java-sdk/.github/workflows/release.yml

# This workflow creates a running release please PR, which tracks all changes
# based on semantic PR titles. When that PR is merged, a publish occurs after
# release please increments the version.

on:
  push:
    branches:
      - main
name: Run Release Please
permissions:  # added using https://github.com/step-security/secure-workflows
  contents: read

jobs:
  release-please:
    runs-on: ubuntu-latest
    permissions:
      contents: write # for googleapis/release-please-action to create release commit
      pull-requests: write # for googleapis/release-please-action to create release PR
      issues: write # for googleapis/release-please-action to create labels

    # Release-please creates a PR that tracks all changes
    steps:
      - uses: googleapis/release-please-action@v4
        id: release
        with:
          token: ${{secrets.RELEASE_PLEASE_ACTION_TOKEN}}
    outputs:
      release_created: ${{ fromJSON(steps.release.outputs.paths_released)[0] != null }} # if we have a single release path, do the release

  publish:
    environment: publish
    runs-on: ubuntu-latest
    permissions:
      contents: read
    needs: release-please
    if: ${{ fromJSON(needs.release-please.outputs.release_created || false) }}

    steps:
      - name: Checkout Repository
        uses: actions/checkout@09d2acae674a48949e3602304ab46fd20ae0c42f

      - name: Set up JDK 17
        uses: actions/setup-java@ae2b61dbc685e60e4427b2e8ed4f0135c6ea8597
        with:
          java-version: '17'
          distribution: 'temurin'
          cache: maven
          server-id: central
          server-username: ${{ secrets.CENTRAL_USERNAME }}
          server-password: ${{ secrets.CENTRAL_PASSWORD }}

      - name: Configure GPG Key
        run: |
          echo -n "$GPG_SIGNING_KEY" | base64 --decode | gpg --import          
        env:
          GPG_SIGNING_KEY: ${{ secrets.GPG_SIGNING_KEY }}

      - name: Deploy
        run: |
          mvn --batch-mode \
            --settings release/m2-settings.xml -DskipTests clean deploy          
        env:
          CENTRAL_USERNAME: ${{ secrets.CENTRAL_USERNAME }}
          CENTRAL_PASSWORD: ${{ secrets.CENTRAL_PASSWORD }}