diff --git a/.github/workflows/build-and-deploy.yml b/.github/workflows/build-and-deploy.yml index 801acde..56af81b 100644 --- a/.github/workflows/build-and-deploy.yml +++ b/.github/workflows/build-and-deploy.yml @@ -75,8 +75,8 @@ jobs: with: name: my-artifact path: | - target/plantuml-builder-*.jar - target/plantuml-builder-*.pom + target/asciidoctor-gherkin-extension-*.jar + target/asciidoctor-gherkin-extension-*.pom retention-days: 1 - name: Create and commit next dev version @@ -86,42 +86,3 @@ jobs: - uses: stefanzweifel/git-auto-commit-action@v4 with: commit_message: Post release - ci skip - - tests_java: - needs: - - publish - - check - if: "needs.check.outputs.status == 'deploy' && github.event_name == 'pull_request' && !contains(github.event.head_commit.message, 'ci skip')" - runs-on: ubuntu-latest - strategy: - matrix: - version: [11, 15, 17] - steps: - - uses: actions/checkout@v3 - - - name: Set up java - uses: actions/setup-java@v3 - with: - java-version: ${{ matrix.version }} - distribution: adopt - - - name: Install plantuml-builder artifact locally - run: | - ARTIFACT_VERSION=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout) - ARTIFACT_PATH=~/.m2/repository/ch/ifocusit/plantuml-builder/$ARTIFACT_VERSION/ - echo ::set-env name=ARTIFACT_PATH::$ARTIFACT_PATH - echo ::set-env name=PLANTUML_BUILDER_VERSION::$ARTIFACT_VERSION - - - uses: actions/download-artifact@v3 - with: - name: my-artifact - path: ${{ env.ARTIFACT_PATH }} - - - name: Test ${{ matrix.version }} - working-directory: ./src/it/example-java-x - run: | - sed -i -e "s/\${env.PLANTUML_BUILDER_VERSION}/${{ env.PLANTUML_BUILDER_VERSION }}/g" pom.xml - mvn --batch-mode --update-snapshots verify - env: - JAVA_VERSION: ${{ matrix.version }} - PLANTUML_BUILDER_VERSION: ${{ env.PLANTUML_BUILDER_VERSION }} diff --git a/DEV.md b/DEV.md new file mode 100644 index 0000000..459c8bc --- /dev/null +++ b/DEV.md @@ -0,0 +1,98 @@ +# Github actions + +TODO: + +- tag on release +- upload github package +- création release page avec doc +- ajout changelog + +# Publication maven centrale en local + +A titre d'exemple, voici les commande permettant de chiffrer et publier les artefacts. + +## 1. Signature du jar + +https://central.sonatype.org/publish/requirements/gpg/#gpg-signed-components + +Generate keys: + +```bash +gpg --gen-key +``` + +```bash +gpg --list-signatures --keyid-format 0xshort + +pub rsa3072/0xtututututu 2023-03-28 [SC] [expire : 2025-03-27] + 6666666666666666666666666666666666666666 +uid [ ultime ] Julien Boz +sig 3 0xtututututu 2023-03-28 Julien Boz +sub rsa3072/0xBBBBBBBB 2023-03-28 [E] [expire : 2025-03-27] +sig 0xtututututu 2023-03-28 Julien Boz +``` + +Optional but best practice, distribute public key on the internet to allow people to verify files: + +```bash +gpg --keyserver keyserver.ubuntu.com --send-keys 6666666666666666666666666666666666666666 +``` + +Optional, Export keys: + +```bash +gpg --output .release/pubring.gpg --armor --export 6666666666666666666666666666666666666666 +gpg --output .release/secring.gpg --armor --export-secret-key 6666666666666666666666666666666666666666 +``` + +Test jar signatures: + +```bash +export GPG_KEYNAME=0xtututututu +export GPG_PASSPHRASE=gpg-passphrase-defined + +mvn clean verify -P release +``` + +## 2. Upload maven centrale + +Documentation is here: https://central.sonatype.org/publish/manage-user/ + +Generate an access token on this page https://oss.sonatype.org/#profile;User%20Token (some time the web interface bugs and you have to reconnect yourself) + +Create settings.xml : + +``` + + + + ossrh + ${env.SONATYPE_USERNAME} + ${env.SONATYPE_PASSWORD} + + + +``` + +```bash +export SONATYPE_USERNAME=toto +export SONATYPE_PASSWORD=titi + +mvn clean deploy -P release --settings .release/settings.xml +``` + +## 3. Lost secret ? + +Use this in github action : + +```yaml +- name: Set env as secret + env: + MY_VAL: ${{ secrets.MAVEN_GPG_PASSPHRASE }} + run: | + import os + for q in (os.getenv("MY_VAL")): + print(q) + shell: python +```