Maven Package #12
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This workflow will build and Publish a Java project with Maven, and cache/restore any dependencies to improve the workflow execution time | |
# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-java-with-maven | |
# This workflow uses actions that are not certified by GitHub. | |
# They are provided by a third-party and are governed by | |
# separate terms of service, privacy policy, and support | |
# documentation. | |
name: Maven Package | |
on: | |
release: | |
types: [created] | |
jobs: | |
publish: | |
name: Build and Publish | |
runs-on: ubuntu-latest | |
env: | |
artifact_name: kc-iam-connector | |
steps: | |
- name: Checkout source code | |
uses: actions/checkout@v4 | |
- name: Get the release version | |
id: get_version | |
run: echo "VERSION=${GITHUB_REF/refs\/tags\/v/}" >> $GITHUB_OUTPUT | |
- name: Set up JDK 17 for deploy to OSSRH | |
uses: actions/setup-java@v4 | |
with: | |
distribution: "adopt" | |
java-version: "17" | |
server-id: ossrh | |
server-username: MAVEN_USERNAME | |
server-password: MAVEN_CENTRAL_TOKEN | |
gpg-private-key: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }} | |
gpg-passphrase: MAVEN_GPG_PASSPHRASE | |
- name: Code vulnerability scanning | |
uses: anchore/scan-action@v3 | |
id: scan | |
with: | |
path: "${{ github.workplace }}" | |
fail-build: false | |
severity-cutoff: high | |
acs-report-enable: true | |
- name: Upload vulnerability report | |
uses: github/codeql-action/upload-sarif@v3 | |
if: success() || failure() | |
with: | |
sarif_file: ${{ steps.scan.outputs.sarif }} | |
- name: Build with Maven | |
run: mvn -B package --file pom.xml | |
- name: Update package version | |
run: mvn versions:set -DnewVersion=${{ steps.get_version.outputs.VERSION }} | |
- name: Publish to Apache Maven Central | |
run: mvn deploy -PossrhDeploy | |
env: | |
MAVEN_USERNAME: ${{ secrets.MAVEN_CENTRAL_USERNAME }} | |
MAVEN_CENTRAL_TOKEN: ${{ secrets.MAVEN_CENTRAL_TOKEN }} | |
MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }} | |
- name: Set up JDK 17 for deploy to github packages | |
uses: actions/setup-java@v4 | |
with: | |
distribution: "adopt" | |
java-version: "17" | |
server-id: github | |
- name: Publish to GitHub Packages Apache Maven | |
run: mvn deploy -PgithubDeploy | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Upload jar files to release as release assets | |
run: | | |
TAG=${GITHUB_REF/refs\/tags\//} | |
gh release upload ${TAG} target/${{ env.artifact_name }}-${{ steps.get_version.outputs.VERSION }}.jar | |
gh release upload ${TAG} target/${{ env.artifact_name }}-${{ steps.get_version.outputs.VERSION }}-sources.jar | |
gh release upload ${TAG} target/${{ env.artifact_name }}-${{ steps.get_version.outputs.VERSION }}-javadoc.jar | |
gh release upload ${TAG} target/${{ env.artifact_name }}-${{ steps.get_version.outputs.VERSION }}-jar-with-dependencies.jar | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |