diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index 2367185d65..4c04f876ad 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -64,7 +64,17 @@ jobs:
env:
GITHUB_TOKEN: ${{ secrets.GH_TOKEN }}
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
- run: echo ::set-output name=IS_NEW_RELEASE::$(npx semantic-release --dry-run | grep -c -i "Published release")
+ run: |
+ echo ::set-output name=IS_NEW_RELEASE::$(npx semantic-release --dry-run | grep -c -i "Published release")
+ echo "The full TAG - ${{ github.ref }}"
+
+ - name: Get the nextRelease.version from semantic release
+ if: ${{ steps.is_new_release.outputs.IS_NEW_RELEASE == '1' }}
+ id: next_release
+ env:
+ GITHUB_TOKEN: ${{ secrets.GH_TOKEN }}
+ NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
+ run: echo ::set-output name=NEXT_RELEASE::$(npx semantic-release --dry-run | grep -oP "Published release \K[0-9]+\.[0-9]+\.[0-9]+")
- name: Publish to Git Releases and Tags
if: ${{ steps.is_new_release.outputs.IS_NEW_RELEASE == '1' }}
@@ -74,18 +84,24 @@ jobs:
run: npx semantic-release # --dry-run --branches 9662_addcheck
- name: Publish to Maven Central
- if: ${{ steps.is_new_release.outputs.IS_NEW_RELEASE == '1' }}
+ if: "startsWith(github.ref, 'refs/tags/v')"
env:
- GHA_TAG: ${{ github.ref }} # non PR only need to get last part
+ GHA_TAG: ${{ github.ref }} # for setMavenVersion_gha
OSSRH_USERNAME: ${{ secrets.OSSRH_USERNAME }} # for .travis.settings.xml
OSSRH_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
+ GPG_KEYNAME: ${{ secrets.SIGNING_KEY }}
+ GPG_PASSPHRASE: ${{ secrets.SIGNING_PASSWORD }}
+ SIGNING_PASSPHRASE: ${{ secrets.SIGNING_PASSPHRASE }} # for setupSigning_gha
run: |
- build/setupSigning.sh
+ echo -e "\n\033[0;35mCommand: setupSigning"
+ build/setupSigning_gha.sh
+ echo -e "\n\033[0;35mCommand: setMavenVersion"
build/setMavenVersion_gha.sh
+ echo -e "\n\033[0;35mCommand: mvn deploy"
mvn deploy --settings build/.travis.settings.xml -DskipITs -Dskip.unit.tests -P central $MVN_ARGS
- name: Publish Java docs
- if: ${{ steps.is_new_release.outputs.IS_NEW_RELEASE == '1' }}
+ if: "startsWith(github.ref, 'refs/tags/v')"
env:
GH_TOKEN: ${{ secrets.GH_TOKEN }}
GHA_REPO_SLUG: ${{ github.repository }}
@@ -104,3 +120,4 @@ jobs:
if: ${{ steps.is_new_release.outputs.IS_NEW_RELEASE == '0' }}
run: |
echo -e "\n\033[0;35mCommand: Skipping the deployment because semantic release has determined there are no relevant changes that warrent a new release.\n"
+ echo "The NEXT_RELEASE - ${{ steps.next_release.outputs.NEXT_RELEASE }}"
diff --git a/build/setupSigning_gha.sh b/build/setupSigning_gha.sh
new file mode 100755
index 0000000000..3b550f27cc
--- /dev/null
+++ b/build/setupSigning_gha.sh
@@ -0,0 +1,21 @@
+#!/usr/bin/env bash
+# export GPG_TTY=$(tty)
+
+set -x
+
+# This script is responsible for decrypting your encrypted signing key file
+# (build/signing.key.enc), and importing it into the gpg keystore.
+# This is done so that your maven build will be able to properly sign your jars
+# prior to publishing them on maven central.
+
+echo "Importing signing key..."
+
+# Modify the command below to use the correct environment variables
+# that were added to your Travis build settings when you encrypted your signing.key file.
+gpg --quiet --batch --yes --decrypt --passphrase="$SIGNING_PASSPHRASE" --output ./build/signing.key ./build/signing.key.gpg
+
+gpg --version
+gpg --no-tty --batch --yes --import ./build/signing.key
+rm ./build/signing.key
+
+echo "Signing key import finished!"
diff --git a/build/signing.key.gpg b/build/signing.key.gpg
new file mode 100644
index 0000000000..2685ce5e72
Binary files /dev/null and b/build/signing.key.gpg differ
diff --git a/pom.xml b/pom.xml
index 24c246e771..c85a29706f 100644
--- a/pom.xml
+++ b/pom.xml
@@ -512,6 +512,8 @@
--batch
--yes
--no-tty
+ --pinentry-mode
+ loopback