Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

(v2.2.x) Test artifacts signature in CI #737

Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
85 changes: 85 additions & 0 deletions .github/workflows/build.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -46,3 +46,88 @@ jobs:
run: mvn -version
- name: Build & Test
run: mvn -B -Prun-its clean verify
javadocs:
name: Javadocs
strategy:
fail-fast: false
matrix:
os:
- ubuntu-latest
java:
- 11
maven:
- 3.9.6
runs-on: ${{ matrix.os }}
steps:
- uses: s4u/[email protected]
with:
java-distribution: 'temurin'
java-version: ${{ matrix.java }}
maven-version: ${{ matrix.maven }}
- name: Build & Test
run: mvn -B clean javadoc:jar
signature:
name: Sign artifacts
environment: test
env:
ARTIFACTS_DIR: target/artifacts
GPG_KEYNAME: AD1FC1D8A84C23D92DC1377D519F6A9DA113C4F3
GPG_PASSPHRASE: 1234567890
GPG_PRIVATE_KEY: |
-----BEGIN PGP PRIVATE KEY BLOCK-----

lIYEZZNGnRYJKwYBBAHaRw8BAQdACk2kGg4AXHMDO4yyfUgVoxNkdgwH5JeU4RKC
oWiJ8T7+BwMCsLucYGxSgqf/wrrRjmsWthIvcmSGikVBbmURXvygOSEAVvM6/dqW
exlh52f1W38SeQV1lteQjNUP5qc+F7y4eD8wqQQ3MRf6C3lTciMHr7RAYXNjaWlk
b2N0b3ItbWF2ZW4tcGx1Z2luIHRlc3RpbmcgPGFzY2lpZG9jdG9yLXRlc3RpbmdA
ZmFrZS5tYWlsPoiZBBMWCgBBFiEErR/B2KhMI9ktwTd9UZ9qnaETxPMFAmWTRp0C
GwMFCQWjmoAFCwkIBwICIgIGFQoJCAsCBBYCAwECHgcCF4AACgkQUZ9qnaETxPPJ
BgD/Zrvgxa74ectHRj+lOF1Tc+u47B5RraAbGsDRcVRzYJABALWXYMywNLObobpU
pvNBnCyBYWwrW/+o1D3FI6aDzhgBnIsEZZNGnRIKKwYBBAGXVQEFAQEHQLdLXbH0
Q6wiP0b/QF+gJfXDNcJCWu4yAYO3WrdhyddmAwEIB/4HAwI8l2WaMrWsVP9cRuJg
ifCy3/n6Sk2DSC4028DJRCFx99oQx85dwDysmLMCccL/Od/X5RR9X4c9mCP9ZI2V
i9Fp7zcNKGCy7TafFoS2w5RTiH4EGBYKACYWIQStH8HYqEwj2S3BN31Rn2qdoRPE
8wUCZZNGnQIbDAUJBaOagAAKCRBRn2qdoRPE86XrAPwPakum1coasOY7U2mNbky3
X1Exlurk0IMFiW/GJkNcjgD+PkU7pXgRSy2YEl7ZWswheLvlQQT0PsyNSfkWS201
/ww=
=BCbM
-----END PGP PRIVATE KEY BLOCK-----
strategy:
fail-fast: false
matrix:
os:
- ubuntu-latest
java:
- 11
maven:
- 3.9.6
runs-on: ${{ matrix.os }}
steps:
- name: debug
run: |
echo "${{ env.GPG_KEYNAME }}"
echo "${{ env.GPG_PASSPHRASE }}"
echo "${{ env.GPG_PRIVATE_KEY }}"
- name: Prepare key
run: echo -e "${{ env.GPG_PRIVATE_KEY }}" | gpg --import --batch
- name: List kys
run: gpg --list-keys
- uses: s4u/[email protected]
with:
java-distribution: 'temurin'
java-version: ${{ matrix.java }}
maven-version: ${{ matrix.maven }}
- name: Build & Test
run: mvn -B clean install -Prelease -DskipTests
- name: Collect artifacts
run: |
mkdir -p $ARTIFACTS_DIR
cp -r $HOME/.m2/repository/org/asciidoctor/asciidoctor-maven-* $ARTIFACTS_DIR
cp -r $HOME/.m2/repository/org/asciidoctor/*-doxia-module $ARTIFACTS_DIR
- name: Verify JAR signatures
run: find $ARTIFACTS_DIR -type f -name "*.jar" -exec gpg --verify "{}.asc" \;
- name: Upload artifacts
uses: actions/upload-artifact@v4
with:
name: signed-artifacts
path: ${{ env.ARTIFACTS_DIR }}
16 changes: 9 additions & 7 deletions pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -371,11 +371,13 @@
<profiles>
<profile>
<!--
To release to bintray, add your credentials to ~/.m2/settings.xml and run:

$ mvn deploy
-->
<id>release-profile</id>
To release, define environment variables:
export GPG_KEYNAME=""
export GPG_PASSPHRASE=""
Then, run
$ mvn deploy
-->
<id>release</id>
<build>
<plugins>
<plugin>
Expand Down Expand Up @@ -410,8 +412,8 @@
<artifactId>maven-gpg-plugin</artifactId>
<configuration>
<executable>gpg2</executable>
<keyname>${gpg.keyname}</keyname>
<passphrase>${gpg.passphrase}</passphrase>
<keyname>${env.GPG_KEYNAME}</keyname>
<passphrase>${env.GPG_PASSPHRASE}</passphrase>
<gpgArguments>
<arg>--pinentry-mode</arg>
<arg>loopback</arg>
Expand Down