ci: add GitHub Actions

TomiBelan · TomiBelan · commit 0e3f3977fba0 · 2024-11-24T16:17:53.000+01:00
diff --git a/.github/workflows/build-snapshot.yml b/.github/workflows/build-snapshot.yml
@@ -0,0 +1,32 @@
+name: Build a snapshot
+
+on:
+  push:
+    branches:
+      - '**'
+  pull_request:
+    branches:
+      - '**'
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v4
+    - name: Set up JDK 17
+      uses: actions/setup-java@v4
+      with:
+        java-version: '17'
+        distribution: 'temurin'
+        cache: maven
+    - name: Generate single-use GPG key
+      run: |
+        name="Andrvotr single-use key for $GITHUB_REF $GITHUB_SHA $(date +%s)"
+        gpg --yes --batch --pinentry-mode loopback --passphrase "" --quick-generate-key "$name" default default never
+    - name: Build with Maven
+      run: |
+        MAVEN_GPG_PUBLIC_KEY="$(gpg --export --armor)" mvn -B verify
+    - uses: actions/upload-artifact@v4
+      with:
+        path: andrvotr-dist/target/*SNAPSHOT.tar.gz*
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -0,0 +1,39 @@
+name: Release
+
+permissions:
+  contents: write
+  id-token: write
+  attestations: write
+
+on:
+  push:
+    tags:
+      - '**[0-9]+.[0-9]+.[0-9]+*'
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+
+    env:
+      GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      MAVEN_GPG_KEY: ${{ secrets.MAVEN_GPG_KEY }}
+      MAVEN_GPG_PUBLIC_KEY: ${{ secrets.MAVEN_GPG_PUBLIC_KEY }}
+
+    steps:
+    - uses: actions/checkout@v4
+    - name: Set up JDK 17
+      uses: actions/setup-java@v4
+      with:
+        java-version: '17'
+        distribution: 'temurin'
+        cache: maven
+    - name: Build with Maven
+      run: mvn -B -Dgpg.signer=bc verify
+    - name: Attest
+      uses: actions/attest-build-provenance@v1
+      with:
+        subject-path: andrvotr-dist/target/*.tar.gz*
+    - name: Release
+      run: |
+        title="Andrvotr $GITHUB_REF_NAME (for IdP 5.x)"
+        gh release create "$GITHUB_REF_NAME" --title "$title" --verify-tag andrvotr-dist/target/*.tar.gz*
