.github/workflows/publish.yml
name: Publish packages to the Maven Central Repository
on:
push:
tags:
- '*'
jobs:
create_staging_repository:
runs-on: ubuntu-latest
name: Create staging repository
outputs:
repository_id: ${{ steps.create.outputs.repository_id }}
steps:
- id: create
uses: nexus-actions/create-nexus-staging-repo@v1.2
with:
# The username you use to connect to Sonatype's Jira
username: ${{ secrets.OSSRH_USERNAME }}
password: ${{ secrets.OSSRH_TOKEN }}
# Your staging profile ID. You can get it at https://oss.sonatype.org/#stagingProfiles;$staginProfileId
staging_profile_id: ${{ secrets.SONATYPE_STAGING_PROFILE_ID }}
description: Created by Github Action
publish-dmn-check:
runs-on: ubuntu-latest
needs: create_staging_repository
steps:
- uses: actions/checkout@v4
- name: Set up Maven Central Repository
uses: actions/setup-java@v4
with:
java-version: '17'
distribution: 'adopt'
cache: maven
server-id: ossrh
server-username: MAVEN_USERNAME
server-password: MAVEN_PASSWORD
- id: install-secret-key
name: Install gpg secret key
run: |
cat <(echo -e "${{ secrets.OSSRH_GPG_SECRET_KEY }}") | gpg --batch --import
gpg --list-secret-keys --keyid-format LONG
- name: Publish package
run: |
mvn clean install deploy \
--batch-mode \
--update-snapshots \
--activate-profiles release \
-DstagingRepositoryId=${{ needs.create_staging_repository.outputs.repository_id }} \
-Dgpg.passphrase=${{ secrets.OSSRH_GPG_SECRET_KEY_PASSWORD }}
env:
MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }}
MAVEN_PASSWORD: ${{ secrets.OSSRH_TOKEN }}
publish-gradle-plugin:
runs-on: ubuntu-latest
needs: publish-dmn-check
steps:
- uses: actions/checkout@v4
- name: Set up Java
uses: actions/setup-java@v4
with:
java-version: '17'
distribution: 'adopt'
cache: maven
- name: Publish package
# Note that until #19 is done, the publishToSonatype closeAndReleaseSonatypeStagingRepository tasks have to be executed in the same Gradle invocation because closeAndRelease relies on information that is not persisted between calls to Gradle.
# https://github.com/gradle-nexus/publish-plugin
run: cd gradle-plugin && ./gradlew publishToSonatype closeAndReleaseSonatypeStagingRepository
env:
ORG_GRADLE_PROJECT_sonatypeUsername: ${{ secrets.OSSRH_USERNAME }}
ORG_GRADLE_PROJECT_sonatypePassword: ${{ secrets.OSSRH_TOKEN }}
ORG_GRADLE_PROJECT_signingPassword: ${{ secrets.OSSRH_GPG_SECRET_KEY_PASSWORD }}
ORG_GRADLE_PROJECT_signingKey: ${{ secrets.GPG_KEY_NEW }}
finalize:
runs-on: ubuntu-latest
needs: [create_staging_repository, publish-dmn-check, publish-gradle-plugin]
if: ${{ always() && needs.create_staging_repository.result == 'success' }}
steps:
- name: Discard
if: ${{ needs.publish-dmn-check.result != 'success' || needs.publish-gradle-plugin.result != 'success' }}
uses: nexus-actions/drop-nexus-staging-repo@v1
with:
username: ${{ secrets.OSSRH_USERNAME }}
password: ${{ secrets.OSSRH_TOKEN }}
staging_repository_id: ${{ needs.create_staging_repository.outputs.repository_id }}
- name: Release
if: ${{ needs.publish-dmn-check.result == 'success' && needs.publish-gradle-plugin.result == 'success' }}
uses: nexus-actions/release-nexus-staging-repo@v1.2
with:
username: ${{ secrets.OSSRH_USERNAME }}
password: ${{ secrets.OSSRH_TOKEN }}
staging_repository_id: ${{ needs.create_staging_repository.outputs.repository_id }}