JavaClient/.github/workflows/publish.yml at master · dataforseo/JavaClient · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
name: Publish to Maven Central

on:
  push:
    tags:
      - 'v*'

jobs:
  publish:
    runs-on: ubuntu-latest
    environment: mvn

    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Extract version from tag
        id: version
        run: |
          TAG="${GITHUB_REF_NAME}"
          VERSION="${TAG#v}"
          if [[ ! "$VERSION" =~ ^[0-9]+\.[0-9]+\.[0-9]+.*$ ]]; then
            echo "Tag '$TAG' does not look like a semver release (expected vX.Y.Z)" >&2
            exit 1
          fi
          echo "version=$VERSION" >> "$GITHUB_OUTPUT"
          echo "Publishing version: $VERSION"

      - name: Set up JDK 25
        uses: actions/setup-java@v4
        with:
          java-version: '25'
          distribution: 'temurin'
          server-id: central
          server-username: MAVEN_CENTRAL_USERNAME
          server-password: MAVEN_CENTRAL_PASSWORD
          gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }}
          gpg-passphrase: MAVEN_GPG_PASSPHRASE

      - name: Configure GPG for non-interactive signing
        run: |
          mkdir -p ~/.gnupg
          chmod 700 ~/.gnupg
          echo "pinentry-mode loopback" >> ~/.gnupg/gpg.conf
          echo "allow-loopback-pinentry" >> ~/.gnupg/gpg-agent.conf
          echo "use-agent" >> ~/.gnupg/gpg.conf
          gpgconf --reload gpg-agent || true

      - name: Cache Maven packages
        uses: actions/cache@v4
        with:
          path: ~/.m2/repository
          key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
          restore-keys: ${{ runner.os }}-m2

      - name: Verify pom.xml version matches tag
        run: |
          POM_VERSION=$(mvn -B -q -DforceStdout help:evaluate -Dexpression=project.version)
          TAG_VERSION="${{ steps.version.outputs.version }}"
          if [ "$POM_VERSION" != "$TAG_VERSION" ]; then
            echo "::error::Version mismatch — tag is '$TAG_VERSION' but pom.xml has '$POM_VERSION'."
            echo "::error::Bump pom.xml first: mvn versions:set -DnewVersion=$TAG_VERSION -DgenerateBackupPoms=false"
            echo "::error::Then commit, tag, and push again."
            exit 1
          fi
          echo "pom.xml version matches tag: $POM_VERSION"

      - name: Publish to Maven Central
        env:
          MAVEN_CENTRAL_USERNAME: ${{ secrets.MAVEN_CENTRAL_USERNAME }}
          MAVEN_CENTRAL_PASSWORD: ${{ secrets.MAVEN_CENTRAL_PASSWORD }}
          MAVEN_GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
        run: mvn -B -P sign-artifacts -DskipTests clean deploy