# This workflow creates a running release please PR, which tracks all changes # based on semantic PR titles. When that PR is merged, a publish occurs after # release please increments the version. on: push: branches: - main name: Run Release Please permissions: # added using https://github.com/step-security/secure-workflows contents: read jobs: release-please: runs-on: ubuntu-latest permissions: contents: write # for googleapis/release-please-action to create release commit pull-requests: write # for googleapis/release-please-action to create release PR issues: write # for googleapis/release-please-action to create labels # Release-please creates a PR that tracks all changes steps: - uses: googleapis/release-please-action@v4 id: release with: token: ${{secrets.RELEASE_PLEASE_ACTION_TOKEN}} outputs: release_created: ${{ fromJSON(steps.release.outputs.paths_released)[0] != null }} # if we have a single release path, do the release publish: environment: publish runs-on: ubuntu-latest permissions: contents: read needs: release-please if: ${{ fromJSON(needs.release-please.outputs.release_created || false) }} steps: - name: Checkout Repository uses: actions/checkout@09d2acae674a48949e3602304ab46fd20ae0c42f - name: Set up JDK 17 uses: actions/setup-java@ae2b61dbc685e60e4427b2e8ed4f0135c6ea8597 with: java-version: '17' distribution: 'temurin' cache: maven server-id: central server-username: ${{ secrets.CENTRAL_USERNAME }} server-password: ${{ secrets.CENTRAL_PASSWORD }} - name: Configure GPG Key run: | echo -n "$GPG_SIGNING_KEY" | base64 --decode | gpg --import env: GPG_SIGNING_KEY: ${{ secrets.GPG_SIGNING_KEY }} - name: Deploy run: | mvn --batch-mode \ --settings release/m2-settings.xml -DskipTests clean deploy env: CENTRAL_USERNAME: ${{ secrets.CENTRAL_USERNAME }} CENTRAL_PASSWORD: ${{ secrets.CENTRAL_PASSWORD }}