From 211953119b76d26816b3337811b3d280d5e936f0 Mon Sep 17 00:00:00 2001
From: Nate Harris <nwithan8@users.noreply.github.com>
Date: Mon, 29 Jul 2024 16:15:33 -0600
Subject: [PATCH 1/2] - Set up Actions-based release process

---
 .github/workflows/publish.yml | 63 +++++++++++++++++++++++++++++++++++
 pom.xml                       |  7 ++++
 2 files changed, 70 insertions(+)
 create mode 100644 .github/workflows/publish.yml

diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
new file mode 100644
index 000000000..8d2b0e2b3
--- /dev/null
+++ b/.github/workflows/publish.yml
@@ -0,0 +1,63 @@
+# This workflow will build a Java project with Maven and publish it to Maven Central Repository
+# ref: https://github.com/actions/setup-java/blob/v3.11.0/docs/advanced-usage.md#Publishing-using-Apache-Maven
+
+# Secrets required:
+# - MAVEN_USERNAME: Username for Maven Central Repository
+# - MAVEN_CENTRAL_TOKEN: Token/password for Maven Central Repository
+# - MAVEN_GPG_PRIVATE_KEY: GPG private key to sign the artifacts
+# - MAVEN_GPG_PASSPHRASE: Passphrase for the GPG private key
+
+name: Publish library to Maven Central Repository
+
+on:
+  release:
+    types: [ created ]
+    secrets:
+      MAVEN_USERNAME:
+        required: true
+      MAVEN_CENTRAL_TOKEN:
+        required: true
+      MAVEN_GPG_PRIVATE_KEY:
+        required: true
+      MAVEN_GPG_PASSPHRASE:
+        required: true
+  workflow_dispatch: ~
+
+jobs:
+  release:
+    runs-on: ubuntu-20.04
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Install JDK
+        uses: actions/setup-java@v3
+        with:
+          distribution: "zulu"
+          java-version: "22" # Always use the latest JDK
+          server-id: "ossrh"
+          server-username: MAVEN_USERNAME # env variable for username in deploy
+          server-password: MAVEN_CENTRAL_TOKEN # env variable for token in deploy
+          gpg-private-key: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }} # Value of the GPG private key to import
+          gpg-passphrase: MAVEN_GPG_PASSPHRASE # env variable for GPG private key passphrase
+
+      - name: Install dependencies
+        run: make install
+
+      - name: Build with Maven
+        run: mvn -B package --file pom.xml
+
+      - name: Publish to Apache Maven Central
+        run: mvn deploy
+        env:
+          MAVEN_USERNAME: ${{ secrets.MAVEN_USERNAME }}
+          MAVEN_CENTRAL_TOKEN: ${{ secrets.MAVEN_CENTRAL_TOKEN }}
+          MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }}
+
+      - name: Upload output files to release
+        uses: AButler/upload-release-assets@v3.0
+        with:
+          files: "target/*.jar;target/*.pom;target/*.asc"
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/pom.xml b/pom.xml
index d134b9cd7..9d40268f6 100644
--- a/pom.xml
+++ b/pom.xml
@@ -205,6 +205,13 @@
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-gpg-plugin</artifactId>
                 <version>3.1.0</version>
+                <configuration>
+                    <!-- Needed to read passphrase from settings.xml -->
+                    <gpgArguments>
+                        <arg>--pinentry-mode</arg>
+                        <arg>loopback</arg>
+                    </gpgArguments>
+                </configuration>
                 <executions>
                     <execution>
                         <id>sign-artifacts</id>

From a634645593c74ff7537f1dd5a4bb8541213b8a5b Mon Sep 17 00:00:00 2001
From: Nate Harris <nwithan8@users.noreply.github.com>
Date: Tue, 30 Jul 2024 14:16:55 -0600
Subject: [PATCH 2/2] - Use Make step rather than mvn directly for deploy

---
 .github/workflows/publish.yml | 23 +++++++++--------------
 1 file changed, 9 insertions(+), 14 deletions(-)

diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index 8d2b0e2b3..a0cebd47f 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -4,7 +4,7 @@
 # Secrets required:
 # - MAVEN_USERNAME: Username for Maven Central Repository
 # - MAVEN_CENTRAL_TOKEN: Token/password for Maven Central Repository
-# - MAVEN_GPG_PRIVATE_KEY: GPG private key to sign the artifacts
+# - MAVEN_GPG_PRIVATE_KEY: GPG private key to sign the artifacts (string)
 # - MAVEN_GPG_PASSPHRASE: Passphrase for the GPG private key
 
 name: Publish library to Maven Central Repository
@@ -38,19 +38,14 @@ jobs:
           distribution: "zulu"
           java-version: "22" # Always use the latest JDK
           server-id: "ossrh"
-          server-username: MAVEN_USERNAME # env variable for username in deploy
-          server-password: MAVEN_CENTRAL_TOKEN # env variable for token in deploy
-          gpg-private-key: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }} # Value of the GPG private key to import
-          gpg-passphrase: MAVEN_GPG_PASSPHRASE # env variable for GPG private key passphrase
-
-      - name: Install dependencies
-        run: make install
-
-      - name: Build with Maven
-        run: mvn -B package --file pom.xml
-
-      - name: Publish to Apache Maven Central
-        run: mvn deploy
+          # define environmental variable names
+          server-username: MAVEN_USERNAME
+          server-password: MAVEN_CENTRAL_TOKEN
+          gpg-passphrase: MAVEN_GPG_PASSPHRASE
+          gpg-private-key: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }}
+
+      - name: Clean, build and publish to Apache Maven Central
+        run: make publish pass=${{ secrets.MAVEN_GPG_PASSPHRASE }}
         env:
           MAVEN_USERNAME: ${{ secrets.MAVEN_USERNAME }}
           MAVEN_CENTRAL_TOKEN: ${{ secrets.MAVEN_CENTRAL_TOKEN }}