name: Grace CI on: push: branches: - 'release/[5-9]+.[0-9]+.0' pull_request: branches: - 'release/[5-9]+.[0-9]+.0' workflow_dispatch: jobs: build: permissions: contents: read # to fetch code (actions/checkout) runs-on: ubuntu-22.04 strategy: matrix: java: ['11'] env: WORKSPACE: ${{ github.workspace }} steps: - name: Checkout repository env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} uses: actions/checkout@v4 with: token: ${{ secrets.GITHUB_TOKEN }} - name: Set up JDK uses: actions/setup-java@v3 with: distribution: 'adopt' java-version: ${{ matrix.java }} - name: Run Build id: build uses: gradle/gradle-build-action@v2 env: GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }} GRADLE_ENTERPRISE_BUILD_CACHE_NODE_USER: ${{ secrets.GRADLE_ENTERPRISE_BUILD_CACHE_NODE_USER }} GRADLE_ENTERPRISE_BUILD_CACHE_NODE_KEY: ${{ secrets.GRADLE_ENTERPRISE_BUILD_CACHE_NODE_KEY }} with: arguments: build -x test publish: if: github.event_name == 'push' needs: ["build"] permissions: contents: read # to fetch code (actions/checkout) checks: write runs-on: ubuntu-22.04 steps: - name: Checkout repository env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} uses: actions/checkout@v4 with: token: ${{ secrets.GITHUB_TOKEN }} - name: Set up JDK 11 uses: actions/setup-java@v3 with: distribution: 'adopt' java-version: 11 - name: Generate secring file env: SECRING_FILE: ${{ secrets.SECRING_FILE }} run: echo $SECRING_FILE | base64 -d > ${{ github.workspace }}/secring.gpg - name: Publish to Sonatype OSSRH id: publish uses: gradle/gradle-build-action@v2 env: GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }} GRADLE_ENTERPRISE_BUILD_CACHE_NODE_USER: ${{ secrets.GRADLE_ENTERPRISE_BUILD_CACHE_NODE_USER }} GRADLE_ENTERPRISE_BUILD_CACHE_NODE_KEY: ${{ secrets.GRADLE_ENTERPRISE_BUILD_CACHE_NODE_KEY }} SONATYPE_USERNAME: ${{ secrets.SONATYPE_USERNAME }} SONATYPE_PASSWORD: ${{ secrets.SONATYPE_PASSWORD }} SONATYPE_NEXUS_URL: ${{ secrets.SONATYPE_NEXUS_URL }} SONATYPE_STAGING_PROFILE_ID: ${{ secrets.SONATYPE_STAGING_PROFILE_ID }} SIGNING_KEY: ${{ secrets.SIGNING_KEY }} SIGNING_PASSPHRASE: ${{ secrets.SIGNING_PASSPHRASE }} SECRING_FILE: ${{ secrets.SECRING_FILE }} with: arguments: -Psigning.secretKeyRingFile=${{ github.workspace }}/secring.gpg publishToSonatype closeAndReleaseSonatypeStagingRepository