|
3 | 3 | push: |
4 | 4 | pull_request_target: |
5 | 5 | types: [labeled] |
| 6 | + |
| 7 | +env: |
| 8 | + JAVA_VERSION: 25 |
| 9 | + |
6 | 10 | jobs: |
7 | 11 | build: |
8 | 12 | name: Build and Test |
9 | 13 | runs-on: ubuntu-latest |
10 | | - if: "!contains(github.event.head_commit.message, '[ci skip]') && !contains(github.event.head_commit.message, '[skip ci]')" |
11 | 14 | steps: |
12 | 15 | - uses: actions/checkout@v5 |
13 | 16 | - uses: actions/setup-java@v5 |
14 | 17 | with: |
15 | 18 | distribution: 'temurin' |
16 | | - java-version: 25 |
| 19 | + java-version: ${{ env.JAVA_VERSION }} |
17 | 20 | cache: 'maven' |
18 | 21 | - name: Ensure to use tagged version |
19 | 22 | if: startsWith(github.ref, 'refs/tags/') |
20 | 23 | run: mvn versions:set --file ./pom.xml -DnewVersion=${GITHUB_REF##*/} |
21 | 24 | - name: Build and Test |
22 | | - id: buildAndTest |
23 | | - run: mvn -B clean install |
| 25 | + run: mvn -B verify --no-transfer-progress |
| 26 | + - name: Attest |
| 27 | + if: startsWith(github.ref, 'refs/tags/') |
| 28 | + uses: actions/attest-build-provenance@v3 |
| 29 | + with: |
| 30 | + subject-path: | |
| 31 | + target/*.jar |
| 32 | + target/*.pom |
24 | 33 | - uses: actions/upload-artifact@v4 |
25 | 34 | with: |
26 | 35 | name: artifacts |
27 | 36 | path: target/*.jar |
| 37 | + |
| 38 | + deploy-central: |
| 39 | + name: Deploy to Maven Central |
| 40 | + runs-on: ubuntu-latest |
| 41 | + needs: [build] |
| 42 | + if: github.repository_owner == 'cryptomator' && (startsWith(github.ref, 'refs/tags/') || contains(github.event.head_commit.message, '[deploy]')) |
| 43 | + steps: |
| 44 | + - uses: actions/checkout@v5 |
| 45 | + - uses: actions/setup-java@v5 |
| 46 | + with: |
| 47 | + distribution: 'temurin' |
| 48 | + java-version: ${{ env.JAVA_VERSION }} |
| 49 | + cache: 'maven' |
| 50 | + server-id: central |
| 51 | + server-username: MAVEN_CENTRAL_USERNAME |
| 52 | + server-password: MAVEN_CENTRAL_PASSWORD |
| 53 | + - name: Verify project version matches tag |
| 54 | + if: startsWith(github.ref, 'refs/tags/') |
| 55 | + run: | |
| 56 | + PROJECT_VERSION=$(mvn help:evaluate "-Dexpression=project.version" -q -DforceStdout) |
| 57 | + test "$PROJECT_VERSION" = "$TAG_NAME" |
| 58 | + env: |
| 59 | + TAG_NAME: ${{ github.event.release.tag_name }} |
| 60 | + - name: Deploy to Maven Central |
| 61 | + run: mvn deploy -B -DskipTests -Psign,deploy-central --no-transfer-progress |
| 62 | + env: |
| 63 | + MAVEN_CENTRAL_USERNAME: ${{ secrets.MAVEN_CENTRAL_USERNAME }} |
| 64 | + MAVEN_CENTRAL_PASSWORD: ${{ secrets.MAVEN_CENTRAL_PASSWORD }} |
| 65 | + MAVEN_GPG_PASSPHRASE: ${{ secrets.RELEASES_GPG_PASSPHRASE }} |
| 66 | + MAVEN_GPG_KEY: ${{ secrets.RELEASES_GPG_PRIVATE_KEY }} # Value of the GPG private key to import |
| 67 | + MAVEN_GPG_KEY_FINGERPRINT: ${{ vars.RELEASES_GPG_KEY_FINGERPRINT }} |
| 68 | + |
| 69 | + deploy-github: |
| 70 | + name: Deploy to GitHub Packages |
| 71 | + runs-on: ubuntu-latest |
| 72 | + needs: [build] |
| 73 | + if: github.repository_owner == 'cryptomator' && (startsWith(github.ref, 'refs/tags/') || contains(github.event.head_commit.message, '[deploy]')) |
| 74 | + steps: |
| 75 | + - uses: actions/checkout@v5 |
| 76 | + - uses: actions/setup-java@v5 |
| 77 | + if: startsWith(github.ref, 'refs/tags/') |
| 78 | + with: |
| 79 | + java-version: ${{ env.JAVA_VERSION }} |
| 80 | + distribution: temurin |
| 81 | + cache: 'maven' |
| 82 | + - name: Verify project version matches tag |
| 83 | + if: startsWith(github.ref, 'refs/tags/') |
| 84 | + run: | |
| 85 | + PROJECT_VERSION=$(mvn help:evaluate "-Dexpression=project.version" -q -DforceStdout) |
| 86 | + test "$PROJECT_VERSION" = "$TAG_NAME" |
| 87 | + env: |
| 88 | + TAG_NAME: ${{ github.event.release.tag_name }} |
| 89 | + - name: Deploy to GitHub Packages |
| 90 | + if: startsWith(github.ref, 'refs/tags/') || contains(github.event.head_commit.message, '[deploy]') |
| 91 | + run: mvn deploy -B -DskipTests -Psign,deploy-github --no-transfer-progress |
| 92 | + env: |
| 93 | + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |
| 94 | + MAVEN_GPG_PASSPHRASE: ${{ secrets.RELEASES_GPG_PASSPHRASE }} |
| 95 | + MAVEN_GPG_KEY: ${{ secrets.RELEASES_GPG_PRIVATE_KEY }} # Value of the GPG private key to import |
| 96 | + MAVEN_GPG_KEY_FINGERPRINT: ${{ vars.RELEASES_GPG_KEY_FINGERPRINT }} |
| 97 | + |
| 98 | + release: |
| 99 | + name: Release |
| 100 | + runs-on: ubuntu-latest |
| 101 | + needs: [deploy-central, deploy-github] |
| 102 | + if: startsWith(github.ref, 'refs/tags/') |
| 103 | + steps: |
28 | 104 | - name: Create Release |
29 | 105 | uses: softprops/action-gh-release@v2 |
30 | | - if: startsWith(github.ref, 'refs/tags/') |
31 | 106 | with: |
32 | 107 | prerelease: true |
33 | 108 | token: ${{ secrets.CRYPTOBOT_RELEASE_TOKEN }} |
|
0 commit comments