diff --git a/.github/workflows/maven-deploy.yaml b/.github/workflows/maven-deploy.yaml index b85ce5106..ba407c1aa 100644 --- a/.github/workflows/maven-deploy.yaml +++ b/.github/workflows/maven-deploy.yaml @@ -43,10 +43,10 @@ jobs: echo $GPG_KEY | base64 --decode > signing-key gpg --passphrase $GPG_PASSPHRASE --batch --import signing-key shred signing-key - + - name: Configure GIT run: | - git config --global user.email "envoy-bot@users.noreply.github.com" + git config --global user.email "envoy-bot@users.noreply.github.com" git config --global user.name "envoy-bot" - name: Set up JDK @@ -55,7 +55,7 @@ jobs: distribution: 'temurin' java-version: '17' cache: 'maven' - server-id: sonatype-nexus-snapshots + server-id: ossrh server-username: ${ env.SONATYPE_USER } server-password: ${ env.SONATYPE_PASSWORD } gpg-private-key: ${{ secrets.GPG_SECRET_KEY }} diff --git a/.github/workflows/maven-release.yaml b/.github/workflows/maven-release.yaml new file mode 100644 index 000000000..5beb6b1dd --- /dev/null +++ b/.github/workflows/maven-release.yaml @@ -0,0 +1,88 @@ +# This workflow will build a package using Maven and then publish it to GitHub packages when a release is created +## For more information see: https://github.com/actions/setup-java/blob/main/docs/advanced-usage.md#apache-maven-with-a-settings-path + +name: Maven Manual Deploy + +on: + workflow_dispatch: + inputs: + ref: + description: "Git ref to release" + required: true + version: + description: "Maven version to release (without 'v' prefix)" + required: true + deployArgs: + description: "Additional Maven deploy arguments (e.g. '--debug -DautoReleaseAfterClose=false')" + required: false + +jobs: + build: + runs-on: ubuntu-latest + env: + SONATYPE_USER: ${{secrets.BUF_SONATYPE_USER}} + SONATYPE_PASSWORD: ${{secrets.BUF_SONATYPE_PASSWORD}} + GPG_KEY_NAME: ${{secrets.GPG_KEY_NAME}} + GPG_PASSPHRASE: ${{secrets.GPG_PASSPHRASE}} + MAVEN_OPTS: "--add-opens=java.base/java.util=ALL-UNNAMED --add-opens=java.base/java.lang.reflect=ALL-UNNAMED --add-opens=java.base/java.text=ALL-UNNAMED --add-opens=java.desktop/java.awt.font=ALL-UNNAMED" + REF_NAME: ${{ inputs.ref }} + + steps: + - uses: actions/checkout@v4 + with: + ref: ${{ inputs.ref }} + - uses: actions/setup-go@v5 + with: + go-version: 'stable' + - name: Set VERSION variable from tag + run: | + echo "VERSION=${{ inputs.VERSION }}" >> $GITHUB_ENV + + - name: 'Configure GPG signing' + env: + GPG_KEY: ${{ secrets.GPG_PRIVATE_KEY }} + GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} + run: | + # https://github.com/keybase/keybase-issues/issues/2798 + export GPG_TTY=$(tty) + # Import gpg keys and warm the passphrase to avoid the gpg + # passphrase prompt when initating a deploy + # `--pinentry-mode=loopback` could be needed to ensure we + # suppress the gpg prompt + echo $GPG_KEY | base64 --decode > signing-key + gpg --passphrase $GPG_PASSPHRASE --batch --import signing-key + shred signing-key + + - name: Configure GIT + run: | + git config --global user.email "envoy-bot@users.noreply.github.com" + git config --global user.name "envoy-bot" + + - name: Set up JDK + uses: actions/setup-java@v4 + with: + distribution: 'temurin' + java-version: '17' + cache: 'maven' + server-id: ossrh + server-username: ${ env.SONATYPE_USER } + server-password: ${ env.SONATYPE_PASSWORD } + gpg-private-key: ${{ secrets.GPG_SECRET_KEY }} + gpg-passphrase: ${ env.GPG_PASSPHRASE } + + - name: Update version in pom + working-directory: ${{ github.workspace }}/java + run: mvn -B versions:set -DnewVersion=${{ env.VERSION }} -DgenerateBackupPoms=false + + - name: Publish to Maven Packages Apache Maven + working-directory: ${{ github.workspace }}/java + run: | + mvn -B -s settings.xml ${{ inputs.deployArgs }} clean deploy \ + -Darguments="-s settings.xml" \ + -DreleaseVersion=${{ env.VERSION }} \ + -DdevelopmentVersion=${{ env.VERSION }}-SNAPSHOT \ + -DscmCommentPrefix="java release: " + env: + MAVEN_USERNAME: ${{ env.SONATYPE_USER }} + MAVEN_CENTRAL_TOKEN: ${{ env.SONATYPE_PASSWORD }} + MAVEN_GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} diff --git a/java/pom.xml b/java/pom.xml index 36bf20ee5..372babb9a 100644 --- a/java/pom.xml +++ b/java/pom.xml @@ -157,10 +157,10 @@ org.sonatype.plugins nexus-staging-maven-plugin - 1.6.13 + 1.7.0 true - sonatype-nexus-staging + ossrh https://s01.oss.sonatype.org/ true @@ -206,8 +206,12 @@ + + ossrh + https://s01.oss.sonatype.org/service/local/staging/deploy/maven2/ + - sonatype-nexus-snapshots + ossrh https://s01.oss.sonatype.org/content/repositories/snapshots diff --git a/java/settings.xml b/java/settings.xml index 86d5b27ed..38205ab9a 100644 --- a/java/settings.xml +++ b/java/settings.xml @@ -2,12 +2,7 @@ xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.1.0 http://maven.apache.org/xsd/settings-1.1.0.xsd"> - sonatype-nexus-snapshots - ${env.SONATYPE_USER} - ${env.SONATYPE_PASSWORD} - - - sonatype-nexus-staging + ossrh ${env.SONATYPE_USER} ${env.SONATYPE_PASSWORD}