feat(build): publish to OSSRH Snapshots and MavenCentral (#319)

.github/workflows/build.yaml

@@ -52,33 +52,20 @@ jobs:
   secret-presence:
     runs-on: ubuntu-latest
     outputs:
-      GPG_PRIVATE_KEY: ${{ steps.secret-presence.outputs.GPG_PRIVATE_KEY }}
-      GPG_PASSPHRASE: ${{ steps.secret-presence.outputs.GPG_PASSPHRASE }}
       DOCKER_HUB_TOKEN: ${{ steps.secret-presence.outputs.DOCKER_HUB_TOKEN }}
+      HAS_OSSRH: ${{ steps.secret-presence.outputs.HAS_OSSRH }}
     steps:
       - name: Check whether secrets exist
         id: secret-presence
         run: |
-          [ ! -z "${{ secrets.GPG_PRIVATE_KEY }}" ] && echo "GPG_PRIVATE_KEY=true" >> $GITHUB_OUTPUT
-          [ ! -z "${{ secrets.GPG_PASSPHRASE }}" ] && echo "GPG_PASSPHRASE=true" >> $GITHUB_OUTPUT
           [ ! -z "${{ secrets.DOCKER_HUB_TOKEN }}" ] && echo "DOCKER_HUB_TOKEN=true" >> $GITHUB_OUTPUT
+          [ ! -z "${{ secrets.ORG_GPG_PASSPHRASE }}" ] && 
+          [ ! -z "${{ secrets.ORG_GPG_PRIVATE_KEY }}" ] && 
+          [ ! -z "${{ secrets.ORG_OSSRH_USERNAME }}" ] && 
+          [ ! -z "${{ secrets.ORG_OSSRH_PASSWORD }}" ]  && 
+          echo "HAS_OSSRH=true" >> $GITHUB_OUTPUT
           exit 0
 
-  build-extensions:
-    runs-on: ubuntu-latest
-    needs: [ secret-presence ]
-    steps:
-      # Set-Up
-      - uses: actions/[email protected]
-      - uses: ./.github/actions/setup-java
-      # Build
-      - name: Build Extensions
-        run: |-
-          ./gradlew -p edc-extensions build
-        env:
-          GITHUB_PACKAGE_USERNAME: ${{ github.actor }}
-          GITHUB_PACKAGE_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
-
   build-docker-images:
     name: "Create Docker Images"
     runs-on: ubuntu-latest
@@ -107,33 +94,47 @@ jobs:
           docker_user: ${{ secrets.DOCKER_HUB_USER }}
           docker_token: ${{ secrets.DOCKER_HUB_TOKEN }}
 
-  publish-to-github-packages:
+  publish-to-maven-central:
+    name: "Publish artefacts to OSSRH Snapshots / MavenCentral"
     runs-on: ubuntu-latest
     permissions:
       contents: read
       packages: write
-    needs: [ secret-presence, build-extensions ]
+    needs: [ secret-presence ]
 
     # do not run on PR branches, do not run on releases
     if: |
-      needs.secret-presence.outputs.GPG_PASSPHRASE && needs.secret-presence.outputs.GPG_PRIVATE_KEY && github.event_name != 'pull_request' && github.ref != 'refs/heads/releases'
+      needs.secret-presence.outputs.HAS_OSSRH && github.event_name != 'pull_request' && github.ref != 'refs/heads/releases'
     steps:
+      - name: List Keys
+        run: |
+          gpg -K --keyid-format=long
+
+      - name: Import GPG Private Key
+        run: |
+          echo "use-agent" >> ~/.gnupg/gpg.conf
+          echo "pinentry-mode loopback" >> ~/.gnupg/gpg.conf
+          echo -e "${{ secrets.ORG_GPG_PRIVATE_KEY }}" | gpg --import --batch
+          for fpr in $(gpg --list-keys --with-colons | awk -F: '/fpr:/ {print $10}' | sort -u);
+          do
+            echo -e "5\\ny\\n" |  gpg --batch --command-fd 0 --expert --edit-key $fpr trust;
+          done
+
       # Set-Up
       - uses: actions/[email protected]
-
       - uses: ./.github/actions/setup-java
-      - name: Import GPG Key
-        uses: crazy-max/ghaction-import-gpg@v5
-        with:
-          gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
-          passphrase: ${{ secrets.GPG_PASSPHRASE }}
 
-      # publish snapshots
-      - name: Publish snapshot versions
-        run: |-
-          echo "Publishing Version $(grep -e "version" gradle.properties | cut -f2 -d"=") to Github Packages"
-          ./gradlew publishAllPublicationsToGitHubPackagesRepository
+      # publish snapshots or releases
+      - name: Publish version
         env:
-          REPO: ${{ github.repository }}
-          GITHUB_PACKAGE_USERNAME: ${{ github.actor }}
-          GITHUB_PACKAGE_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
+          OSSRH_PASSWORD: ${{ secrets.ORG_OSSRH_PASSWORD }}
+          OSSRH_USER: ${{ secrets.ORG_OSSRH_USERNAME }}
+        run: |-
+          VERSION=$(./gradlew properties -q | grep "version:" | awk '{print $2}')
+          cmd=""
+          if [[ $VERSION != *-SNAPSHOT ]]
+          then
+            cmd="closeAndReleaseSonatypeStagingRepository";
+          fi
+          echo "Publishing Version $VERSION to Sonatype"
+          ./gradlew publishToSonatype ${cmd} --no-parallel -Pversion=$VERSION -Psigning.gnupg.executable=gpg -Psigning.gnupg.passphrase="${{ secrets.ORG_GPG_PASSPHRASE }}"

.github/workflows/publish-new-release.yml

@@ -49,29 +49,35 @@ jobs:
       packages: write
     if: github.event.pull_request.merged == true && needs.release-version.outputs.RELEASE_VERSION
     steps:
-      -
-        name: Export RELEASE_VERSION env
+      - name: Export RELEASE_VERSION env
         run: |
           echo "RELEASE_VERSION=${{ needs.release-version.outputs.RELEASE_VERSION }}" >> $GITHUB_ENV
-      -
-        uses: actions/[email protected]
-      -
-        uses: ./.github/actions/setup-java
-
-      - name: Import GPG Key
-        uses: crazy-max/ghaction-import-gpg@v5
-        with:
-          gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
-          passphrase: ${{ secrets.GPG_PASSPHRASE }}
+      - name: List Keys
+        run: |
+          gpg -K --keyid-format=long
 
-      - name: Publish release version
+      - name: Import GPG Private Key
         run: |
-          echo "Publishing Version $(grep -e "version" gradle.properties | cut -f2 -d"=") to Github Packages"
-          ./gradlew publishAllPublicationsToGithubPackagesRepository
+          echo "use-agent" >> ~/.gnupg/gpg.conf
+          echo "pinentry-mode loopback" >> ~/.gnupg/gpg.conf
+          echo -e "${{ secrets.ORG_GPG_PRIVATE_KEY }}" | gpg --import --batch
+          for fpr in $(gpg --list-keys --with-colons | awk -F: '/fpr:/ {print $10}' | sort -u);
+          do
+            echo -e "5\\ny\\n" |  gpg --batch --command-fd 0 --expert --edit-key $fpr trust;
+          done
+
+      # Set-Up
+      - uses: actions/[email protected]
+      - uses: ./.github/actions/setup-java
+
+      # publish releases
+      - name: Publish version
         env:
-          REPO: ${{ github.repository }}
-          GITHUB_PACKAGE_USERNAME: ${{ github.actor }}
-          GITHUB_PACKAGE_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
+          OSSRH_PASSWORD: ${{ secrets.ORG_OSSRH_PASSWORD }}
+          OSSRH_USER: ${{ secrets.ORG_OSSRH_USERNAME }}
+        run: |-
+          echo "Publishing Version $RELEASE_VERSION to Sonatype/MavenCentral"
+          ./gradlew publishToSonatype closeAndReleaseSonatypeStagingRepository --no-parallel -Pversion=$RELEASE_VERSION -Psigning.gnupg.executable=gpg -Psigning.gnupg.passphrase="${{ secrets.ORG_GPG_PASSPHRASE }}"
 
   docker-release:
     name: Publish Docker images