diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index f0d392f7..fe251a37 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -1,23 +1,33 @@
name: Publish
on:
- workflow_run:
- workflows: ["release-please"]
- types: [completed]
+ release:
+ types: [published]
+ workflow_dispatch:
jobs:
deploy:
- if: ${{ github.event.workflow_run.conclusion == 'success' && github.event.workflow_run.head_branch == 'main' }}
+ if: ${{ github.event_name == 'release' && github.event.action == 'published' || github.event_name == 'workflow_dispatch' }}
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- - uses: actions/checkout@v5
- - uses: actions/setup-java@v4
+ - name: Checkout release tag
+ if: ${{ github.event_name == 'release' }}
+ uses: actions/checkout@v5
+ with:
+ ref: ${{ github.event.release.tag_name }}
+ - name: Checkout default branch
+ if: ${{ github.event_name != 'release' }}
+ uses: actions/checkout@v5
+ - uses: actions/setup-java@v5
with:
java-version: '21'
distribution: 'temurin'
cache: 'maven'
+ - name: Import GPG key
+ run: |
+ echo "${{ secrets.GPG_PRIVATE_KEY }}" | gpg --batch --import
- name: Configure Maven
run: |
mkdir -p ~/.m2
@@ -36,14 +46,20 @@ jobs:
${MAVEN_USERNAME}
${MAVEN_PASSWORD}
+
+ gpg.passphrase
+ ${GPG_PASSPHRASE}
+
EOF
env:
MAVEN_USERNAME: ${{ secrets.MAVEN_USERNAME }}
MAVEN_PASSWORD: ${{ secrets.MAVEN_PASSWORD }}
+ GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
- name: Publish artifacts
run: ./mvnw -q deploy
env:
MAVEN_USERNAME: ${{ secrets.MAVEN_USERNAME }}
MAVEN_PASSWORD: ${{ secrets.MAVEN_PASSWORD }}
+ GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}