Maven Releases (and CI in general) via GitHub Actions
I recently completed transitioning the Eclipse Milo repo to its own org on GitHub, and I'd like to explore moving CI and release from the existing Jenkins instance (https://ci.eclipse.org/milo/) to GitHub Actions.
The part that is unclear to me is around the secrets required for publishing. In Jenkins I see there is a KEYRING env variable and some shell scripting to support this.
In other projects/orgs that I'm responsible for, I've managed this in GH actions by adding these org-level secrets that I can reference in my release workflow:
OSSRH_GPG_SECRET_KEYOSSRH_GPG_SECRET_KEY_PASSWORDOSSRH_USERNAMEOSSRH_PASSWORD
and then a workflow that looks something like:
name: Maven Release
on:
release:
types: [ created ]
jobs:
publish:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- uses: actions/checkout@v4
- name: Set up Java for publishing to Maven Central
uses: actions/setup-java@v4
with:
java-version: '17'
distribution: 'temurin'
server-id: ossrh
server-username: MAVEN_USERNAME
server-password: MAVEN_PASSWORD
- name: Install GPG secret key
run: |
cat <(echo -e "${{ secrets.OSSRH_GPG_SECRET_KEY }}") | gpg --batch --import
gpg --list-secret-keys --keyid-format LONG
- name: Publish to Maven Central
run: mvn -B -Dgpg.passphrase=${{ secrets.OSSRH_GPG_SECRET_KEY_PASSWORD }} clean deploy -P release
env:
MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }}
MAVEN_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}How is this supposed to work for Eclipse Projects?
Edited by Kevin Herron