release #7
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: release | |
| # Triggered manually from the Actions tab; the operator confirms the version | |
| # in the input field and the workflow handles tagging and Central Portal upload. | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| version: | |
| description: "Release version (e.g. 1.0.0)" | |
| required: true | |
| type: string | |
| dry_run: | |
| description: "Skip the Maven Central upload (build + sign locally only)" | |
| required: false | |
| type: boolean | |
| default: false | |
| jobs: | |
| publish: | |
| name: publish (${{ inputs.version }}) | |
| runs-on: ubuntu-24.04 | |
| permissions: | |
| contents: write # for tagging | |
| steps: | |
| - uses: actions/checkout@v6 | |
| with: | |
| fetch-depth: 0 | |
| - uses: actions/setup-java@v5 | |
| with: | |
| distribution: temurin | |
| java-version: "21" | |
| cache: maven | |
| server-id: central | |
| server-username: CENTRAL_USERNAME | |
| server-password: CENTRAL_PASSWORD | |
| gpg-private-key: ${{ secrets.GPG_SIGNING_KEY }} | |
| gpg-passphrase: GPG_SIGNING_PASSWORD | |
| - name: Configure git for tagging | |
| run: | | |
| git config user.name "github-actions[bot]" | |
| git config user.email "41898282+github-actions[bot]@users.noreply.github.com" | |
| - name: Set release version | |
| run: | | |
| mvn -B -ntp versions:set -DnewVersion=${{ inputs.version }} -DgenerateBackupPoms=false | |
| mvn -B -ntp versions:commit || true | |
| - name: Build + test | |
| run: mvn -B -ntp verify | |
| - name: Publish to Maven Central | |
| if: ${{ !inputs.dry_run }} | |
| env: | |
| CENTRAL_USERNAME: ${{ secrets.OSSRH_USERNAME }} | |
| CENTRAL_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} | |
| GPG_SIGNING_PASSWORD: ${{ secrets.GPG_SIGNING_PASSWORD }} | |
| # MAVEN_GPG_PASSPHRASE is the env name maven-gpg-plugin reads by | |
| # default when no <passphrase> is set in the plugin config. | |
| MAVEN_GPG_PASSPHRASE: ${{ secrets.GPG_SIGNING_PASSWORD }} | |
| run: mvn -B -ntp -Prelease -DskipTests deploy | |
| - name: Local publish (dry run) | |
| if: ${{ inputs.dry_run }} | |
| run: mvn -B -ntp install | |
| - name: Tag the release | |
| if: ${{ !inputs.dry_run }} | |
| run: | | |
| git tag -a "v${{ inputs.version }}" -m "Release ${{ inputs.version }}" | |
| git push origin "v${{ inputs.version }}" |