPSHOT 4.0.0 diff --git a/java/pgv-java-validation/pom.xml b/java/pgv-java-validation/pom.xml index cfc000c99..abb1f672a 100644 --- a/java/pgv-java-validation/pom.xml +++ b/java/pgv-java-validation/pom.xml @@ -3,7 +3,7 @@ pgv-java io.envoyproxy.protoc-gen-validate - 0.6.9-rc.0 + 0.6.9-rc.0-SNAPSHOT 4.0.0 diff --git a/java/pgv-test-coverage-report/pom.xml b/java/pgv-test-coverage-report/pom.xml index f088c98f6..f4ef0f8fd 100644 --- a/java/pgv-test-coverage-report/pom.xml +++ b/java/pgv-test-coverage-report/pom.xml @@ -3,7 +3,7 @@ pgv-java io.envoyproxy.protoc-gen-validate - 0.6.9-rc.0 + 0.6.9-rc.0-SNAPSHOT 4.0.0 diff --git a/java/pom.xml b/java/pom.xml index c7a2d3b63..fe8e96bec 100644 --- a/java/pom.xml +++ b/java/pom.xml @@ -4,7 +4,7 @@ io.envoyproxy.protoc-gen-validate pgv-java - 0.6.9-rc.0 + 0.6.9-rc.0-SNAPSHOT pgv-java-stub pgv-java-validation @@ -205,7 +205,7 @@ https://github.com/envoyproxy/protoc-gen-validate scm:git:git@github.com:lyft/protoc-gen-validate.git scm:git:git@github.com:lyft/protoc-gen-validate.git - v0.6.9-rc.0-java + HEAD