Merge pull request #43 from welsir/develop #69
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release to Maven Central | |
| on: | |
| workflow_dispatch: | |
| push: | |
| branches: | |
| - master | |
| - develop | |
| - 'release/**' | |
| - 'hotfix/**' | |
| release: | |
| types: [published] | |
| permissions: | |
| contents: read | |
| jobs: | |
| validate-version: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Setup Java | |
| uses: actions/setup-java@v4 | |
| with: | |
| distribution: temurin | |
| java-version: '11' | |
| cache: maven | |
| - name: Validate Version for Branch Type | |
| run: | | |
| # 获取当前分支 | |
| BRANCH_NAME="${GITHUB_REF#refs/heads/}" | |
| echo "Current branch: $BRANCH_NAME" | |
| # 获取当前版本 | |
| VERSION=$(mvn -q -Dexec.executable=echo -Dexec.args='${project.version}' --non-recursive org.codehaus.mojo:exec-maven-plugin:3.5.0:exec) | |
| echo "Project version: $VERSION" | |
| # 检查是否SNAPSHOT版本 | |
| if echo "$VERSION" | grep -qi SNAPSHOT; then | |
| echo "ERROR: version is SNAPSHOT. Please set a non-SNAPSHOT version before releasing." | |
| exit 1 | |
| fi | |
| # 分支版本校验逻辑 | |
| if [[ "$BRANCH_NAME" == "develop" ]] && ! [[ "$VERSION" == *"-alpha"* ]]; then | |
| echo "ERROR: develop分支的版本号必须包含 -alpha 后缀(例如:1.1.0-alpha.1)" | |
| exit 1 | |
| fi | |
| if [[ "$BRANCH_NAME" == release/* ]] && ! [[ "$VERSION" == *"-beta"* ]]; then | |
| echo "ERROR: release分支的版本号必须包含 -beta 后缀(例如:1.1.0-beta.1)" | |
| exit 1 | |
| fi | |
| if [[ "$BRANCH_NAME" == "master" ]] && [[ "$VERSION" == *"-"* ]]; then | |
| echo "ERROR: master分支的版本号必须是正式版本,不能包含 -alpha 或 -beta 后缀" | |
| exit 1 | |
| fi | |
| if [[ "$BRANCH_NAME" == hotfix/* ]] && [[ "$VERSION" == *"-"* ]]; then | |
| echo "ERROR: hotfix分支的版本号必须是正式版本,不能包含 -alpha 或 -beta 后缀" | |
| exit 1 | |
| fi | |
| echo "Version validation passed for branch: $BRANCH_NAME" | |
| publish: | |
| needs: validate-version | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Setup Java 11 | |
| uses: actions/setup-java@v4 | |
| with: | |
| distribution: temurin | |
| java-version: '11' | |
| cache: maven | |
| - name: Import GPG private key | |
| env: | |
| GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }} | |
| run: | | |
| echo "$GPG_PRIVATE_KEY" | gpg --batch --import | |
| gpg --list-secret-keys || true | |
| - name: Create temporary Maven settings.xml | |
| env: | |
| OSSRH_TOKEN_USERNAME: ${{ secrets.OSSRH_TOKEN_USERNAME }} | |
| OSSRH_TOKEN_PASSWORD: ${{ secrets.OSSRH_TOKEN_PASSWORD }} | |
| run: | | |
| mkdir -p ~/.m2 | |
| cat > ~/.m2/settings.xml <<EOF | |
| <settings xmlns="http://maven.apache.org/SETTINGS/1.0.0" | |
| xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | |
| xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 https://maven.apache.org/xsd/settings-1.0.0.xsd"> | |
| <servers> | |
| <server> | |
| <id>ossrh</id> | |
| <username>${OSSRH_TOKEN_USERNAME}</username> | |
| <password>${OSSRH_TOKEN_PASSWORD}</password> | |
| </server> | |
| </servers> | |
| </settings> | |
| EOF | |
| # DEBUG: 检查 settings.xml 内容(替换密码以防泄露) | |
| echo "Generated settings.xml content (sanitized):" | |
| sed 's/<password>.*<\/password>/<password>***<\/password>/' ~/.m2/settings.xml | |
| # 额外检查 username 是否也被正确替换了(只显示前几位) | |
| grep "<username>" ~/.m2/settings.xml | sed 's/<username>\(.\{3\}\).*<\/username>/<username>\1***<\/username>/' | |
| - name: Deploy to Central Portal | |
| run: | | |
| # 强制设置 GPG 终端环境 | |
| export GPG_TTY=$(tty) | |
| mvn -B -U \ | |
| -DskipTests=true \ | |
| -Dgpg.passphrase=${{ secrets.GPG_PASSPHRASE }} \ | |
| -Dgpg.pinentry-mode=loopback \ | |
| clean deploy -e | |
| env: | |
| GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} | |
| OSSRH_TOKEN_USERNAME: ${{ secrets.OSSRH_TOKEN_USERNAME }} | |
| OSSRH_TOKEN_PASSWORD: ${{ secrets.OSSRH_TOKEN_PASSWORD }} |