开源软件名称(OpenSource Name):qcastel/github-actions-maven-release开源软件地址(OpenSource Url):https://github.com/qcastel/github-actions-maven-release开源编程语言(OpenSource Language):Shell 57.2%开源软件介绍(OpenSource Introduction):github action maven releaseThe GitHub Action for Maven releases wraps the Maven CLI to enable Maven release. For example, you can use this action for auto-incrementing your project version and release your java artifacts. This github action is bot friendly: You can configure the credentials of a bot user, which would be used during the incremental commit. The commits by the bot can also be signed, giving you the guaranty that only the bot can release in your repo. Additionally, this give you a clean git history by highlighting nicely which commits where resulting from your CI. Supporting this github actionSupport this github action by staring this project. Surprisingly, it seems to be the only way for the github market place to highlight popular github actions. Sample repositoryWe created a sample repository that will show you an example of how this github action can be used for releasing a Java application: https://github.com/qcastel/github-actions-maven-release-sample FeaturesObviously, this github actions uses maven release plugin. Although, we did add on top a few features that you may like. Maven release uses Git behind it, therefore there were a few features related in customising the git configuration:
You may want to configure a bit maven too. We added the following features:
For the maven releases, we got also some dedicated functionalities:
UsageSetup your pom.xml for maven releaseBefore you even begin setting up this github action, you would need to set up your pom.xml first to be ready for maven releases. We recommend you to refer to the maven release plugin documentation for more details: https://maven.apache.org/maven-release/maven-release-plugin/ Nevertheless, we will give you some essential setups Configure the SCMYou got two choices here:
<scm>
<connection>scm:git:${project.scm.url}</connection>
<developerConnection>scm:git:${project.scm.url}</developerConnection>
<url>git@github.com:idhub-io/idhub-api.git</url>
<tag>HEAD</tag>
</scm>
<scm>
<connection>scm:git:${project.scm.url}</connection>
<developerConnection>scm:git:${project.scm.url}</developerConnection>
<url>https://github.com/YOUR_REPO.git</url>
<tag>HEAD</tag>
</scm> In the case of SSH, it will use the Note: SSH is more elegant and usually the easiest one to setup due to the large amount of documents online on this subject. maven release pluginAdd the maven release plugin dependency to your project <plugin>
<artifactId>maven-release-plugin</artifactId>
<version>XXX</version>
<configuration>
<scmCommentPrefix>[ci skip]</scmCommentPrefix>
</configuration>
</plugin> Personally, I usually the prefix Setup the maven release github actionsChoose your version of this github actionIf it's your first time using a github action, I invite you having a quick read to the github official recommendations: https://docs.github.com/en/free-pro-team@latest/actions/learn-github-actions/security-hardening-for-github-actions#using-third-party-actions It's important you understand how the versioning work and the risk/compromise of using master/tags/commit hash If you are adventurous and like to be always on top of this github action, you can use the reference master :
If you are more reserve, you can use a tag instead. You can find the list of the tags for this github action here: https://github.com/qcastel/github-actions-maven-release/tags To use a tag:
If you are concerned about the security of this github action, you can also move to a commit hash:
Basic setupFor a simple repo with not much protection and private dependency, you can do: env:
JAVA_HOME: /usr/lib/jvm/java-17-openjdk/
with:
ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }} You will need to follow the Setup with SSHAlthough you may found better to use a SSH key instead. For this, generate an SSH key with the method of your choice, or use an existing one. Personally, I like generating an SSH inside a temporary docker image and configure it as a deploy key in my repository: docker run -it qcastel/maven-release:latest bash ssh-keygen -b 2048 -t rsa -f /tmp/sshkey -q -N ""
export SSH_PRIVATE_KEY=$(base64 /tmp/sshkey)
export SSH_PUBLIC_KEY=$(cat /tmp/sshkey.pub)
echo -n "Copy the following SSH private key and add it to your repo secrets under the name 'SSH_PRIVATE_KEY':"
echo $SSH_PRIVATE_KEY
echo "Copy the encoded SSH public key and add it as one of your repo deploy keys with write access:"
echo $SSH_PUBLIC_KEY
exit Copy Copy Finally, setup the github action with: with:
ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }} If you want to set up a passphrase for your key: with:
ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }}
ssh-passphrase: ${{ secrets.SSH_PASSPHRASE }} SSH known hostsThe current github actions support by default the following known hosts:
Although you may want to additional one, using the following properties: with:
ssh-extra-known-host: "my-awesome-private-git-host.com" log TimestampIt can be quite difficult to troubleshoot any performance issue on your CI, due to the lack of timestamp from maven by default. An example of it particular handy, is when you private maven repository is having performance issue that is affecting your CI. We added the timestamp by default, you don't need to do anything particular to enable this feature. The logs should look like:
Maven optionsAdding maven argumentsYou can add some maven arguments, which is handy for skipping tests: with:
maven-args: "-Dmaven.javadoc.skip=true -DskipTests -DskipITs -Ddockerfile.skip -DdockerCompose.skip" Adding maven optionsYou can add some maven options. At the difference of the maven arguments, those one are explicitly for the maven release plugin. See https://maven.apache.org/maven-release/maven-release-plugin/prepare-mojo.html. with:
maven-options: "-DbranchName=hotfix" JDK versionThe default JDK version is JDK 17. Although you may want to compile your project with a specific JDK version. You will need to specify the JAVA_HOME variable with the according value. If you need a specific jdk version that is not in the list, please raise an issue in this github action to request it. JDK 8env:
JAVA_HOME: /usr/lib/jvm/java-1.8-openjdk/ JDK 11env:
JAVA_HOME: /usr/lib/jvm/java-11-openjdk/ JDK 14env:
JAVA_HOME: /usr/lib/jvm/java-14-openjdk/ JDK 15env:
JAVA_HOME: /usr/lib/jvm/java-15-openjdk/ JDK 16env:
JAVA_HOME: /usr/lib/jvm/java-16-openjdk/ JDK 17env:
JAVA_HOME: /usr/lib/jvm/java-17-openjdk/ Customise the bot nameYou can simply customise the bot name as follows: with:
git-release-bot-name: "release-bot"
git-release-bot-email: "release-bot@example.com" Customise the default branchYou may not want to release from your master branch, which is currently the default branch setup by this github action. You can customise the branch name you want to release on, here with:
release-branch-name: "release"
Skipping performIf for a reason, you need to skip the maven release perfom, you can disable it as follow: with:
skip-perform: true Increase major, minor or patch versionFor major version increment1.0.0-SNAPSHOT -> 2.0.0-SNAPSHOT with:
version-major: true For minor version increment1.0.0-SNAPSHOT -> 1.2.0-SNAPSHOT with:
version-minor: true For patch version incrementAs the patch version is the default version number increased, you don't need to specify any additional properties. Although if you prefer to be explicit, you can use the following option: 1.0.0-SNAPSHOT -> 1.0.1-SNAPSHOT with:
version-patch: true Customize versiondevelopment versionYou may want to fully customize the development version number. This option will allow you to fully take control on the version number format. For Example, you could decide to only have a 2 part version number like with:
maven-development-version-number: ${parsedVersion.majorVersion}.\${parsedVersion.nextMinorVersion}-SNAPSHOT Release versionYou may want to fully customize the release version number. This option will allow you to fully take control on the version number format. For Example, you could decide to only have a trailing 0 for releases like with:
maven-release-version-number: ${parsedVersion.majorVersion}.\${parsedVersion.minorVersion}.0 Customise the M2 folder pathIt's quite common for setting up a caching of your dependencies, that you will be interested to customise the .m2 localisation folder. with:
m2-home-folder: '/your-custom-path/.m2' Setup a GPG keyIf you want to set up a GPG key, you can do it by injecting your key via the secrets: Note: with:
gpg-enabled: "true"
gpg-key-id: ${{ secrets.GITHUB_GPG_KEY_ID }}
gpg-key: ${{ secrets.GITHUB_GPG_KEY }} In case you want to skip the GPG step, you can set <plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-gpg-plugin</artifactId>
<version>1.6</version>
<configuration>
<skip>true</skip>
</configuration>
</plugin> Setup private maven server repositoriesIf you got a private maven repo to set up in the settings.xml, you can do: Note: we recommend putting those values in your repo secrets. with:
maven-servers: ${{ secrets.MVN_REPO_SERVERS }} Github actions currently don't support arrays input format.
This is why we choose to request the secret [
{
"id": "serverId1",
"username": "username",
"password": "password1",
"privateKey": "privatekey1",
"passphrase": "passphrase1"
},
{
"id": "serverId2",
"username": "username2",
"password": "password2"
}
] You will need to put the JSON in one line: MVN_REPO_SERVERS='[{"id": "serverId1", "username": "username", "password": "password1", "privateKey": "privatekey1", "passphrase": "passphrase1"}, {"id": "serverId2", "username": "username2", "password": "password2"}]' Setup a docker registryIf you got a private maven repo to set up in the settings.xml, you can do: Note: we recommend putting those values in your repo secrets. with:
docker-registry-id: your-docker-registry-id
docker-registry-username: ${{ secrets.DOCKER_REGISTRY_USERNAME }}
docker-registry-password: ${{ secrets.DOCKER_REGISTRY_PASSWORD }} Note: For docker hub, this would look like: with:
docker-registry-id: registry.hub.docker.com
docker-registry-username: ${{ secrets.DOCKER_HUB_USERNAME }}
docker-registry-password: ${{ secrets.DOCKER_HUB_PASSWORD }} Configure your maven projectYou may also be in the case where you got more than one maven projects inside the repo. We added an option that will make the release job move to the according directly before running the release: with:
maven-project-folder: "sub-folder/" Setup the bot gpg keySetting up a gpg key for your bot is a good security feature. This way, you can enforce sign commits in your repo, even for your release bot.
This github action needs the key ID and the key base64 encoded. with:
gpg-enabled: true
gpg-key-id: ${{ secrets.GPG_KEY_ID }}
gpg-key: ${{ secrets.GPG_KEY }} If you want to set up a passphrase: with:
gpg-enabled: true
gpg-key-id: ${{ secrets.GPG_KEY_ID }}
gpg-key: ${{ secrets.GPG_KEY }}
gpg-passphrase: ${{ secrets.GPG_PASSPHRASE }} Generate the keyf you like how we created a SSH key pair, here is the same idea using a docker image to generate a GPG key: docker run -it qcastel/maven-release:latest bash cat >genkey-batch <<EOF
%no-protection
Key-Type: default
Subkey-Type: default
Name-Real: bot
Name-Email: bot@idhub.io
Expire-Date: 0
EOF
gpg --batch --gen-key genkey-batch Note: Don't exit the docker container as we are not done yet. Get the KIDYou can get the key ID doing the following: 全部评论
专题导读
上一篇:joinfaces/joinfaces-maven-war-example: JoinFaces Maven War Example发布时间:2022-08-17下一篇:bazaarvoice/s3-upload-maven-plugin: Allows you to upload a file to S3 from maven发布时间:2022-08-17热门推荐
热门话题
阅读排行榜
|
请发表评论