ci: Gha gpg (#1187)

* ci: fix gpg * ci: fix * ci: fix * ci: fix * ci: fix * ci: fix * ci: fix * ci: fix * ci: fix * ci: fix * ci: fix * ci: fix * ci: fix * ci: fix * ci: fix * ci: fix * ci: fix * ci: fix * ci: fix * ci: fix * ci: fix * ci: fix * ci: fix * ci: fix * ci: fix * ci: fix * ci: fix * ci: fix * ci: fix * ci: fix * ci: fix * ci: fix * ci: fix * ci: fix * ci: fix * ci: fix * ci: fix * ci: fix * ci: fix * ci: fix * ci: fix * ci: fix * ci: fix * ci: fix * ci: fix * ci: fix * ci: fix * ci: fix * ci: fix * ci: fix * ci: fix
watson-developer-cloud · Aug 31, 2021 · 29ad02a · 29ad02a
1 parent a27d6f4
commit 29ad02a
Show file tree

Hide file tree

Showing 4 changed files with 45 additions and 5 deletions.
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -64,7 +64,17 @@ jobs:
       env:
         GITHUB_TOKEN: ${{ secrets.GH_TOKEN }}
         NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
-      run: echo ::set-output name=IS_NEW_RELEASE::$(npx semantic-release --dry-run | grep -c -i "Published release")
+      run: |
+        echo ::set-output name=IS_NEW_RELEASE::$(npx semantic-release --dry-run | grep -c -i "Published release")
+        echo "The full TAG - ${{ github.ref }}"
+
+    - name: Get the nextRelease.version from semantic release
+      if: ${{ steps.is_new_release.outputs.IS_NEW_RELEASE == '1' }}
+      id: next_release
+      env:
+        GITHUB_TOKEN: ${{ secrets.GH_TOKEN }}
+        NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
+      run: echo ::set-output name=NEXT_RELEASE::$(npx semantic-release --dry-run | grep -oP "Published release \K[0-9]+\.[0-9]+\.[0-9]+")
 
     - name: Publish to Git Releases and Tags
       if:  ${{ steps.is_new_release.outputs.IS_NEW_RELEASE == '1' }}
@@ -74,18 +84,24 @@ jobs:
       run: npx semantic-release # --dry-run --branches 9662_addcheck
 
     - name: Publish to Maven Central
-      if:  ${{ steps.is_new_release.outputs.IS_NEW_RELEASE == '1' }}
+      if: "startsWith(github.ref, 'refs/tags/v')"
       env:
-        GHA_TAG: ${{ github.ref }} # non PR only need to get last part
+        GHA_TAG: ${{ github.ref }} # for setMavenVersion_gha
         OSSRH_USERNAME: ${{ secrets.OSSRH_USERNAME }} # for .travis.settings.xml
         OSSRH_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
+        GPG_KEYNAME: ${{ secrets.SIGNING_KEY }}
+        GPG_PASSPHRASE: ${{ secrets.SIGNING_PASSWORD }}
+        SIGNING_PASSPHRASE: ${{ secrets.SIGNING_PASSPHRASE }} # for setupSigning_gha
       run: |
-        build/setupSigning.sh
+        echo -e "\n\033[0;35mCommand: setupSigning"
+        build/setupSigning_gha.sh
+        echo -e "\n\033[0;35mCommand: setMavenVersion"
         build/setMavenVersion_gha.sh
+        echo -e "\n\033[0;35mCommand: mvn deploy"
         mvn deploy --settings build/.travis.settings.xml -DskipITs -Dskip.unit.tests -P central $MVN_ARGS
 
     - name: Publish Java docs
-      if:  ${{ steps.is_new_release.outputs.IS_NEW_RELEASE == '1' }}
+      if: "startsWith(github.ref, 'refs/tags/v')"
       env:
         GH_TOKEN: ${{ secrets.GH_TOKEN }}
         GHA_REPO_SLUG: ${{ github.repository }}
@@ -104,3 +120,4 @@ jobs:
       if:  ${{ steps.is_new_release.outputs.IS_NEW_RELEASE == '0' }}
       run: |
         echo -e "\n\033[0;35mCommand: Skipping the deployment because semantic release has determined there are no relevant changes that warrent a new release.\n"
+        echo "The NEXT_RELEASE - ${{ steps.next_release.outputs.NEXT_RELEASE }}"
diff --git a/build/setupSigning_gha.sh b/build/setupSigning_gha.sh
@@ -0,0 +1,21 @@
+#!/usr/bin/env bash
+# export GPG_TTY=$(tty)
+
+set -x
+
+# This script is responsible for decrypting your encrypted signing key file
+# (build/signing.key.enc), and importing it into the gpg keystore.
+# This is done so that your maven build will be able to properly sign your jars
+# prior to publishing them on maven central.
+
+echo "Importing signing key..."
+
+# Modify the command below to use the correct environment variables
+# that were added to your Travis build settings when you encrypted your signing.key file.
+gpg --quiet --batch --yes --decrypt --passphrase="$SIGNING_PASSPHRASE" --output ./build/signing.key ./build/signing.key.gpg
+
+gpg --version
+gpg --no-tty --batch --yes --import ./build/signing.key
+rm ./build/signing.key
+
+echo "Signing key import finished!"
diff --git a/build/signing.key.gpg b/build/signing.key.gpg
diff --git a/pom.xml b/pom.xml
@@ -512,6 +512,8 @@
                                 <gpgArgument>--batch</gpgArgument>
                                 <gpgArgument>--yes</gpgArgument>
                                 <gpgArgument>--no-tty</gpgArgument>
+                                <gpgArgument>--pinentry-mode</gpgArgument>
+                                <gpgArgument>loopback</gpgArgument>
                             </gpgArguments>
                         </configuration>
                     </plugin>