diff --git a/.forgejo/workflows/release.yaml b/.forgejo/workflows/release.yaml index 835fdfa..cb5e54e 100644 --- a/.forgejo/workflows/release.yaml +++ b/.forgejo/workflows/release.yaml @@ -23,6 +23,7 @@ jobs: apt update apt install -y zip mkdir -p /root/.jreleaser + mkdir -p /root/.m2 touch /root/.jreleaser/config.properties - name: maven-settings-xml-action @@ -97,7 +98,7 @@ jobs: [ "org.sonarsource.scanner.maven" ] - output_file: .m2/settings.xml + output_file: /root/.m2/settings.xml - name: Determine next version uses: https://github.com/obfu5c8/action-svu@v1 @@ -128,9 +129,9 @@ jobs: uses: https://github.com/actions/cache@v4 with: path: ~/.sdkman - key: ${{ runner.os }}-sdkman + key: ${{ runner.os }}-sdkman-${{ hashFiles('**/.sdkmanrc') }} restore-keys: | - ${{ runner.os }}-sdkman + ${{ runner.os }}-sdkman- env: ACTIONS_STEP_DEBUG: true @@ -138,9 +139,9 @@ jobs: uses: https://github.com/actions/cache@v4 with: path: ~/.m2/repository - key: ${{ runner.os }}-maven + key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} restore-keys: | - ${{ runner.os }}-maven + ${{ runner.os }}-maven- env: ACTIONS_STEP_DEBUG: true @@ -155,8 +156,6 @@ jobs: MAVEN_GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} run: | export GPG_TTY=$(tty) - git config user.name "${{ github.event.head_commit.committer.name }}" - git config user.email "${{ github.event.head_commit.committer.email }}" mvn -B --file pom.xml versions:set -DnewVersion=${{ env.NEW_VERSION }} - name: Run JReleaser (Changelog) @@ -173,13 +172,30 @@ jobs: JRELEASER_GPG_PUBLIC_KEY: ${{ secrets.GPG_PUBLIC_KEY }} JRELEASER_GPG_SECRET_KEY: ${{ secrets.GPG_PRIVATE_KEY }} + - name: Import GPG key + id: import-gpg + uses: https://github.com/crazy-max/ghaction-import-gpg@v6 + with: + gpg_private_key: ${{ secrets.RELEASEBOT_PRIVATE_KEY }} + passphrase: ${{ secrets.RELEASEBOT_PASSPHRASE }} + git_user_signingkey: true + git_commit_gpgsign: true + + - name: GPG user IDs + run: | + echo "fingerprint: ${{ steps.import-gpg.outputs.fingerprint }}" + echo "keyid: ${{ steps.import-gpg.outputs.keyid }}" + echo "name: ${{ steps.import-gpg.outputs.name }}" + echo "email: ${{ steps.import-gpg.outputs.email }}" + - name: Commit and push changes run: | - git config user.name "${{ github.event.head_commit.committer.name }}" - git config user.email "${{ github.event.head_commit.committer.email }}" + git config --global user.email "${{ steps.import-gpg.outputs.email }}" + git config --global user.name "${{ steps.import-gpg.outputs.name }}" git add pom.xml CHANGELOG.md - git commit -a -m "Release ${{ env.NEW_VERSION }}" + git commit -S -m "Release ${{ env.NEW_VERSION }}" git push + - name: Build package and populate staging area for deployment run: | mvn -B --file pom.xml package diff --git a/.forgejo/workflows/sonarqube.yaml b/.forgejo/workflows/sonarqube.yaml index 33c9019..95aab7a 100644 --- a/.forgejo/workflows/sonarqube.yaml +++ b/.forgejo/workflows/sonarqube.yaml @@ -21,6 +21,7 @@ jobs: apt update apt install -y zip mkdir -p /root/.jreleaser + mkdir -p /root/.m2 touch /root/.jreleaser/config.properties - name: Install syft @@ -101,15 +102,15 @@ jobs: [ "org.sonarsource.scanner.maven" ] - output_file: .m2/settings.xml + output_file: /root/.m2/settings.xml - name: Cache Java and Maven software uses: https://github.com/actions/cache@v4 with: path: ~/.sdkman - key: ${{ runner.os }}-sdkman + key: ${{ runner.os }}-sdkman-${{ hashFiles('**/.sdkmanrc') }} restore-keys: | - ${{ runner.os }}-sdkman + ${{ runner.os }}-sdkman- env: ACTIONS_STEP_DEBUG: true @@ -124,9 +125,9 @@ jobs: uses: https://github.com/actions/cache@v4 with: path: ~/.m2/repository - key: ${{ runner.os }}-maven + key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} restore-keys: | - ${{ runner.os }}-maven + ${{ runner.os }}-maven- env: ACTIONS_STEP_DEBUG: true