Extend build workflow with SNAPSHOT deployment to Sonatype ossrh

This will eventually replace the Bintray-based release process, see #17
qaware · Feb 26, 2021 · 02259e4 · 02259e4
1 parent 49a4a42
commit 02259e4
Show file tree

Hide file tree

Showing 2 changed files with 51 additions and 5 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -22,6 +22,11 @@ jobs:
         uses: actions/setup-java@v1
         with:
           java-version: 11
+          server-id: ossrh
+          server-username: SONATYPE_USER
+          server-password: SONATYPE_PASSWORD
+          gpg-private-key: ${{ secrets.ARTIFACT_SIGNING_GPG_PRIVATE_KEY }}
+          gpg-passphrase: ARTIFACT_SIGNING_GPG_PRIVATE_KEY_PASSPHRASE
       - name: Cache SonarCloud packages
         uses: actions/cache@v1
         with:
@@ -34,11 +39,21 @@ jobs:
           path: ~/.m2
           key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
           restore-keys: ${{ runner.os }}-m2
-      - name: Build with Maven
+      - name: Build & Analyze
         run: mvn -B verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar
         env:
           MAVEN_OPTS: >- # strip any newlines
             -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn
             -Dorg.slf4j.simpleLogger.log.org.codehaus.mojo.license.model.LicenseRepository=warn
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
-          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+      - name: Deploy snapshot
+        if: github.ref == 'refs/heads/master'
+        run: mvn -B deploy -Pdeploy -DskipTests
+        env:
+          MAVEN_OPTS: >- # strip any newlines
+            -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn
+            -Dorg.slf4j.simpleLogger.log.org.codehaus.mojo.license.model.LicenseRepository=warn
+          SONATYPE_USER: ${{ secrets.SONATYPE_USER }}
+          SONATYPE_PASSWORD: ${{ secrets.SONATYPE_PASSWORD }}
+          ARTIFACT_SIGNING_GPG_PRIVATE_KEY_PASSPHRASE: ${{ secrets.ARTIFACT_SIGNING_GPG_PRIVATE_KEY_PASSPHRASE }}
diff --git a/pom.xml b/pom.xml
@@ -285,7 +285,7 @@
 
     <profiles>
         <profile>
-            <id>release</id>
+            <id>deploy</id>
             <activation>
                 <activeByDefault>false</activeByDefault>
             </activation>
@@ -328,13 +328,44 @@
                             </execution>
                         </executions>
                     </plugin>
+
+                    <!-- Sign artifacts -->
+                    <plugin>
+                        <groupId>org.apache.maven.plugins</groupId>
+                        <artifactId>maven-gpg-plugin</artifactId>
+                        <version>1.6</version>
+                        <executions>
+                            <execution>
+                                <id>sign-artifacts</id>
+                                <phase>verify</phase>
+                                <goals>
+                                    <goal>sign</goal>
+                                </goals>
+                                <configuration>
+                                    <!--
+                                    Prevent gpg from using pinentry programs.
+                                    See https://github.com/actions/setup-java#extra-setup-for-pomxml
+                                    Fixes: gpg: signing failed: Inappropriate ioctl for device
+                                    -->
+                                    <gpgArguments>
+                                        <arg>--pinentry-mode</arg>
+                                        <arg>loopback</arg>
+                                    </gpgArguments>
+                                </configuration>
+                            </execution>
+                        </executions>
+                    </plugin>
                 </plugins>
             </build>
 
             <distributionManagement>
+                <snapshotRepository>
+                    <id>ossrh</id>
+                    <url>https://oss.sonatype.org/content/repositories/snapshots</url>
+                </snapshotRepository>
                 <repository>
-                    <id>bintray-qaware-oss</id>
-                    <url>https://api.bintray.com/maven/qaware-oss/maven/openapi-generator-for-spring;publish=1</url>
+                    <id>ossrh</id>
+                    <url>https://oss.sonatype.org/service/local/staging/deploy/maven2</url>
                 </repository>
             </distributionManagement>
         </profile>