Skip to content

Commit

Permalink
chore(release): use Keeper secret
Browse files Browse the repository at this point in the history
  • Loading branch information
rbioteau committed Jun 19, 2024
1 parent 5934a1f commit 085fcae
Showing 1 changed file with 17 additions and 11 deletions.
28 changes: 17 additions & 11 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
@@ -12,31 +12,37 @@ jobs:
name: Create release
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4

- uses: Keeper-Security/ksm-action@v1
with:
keeper-secret-config: ${{ secrets.KSM_CONFIG }}
secrets: |
${{ vars.KEEPER_OSSRH_RECORD_ID }}/field/login > env:MAVEN_USERNAME
${{ vars.KEEPER_OSSRH_RECORD_ID }}/field/password > env:MAVEN_PASSWORD
${{ vars.KEEPER_GPG_ARTIFACT_SIGNING_RECORD_ID }}/custom_field/gpg-private-key > env:GPG_PRIVATE_KEY
${{ vars.KEEPER_GPG_ARTIFACT_SIGNING_RECORD_ID }}/field/password > env:MAVEN_GPG_PASSPHRASE
- name: Setup Java
uses: actions/setup-java@v3
uses: actions/setup-java@v4
with:
distribution: 'temurin'
java-version: 17
server-id: ossrh # Value of the distributionManagement/repository/id field of the pom.xml
server-username: MAVEN_USERNAME # env variable for username in deploy
server-password: MAVEN_CENTRAL_TOKEN # env variable for token in deploy
gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }} # Value of the GPG private key to import
server-password: MAVEN_PASSWORD # env variable for token in deploy
gpg-private-key: ${{ env.GPG_PRIVATE_KEY }} # Value of the GPG private key to import
gpg-passphrase: MAVEN_GPG_PASSPHRASE # env variable for GPG private key passphrase

- name: Configure Git user
run: |
git config user.email "actions@github.com"
git config user.name "GitHub Actions"
uses: bonitasoft/git-setup-action@v1
with:
keeper-secret-config: ${{ secrets.KSM_CONFIG }}

- name: Build Release
run: ./mvnw --batch-mode release:prepare -DreleaseVersion=${{ github.event.inputs.version }}

- name: Publish
env:
MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }}
MAVEN_CENTRAL_TOKEN: ${{ secrets.OSSRH_PASSWORD }}
MAVEN_GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
run: mvn --batch-mode release:perform

- name: Create Release

0 comments on commit 085fcae

Please sign in to comment.