Merge pull request #150 from SpineEventEngine/trigger-pub-2024-11-06 #96
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Publish | |
on: | |
push: | |
branches: [master] | |
jobs: | |
publish: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: 'true' | |
- uses: actions/setup-java@v4 | |
with: | |
java-version: 11 | |
distribution: zulu | |
cache: gradle | |
- name: Decrypt CloudRepo credentials | |
run: ./config/scripts/decrypt.sh "$CLOUDREPO_CREDENTIALS_KEY" ./.github/keys/cloudrepo.properties.gpg ./cloudrepo.properties | |
env: | |
CLOUDREPO_CREDENTIALS_KEY: ${{ secrets.CLOUDREPO_CREDENTIALS_KEY }} | |
- name: Decrypt Git SSH credentials | |
run: ./config/scripts/decrypt.sh "$GIT_CREDENTIALS_KEY" ./.github/keys/deploy_key_rsa.gpg ./deploy_key_rsa | |
env: | |
GIT_CREDENTIALS_KEY: ${{ secrets.GIT_CREDENTIALS_KEY }} | |
# Make sure the SSH key is not "too visible". SSH agent will not accept it otherwise. | |
- name: Set file system permissions | |
run: chmod 400 ./deploy_key_rsa && chmod +x ./config/scripts/register-ssh-key.sh | |
- name: Decrypt GCS credentials | |
run: ./config/scripts/decrypt.sh "$GCS_CREDENTIALS_KEY" ./.github/keys/gcs-auth-key.json.gpg ./gcs-auth-key.json | |
env: | |
GCS_CREDENTIALS_KEY: ${{ secrets.GCS_CREDENTIALS_KEY }} | |
- name: Decrypt GCAR credentials | |
run: ./config/scripts/decrypt.sh "$MAVEN_PUBLISHER_KEY" ./.github/keys/maven-publisher.json.gpg ./maven-publisher.json | |
env: | |
MAVEN_PUBLISHER_KEY: ${{ secrets.MAVEN_PUBLISHER_KEY }} | |
- name: Decrypt Git SSH credentials | |
run: ./config/scripts/decrypt.sh "$GRADLE_PORTAL_CREDENTIALS_KEY" ./.github/keys/gradle-plugin-portal.secret.properties.gpg ./gradle-plugin-portal.secret.properties | |
env: | |
GRADLE_PORTAL_CREDENTIALS_KEY: ${{ secrets.GRADLE_PORTAL_CREDENTIALS_KEY }} | |
- name: Append Gradle properties | |
run: cat ./gradle-plugin-portal.secret.properties >> ./gradle.properties | |
- name: Publish artifacts to Maven | |
# Since we're in the `master` branch already, this means that tests of a PR passed. | |
# So, no need to run the tests again when publishing. | |
run: ./gradlew publish -x test --stacktrace | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
FORMAL_GIT_HUB_PAGES_AUTHOR: [email protected] | |
# https://docs.github.com/en/actions/reference/environment-variables | |
REPO_SLUG: $GITHUB_REPOSITORY # e.g. SpineEventEngine/core-java | |
GOOGLE_APPLICATION_CREDENTIALS: ./maven-publisher.json | |
NPM_TOKEN: ${{ secrets.NPM_SECRET }} |