cicd: Rewrite the settings.xml for maven #TASK-7783

Author: juanfeSanahuja

.github/workflows/deploy-maven-central-workflow.yml

@@ -0,0 +1,82 @@
+# This workflow deploys a Maven project to Sonatype Central using a reusable action.
+name: Reusable Sonatype Central Deployment
+
+on:
+  workflow_call:
+    inputs:
+      maven_opts:
+        description: 'Additional Maven CLI options (optional)'
+        type: string
+        required: false
+    secrets:
+      MAVEN_NEXUS_USER:
+        description: 'Sonatype Central username (token)'
+        required: true
+      MAVEN_NEXUS_PASSWORD:
+        description: 'Sonatype Central password (token)'
+        required: true
+      MAVEN_GPG_PRIVATE_KEY:
+        description: 'Base64-encoded GPG private key'
+        required: true
+      MAVEN_GPG_PASSPHRASE:
+        description: 'Passphrase for your GPG key'
+        required: true
+
+jobs:
+  deploy:
+    name: Deploy to Sonatype Central
+    runs-on: ubuntu-22.04
+    env:
+      # Allow GPG to access a TTY if needed
+      GPG_TTY: ${{ runner.tool_cache }}/workspace/.gpg
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          # Fetch full history so tags and versions are available
+          fetch-depth: 10
+
+      - name: Set up Java 8 & Maven cache
+        uses: actions/setup-java@v4
+        with:
+          distribution: 'temurin'        # Eclipse Temurin JDK
+          java-version: '8'              # Java 8 compatibility
+          cache: 'maven'                 # Cache dependencies
+
+      - name: Import GPG private key
+        # Decode and import your Base64-encoded private key
+        env:
+          GPG_KEY: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }}
+          GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }}
+        run: |
+          echo "$GPG_KEY" | base64 -d > private.key
+          gpg --batch --import private.key
+          rm private.key
+
+      - name: Generate Maven settings.xml
+        # Create settings.xml with Sonatype Central credentials & GPG profile
+        run: |
+          cat > settings.xml <<EOF
+          <settings>
+            <servers>
+              <server>
+                <id>central</id>
+                <username>${{ secrets.MAVEN_NEXUS_USER }}</username>
+                <password>${{ secrets.MAVEN_NEXUS_PASSWORD }}</password>
+              </server>
+            </servers>
+            <profiles>
+              <profile>
+                <id>gpg</id>
+                <properties>
+                  <gpg.passphrase>${{ secrets.MAVEN_GPG_PASSPHRASE }}</gpg.passphrase>
+                </properties>
+              </profile>
+            </profiles>
+          </settings>
+          EOF
+
+      - name: Deploy to Central
+        # A single Maven deploy picks SNAPSHOT vs Release by your POM’s version
+        run: mvn clean deploy -DskipTests -s settings.xml ${{ inputs.maven_opts }} --no-transfer-progress

.github/workflows/deploy-maven-repository-workflow.bkp

@@ -0,0 +1,53 @@
+name: Reusable workflow to deploy in Apache Maven
+
+on:
+  workflow_call:
+    inputs:
+      maven_opts:
+        type: string
+        required: false
+    secrets:
+      MAVEN_NEXUS_USER:
+        required: true
+      MAVEN_NEXUS_PASSWORD:
+        required: true
+      MAVEN_GPG_PASSPHRASE:
+        required: true
+      MAVEN_GPG_PRIVATE_KEY:
+        required: true
+
+jobs:
+  deploy-workflow:
+    name: Deploy to Maven and GitHub Packages
+    runs-on: ubuntu-22.04
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: '10'
+      - name: Set up JDK 8
+        uses: actions/setup-java@v4
+        with:
+          distribution: 'temurin'
+          java-version: '8'
+          cache: 'maven'
+          ## Future Nacho and Juanfe, please read this very carefully: DO NOT TOUCH!!!
+          server-id: ossrh                                        # Value of the distributionManagement/repository/id field of the pom.xml
+          server-username: MAVEN_NEXUS_USER                       # env variable for username in deploy
+          server-password: MAVEN_NEXUS_PASSWORD                   # env variable for token in deploy
+          gpg-private-key: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }}   # Value of the GPG private key to import
+          gpg-passphrase: MAVEN_GPG_PASSPHRASE                    # env variable for GPG private key passphrase
+      - name: Deploy to Maven Central repository
+        run: mvn clean deploy -DskipTests -P deploy-maven ${{ inputs.maven_opts }} --no-transfer-progress
+        env:
+          MAVEN_NEXUS_USER: ${{ secrets.MAVEN_USER_TOKEN }}
+          MAVEN_NEXUS_PASSWORD: ${{ secrets.MAVEN_PASSWORD_TOKEN }}
+          MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }}
+      - name: Set up Java for publishing to GitHub Packages
+        uses: actions/setup-java@v4
+        with:
+          distribution: 'temurin'
+          java-version: '8'
+      - name: Deploy to GitHub Packages repository
+        run: mvn clean deploy -DskipTests -P deploy-github ${{ inputs.maven_opts }} --no-transfer-progress
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/deploy-maven-repository-workflow.yml

@@ -1,53 +1,86 @@
-name: Reusable workflow to deploy in Apache Maven
+# This workflow deploys a Maven project to Sonatype Central using a reusable action.
+name: Reusable Sonatype Central Deployment
 
 on:
   workflow_call:
     inputs:
       maven_opts:
+        description: 'Additional Maven CLI options (optional)'
         type: string
         required: false
     secrets:
       MAVEN_NEXUS_USER:
+        description: 'Sonatype Central username (token)'
         required: true
       MAVEN_NEXUS_PASSWORD:
-        required: true
-      MAVEN_GPG_PASSPHRASE:
+        description: 'Sonatype Central password (token)'
         required: true
       MAVEN_GPG_PRIVATE_KEY:
+        description: 'Base64-encoded GPG private key'
+        required: true
+      MAVEN_GPG_PASSPHRASE:
+        description: 'Passphrase for your GPG key'
         required: true
 
 jobs:
-  deploy-workflow:
-    name: Deploy to Maven and GitHub Packages
+  deploy:
+    name: Deploy to Sonatype Central
     runs-on: ubuntu-22.04
+    env:
+      # Allow GPG to access a TTY if needed
+      GPG_TTY: ${{ runner.tool_cache }}/workspace/.gpg
+
     steps:
-      - uses: actions/checkout@v4
+      - name: Checkout repository
+        uses: actions/checkout@v4
         with:
-          fetch-depth: '10'
-      - name: Set up JDK 8
+          # Fetch full history so tags and versions are available
+          fetch-depth: 10
+
+      - name: Set up Java 8 & Maven cache
         uses: actions/setup-java@v4
         with:
-          distribution: 'temurin'
-          java-version: '8'
-          cache: 'maven'
-          ## Future Nacho and Juanfe, please read this very carefully: DO NOT TOUCH!!!
-          server-id: ossrh                                        # Value of the distributionManagement/repository/id field of the pom.xml
-          server-username: MAVEN_NEXUS_USER                       # env variable for username in deploy
-          server-password: MAVEN_NEXUS_PASSWORD                   # env variable for token in deploy
-          gpg-private-key: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }}   # Value of the GPG private key to import
-          gpg-passphrase: MAVEN_GPG_PASSPHRASE                    # env variable for GPG private key passphrase
-      - name: Deploy to Maven Central repository
-        run: mvn clean deploy -DskipTests -P deploy-maven ${{ inputs.maven_opts }} --no-transfer-progress
+          distribution: 'temurin'        # Eclipse Temurin JDK
+          java-version: '8'              # Java 8 compatibility
+          cache: 'maven'                 # Cache dependencies
+
+      - name: Import GPG private key
+        # Decode and import your Base64-encoded private key
         env:
-          MAVEN_NEXUS_USER: ${{ secrets.MAVEN_USER_TOKEN }}
-          MAVEN_NEXUS_PASSWORD: ${{ secrets.MAVEN_PASSWORD_TOKEN }}
-          MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }}
-      - name: Set up Java for publishing to GitHub Packages
-        uses: actions/setup-java@v4
-        with:
-          distribution: 'temurin'
-          java-version: '8'
+          GPG_KEY: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }}
+          GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }}
+        run: |
+          echo "$GPG_KEY" | base64 -d > private.key
+          gpg --batch --import private.key
+          rm private.key
+
+      - name: Generate Maven settings.xml
+        # Create settings.xml with Sonatype Central credentials & GPG profile
+        run: |
+          cat > settings.xml <<EOF
+          <settings>
+            <servers>
+              <server>
+                <id>central</id>
+                <username>${{ secrets.MAVEN_NEXUS_USER }}</username>
+                <password>${{ secrets.MAVEN_NEXUS_PASSWORD }}</password>
+              </server>
+            </servers>
+            <profiles>
+              <profile>
+                <id>gpg</id>
+                <properties>
+                  <gpg.passphrase>${{ secrets.MAVEN_GPG_PASSPHRASE }}</gpg.passphrase>
+                </properties>
+              </profile>
+            </profiles>
+          </settings>
+          EOF
+
+      - name: Deploy to Central
+        # A single Maven deploy picks SNAPSHOT vs Release by your POM’s version
+        run: mvn clean deploy -DskipTests -P deploy-maven -s settings.xml ${{ inputs.maven_opts }} --no-transfer-progress
       - name: Deploy to GitHub Packages repository
         run: mvn clean deploy -DskipTests -P deploy-github ${{ inputs.maven_opts }} --no-transfer-progress
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}