Abstract
The core of the article is to use Gradle Integrate GitHub Actions Automated release Java Project to Maven Warehouse . The article is to publish the project to sonatype In the warehouse provided . If you need to publish automatically , Or you need to synchronize the project to Maven Central warehouse, please read it carefully .
Preparation
- Can be synchronized Maven Tickets to the central warehouse , stay Issues Sonatype Last application ;
- OpenPGP certificate , Need to synchronize to a public server ;
- One Java Project;
- GitHub.
Please refer to the section on synchronized tickets link , The article mainly describes the content of the certificate .
OpenPGP certificate
Because I use Windows The operating system uses Gpg4win Tool generates synchronization certificate . If you're using Mac perhaps Linux The operating system can use other GPG Tools such as GnuPG.
install Gpg4win
Download address Gpg4win.
Generate Certificate
$ gpg --full-generate-key
Run the above command to generate RSA Certificate .
C:\Users\admin>gpg --full-generate-key
gpg (GnuPG) 2.2.23; Copyright (C) 2020 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
... Omit the part ...
public and secret key created and signed.
pub rsa3072 2020-11-10 [SC] [expires: 2021-11-10]
449B75F00B2DA482AB8D03E8493DA88E2B89E19F
uid kk70-blog (blog) <[email protected]>
sub rsa3072 2020-11-10 [E] [expires: 2021-11-10]
Browse for certificates
have access to gpg --list-secret-keys --keyid-format SHORT
Command to query the certificate list .
C:\Users\admin>gpg --list-secret-keys --keyid-format SHORT
C:/Users/admin/AppData/Roaming/gnupg/pubring.kbx
------------------------------------------------
sec rsa3072/2B89E19F 2020-11-10 [SC] [expires: 2021-11-10]
449B75F00B2DA482AB8D03E8493DA88E2B89E19F
uid [ultimate] kk70-blog (blog) <[email protected]>
ssb rsa3072/6B7BF2DA 2020-11-10 [E] [expires: 2021-11-10]
Issue certificate
gpg --keyserver hkps.pool.sks-keyservers.net --send-keys 2B89E19F
Use gpg
Command to publish the certificate to the public server 2B89E19F
Replace with your own certificate keyid. Can be found in http://keys.gnupg.net/ Websites search for their own certificates .
Gradle Project configuration
To configure Gradle plug-in unit
plugins {
id "maven-publish"
id "signing"
}
To use Gradle Publishing depends on Maven Warehouse you need at least maven-publish
plug-in unit . If you need to publish dependencies to Maven The central warehouse also needs to use signing
The plug-in verifies the signature of the dependent file .
Gradle Publish To configure
ext {
isReleasedVersion = !project.version.endsWith("-SNAPSHOT")
}
publishing {
publications {
mavenJava(MavenPublication) {
from components.java
artifact sourcesJar
artifact javadocJar
pom {
description = "Yein Chaos Core"
scm {
connection = "scm:git:[email protected]:kevin70/chaos.git"
developerConnection = "scm:git:ssh://github.com/kevin70/chaos.git"
url = "https://github.com/kevin70/chaos"
}
}
}
}
repositories {
maven {
credentials {
username findProperty("ossrhUsername") ?: System.getenv("OSSRH_USERNAME")
password findProperty("ossrhPassword") ?: System.getenv("OSSRH_PASSWORD")
}
if (!isReleasedVersion) {
url "https://oss.sonatype.org/content/repositories/snapshots"
} else {
url "https://oss.sonatype.org/service/local/staging/deploy/maven2"
}
}
}
}
isReleasedVersion
Commit the snapshot version separately from the official version to a different Maven Warehouse ;publishing.publications.mavenJava
Dependent resources that need to be synchronized ;artifact sourcesJar
Need to release the source code jar package ;artifact javadocJar
Need to be released javadoc jar package ;pom
Customizepom.xml
The contents of the document .
publishing.repositories
Released warehouse configuration ;maven.credentials
Maven Authentication information of the warehouse ;maven.url
Maven The warehouse URL.
Gradle Singing To configure
signing {
sign publishing.publications.mavenJava
}
Will need to publish content signature https://docs.gradle.org/current/userguide/signing_plugin.html.
By default Signatory credentials Signature authentication method .
Github Actions To configure
First, in the GitHub Project > Settings > Secrets
Configure some necessary parameters in the .
All of the above parameters will be followed by GitHub Workflow Used in .
OSSRH_USERNAME
yes sonatype Login user name of ;OSSRH_PASSWORD
yes sonatype Login password for ;SIGNING_KEY_ID
yes GPG Certificate ID;SIGNING_SECRET_KEY_RING_FILE
yes GPG The secret key of the certificate is BASE64 code .
obtain SIGNING_KEY_ID
Use gpg --list-secret-keys --keyid-format SHORT
Command acquisition SIGNING_KEY_ID
.
$ gpg --list-secret-keys --keyid-format SHORT
C:\Users\admin>gpg --list-secret-keys --keyid-format SHORT
C:/Users/admin/AppData/Roaming/gnupg/pubring.kbx
------------------------------------------------
sec rsa3072/2B89E19F 2020-11-10 [SC] [expires: 2021-11-10]
449B75F00B2DA482AB8D03E8493DA88E2B89E19F
uid [ultimate] kk70-blog (blog) <[email protected]>
ssb rsa3072/6B7BF2DA 2020-11-10 [E] [expires: 2021-11-10]
among 2B89E19F
by SIGNING_KEY_ID
.
obtain SIGNING_SECRET_KEY_RING_FILE
Export the secret key to a file secring.gpg
.
$ gpg --export-secret-keys 2B89E19F > secring.gpg
To make the secret key file binary, we need to encode the content as BASE64. Because I used Windows So the following command I'm in Git Bash Running in , If you use it Mac or Linux You can also run the following commands directly .
$ base64 secring.gpg > secring.gpg.b64
Will encode the file secring.gpg.b64
The content in is set in Secrets in .
️ Because the certificate I generated does not have a password set , So there's a lack ofpassphrase
To configure , If your certificate has a password, it needs to be addedpassphrase
Configuration of .
GitHub Secrets Setup completed , Next write GitHub Action Workflow.
GitHub Action Workflow
name: Chaos CI with Gradle
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/[email protected]
# function JDK To configure
- name: Set up JDK 11
uses: actions/[email protected]
with:
java-version: 11
# Gradle Cache configuration
- name: Cache Gradle packages
uses: actions/[email protected]
with:
path: ~/.gradle/caches
key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle') }}
restore-keys: ${{ runner.os }}-gradle
# to gradlew Document Authorization
- name: Grant execute permission for gradlew
run: chmod +x gradlew
# Build the project
- name: Build with Gradle
run: ./gradlew build
# Decode the secret key and place the file ~/.gradle/secring.gpg
- name: Decode
run: |
echo "${{secrets.SIGNING_SECRET_KEY_RING_FILE}}" > ~/.gradle/secring.gpg.b64
base64 -d ~/.gradle/secring.gpg.b64 > ~/.gradle/secring.gpg
# Publish the project
- name: Publish
run: ./gradlew publish -Psigning.keyId=${{secrets.SIGNING_KEY_ID}} -Psigning.password= -Psigning.secretKeyRingFile=$(echo ~/.gradle/secring.gpg)
env:
OSSRH_USERNAME: ${{secrets.OSSRH_USERNAME}}
OSSRH_PASSWORD: ${{secrets.OSSRH_PASSWORD}}
When the task is finished, go to Maven Confirm whether the release has been successful in the warehouse .