diff --git a/.github/actions/central-publish/action.yml b/.github/actions/central-publish/action.yml index bcd7e2a..17cfcea 100644 --- a/.github/actions/central-publish/action.yml +++ b/.github/actions/central-publish/action.yml @@ -1,5 +1,6 @@ name: 'Publish to Central' -description: 'Publish Maven artifact to Central' +description: | + This action is not used. Keeping the code for reference how to perform the publish very manual way. inputs: gpg-base64-key: @@ -33,7 +34,7 @@ runs: run: | echo ${{ inputs.gpg-base64-key }} | base64 -d > ./private.key gpg --import --passphrase ${{ inputs.gpg-passphrase }} --batch --yes ./private.key - rm -f ./private.keyg + rm -f ./private.key - name: Prepare artifacts shell: bash diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index ea03797..3ba682d 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -2,6 +2,7 @@ name: publish on: workflow_dispatch: + push: jobs: publish: @@ -13,14 +14,12 @@ jobs: - name: Checkout uses: actions/checkout@v4 - - name: Build - run: mvn package install javadoc:jar source:jar + - name: Import gpg key + run: | + echo ${{ inputs.gpg-base64-key }} | base64 -d > ./private.key + gpg --import --passphrase ${{ inputs.gpg-passphrase }} --batch --yes ./private.key + rm -f ./private.key - - name: Publish - uses: cdivitotawela/example-publish-maven-central/.github/actions/central-publish@main - with: - gpg-base64-key: ${{ secrets.GPG_BASE64_KEY }} - gpg-passphrase: ${{ secrets.GPG_PASSPHRASE }} - central-username: ${{ secrets.CENTRAL_USERNAME }} - central-password: ${{ secrets.CENTRAL_PASSWORD }} + - name: Build + run: mvn verify diff --git a/.gitignore b/.gitignore index 90a1fdb..4516609 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,4 @@ target .idea private.key -keyring* -.#* \ No newline at end of file +.envrc \ No newline at end of file diff --git a/README.md b/README.md index 87795e1..66fba8c 100644 --- a/README.md +++ b/README.md @@ -1,10 +1,8 @@ # Example Publish to Maven Central -This is an example of publishing Java package to Maven Central. This example use the new Portal where publish is performed -using the Central publish API. - +This is an example of publishing Java package to Maven Central. This example use the new Portal to publish the artifacts. Currently new Central portal does not support publishing snapshots. ## GPG Key Generation -Create gpg key pair with following command. Use a passphrase to protect the key. +Create gpg key pair with following command. This will be required when signing the artifacts to publish. ```sh # Generate key gpg --gen-key @@ -22,13 +20,50 @@ gpg --keyserver keyserver.ubuntu.com --recv-keys # If the ring has multiple keys it is neccessary to specify the secret key when signing # So list the secret keys and make a note of the key id gpg --list-secret-keys + +# Export the private key armor +gpg --export-secret-key -a > private.key + +# If there are multiple keys specify the key id +gpg --export-secret-key -a > private.key ``` ## Sign Artifacts +Maven plug-in `maven-gpg-plugin` is used to sign the artifacts. This information is useful if the signing +is performed manually. + Each artifact need to be signed using the gpg key. Following command is used get the signature in a separate file This creates the .asc file with the signature. ```sh # Create signature for the artifact in separate file (-b option to create separate file) gpg -ab --local-user ``` + + +# Local Testing +Following setup starts a Docker container. +```sh +# Export secrets +export MAVEN_GPG_PASSPHRASE= +export CENTRAL_USERNAME= +export CENTRAL_PASSWORD= + +# Starting docker container +docker run -it \ + -v $PWD:/home/circleci/project \ + -v $PWD/m2:/home/circleci/.m2 \ + -e "MAVEN_GPG_PASSPHRASE=$MAVEN_GPG_PASSPHRASE" \ + -e "CENTRAL_USERNAME=$CENTRAL_USERNAME" \ + -e "CENTRAL_PASSWORD=$CENTRAL_PASSWORD" \ + cimg/openjdk:11.0.22 + +# Run the setup.sh inside the container. This will import the private key +./setup.sh + +# Maven command to build the artifacts and sign +mvn verify + +# Maven command to publish to central. During this process hash are generated before publish +mvn deploy +``` \ No newline at end of file diff --git a/m2/.gitignore b/m2/.gitignore new file mode 100644 index 0000000..0922601 --- /dev/null +++ b/m2/.gitignore @@ -0,0 +1 @@ +repository \ No newline at end of file diff --git a/m2/settings.xml b/m2/settings.xml new file mode 100644 index 0000000..c949d54 --- /dev/null +++ b/m2/settings.xml @@ -0,0 +1,18 @@ + + + + + + + + central + ${env.CENTRAL_USERNAME} + ${env.CENTRAL_PASSWORD} + + + + + + + diff --git a/pom.xml b/pom.xml new file mode 100644 index 0000000..b1fa0da --- /dev/null +++ b/pom.xml @@ -0,0 +1,113 @@ + + 4.0.0 + name.divitotawela.sandbox + example + + jar + 1.0.4 + example + Example project to check publish to central + http://maven.apache.org + + + + + cdivitotawela + Chaminda Divitotawela + cdivitotawela@gmail.com + + + + + + + The Apache Software License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + + scm:git:git://github.com/cdivitotawela/example-publish-maven-central.git + scm:git:ssh://github.com:cdivitotawela/example-publish-maven-central.git + https://github.com/cdivitotawela/example-publish-maven-central + + + + + junit + junit + 3.8.1 + test + + + + + + + org.apache.maven.plugins + maven-source-plugin + 3.2.1 + + + attach-sources + package + + jar-no-fork + + + + + + org.apache.maven.plugins + maven-javadoc-plugin + 3.3.0 + + + attach-javadocs + package + + jar + + + + + + org.apache.maven.plugins + maven-gpg-plugin + 1.6 + + true + ${env.MAVEN_GPG_PASSPHRASE} + + --batch + --pinentry-mode + loopback + + + + + sign-artifacts + verify + + sign + + + + + + org.sonatype.central + central-publishing-maven-plugin + 0.4.0 + true + + central + true + false + + + + + + diff --git a/setup.sh b/setup.sh new file mode 100755 index 0000000..2f438ae --- /dev/null +++ b/setup.sh @@ -0,0 +1,9 @@ +#!/bin/bash + +[[ -f ./private.key ]] || { + echo "ERROR: Cannot find gpg private key" + exit 1 +} + +# Import private key +gpg --import --passphrase $$MAVEN_GPG_PASSPHRASE --batch --yes ./private.key diff --git a/src/main/java/name/divitotawela/sandbox/App.java b/src/main/java/name/divitotawela/sandbox/App.java new file mode 100644 index 0000000..a5802c4 --- /dev/null +++ b/src/main/java/name/divitotawela/sandbox/App.java @@ -0,0 +1,13 @@ +package name.divitotawela.sandbox; + +/** + * Hello world! + * + */ +public class App +{ + public static void main( String[] args ) + { + System.out.println( "Hello World!" ); + } +} diff --git a/src/test/java/name/divitotawela/sandbox/AppTest.java b/src/test/java/name/divitotawela/sandbox/AppTest.java new file mode 100644 index 0000000..aa5101a --- /dev/null +++ b/src/test/java/name/divitotawela/sandbox/AppTest.java @@ -0,0 +1,38 @@ +package name.divitotawela.sandbox; + +import junit.framework.Test; +import junit.framework.TestCase; +import junit.framework.TestSuite; + +/** + * Unit test for simple App. + */ +public class AppTest + extends TestCase +{ + /** + * Create the test case + * + * @param testName name of the test case + */ + public AppTest( String testName ) + { + super( testName ); + } + + /** + * @return the suite of tests being tested + */ + public static Test suite() + { + return new TestSuite( AppTest.class ); + } + + /** + * Rigourous Test :-) + */ + public void testApp() + { + assertTrue( true ); + } +}