diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 3d45b37..ffe4cf1 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -12,31 +12,37 @@ jobs: name: Create release runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 + + - uses: Keeper-Security/ksm-action@v1 + with: + keeper-secret-config: ${{ secrets.KSM_CONFIG }} + secrets: | + ${{ vars.KEEPER_OSSRH_RECORD_ID }}/field/login > env:MAVEN_USERNAME + ${{ vars.KEEPER_OSSRH_RECORD_ID }}/field/password > env:MAVEN_PASSWORD + ${{ vars.KEEPER_GPG_ARTIFACT_SIGNING_RECORD_ID }}/custom_field/gpg-private-key > env:GPG_PRIVATE_KEY + ${{ vars.KEEPER_GPG_ARTIFACT_SIGNING_RECORD_ID }}/field/password > env:MAVEN_GPG_PASSPHRASE - name: Setup Java - uses: actions/setup-java@v3 + uses: actions/setup-java@v4 with: distribution: 'temurin' java-version: 17 server-id: ossrh # Value of the distributionManagement/repository/id field of the pom.xml server-username: MAVEN_USERNAME # env variable for username in deploy - server-password: MAVEN_CENTRAL_TOKEN # env variable for token in deploy - gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }} # Value of the GPG private key to import + server-password: MAVEN_PASSWORD # env variable for token in deploy + gpg-private-key: ${{ env.GPG_PRIVATE_KEY }} # Value of the GPG private key to import gpg-passphrase: MAVEN_GPG_PASSPHRASE # env variable for GPG private key passphrase - name: Configure Git user - run: | - git config user.email "actions@github.com" - git config user.name "GitHub Actions" + uses: bonitasoft/git-setup-action@v1 + with: + keeper-secret-config: ${{ secrets.KSM_CONFIG }} + - name: Build Release run: ./mvnw --batch-mode release:prepare -DreleaseVersion=${{ github.event.inputs.version }} - name: Publish - env: - MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }} - MAVEN_CENTRAL_TOKEN: ${{ secrets.OSSRH_PASSWORD }} - MAVEN_GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} run: mvn --batch-mode release:perform - name: Create Release