[开发] release修改 #38
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release to Maven Central (JDK 11) | |
| on: | |
| workflow_dispatch: | |
| push: | |
| tags: | |
| - 'v*' # 推送以 v 开头的 tag 触发,比如 v1.0.0 | |
| jobs: | |
| deploy: | |
| runs-on: ubuntu-latest | |
| env: | |
| MAVEN_OPTS: "-Xmx1g" | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up Temurin JDK 11 | |
| uses: actions/setup-java@v4 | |
| with: | |
| distribution: temurin | |
| java-version: '11' | |
| cache: 'maven' | |
| - name: Set up Maven 3.9.8 | |
| uses: stCarolas/setup-maven@v4 | |
| with: | |
| maven-version: '3.9.8' | |
| - name: Prepare Maven settings.xml with OSSRH token | |
| run: | | |
| mkdir -p ~/.m2 | |
| cat > ~/.m2/settings.xml << 'EOF' | |
| <settings xmlns="http://maven.apache.org/SETTINGS/1.0.0" | |
| xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | |
| xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 https://maven.apache.org/xsd/settings-1.0.0.xsd"> | |
| <servers> | |
| <server> | |
| <id>ossrh</id> | |
| <username>${env.OSSRH_TOKEN_USERNAME}</username> | |
| <password>${env.OSSRH_TOKEN_PASSWORD}</password> | |
| </server> | |
| </servers> | |
| </settings> | |
| EOF | |
| # DEBUG: 检查 settings.xml 内容(替换密码以防泄露) | |
| echo "Generated settings.xml content (sanitized):" | |
| sed 's/<password>.*<\/password>/<password>***<\/password>/' ~/.m2/settings.xml | |
| env: | |
| OSSRH_TOKEN_USERNAME: ${{ secrets.OSSRH_TOKEN_USERNAME }} | |
| OSSRH_TOKEN_PASSWORD: ${{ secrets.OSSRH_TOKEN_PASSWORD }} | |
| - name: Configure GPG Key | |
| run: | | |
| # 确保目录存在 | |
| mkdir -p ~/.gnupg | |
| chmod 700 ~/.gnupg | |
| # 写入配置 | |
| echo "allow-loopback-pinentry" >> ~/.gnupg/gpg-agent.conf | |
| # 重载 Agent | |
| gpg-connect-agent reloadagent /bye | |
| # 导入私钥 | |
| echo "${{ secrets.GPG_PRIVATE_KEY }}" | gpg --batch --import | |
| # 验证并预热(非必须,但可以提前暴露问题) | |
| echo "${{ secrets.GPG_PASSPHRASE }}" | gpg --batch --always-trust --yes --passphrase-fd 0 --pinentry-mode loopback -s -o /dev/null | |
| - name: Deploy to Central Portal | |
| run: | | |
| # 强制设置 GPG 终端环境 | |
| export GPG_TTY=$(tty) | |
| mvn -X -B -U \ | |
| -DskipTests=true \ | |
| -Dgpg.passphrase=${{ secrets.GPG_PASSPHRASE }} \ | |
| -Dgpg.pinentry-mode=loopback \ | |
| -DaltDeploymentRepository="ossrh::default::https://ossrh-staging-api.central.sonatype.com/service/local/staging/deploy/maven2/" \ | |
| clean deploy | |
| env: | |
| GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} | |
| # 如果你的 POM 未配置 distributionManagement,或想强制直传,可用下面这个步骤替代上面的 Deploy: | |
| # - name: Deploy via altDeploymentRepository | |
| # run: | | |
| # mvn -X -B -U \ | |
| # -DskipTests=true \ | |
| # -Dgpg.skip=true \ | |
| # -DaltDeploymentRepository="ossrh::default::https://s01.oss.sonatype.org/service/local/staging/deploy/maven2/" \ | |
| # clean deploy |