Add github actions config (#113)

* Add github actions config * Add JDK 13 to build matrix * Remove JDK 13 build - currently broken
2020-03-19 07:16:55 +00:00 · 2020-03-19 07:16:55 +00:00 · aaabadb3b0
commit aaabadb3b0
parent fe98c4ed41
7 changed files with 204 additions and 0 deletions
--- a/.github/GitHub-Actions.org
+++ b/.github/GitHub-Actions.org
@ -0,0 +1,41 @@
+* Deploying using Github Actions
+
+** Actions definition: workflow/sonatype-deploy.yml
+
+When a GitHub Release is created, usually from a tag, this action will trigger.
+
+Using JDK8 the software will be packaged, including running any tests.
+
+Then the Deploy script will sign the created artifacts then deploy them according to the distributionManagement configuration in the `pom.xml`.
+
+** Deploy Script
+
+Uses a signing key provided from the GitHub Actions Secrets as an environment variable to sign the artifact(s) before they are then deployed.
+
+*** Inputs
+
+**** DEPLOY_PROJECTS (optional)
+
+An optional list of modules in a multi-module project to be deployed. If this value is not specified, then all projects will be deployed.
+
+** Maven Configuration
+
+Picks up the credentials from Environment variables for authenticating both with GPG and with the target deployment server (e.g. sonatype-nexus).
+
+*** Inputs
+
+**** NEXUS_USERNAME
+
+The username for your account on the deployment server.
+
+**** NEXUS_PASSWORD
+
+The password for your account on the deployement server.
+
+**** GPG_KEYNAME
+
+The key to use when signing.
+
+**** GPG_PASSPHRASE
+
+The passphrase to unlock the key to use when signing.
--- a/.github/NOTES
+++ b/.github/NOTES
@ -0,0 +1,53 @@
+Add subkeys:
+
+????
+
+Publish:
+
+gpg --send-keys --keyserver keyserver.ubuntu.com $KEYID
+gpg --send-keys --keyserver pgp.mit.edu $KEYID
+gpg --send-keys --keyserver pool.sks-keyservers.net $KEYID
+
+Backup:
+
+gpg --export --armor pcampbell@kemitix.net > gpg-key-backup.asc
+gpg --export-secret-keys --armor pcampbell@kemitix.net >> gpg-key-backup.asc
+
+Export sub-keys:
+
+gpg --export-secret-subkeys pcampbell@kemitix.net > subkeys
+
+Remove master keys:
+
+gpg --delete-secret-key pcampbell@kemitix.net
+
+Import sub-keys and clean up:
+
+gpg --import subkeys
+
+shred --remove subkeys
+
+Delete any encryption subkeys:
+
+gpg --edit-key pcampbell@kemitix.net
+
+2
+delkey
+save
+
+Change passphrase:
+
+gpg --edit-key pcampbell@kemitix.net
+passwd
+save
+
+Export keys:
+
+gpg --export --armor pcampbell@kemitix.net > codesigning.asc
+gpg --export-secret-keys --armor pcampbell@kemitix.net >> codesigning.asc
+
+Encrypt keys:
+
+gpg --symmetric --cipher-algo AES256 codesigning.asc
+
+shred codesigning.asc
--- a/.github/codesigning.asc.gpg
+++ b/.github/codesigning.asc.gpg
--- a/.github/deploy.sh
+++ b/.github/deploy.sh
@ -0,0 +1,33 @@
+#!/usr/bin/env bash
+
+# Decrypts the signing key in .github/codesigning.asc.enc
+# Imports that key
+# Uses .github/settings.xml and the release profile to deploy
+
+echo "deploy.sh: Starting..."
+
+(
+    cd .github
+
+    echo "Retrieving GPG Private KEY"
+    gpg --quiet \
+        --batch \
+        --yes \
+        --decrypt \
+        --passphrase="${GPG_PASSPHRASE}" \
+        --output codesigning.asc \
+        codesigning.asc.gpg
+
+    echo "Loading signing key"
+    gpg --batch \
+        --fast-import codesigning.asc
+)
+
+echo "Releasing..."
+mvn --settings .github/settings.xml \
+    -Dskip-Tests=true \
+    -P release \
+    -B \
+    deploy
+
+echo "deploy.sh: Done."
--- a/.github/settings.xml
+++ b/.github/settings.xml
@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0">
+    <servers>
+        <server>
+            <id>sonatype-nexus-snapshots</id>
+            <username>${env.NEXUS_USERNAME}</username>
+            <password>${env.NEXUS_PASSWORD}</password>
+        </server>
+        <server>
+            <id>sonatype-nexus-staging</id>
+            <username>${env.NEXUS_USERNAME}</username>
+            <password>${env.NEXUS_PASSWORD}</password>
+        </server>
+    </servers>
+    <profiles>
+        <profile>
+            <id>gpg-sign</id>
+            <activation>
+                <activeByDefault>true</activeByDefault>
+            </activation>
+            <properties>
+                <gpg.executable>gpg</gpg.executable>
+                <gpg.keyname>${env.GPG_KEYNAME}</gpg.keyname>
+                <gpg.passphrase>${env.GPG_PASSPHRASE}</gpg.passphrase>
+            </properties>
+        </profile>
+    </profiles>
+</settings>
--- a/.github/workflows/maven-build.yml
+++ b/.github/workflows/maven-build.yml
@ -0,0 +1,25 @@
+# This workflow will build a Java project with Maven
+# For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-maven
+
+name: Java CI with Maven
+
+on:
+  push:
+    branches: '*'
+  pull_request:
+    branches: '*'
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        java: [ 8, 11 ]
+    steps:
+    - uses: actions/checkout@v2
+    - name: Set up JDK ${{ matrix.java }}
+      uses: actions/setup-java@v1
+      with:
+        java-version: ${{ matrix.java }}
+    - name: Build with Maven
+      run: mvn -B install
--- a/.github/workflows/sonatype-deploy.yml
+++ b/.github/workflows/sonatype-deploy.yml
@ -0,0 +1,24 @@
+name: Deploy to Sonatype Nexus
+
+on:
+  release:
+    types: [created]
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+    - name: Set up JDK 1.8
+      uses: actions/setup-java@v1
+      with:
+        java-version: 1.8
+    - name: Build with Maven
+      run: mvn -B install
+    - name: Nexus Repo Publish
+      run: sh .github/deploy.sh
+      env:
+        NEXUS_USERNAME: ${{ secrets.NEXUS_USERNAME }}
+        NEXUS_PASSWORD: ${{ secrets.NEXUS_PASSWORD }}
+        GPG_KEYNAME: ${{ secrets.GPG_KEYNAME }}
+        GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}