Skip to content

Commit 8ca1d1b

Browse files
filiphrfiliphr
committed
GPG Passphrase and Sonatype Access information should be given when doing the release
1 parent 8275917 commit 8ca1d1b

File tree

1 file changed

+25
-3
lines changed

1 file changed

+25
-3
lines changed

.github/workflows/release.yml

Lines changed: 25 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -9,12 +9,34 @@ on:
99
next:
1010
description: 'Next version'
1111
required: false
12+
sonatype_username:
13+
description: 'Sonatype username'
14+
required: true
15+
sonatype_token:
16+
description: 'Sonatype token'
17+
required: true
18+
gpg_passphrase:
19+
description: 'GPG Passphrase'
20+
required: true
1221

1322
jobs:
1423
release:
1524
# This job has been inspired by the moditect release (https://github.com/moditect/moditect/blob/main/.github/workflows/release.yml)
1625
runs-on: ubuntu-latest
1726
steps:
27+
# There are no password inputs in the workflow_dispatch event, so we need to mask them manually
28+
# See https://github.com/orgs/community/discussions/12764
29+
- name: Mask secrets
30+
run: |
31+
SONATYPE_USERNAME=$(jq -r '.inputs.sonatype_username' $GITHUB_EVENT_PATH)
32+
SONATYPE_TOKEN=$(jq -r '.inputs.sonatype_token' $GITHUB_EVENT_PATH)
33+
GPG_PASSPHRASE=$(jq -r '.inputs.gpg_passphrase' $GITHUB_EVENT_PATH)
34+
echo ::add-mask::$SONATYPE_USERNAME
35+
echo SONATYPE_USERNAME=$SONATYPE_USERNAME >> $GITHUB_ENV
36+
echo ::add-mask::$SONATYPE_PASSWORD
37+
echo SONATYPE_PASSWORD=$SONATYPE_PASSWORD >> $GITHUB_ENV
38+
echo ::add-mask::$GPG_PASSPHRASE
39+
echo GPG_PASSPHRASE=$GPG_PASSPHRASE >> $GITHUB_ENV
1840
- uses: actions/checkout@v4
1941
with:
2042
fetch-depth: 0
@@ -55,11 +77,11 @@ jobs:
5577
- name: Release
5678
env:
5779
JRELEASER_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
58-
JRELEASER_GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
80+
JRELEASER_GPG_PASSPHRASE: ${{ env.GPG_PASSPHRASE }}
5981
JRELEASER_GPG_PUBLIC_KEY: ${{ secrets.GPG_PUBLIC_KEY }}
6082
JRELEASER_GPG_SECRET_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
61-
JRELEASER_NEXUS2_MAVEN_CENTRAL_USERNAME: ${{ secrets.SONATYPE_USERNAME }}
62-
JRELEASER_NEXUS2_MAVEN_CENTRAL_PASSWORD: ${{ secrets.SONATYPE_PASSWORD }}
83+
JRELEASER_NEXUS2_MAVEN_CENTRAL_USERNAME: ${{ env.SONATYPE_USERNAME }}
84+
JRELEASER_NEXUS2_MAVEN_CENTRAL_PASSWORD: ${{ env.SONATYPE_PASSWORD }}
6385
run: |
6486
./mvnw -ntp -B --file pom.xml -Pjreleaser jreleaser:release
6587

0 commit comments

Comments
 (0)