This project aims to demonstrates building complete CI/CD workflow using GitHub Actions which includes following agenda:
- Automate unit/integration testing
- Validate code formatting
- Add code owners to review code
- Create release drafts and publish them
- Upload artifacts to Sonatype OSSRH and subsequently to Maven Central
- Upload code coverage reports on Codecov.io
- Notify release on Slack
Notes:
-
With following issue, I was able to secure the namespace
com.shivamkapoor
in Sonatype OSSRH (Open Source Software Repository Hosting).
-
Install GnuPG and verify the installation
Refer: https://www.gnupg.org/download/
$ gpg --version gpg (GnuPG/MacGPG2) 2.2.8 libgcrypt 1.8.3 Copyright (C) 2018 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>
-
Generate a key
A key pair allows you to sign artifacts with GPG and users can subsequently validate that artifacts have been signed by you. You can generate a key with:
$ gpg --gen-key
-
List the keys
Once key pair is generated, we can list them along with any other keys installed:
$ gpg --list-keys /home/foo/.gnupg/pubring.gpg ------------------------------ pub rsa4096 2018-08-22 [SC] 1234517530FB96F147C6A146A326F592D39AAAAA uid [ultimate] your name <[email protected]> sub rsa4096 2018-08-22 [E]
-
Distribute the key and verify
Since other people need your public key to verify your files, you have to distribute your public key to a key server:
$ gpg --keyserver keyserver.ubuntu.com --send-keys 1234517530FB96F147C6A146A326F592D39AAAAA $ gpg --keyserver keyserver.ubuntu.com --search-keys '[email protected]'
-
Export secret keys for sbt
$ gpg -a --export-secret-keys > ~/.sbt/gpg/secring.asc
-
Create Sonatype credentials file under
.sbt
and add following to that file:$ cat sonatype_credentials realm=Sonatype Nexus Repository Manager host=s01.oss.sonatype.org user=<your username> password=<your password>
-
Create
sonatype.sbt
and add location to sonatype credentialsThis lets sbt know what credentials to use to access sonatype OSSRH.
$ cat ~/.sbt/1.0/sonatype.sbt credentials += Credentials(Path.userHome / ".sbt" / "sonatype_credentials")
Publish artifacts to nexus repository
$ sbt publishSigned
Note: Versions that end with -SNAPSHOT
will end up in snapshot repository and won't be eligible for release. Other versions would be released to staging repository which are eligible for release to maven central.
In order to release artifacts against a version, go to staging repository, select the repository, close it and then release.
Note: After you successfully release, your component will be available to the public on Central https://repo1.maven.org/maven2/, typically within 30 minutes, though updates to https://search.maven.org can take up to four hours.
Alternatively, you could use sbt-sonatype
plugin to take care of steps above for you, like so:
$ sbt sonatypeRelease