This documentation provides an overview of the Maven Publish GitHub Action, including its purpose, usage, and setup.
The Maven Publish action automates the process of signing and deploying artifacts to a Maven repository (e.g., Maven Central) using a specified pom.xml file. It supports configurable Maven commands and secure GPG signing.
This workflow is designed to be triggered via a workflow_call event, allowing it to be reused in other workflows with the required and optional inputs.
The workflow accepts the following inputs:
| Input Name | Type | Required | Default | Description |
|---|---|---|---|---|
maven_command |
string | false | --batch-mode deploy |
Maven command to execute for the build and deployment. |
java_version |
string | false | 21 |
Version of Java to set up for the Maven build. |
server_id |
string | false | central |
Server ID for Maven deployment. |
revision |
string | true | The revision tag for the code to publish. |
The following secrets are required for secure Maven publishing:
| Secret Name | Required | Description |
|---|---|---|
maven_username |
true | Username for the Maven repository. |
maven_password |
true | Password for the Maven repository. |
maven_gpg_private_key |
true | GPG private key for signing artifacts. |
maven_gpg_passphrase |
true | Passphrase for the GPG private key. |
Runs on ubuntu-latest and consists of the following steps:
- Checks out the repository code at the specified revision.
uses: actions/checkout@v4
with:
ref: v${{ inputs.revision }}
fetch-depth: 0- Caches the
.m2directory to speed up Maven builds.
uses: actions/cache@v3
with:
path: ~/.m2
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
restore-keys: |
${{ runner.os }}-maven-- Sets up the Java environment and configures Maven settings for deployment.
uses: actions/setup-java@v4
with:
java-version: ${{ inputs.java_version }}
distribution: 'temurin'
server-id: ${{ inputs.server_id }}
server-username: MAVEN_USERNAME
server-password: MAVEN_PASSWORD
gpg-private-key: ${{ secrets.maven_gpg_private_key }}
gpg-passphrase: MAVEN_GPG_PASSPHRASE- Displays the
settings.xmlto confirm proper configuration.
run: cat ~/.m2/settings.xml- Executes the Maven command to sign and deploy artifacts.
run: mvn ${{ inputs.maven_command }}
env:
MAVEN_USERNAME: ${{ secrets.maven_username }}
MAVEN_PASSWORD: ${{ secrets.maven_password }}
MAVEN_GPG_PASSPHRASE: ${{ secrets.maven_gpg_passphrase }}Below is an example of how to call this workflow from another workflow:
name: Call Maven Publish
on:
push:
branches:
- main
jobs:
call-maven-publish:
uses: Netcracker/qubership-workflow-hub/.github/workflows/maven-publish.yml
with:
maven_command: "clean deploy"
java_version: "17"
server_id: "my-repo"
revision: "1.0.0"
secrets:
maven_username: ${{ secrets.MAVEN_USERNAME }}
maven_password: ${{ secrets.MAVEN_PASSWORD }}
maven_gpg_private_key: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }}
maven_gpg_passphrase: ${{ secrets.MAVEN_GPG_PASSPHRASE }}- Ensure the GPG private key is properly configured and matches the artifacts being signed.
- If using a different Maven repository (e.g., a private Nexus), update
server_idand credentials accordingly. - Modify
fetch-depthto suit your versioning and build requirements.
- GPG Signing Issues: Verify that the GPG private key and passphrase match and are correctly configured.
- Maven Deployment Failures: Check
settings.xmlfor correct credentials and server configuration. - Cache Not Restored: Ensure the
pom.xmlfile paths are correctly specified in the cache key.