Update github actions (#136)

.github/NOTES

@@ -2,6 +2,12 @@ Add subkeys:
 
 ????
 
+Publish:
+
+gpg --send-keys --keyserver keyserver.ubuntu.com $KEYID
+gpg --send-keys --keyserver pgp.mit.edu $KEYID
+gpg --send-keys --keyserver pool.sks-keyservers.net $KEYID
+
 Backup:
 
 gpg --export --armor pcampbell@kemitix.net > gpg-key-backup.asc
@@ -43,3 +49,5 @@ gpg --export-secret-keys --armor pcampbell@kemitix.net >> codesigning.asc
 Encrypt keys:
 
 gpg --symmetric --cipher-algo AES256 codesigning.asc
+
+shred codesigning.asc

.github/deploy.sh

@@ -1,43 +0,0 @@
-#!/usr/bin/env bash
-
-# Decrypts the signing key in .github/codesigning.asc.enc
-# Imports that key
-# Uses .github/settings.xml and the release profile to deploy
-
-echo "deploy.sh: Starting..."
-
-(
-    cd .github
-
-    echo "Retrieving GPG Private KEY"
-    gpg --quiet \
-        --batch \
-        --yes \
-        --decrypt \
-        --passphrase="${GPG_PASSPHRASE}" \
-        --output codesigning.asc \
-        codesigning.asc.gpg
-
-    echo "Loading signing key"
-    gpg --batch \
-        --fast-import codesigning.asc
-)
-
-if test -z ${DEPLOY_PROJECTS}
-then
-    PROJECTS=""
-    echo "Deploying Projects: all"
-else
-    PROJECTS="-pl ${DEPLOY_PROJECTS}"
-    echo "Deploying Projects: $DEPLOY_PROJECTS"
-fi
-
-echo "Releasing..."
-mvn ${PROJECTS} \
-    --settings .github/settings.xml \
-    -Dskip-Tests=true \
-    -P release \
-    -B \
-    deploy
-
-echo "deploy.sh: Done."

.github/release-drafter.yml

@@ -0,0 +1,34 @@
+name-template: 'v$RESOLVED_VERSION 🌈'
+tag-template: 'v$RESOLVED_VERSION'
+categories:
+  - title: '🚀 Features'
+    labels:
+      - 'feature'
+      - 'enhancement'
+  - title: '🐛 Bug Fixes'
+    labels:
+      - 'fix'
+      - 'bugfix'
+      - 'bug'
+  - title: '🧰 Maintenance'
+    labels:
+      - 'chore'
+      - 'dependencies'
+change-template: '- $TITLE @$AUTHOR (#$NUMBER)'
+version-resolver:
+  major:
+    labels:
+      - 'major'
+  minor:
+    labels:
+      - 'minor'
+  patch:
+    labels:
+      - 'patch'
+  default: patch
+exclude-labels:
+  - 'skip-changelog'
+template: |
+  ## Changes
+
+  $CHANGES

.github/stale.yaml

@@ -0,0 +1,17 @@
+# Number of days of inactivity before an issue becomes stale
+daysUntilStale: 60
+# Number of days of inactivity before a stale issue is closed
+daysUntilClose: 7
+# Issues with these labels will never be considered stale
+exemptLabels:
+  - pinned
+  - security
+# Label to use when marking an issue as stale
+staleLabel: wontfix
+# Comment to post when marking an issue as stale. Set to `false` to disable
+markComment: >
+  This issue has been automatically marked as stale because it has not had
+  recent activity. It will be closed if no further activity occurs. Thank you
+  for your contributions.
+# Comment to post when closing a stale issue. Set to `false` to disable
+closeComment: false

.github/workflows/build-maven.yml

@@ -0,0 +1,23 @@
+name: maven-build
+
+on:
+  push:
+    branches: '*'
+  pull_request:
+    branches: '*'
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        java: [ 8, 11, 14 ]
+    steps:
+      - uses: kamiazya/setup-graphviz@v1
+      - uses: actions/checkout@v2
+      - name: setup-jdk-${{ matrix.java }}
+        uses: actions/setup-java@v1
+        with:
+          java-version: ${{ matrix.java }}
+      - name: build-jar
+        run: mvn -B install

.github/workflows/deploy-sonatype.yml

@@ -0,0 +1,40 @@
+name: sonatype-deploy
+
+on:
+  push:
+    tags:
+      - "v*"
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: kamiazya/setup-graphviz@v1
+      - uses: actions/checkout@v2
+      - name: Set up JDK
+        uses: actions/setup-java@v1
+        with:
+          java-version: 8
+      - name: Build with Maven
+        run: mvn -B install
+      - name: Nexus Repo Publish
+        run: |
+          gpg --quiet \
+            --batch \
+            --yes \
+            --decrypt \
+            --passphrase="${{ secrets.GPG_PASSPHRASE }}" \
+            --output codesigning.asc \
+            .github/codesigning.asc.gpg
+          gpg --batch \
+            --fast-import codesigning.asc
+          mvn --settings .github/settings.xml \
+            -Dskip-Tests=true \
+            -P release \
+            -B \
+            deploy
+        env:
+          NEXUS_USERNAME: ${{ secrets.NEXUS_USERNAME }}
+          NEXUS_PASSWORD: ${{ secrets.NEXUS_PASSWORD }}
+          GPG_KEYNAME: ${{ secrets.GPG_KEYNAME }}
+          GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}

.github/workflows/draft-release.yml

@@ -0,0 +1,14 @@
+name: draft-release
+
+on:
+  push:
+    branches:
+      - master
+
+jobs:
+  update_draft_release:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: release-drafter/release-drafter@v5.11.0
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/maven-build.yml

@@ -1,22 +0,0 @@
-# This workflow will build a Java project with Maven
-# For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-maven
-
-name: Java CI with Maven
-
-on:
-  push:
-    branches: '*'
-  pull_request:
-    branches: '*'
-
-jobs:
-  build:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v2
-    - name: Set up JDK 1.8
-      uses: actions/setup-java@v1
-      with:
-        java-version: 1.8
-    - name: Build with Maven
-      run: mvn -B package --file pom.xml

.github/workflows/sonatype-deploy.yml

@@ -1,24 +0,0 @@
-name: Deploy to Sonatype Nexus
-
-on:
-  release:
-    types: [created]
-
-jobs:
-  deploy:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v2
-    - name: Set up JDK 1.8
-      uses: actions/setup-java@v1
-      with:
-        java-version: 1.8
-    - name: Build with Maven
-      run: mvn -B package
-    - name: Nexus Repo Publish
-      run: sh .github/deploy.sh
-      env:
-        NEXUS_USERNAME: ${{ secrets.NEXUS_USERNAME }}
-        NEXUS_PASSWORD: ${{ secrets.NEXUS_PASSWORD }}
-        GPG_KEYNAME: ${{ secrets.GPG_KEYNAME }}
-        GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}