Build Java Release #10

Workflow file for this run

.github/workflows/java-release.yml at a79517d

	name: Build Java Release
	on:
	push:
	tags:
	# if you change this pattern, make sure jobs.strip-tag still works
	- 'release/java/v[0-9]+.[0-9]+.[0-9]+'

	permissions: {}

	jobs:
	ci:
	permissions:
	contents: read
	uses: ./.github/workflows/java-build.yml

	strip-tag:
	runs-on: ubuntu-latest
	outputs:
	version: ${{ steps.version.outputs.version }}
	steps:
	- name: process tag
	id: version
	env:
	TAG: ${{ github.ref_name }}
	run: \|
	echo "version=${TAG#"release/java/v"}" >> $GITHUB_OUTPUT

	build:
	runs-on: ubuntu-latest
	needs: [ci, strip-tag]
	permissions:
	contents: read # to checkout code
	id-token: write # to sign with sigstore
	steps:
	- name: checkout tag
	uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
	with:
	persist-credentials: false

	- name: Set up JDK 17
	uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
	with:
	java-version: 17
	distribution: 'temurin'

	- name: Authenticate to Google Cloud
	uses: google-github-actions/auth@ba79af03959ebeac9769e648f473a284504d9193 # v2.1.10
	with:
	workload_identity_provider: projects/306323169285/locations/global/workloadIdentityPools/github-actions-pool/providers/github-actions-provider
	service_account: protobuf-specs-releaser@sigstore-secrets.iam.gserviceaccount.com

	- uses: google-github-actions/get-secretmanager-secrets@a8440875e1c2892062aef9061228d4f1af8f919b # v2.2.3
	id: secrets
	with:
	secrets: \|-
	signing_key:sigstore-secrets/sigstore-java-pgp-priv-key
	signing_password:sigstore-secrets/sigstore-java-pgp-priv-key-password
	sonatype_username:sigstore-secrets/sigstore-java-sonatype-username
	sonatype_password:sigstore-secrets/sigstore-java-sonatype-password

	- name: Build, Sign and Push to Maven Central
	# TODO: someone still needs to close and release this, but that can be automated next
	working-directory: ./java
	env:
	VERSION: ${{ needs.strip-tag.outputs.version }}
	ORG_GRADLE_PROJECT_signingKey: ${{ steps.secrets.outputs.signing_key }}
	ORG_GRADLE_PROJECT_signingPassword: ${{ steps.secrets.outputs.signing_password }}
	CENTRAL_PORTAL_USERNAME: ${{ steps.secrets.outputs.sonatype_username }}
	CENTRAL_PORTAL_PASSWORD: ${{ steps.secrets.outputs.sonatype_password }}
	run: \|
	./gradlew clean :publishAggregationToCentralPortal -Pversion=${VERSION} -Prelease

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Build Java Release #10

Workflow file

Build Java Release #10

Uh oh!

Workflow file for this run