diff --git a/.github/workflows/build-integrationtest.yaml b/.github/workflows/build-integrationtest.yaml index f544607..9de37c9 100644 --- a/.github/workflows/build-integrationtest.yaml +++ b/.github/workflows/build-integrationtest.yaml @@ -65,8 +65,8 @@ jobs: path: jwt-github jwtGithubAudience: https://github.com/${{ github.repository_owner }} exportToken: true - secrets: secret/data/tools/githubactions RE_BOT_PACKAGES_READ_ONLY_CLASSIC_USER | GITHUB_USER ; - secret/data/tools/githubactions RE_BOT_PACKAGES_READ_ONLY_CLASSIC_TOKEN | GITHUB_TOKEN ; + secrets: secret/data/tools/githubactions RE_BOT_PACKAGES_READ_ONLY_CLASSIC_USER | PACKAGES_READ_USER ; + secret/data/tools/githubactions RE_BOT_PACKAGES_READ_ONLY_CLASSIC_TOKEN | PACKAGES_READ_TOKEN ; - name: Warn of Vault Login Failure if: steps.secrets.outcome != 'success' @@ -97,6 +97,9 @@ jobs: echo "GITHUB_PACKAGES_DEPLOY=$GITHUB_PACKAGES_DEPLOY" >> $GITHUB_ENV - name: Static Code Analysis + env: + PACKAGES_READ_USER: ${{ steps.secrets.outputs.PACKAGES_READ_USER }} + PACKAGES_READ_TOKEN: ${{ steps.secrets.outputs.PACKAGES_READ_TOKEN }} run: mvn -B compile process-classes pmd:aggregate-pmd-check spotbugs:check --settings "${GITHUB_WORKSPACE}/maven/settings.xml" - name: Unit/Integration Tests JDK 8 (zulu) @@ -109,6 +112,9 @@ jobs: run: docker info - name: Run Unit/Integration Tests + env: + PACKAGES_READ_USER: ${{ steps.secrets.outputs.PACKAGES_READ_USER }} + PACKAGES_READ_TOKEN: ${{ steps.secrets.outputs.PACKAGES_READ_TOKEN }} run: >- mvn -B clean jacoco:report -Dit.test=SolaceSparkIntegrationTestSuite verify --settings "${GITHUB_WORKSPACE}/maven/settings.xml" diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 0aff82d..bbbfd48 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -53,8 +53,8 @@ jobs: jwtGithubAudience: https://github.com/${{ github.repository_owner }} exportToken: true secrets: - secret/data/tools/githubactions RE_BOT_PACKAGES_READ_WRITE_CLASSIC_USER | GITHUB_USER ; - secret/data/tools/githubactions RE_BOT_PACKAGES_READ_WRITE_CLASSIC_TOKEN | GITHUB_TOKEN ; + secret/data/tools/githubactions RE_BOT_PACKAGES_READ_ONLY_CLASSIC_USER | PACKAGES_READ_USER ; + secret/data/tools/githubactions RE_BOT_PACKAGES_READ_ONLY_CLASSIC_TOKEN | PACKAGES_READ_TOKEN ; secret/data/tools/githubactions MAVEN_GPG_KEY_PASSPHRASE | MAVEN_GPG_KEY_PASSPHRASE ; secret/data/tools/githubactions MAVEN_GPG_KEY | MAVEN_GPG_KEY ; secret/data/tools/githubactions MAVEN_USERNAME | MAVEN_USERNAME ; @@ -128,12 +128,16 @@ jobs: - name: Deploy Artifacts (GH Packages) env: + PACKAGES_READ_USER: ${{ steps.secrets.outputs.PACKAGES_READ_USER }} + PACKAGES_READ_TOKEN: ${{ steps.secrets.outputs.PACKAGES_READ_TOKEN }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: >- mvn deploy -B -DreleaseTarget=github -s maven/settings.xml $SKIP_FLAGS_ALL_TESTS - name: Deploy Artifacts (Maven Central) env: + PACKAGES_READ_USER: ${{ steps.secrets.outputs.PACKAGES_READ_USER }} + PACKAGES_READ_TOKEN: ${{ steps.secrets.outputs.PACKAGES_READ_TOKEN }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: >- mvn deploy -B -DreleaseTarget=central -s maven/settings.xml $SKIP_FLAGS_ALL_TESTS diff --git a/maven/settings.xml b/maven/settings.xml index ad18810..eac0c31 100644 --- a/maven/settings.xml +++ b/maven/settings.xml @@ -36,8 +36,8 @@ github-solacedev - ${env.GITHUB_USER} - ${env.GITHUB_TOKEN} + ${env.PACKAGES_READ_USER} + ${env.PACKAGES_READ_TOKEN} github