diff --git a/.github/workflows/publish-maven.yaml b/.github/workflows/publish-maven.yaml new file mode 100644 index 00000000..99ef3cd0 --- /dev/null +++ b/.github/workflows/publish-maven.yaml @@ -0,0 +1,106 @@ +################################################################################ +# Copyright (c) 2021,2023 Contributors to the Eclipse Foundation +# +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0. +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# SPDX-License-Identifier: Apache-2.0 +################################################################################ +--- +name: Publish + +on: + workflow_dispatch: + inputs: + releaseVersion: + description: The version you want to release + required: true + type: string + developmentVersion: + description: The development version to assign after the release + required: true + type: string + auto_release: + description: A switch for automatic release after closing the staging repository + required: false + type: boolean + default: false + # only committers can trigger this +jobs: + publish-maven: + runs-on: ubuntu-latest + steps: + - name: Checkout branch + uses: actions/checkout@v2 + + - name: Set up JDK 17 + uses: actions/setup-java@v1 + with: + java-version: 17 + distribution: temurin + + - name: Import GPG Key + uses: crazy-max/ghaction-import-gpg@v5.0.0 + with: + gpg_private_key: ${{ secrets.ORG_GPG_PRIVATE_KEY }} + passphrase: ${{ secrets.ORG_GPG_PASSPHRASE }} + + # Environment variables used in settings.xml and pom.xml + - name: Publish to Maven + env: + MAVEN_USERNAME: ${{ secrets.ORG_OSSRH_USERNAME }} + MAVEN_PASSWORD: ${{ secrets.ORG_OSSRH_PASSWORD }} + AUTO_RELEASE_AFTER_CLOSE: ${{ inputs.auto_release }} + # command summary + # -B/--batch-mode: only display progress and errors + # -U: update snapshot-releases + # -Pci-cd: apply the ci-cd profile (in pom.xml) + # release:prepare (comes from maven-release-plugin) + # release:perform (comes from maven-release-plugin) + # javadoc:jar: checks documentation strings + # source:jar: creates a --source.jar + # -s settings.xml: use custom settings file + # -D gpg.passphrase: a system property used by the build process for signing + # -D releaseVersion: set the version you're releasing (will also tag using this) + # -D developmentVersion: set the next dev version + run: |- + echo "Publishing using version: ${{ inputs.version }}" + ./mvnw -B -U \ + -Pci-cd \ + release:prepare \ + release:perform \ + javadoc:jar \ + source:jar \ + -s settings.xml \ + -D gpg.passphrase=${{ secrets.ORG_GPG_PASSPHRASE }} \ + -D releaseVersion=${{ inputs.releaseVersion }} \ + -D developmentVersion=${{ inputs.developmentVersion }} \ + deploy + + # artifact_name is cx-ssi-lib and the version should be the *-SNAPSHOT + # In the next step we'll use the releaseVersion to finalize the upload + - name: Get generated artifact name + run: |- + echo "artifact_name=$(mvn org.apache.maven.plugins:maven-help-plugin:3.2.0:evaluate -Dexpression=project.artifactId -q -DforceStdout)" >> "$GITHUB_ENV" + echo "artifact_version=$(mvn org.apache.maven.plugins:maven-help-plugin:3.2.0:evaluate -Dexpression=project.version -q -DforceStdout)" >> "$GITHUB_ENV" + + # Use the generated name to supply the input 'path' for the upload, + # but upload the final + # Example: + # input: cx-ssi-lib-0.0.1-SNAPSHOT.jar + # output: cx-ssi-lib-0.0.1.jar + - name: Upload Artifact + uses: actions/upload-artifact@v3 + with: + name: ${{ env.artifact_name }}-${{ inputs.releaseVersion }} + path: ./target/${{ env.artifact_name }}-${{ env.artifact_version }}.jar diff --git a/CHANGELOG.md b/CHANGELOG.md index e6c959a7..b98c227a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -14,6 +14,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### Added +- Maven Publish Workflow using a manual trigger - JSON-LD validation is now performed during linked data validation. - Caching for remote resources has been implemented, with fixed duration of 1 day. - Add INSTALL.md instructions including Maven and Gradle setup. diff --git a/DEPENDENCIES b/DEPENDENCIES index cde7f28c..3977d83c 100644 --- a/DEPENDENCIES +++ b/DEPENDENCIES @@ -35,7 +35,7 @@ maven/mavencentral/org.apache.commons/commons-lang3/3.12.0, Apache-2.0, approved maven/mavencentral/org.apache.httpcomponents/httpclient/4.5.14, Apache-2.0 AND LicenseRef-Public-Domain, approved, CQ23527 maven/mavencentral/org.apache.httpcomponents/httpcore/4.4.16, Apache-2.0, approved, CQ23528 maven/mavencentral/org.bouncycastle/bcprov-jdk15on/1.70, MIT, approved, #1712 -maven/mavencentral/org.checkerframework/checker-compat-qual/2.5.5, MIT, approved, clearlydefined +maven/mavencentral/org.checkerframework/checker-compat-qual/2.5.5, GPL-2.0-only with Classpath-Exception-2.0, approved, #11598 maven/mavencentral/org.checkerframework/checker-qual/3.33.0, MIT, approved, clearlydefined maven/mavencentral/org.codehaus.woodstox/stax2-api/4.2.1, BSD-2-Clause, approved, #2670 maven/mavencentral/org.eclipse.parsson/parsson/1.1.3, EPL-2.0, approved, ee4j.parsson diff --git a/pom.xml b/pom.xml index c46d8bcb..ff13913e 100644 --- a/pom.xml +++ b/pom.xml @@ -23,11 +23,44 @@ SPDX-License-Identifier: Apache-2.0 xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> 4.0.0 org.eclipse.tractusx.ssi - 0.0.16 + cx-ssi-lib + 0.0.17-SNAPSHOT jar + + cx-ssi-lib + A library for processing verifiable credentials + https://github.com/eclipse-tractusx/SSI-agent-lib - cx-ssi-lib + + + + The Apache Software License, Version 2.0 + https://www.apache.org/licenses/LICENSE-2.0.txt + + + + + + + Abdulrahman Alkoptan + + + Dominik Pinsel + + + Boris Rizov + + + + + + + + scm:git:git://github.com/eclipse-tractusx/SSI-agent-lib.git + scm:git:https://github.com/eclipse-tractusx/SSI-agent-lib.git + https://github.com/eclipse-tractusx/SSI-agent-lib/tree/main + UTF-8 @@ -308,6 +341,108 @@ SPDX-License-Identifier: Apache-2.0 ${delombokSourceDirectory} + + ci-cd + + + + + org.sonatype.plugins + nexus-staging-maven-plugin + 1.6.13 + true + + + ossrh + https://s01.oss.sonatype.org + + ${env.AUTO_RELEASE_AFTER_CLOSE} + + + + + org.apache.maven.plugins + maven-release-plugin + 3.0.1 + + @{project.version} + true + false + ci-cd + deploy + + + + default + + perform + + + + + + org.apache.maven.plugins + maven-gpg-plugin + 3.1.0 + + + sign-artifacts + verify + + sign + + + + --pinentry-mode + loopback + + + + + + + + org.apache.maven.plugins + maven-source-plugin + 2.2.1 + + + attach-sources + + jar-no-fork + + + + + + org.apache.maven.plugins + maven-javadoc-plugin + 2.9.1 + + + attach-javadocs + + jar + + + + + + + @@ -315,23 +450,6 @@ SPDX-License-Identifier: Apache-2.0 jitpack.io https://jitpack.io - - - sonatype-snapshots - - true - - - false - - https://oss.sonatype.org/content/repositories/snapshots - - - - fraunhofer-iais-eis - Fraunhofer IAIS - https://maven.iais.fraunhofer.de/artifactory/eis-ids-public - @@ -350,12 +468,12 @@ SPDX-License-Identifier: Apache-2.0 - - - github - GitHub Packages - https://maven.pkg.github.com/catenax-ng/product-lab-ssi - + + + osshr + Maven Central Snapshots + https://s01.oss.sonatype.org/content/repositories/snapshots + diff --git a/settings.xml b/settings.xml index 0cf8fbf5..362e8631 100644 --- a/settings.xml +++ b/settings.xml @@ -24,11 +24,16 @@ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 http://maven.apache.org/xsd/settings-1.0.0.xsd"> - - github - ${env.GITHUB_PACKAGE_USERNAME} - ${env.GITHUB_PACKAGE_PASSWORD} + ossrh + + ${env.MAVEN_USERNAME} + ${env.MAVEN_PASSWORD} \ No newline at end of file