diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 39f16852..29d5634d 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -11,9 +11,9 @@ jobs:
name: build java ${{ matrix.java }}
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Set up java
- uses: actions/setup-java@v3.6.0
+ uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
with:
java-version: ${{ matrix.java }}
distribution: temurin
@@ -21,49 +21,41 @@ jobs:
- name: Build with Maven
run: mvn --settings .mvn/settings.xml -B verify -U --no-transfer-progress
- makeversion:
- if: github.ref != 'refs/heads/main'
+ publish:
needs: build
+ name: Publish ${{ github.ref_name }}
runs-on: ubuntu-latest
- name: Create version
- outputs:
- version: ${{ steps.version.outputs.version }}
steps:
- - name: Decide on build version
- id: version
+ - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+ - name: Set up Java
+ uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
+ with:
+ distribution: temurin
+ java-version: '8'
+ cache: "maven"
+ gpg-private-key: ${{ secrets.MAVEN_CENTRAL_SIGNING_KEY_PRIVATE }}
+ server-id: central
+ server-username: MAVEN_CENTRAL_TOKEN_USERNAME
+ server-password: MAVEN_CENTRAL_TOKEN_PASSWORD
+ gpg-passphrase: MAVEN_GPG_PASSPHRASE
+ - name: Activate Artifact Signing and Version Suffix
run: |
- if [[ $GITHUB_REF == *"tags"* ]]; then
- TAG=${GITHUB_REF#refs/tags/}
+ profiles="build-sources-and-javadoc,deploy-to-maven-central"
+ if [[ "${GITHUB_REF_TYPE}" == "tag" ]]; then
+ profiles="$profiles,sign-artifacts"
+ version_suffix=""
else
- TAG=${GITHUB_REF#refs/heads/}-SNAPSHOT
+ version_suffix="-SNAPSHOT"
fi
- echo "version=${TAG//\//-}" >> $GITHUB_OUTPUT
-
- deploy_snapshot:
- if: startsWith(github.ref, 'refs/heads/')
- needs: makeversion
- runs-on: ubuntu-latest
-
- name: Deploy snapshot
- steps:
- - uses: actions/checkout@v3
- - uses: digipost/action-maven-publish@1.3.2
- with:
- sonatype_secrets: ${{ secrets.sonatype_secrets }}
- release_version: ${{ needs.makeversion.outputs.version }}
- perform_release: false
-
- release:
- if: startsWith(github.ref, 'refs/tags/')
- runs-on: ubuntu-latest
- needs: makeversion
- name: Release to Sonatype
- steps:
- - name: Check out Git repository
- uses: actions/checkout@v3
- - name: Release to Central Repository
- uses: digipost/action-maven-publish@1.3.2
- with:
- sonatype_secrets: ${{ secrets.sonatype_secrets }}
- release_version: ${{ needs.makeversion.outputs.version }}
- perform_release: true
+ echo "MAVEN_PROFILES=$profiles" >> $GITHUB_ENV
+ version="${GITHUB_REF_NAME}${version_suffix}"
+ echo "VERSION=$version" >> $GITHUB_ENV
+ - name: Set Maven version
+ run: mvn --batch-mode --no-transfer-progress versions:set -DnewVersion=${VERSION}
+ - name: Build and deploy to Maven Central
+ run: |
+ mvn --batch-mode --no-transfer-progress --activate-profiles ${MAVEN_PROFILES} deploy
+ env:
+ MAVEN_CENTRAL_TOKEN_USERNAME: ${{ secrets.MAVEN_CENTRAL_TOKEN_USERNAME }}
+ MAVEN_CENTRAL_TOKEN_PASSWORD: ${{ secrets.MAVEN_CENTRAL_TOKEN_PASSWORD }}
+ MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_CENTRAL_SIGNING_KEY_PASSPHRASE }}
diff --git a/.gitignore b/.gitignore
index 91a8ec3a..4d9fbb55 100644
--- a/.gitignore
+++ b/.gitignore
@@ -7,3 +7,4 @@ target
.classpath
dependency-reduced-pom.xml
+.vscode/settings.json
diff --git a/bom/pom.xml b/bom/pom.xml
index 8c037f46..e745d465 100644
--- a/bom/pom.xml
+++ b/bom/pom.xml
@@ -30,7 +30,7 @@
Posten signering - Java API Client BOM
- 3.1.0
+ 3.1.1
@@ -38,7 +38,7 @@
no.digipost
jaxb-resolver-com.sun.xml.bind-bom
- 1.0
+ 1.0.1
pom
import
diff --git a/lib/pom.xml b/lib/pom.xml
index 31598292..8e4bb987 100644
--- a/lib/pom.xml
+++ b/lib/pom.xml
@@ -62,7 +62,7 @@
no.digipost
certificate-validator
- 3.0.5
+ 3.0.6
org.bouncycastle
@@ -148,7 +148,7 @@
no.digipost
digg
- 0.37
+ 0.38
test
@@ -167,7 +167,7 @@
no.digipost
jul-to-slf4j-junit-extension
- 1.0.1
+ 1.0.2
test
@@ -244,7 +244,7 @@
maven-enforcer-plugin
- 3.5.0
+ 3.6.1
diff --git a/pom.xml b/pom.xml
index a7d204d8..6950dc70 100644
--- a/pom.xml
+++ b/pom.xml
@@ -22,7 +22,7 @@
no.digipost
digipost-open-super-pom
- 13
+ 14
no.digipost.signature
@@ -54,7 +54,7 @@
maven-clean-plugin
- 3.4.1
+ 3.5.0