Skip to content

Commit

Permalink
chore(gha): use Keeper secret
Browse files Browse the repository at this point in the history
  • Loading branch information
@rbioteau
rbioteau committed Jun 20, 2024
1 parent 35c9dec commit 6ca2d49
Show file tree
Hide file tree
Showing 2 changed files with 33 additions and 18 deletions.
19 changes: 16 additions & 3 deletions .github/workflows/workflow-build.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,17 +9,30 @@ on:
jobs:

build:
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
outputs:
app_version: ${{steps.get-app-version.outputs.APP_VERSION}}
steps:
- uses: actions/checkout@v4
- uses: Keeper-Security/ksm-action@v1
with:
keeper-secret-config: ${{ secrets.KSM_CONFIG }}
secrets: |
${{ vars.KEEPER_OSSRH_RECORD_ID }}/field/login > env:MAVEN_USERNAME
${{ vars.KEEPER_OSSRH_RECORD_ID }}/field/password > env:MAVEN_PASSWORD
${{ vars.KEEPER_GPG_ARTIFACT_SIGNING_RECORD_ID }}/custom_field/gpg-private-key > env:GPG_PRIVATE_KEY
${{ vars.KEEPER_GPG_ARTIFACT_SIGNING_RECORD_ID }}/field/password > env:MAVEN_GPG_PASSPHRASE
- name: Install Java and Maven
uses: actions/setup-java@v3
uses: actions/setup-java@v4
with:
java-version: 17
distribution: 'temurin'
cache: 'maven'
server-id: 'ossrh'
server-username: MAVEN_USERNAME
server-password: MAVEN_PASSWORD
gpg-private-key: ${{ env.GPG_PRIVATE_KEY }}
gpg-passphrase: MAVEN_GPG_PASSPHRASE
- id: get-app-version
name: Get archetype version
run: echo "APP_VERSION=$(mvn -q -Dexec.executable=echo -Dexec.args='${project.version}' --non-recursive exec:exec)" >> $GITHUB_OUTPUT
Expand All @@ -44,7 +57,7 @@ jobs:
needs: build
steps:
- name: Install Java and Maven
uses: actions/setup-java@v3
uses: actions/setup-java@v4
with:
java-version: 17
distribution: 'temurin'
Expand Down
32 changes: 17 additions & 15 deletions .github/workflows/workflow-create-release.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,36 +15,38 @@ jobs:
with:
fetch-depth: 0

- uses: Keeper-Security/ksm-action@v1
with:
keeper-secret-config: ${{ secrets.KSM_CONFIG }}
secrets: |
${{ vars.KEEPER_OSSRH_RECORD_ID }}/field/login > env:MAVEN_USERNAME
${{ vars.KEEPER_OSSRH_RECORD_ID }}/field/password > env:MAVEN_PASSWORD
${{ vars.KEEPER_GPG_ARTIFACT_SIGNING_RECORD_ID }}/custom_field/gpg-private-key > env:GPG_PRIVATE_KEY
${{ vars.KEEPER_GPG_ARTIFACT_SIGNING_RECORD_ID }}/field/password > env:MAVEN_GPG_PASSPHRASE
- name: Install Java and Maven
uses: actions/setup-java@v3
uses: actions/setup-java@v4
with:
java-version: 17
distribution: 'temurin'
server-id: 'ossrh'
server-username: MAVEN_USERNAME
server-password: MAVEN_PASSWORD
gpg-private-key: ${{ env.GPG_PRIVATE_KEY }}
gpg-passphrase: MAVEN_GPG_PASSPHRASE

- name: Extract version
shell: bash
run: echo "version=$(echo ${GITHUB_REF#refs/heads/} | sed 's/release-//g')" >> $GITHUB_OUTPUT
id: extract_version

- name: changelog
uses: scottbrenner/generate-changelog-action@master
id: Changelog
env:
REPO: ${{ github.repository }}

- name: Create Release
id: create_release
uses: ncipollo/release-action@v1
with:
tag: ${{ steps.extract_version.outputs.version }}
name: Release ${{ steps.extract_version.outputs.version }}
body: |
${{ steps.Changelog.outputs.changelog }}
generateReleaseNotes: true

- name: Release Maven archetype
uses: samuelmeuli/action-maven-publish@v1
with:
gpg_private_key: ${{ secrets.gpg_private_key }}
gpg_passphrase: ${{ secrets.gpg_passphrase }}
nexus_username: ${{ secrets.ossrh_username }}
nexus_password: ${{ secrets.ossrh_password }}
run: ./mvnw -B -ntp deploy -Pdeploy

0 comments on commit 6ca2d49

Please sign in to comment.