-
Notifications
You must be signed in to change notification settings - Fork 0
48 lines (46 loc) · 1.77 KB
/
publish-plugin.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
name: Publish
on:
push:
tags:
- "*"
jobs:
gradle:
runs-on: ubuntu-latest
env:
GRADLE_PUBLISH_KEY: ${{ secrets.GRADLE_PUBLISH_KEY }}
GRADLE_PUBLISH_SECRET: ${{ secrets.GRADLE_PUBLISH_SECRET }}
if: ${{ !contains(github.event.head_commit.message, 'ci skip') }}
steps:
- name: Harden Runner
uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 # v2.5.0
with:
egress-policy: audit
- name: Checkout Repo
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
- name: "Setup: Node"
uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3
with:
node-version: 18
- name: "Setup: Yarn"
run: npm install -g yarn@1.22.19 && yarn
- name: Cache Gradle Caches
uses: gradle/gradle-build-action@a4cf152f482c7ca97ef56ead29bf08bcd953284c # v2.7.0
- name: "Setup: Signing Keys"
run: |
cat <(echo -e "${{ secrets.SIGNING_KEY }}") | base64 -d | gpg --batch --import
gpg --list-secret-keys --keyid-format LONG
gpg --export-secret-keys > /home/runner/.gnupg/secring.gpg
- name: Run Gradle tasks
run: ./gradlew preMerge --continue --dependency-verification=lenient
- name: Publish on Plugin Portal
if: success()
run: |
./gradlew \
--info \
--project-dir plugin-build \
--dependency-verification=lenient \
-PenableSigning=true \
-Psigning.keyId=${{ secrets.SIGNING_KEY_ID }} \
-Psigning.password=${{ secrets.SIGNING_KEY_PASSPHRASE }} \
-Psigning.secretKeyRingFile=/home/runner/.gnupg/secring.gpg \
setupPluginUploadFromEnvironment publishPlugins