-
Notifications
You must be signed in to change notification settings - Fork 7
131 lines (111 loc) · 4.42 KB
/
PushSDK.yml
File metadata and controls
131 lines (111 loc) · 4.42 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
name: Release to Maven Central
on:
workflow_dispatch:
push:
branches:
- master
- develop
- 'release/**'
- 'hotfix/**'
release:
types: [published]
permissions:
contents: read
jobs:
validate-version:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup Java
uses: actions/setup-java@v4
with:
distribution: temurin
java-version: '11'
cache: maven
- name: Validate Version for Branch Type
run: |
# 获取当前分支
BRANCH_NAME="${GITHUB_REF#refs/heads/}"
echo "Current branch: $BRANCH_NAME"
# 获取当前版本
VERSION=$(mvn -q -Dexec.executable=echo -Dexec.args='${project.version}' --non-recursive org.codehaus.mojo:exec-maven-plugin:3.5.0:exec)
echo "Project version: $VERSION"
# 检查是否SNAPSHOT版本
if echo "$VERSION" | grep -qi SNAPSHOT; then
echo "ERROR: version is SNAPSHOT. Please set a non-SNAPSHOT version before releasing."
exit 1
fi
# 分支版本校验逻辑
if [[ "$BRANCH_NAME" == "develop" ]] && ! [[ "$VERSION" == *"-alpha"* ]]; then
echo "ERROR: develop分支的版本号必须包含 -alpha 后缀(例如:1.1.0-alpha.1)"
exit 1
fi
if [[ "$BRANCH_NAME" == release/* ]] && ! [[ "$VERSION" == *"-beta"* ]]; then
echo "ERROR: release分支的版本号必须包含 -beta 后缀(例如:1.1.0-beta.1)"
exit 1
fi
if [[ "$BRANCH_NAME" == "master" ]] && [[ "$VERSION" == *"-"* ]]; then
echo "ERROR: master分支的版本号必须是正式版本,不能包含 -alpha 或 -beta 后缀"
exit 1
fi
if [[ "$BRANCH_NAME" == hotfix/* ]] && [[ "$VERSION" == *"-"* ]]; then
echo "ERROR: hotfix分支的版本号必须是正式版本,不能包含 -alpha 或 -beta 后缀"
exit 1
fi
echo "Version validation passed for branch: $BRANCH_NAME"
publish:
needs: validate-version
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup Java 11
uses: actions/setup-java@v4
with:
distribution: temurin
java-version: '11'
cache: maven
- name: Import GPG private key
env:
GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
run: |
echo "$GPG_PRIVATE_KEY" | gpg --batch --import
gpg --list-secret-keys || true
- name: Create temporary Maven settings.xml
env:
OSSRH_TOKEN_USERNAME: ${{ secrets.OSSRH_TOKEN_USERNAME }}
OSSRH_TOKEN_PASSWORD: ${{ secrets.OSSRH_TOKEN_PASSWORD }}
run: |
mkdir -p ~/.m2
cat > ~/.m2/settings.xml <<EOF
<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 https://maven.apache.org/xsd/settings-1.0.0.xsd">
<servers>
<server>
<id>ossrh</id>
<username>${OSSRH_TOKEN_USERNAME}</username>
<password>${OSSRH_TOKEN_PASSWORD}</password>
</server>
</servers>
</settings>
EOF
# DEBUG: 检查 settings.xml 内容(替换密码以防泄露)
echo "Generated settings.xml content (sanitized):"
sed 's/<password>.*<\/password>/<password>***<\/password>/' ~/.m2/settings.xml
# 额外检查 username 是否也被正确替换了(只显示前几位)
grep "<username>" ~/.m2/settings.xml | sed 's/<username>\(.\{3\}\).*<\/username>/<username>\1***<\/username>/'
- name: Deploy to Central Portal
run: |
# 强制设置 GPG 终端环境
export GPG_TTY=$(tty)
mvn -B -U \
-DskipTests=true \
-Dgpg.passphrase=${{ secrets.GPG_PASSPHRASE }} \
-Dgpg.pinentry-mode=loopback \
clean deploy -e
env:
GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
OSSRH_TOKEN_USERNAME: ${{ secrets.OSSRH_TOKEN_USERNAME }}
OSSRH_TOKEN_PASSWORD: ${{ secrets.OSSRH_TOKEN_PASSWORD }}