The GitHub Action for Maven releases wraps the Maven CLI to enable Maven release to be run by a bot. You can use this action for auto-releasing your java artefacts each time you commit into master.
The release will allow you to setup a GPG key for your bot.
For a simple repo with not much protection and private dependency, you can do:
- name: Release
uses: qcastel/github-actions-maven-release@master
with:
release-branch-name: "master"
git-release-bot-name: "release-bot"
git-release-bot-email: "release-bot@example.com"
access-token: ${{ secrets.GITHUB_ACCESS_TOKEN }}
You can add some maven options, which is handy for skipping tests:
maven-args: "-Dmaven.javadoc.skip=true -DskipTests -DskipITs -Ddockerfile.skip -DdockerCompose.skip"
If you want to setup a GPG key, you can do it by injecting your key via the secrets:
Note: GITHUB_GPG_KEY
needs to be base64 encoded.
if you haven't setup a GPG key yet, see next section
- name: Release
uses: qcastel/github-actions-maven-release@master
with:
release-branch-name: "master"
gpg-enabled: "true"
gpg-key-id: ${{ secrets.GITHUB_GPG_KEY_ID }}
gpg-key: ${{ secrets.GITHUB_GPG_KEY }}
git-release-bot-name: "release-bot"
git-release-bot-email: "release-bot@example.com"
access-token: ${{ secrets.GITHUB_ACCESS_TOKEN }}
If you got a private maven repo to setup in the settings.xml, you can do: Note: we recommend putting those values in your repo secrets.
- name: Release
uses: qcastel/github-actions-maven-release@master
with:
release-branch-name: "master"
maven-repo-server-id: ${{ secrets.MVN_REPO_PRIVATE_REPO_USER }}
maven-repo-server-username: ${{ secrets.MVN_REPO_PRIVATE_REPO_USER }}
maven-repo-server-password: ${{ secrets.MVN_REPO_PRIVATE_REPO_PASSWORD }}
git-release-bot-name: "release-bot"
git-release-bot-email: "release-bot@example.com"
access-token: ${{ secrets.GITHUB_ACCESS_TOKEN }}
Here is an example with all of the options at the same time:
- name: Release
uses: qcastel/github-actions-maven-release@master
with:
release-branch-name: "master"
gpg-enabled: "true"
gpg-key-id: ${{ secrets.GITHUB_GPG_KEY_ID }}
gpg-key: ${{ secrets.GITHUB_GPG_KEY }}
maven-repo-server-id: ${{ secrets.MVN_REPO_PRIVATE_REPO_USER }}
maven-repo-server-username: ${{ secrets.MVN_REPO_PRIVATE_REPO_USER }}
maven-repo-server-password: ${{ secrets.MVN_REPO_PRIVATE_REPO_PASSWORD }}
maven-args: "-Dmaven.javadoc.skip=true -DskipTests -DskipITs -Ddockerfile.skip -DdockerCompose.skip"
git-release-bot-name: "release-bot"
git-release-bot-email: "release-bot@example.com"
access-token: ${{ secrets.GITHUB_ACCESS_TOKEN }}
We welcome contributions! If your usecase is slightly different than us, just suggest a RFE or contribute to this repo directly.
Setting up a gpg key for your bot is a good security feature. This way, you can enforce sign commits in your repo, even for your release bot.
- Create dedicate github account for your bot and add him into your team for your git repo.
- Create a new GPG key: https://help.github.com/en/github/authenticating-to-github/generating-a-new-gpg-key
This github action needs the key ID and the key base64 encoded.
gpg-key-id: ${{ secrets.GITHUB_GPG_KEY_ID }}
gpg-key: ${{ secrets.GITHUB_GPG_KEY }}
You can get the key ID doing the following:
gpg --list-secret-keys --keyid-format LONG
sec rsa2048/3EFC3104C0088B08 2019-11-28 [SC]
CBFD9020DAC388A77C68385C3EFC3104C0088B08
uid [ultimate] bot-openbanking4-dev (it's the bot openbanking4.dev key) <bot@openbanking4.dev>
ssb rsa2048/7D1523C9952204C1 2019-11-28 [E]
The key ID for my bot is 3EFC3104C0088B08. Add this value into your github secret for this repo, under GITHUB_GPG_KEY_ID
PS: the key id is not really a secret but we found more elegant to store it there than in plain text in the github action yml
Now we need the raw key and base64 encode
gpg --export-secret-keys --armor 3EFC3104C0088B08 | base64
Copy the result and add it in your githup repo secrets under GITHUB_GPG_KEY
.
Go the bot account in github and import this GPG key into its profile.
The Dockerfile and associated scripts and documentation in this project are released under the MIT License.