wip actions v1

Author: TomiBelan

.github/workflows/build-snapshot.yml

@@ -0,0 +1,28 @@
+name: Build a snapshot
+
+on:
+  push:
+  pull_request:
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v4
+    - name: Set up JDK 17
+      uses: actions/setup-java@v4
+      with:
+        java-version: '17'
+        distribution: 'temurin'
+        cache: maven
+    - name: Generate single-use GPG key
+      run: |
+        name="Andrvotr single-use key for $GITHUB_REF $GITHUB_SHA $(date +%s)"
+        gpg --yes --batch --pinentry-mode loopback --passphrase "" --quick-generate-key "$name" default default never
+    - name: Build with Maven
+      run: |
+        MAVEN_GPG_PUBLIC_KEY="$(gpg --export --armor)" mvn verify
+    - uses: actions/upload-artifact@v4
+      with:
+        path: andrvotr-dist/target/*SNAPSHOT.tar.gz*

.github/workflows/release.yml

@@ -0,0 +1,40 @@
+name: Release
+
+permissions:
+  contents: write
+  id-token: write
+  attestations: write
+
+on:
+  push:
+    tags:
+      - '**[0-9]+.[0-9]+.[0-9]+*'
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+
+    env:
+      GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      MAVEN_GPG_KEY: ${{ secrets.MAVEN_GPG_KEY }}
+      MAVEN_GPG_PUBLIC_KEY: ${{ secrets.MAVEN_GPG_PUBLIC_KEY }}
+
+    steps:
+    - uses: actions/checkout@v4
+    - name: Set up JDK 17
+      uses: actions/setup-java@v4
+      with:
+        java-version: '17'
+        distribution: 'temurin'
+        cache: maven
+    - name: Build with Maven
+      run: mvn -Dgpg.signer=bc verify
+    - name: Attest
+      uses: actions/attest-build-provenance@v1
+      with:
+        subject-path: andrvotr-dist/target/*SNAPSHOT.tar.gz*
+    - name: Release
+      run: |
+        idpver="$(grep -Eom1 '<idp.version>[0-9]+' pom.xml | cut -d'>' -f2)"
+        title="Andrvotr $GITHUB_REF_NAME for IdP ${idpver}.x"
+        gh release create "$GITHUB_REF_NAME" --title "$title" --verify-tag andrvotr-dist/target/*SNAPSHOT.tar.gz*