From 29ad02a563f09d83d447ce7204f092e832a1dbb2 Mon Sep 17 00:00:00 2001 From: Michael G Mosca Date: Tue, 31 Aug 2021 16:01:27 -0400 Subject: [PATCH] ci: Gha gpg (#1187) * ci: fix gpg * ci: fix * ci: fix * ci: fix * ci: fix * ci: fix * ci: fix * ci: fix * ci: fix * ci: fix * ci: fix * ci: fix * ci: fix * ci: fix * ci: fix * ci: fix * ci: fix * ci: fix * ci: fix * ci: fix * ci: fix * ci: fix * ci: fix * ci: fix * ci: fix * ci: fix * ci: fix * ci: fix * ci: fix * ci: fix * ci: fix * ci: fix * ci: fix * ci: fix * ci: fix * ci: fix * ci: fix * ci: fix * ci: fix * ci: fix * ci: fix * ci: fix * ci: fix * ci: fix * ci: fix * ci: fix * ci: fix * ci: fix * ci: fix * ci: fix * ci: fix --- .github/workflows/deploy.yml | 27 ++++++++++++++++++++++----- build/setupSigning_gha.sh | 21 +++++++++++++++++++++ build/signing.key.gpg | Bin 0 -> 2581 bytes pom.xml | 2 ++ 4 files changed, 45 insertions(+), 5 deletions(-) create mode 100755 build/setupSigning_gha.sh create mode 100644 build/signing.key.gpg diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 2367185d65..4c04f876ad 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -64,7 +64,17 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.GH_TOKEN }} NPM_TOKEN: ${{ secrets.NPM_TOKEN }} - run: echo ::set-output name=IS_NEW_RELEASE::$(npx semantic-release --dry-run | grep -c -i "Published release") + run: | + echo ::set-output name=IS_NEW_RELEASE::$(npx semantic-release --dry-run | grep -c -i "Published release") + echo "The full TAG - ${{ github.ref }}" + + - name: Get the nextRelease.version from semantic release + if: ${{ steps.is_new_release.outputs.IS_NEW_RELEASE == '1' }} + id: next_release + env: + GITHUB_TOKEN: ${{ secrets.GH_TOKEN }} + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + run: echo ::set-output name=NEXT_RELEASE::$(npx semantic-release --dry-run | grep -oP "Published release \K[0-9]+\.[0-9]+\.[0-9]+") - name: Publish to Git Releases and Tags if: ${{ steps.is_new_release.outputs.IS_NEW_RELEASE == '1' }} @@ -74,18 +84,24 @@ jobs: run: npx semantic-release # --dry-run --branches 9662_addcheck - name: Publish to Maven Central - if: ${{ steps.is_new_release.outputs.IS_NEW_RELEASE == '1' }} + if: "startsWith(github.ref, 'refs/tags/v')" env: - GHA_TAG: ${{ github.ref }} # non PR only need to get last part + GHA_TAG: ${{ github.ref }} # for setMavenVersion_gha OSSRH_USERNAME: ${{ secrets.OSSRH_USERNAME }} # for .travis.settings.xml OSSRH_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + GPG_KEYNAME: ${{ secrets.SIGNING_KEY }} + GPG_PASSPHRASE: ${{ secrets.SIGNING_PASSWORD }} + SIGNING_PASSPHRASE: ${{ secrets.SIGNING_PASSPHRASE }} # for setupSigning_gha run: | - build/setupSigning.sh + echo -e "\n\033[0;35mCommand: setupSigning" + build/setupSigning_gha.sh + echo -e "\n\033[0;35mCommand: setMavenVersion" build/setMavenVersion_gha.sh + echo -e "\n\033[0;35mCommand: mvn deploy" mvn deploy --settings build/.travis.settings.xml -DskipITs -Dskip.unit.tests -P central $MVN_ARGS - name: Publish Java docs - if: ${{ steps.is_new_release.outputs.IS_NEW_RELEASE == '1' }} + if: "startsWith(github.ref, 'refs/tags/v')" env: GH_TOKEN: ${{ secrets.GH_TOKEN }} GHA_REPO_SLUG: ${{ github.repository }} @@ -104,3 +120,4 @@ jobs: if: ${{ steps.is_new_release.outputs.IS_NEW_RELEASE == '0' }} run: | echo -e "\n\033[0;35mCommand: Skipping the deployment because semantic release has determined there are no relevant changes that warrent a new release.\n" + echo "The NEXT_RELEASE - ${{ steps.next_release.outputs.NEXT_RELEASE }}" diff --git a/build/setupSigning_gha.sh b/build/setupSigning_gha.sh new file mode 100755 index 0000000000..3b550f27cc --- /dev/null +++ b/build/setupSigning_gha.sh @@ -0,0 +1,21 @@ +#!/usr/bin/env bash +# export GPG_TTY=$(tty) + +set -x + +# This script is responsible for decrypting your encrypted signing key file +# (build/signing.key.enc), and importing it into the gpg keystore. +# This is done so that your maven build will be able to properly sign your jars +# prior to publishing them on maven central. + +echo "Importing signing key..." + +# Modify the command below to use the correct environment variables +# that were added to your Travis build settings when you encrypted your signing.key file. +gpg --quiet --batch --yes --decrypt --passphrase="$SIGNING_PASSPHRASE" --output ./build/signing.key ./build/signing.key.gpg + +gpg --version +gpg --no-tty --batch --yes --import ./build/signing.key +rm ./build/signing.key + +echo "Signing key import finished!" diff --git a/build/signing.key.gpg b/build/signing.key.gpg new file mode 100644 index 0000000000000000000000000000000000000000..2685ce5e72485ff5814f357770e809a183674dc8 GIT binary patch literal 2581 zcmV+w3hMQY4Fm}T0+Vbr(^B&_UFy>70Ugc?pyDRZ!t-nojfxR%!cTa0j+ae54rmS< zjB|^HydZlARp=mL&p6J0B-W(eA|?Zl#efLP1j+!HmUI1uXI@4e^57YgF#I}KtM;RC z6Znw7B*aqWExb_nn9qG0*5qH~J5etc2iHnhey-#&p0~EvirH(uRI;{&52b}S>J}~- z0Q%!y9$DXw$2C~X2!^^e&SZHSZ%Bw?1De|4q*F{Ss zZB%bs$5$M`@E4z#-U9kG~`xI6pudcP?l^ik9$n(DuXtmxpb+E8z$wW z98+FwOs(yf+&U~{U=)b%2jS1BkGTT8=#BUQ+pzOCm6|kH0RtU@&F+&hB-vpkM5haB zH{&Xlr%!t_)T`C7ACKI-MlCV_?BE(sF#q(kfd=iCqE#ETbcRi6LMAZ|hLf_D!vn^W zyF#}IvuEe%z`Tbyp`w)!xliXJZ0d{vmP#~?SdUyN&6w2btM&0}pb2|<`=dewBqy*L zmiZ}`9SX^@0GHj=t`oys3Vp|R#&p$jU+$lTWKKSw1A7$SV*-i}Nh}Y_P$1kVvX38l zX``Q(>@Sy;(XcaG&*+Nu!7Wwn4)k7!OrsyTV$&Bff%#YT73jfv(Q6c_<4~Jt%GHtF ze;=FOvOiA@T5KnzB*_(!9*^Z5A*hv<=v`ce;ogz=&xgAp|FT6&`4%`CMlRe>#Zx+_~_%)428U z>r#(ij<-|WE?*5CA}BFKKI&rI{5klhs|9lniCa0H5Lr?oCj7BT>}&CDnX z_JlYfiIILpLS~2Zm(M|tBpyOEkhl|L&~>q#{-ul8Re|}oMf4u$^iNI_mbm^7rnIHW zs#l}G^4w&w|jLQ@?*SZP_dyS`6 zO=QJo=o!e%F}XP1NBD9q2Cb}>oMD-(Y<%=IXtWU!fQ`E;g}??VcrujQd-Yrq(@=fk zaPAR=@kV>PkMTo)K>#(;XujgDPsUx1r!N|Yqc>~TvNT(bwdJC#)2$^~QV1H5_sUAcx6THs z8!3;jN!0$S4}qm5ck#h5LvX&)NyV-i-b9v`kiDb~zs#@Ig;IjE*M1dOga>5)xg0bz zyT9sE0$Z{}@0fN#Pq!#%-q*yf3peiz|I3v<*9~Q$^oGb-6~8uxS?40axz-XS*!`y9 zDI)2OoE$;fP@M8X424 z$22+@V$uNOSFY7?HT<@fPs4Vxnm;d8dwqW8*El-eBZHk_c7hrqc^y1+Sj%x?2O>LH z+_NS5D)$k!6N1_vkrckAw2SnujJsBtqcm0*GHAZvX27ZlP{`aPy*y=Di?!h5TP{RzS@S0y93|ctBja zJ#IHvHaV+I=~0Q!8dQ%QYCdn>vo@A?RUAs;iiOmB5Imt8LId>)Yk)QCDYo>v5R%I> z4Iw(G-xGk>co2m&VNJn-&0o`yXD)86m}n%vfHJM;e1#l{paWLr_){7; zHol9@exC3Y%rFEy`3q(ckEiu>d(}Ug1GIQpU?En}RW#~X@P!Re z&Kv(MZe@P2L%bH1Jrc_#pJuj1fKnOn7@{K8n4{`zpzqf{!iV#0*D|yT_pxBiVXzb- z&(!si%kk}PDUC=6-!u9@7RbKArf!fp{|WgMQ`w^=~uvl-K7A; zB;Ob}3#QIFThUYNgLrZ+L3#$53Wmf21{2+4%#R6#|Q16`#HU{++!=Zv3zNmd%tJ&dVa8IEiJpVt9 z`9jHLI;;~=1tDmHbVw;j9}LWP{j1-Gn+h9ji5N?9K%Mf##8}!i`9%-dkFQqdwZ%%J z(6*PzWZF5YN-vM|#|q`OViAgt#o1cVU>S6`QScAfc5s%Mqvj_#mWzpb9)&c-{0UwZ z=rmM^mRL_Nvet-<4NYh{-a(m@>GzGCFYlz#7l6Ug~DZ5=!+wl=&f78zv* z`xFhR#Cw@G^`S$PX|IW> zVD-nwC2+D6v}@9rW5c_xGN$y2uiH-UJj^^+%TWUaYi1p@YWDlQZdLI6slj|?1J+n* znE23uQYMkWkJxD~`e|Vov6~Oqej*0_M-caMK8qP}=IMP5L86y$JTXa%Z&sQ`@JLJ< rtQ8m=a0tX>f1BCQWd(Z24t%90bic-!APALiV7-0~DxbPm-vaT2`v3z0 literal 0 HcmV?d00001 diff --git a/pom.xml b/pom.xml index 24c246e771..c85a29706f 100644 --- a/pom.xml +++ b/pom.xml @@ -512,6 +512,8 @@ --batch --yes --no-tty + --pinentry-mode + loopback