fix: publish to maven central, workflow permission cleanup (#90)

.github/renovate.json

@@ -11,13 +11,19 @@
         "schedule:weekly"
     ],
     "packageRules": [
-        {
-            "matchPackagePatterns": "de.darkatra.bfme2:*",
-            "enabled": false
-        },
         {
             "matchPackagePatterns": "*",
             "allowedVersions": "!/-.+\\.[0-9]+$/"
         }
+    ],
+    "hostRules": [
+        {
+            "hostType": "maven",
+            "matchHost": "https://maven.pkg.github.com/DarkAtra/",
+            "authType": "Bearer",
+            "encrypted": {
+                "token": "wcFMA/xDdHCJBTolAQ/8Cjb5km6Gv8/QLtqDG9cUuMHKLpXCfTYL6uGyyR1sJ2fcr7JNLJVaESN9Bil4Bh8r1klquZREBYvCy9jcO3LmRxCWMKOr449gLVOhD0+HjFjA+1yDLUQYq24xlE8ilcI3nMk+7N5eWMA1ET6TtvMFgLkvJ1fAgKug6XOT6a82wfIr4QrTNv2+rfxMXVrJfELjllPLjz+e5eKZeop4vRXdGjYotJLBuTufygd9IuES2ESBm1SB7LMuLc+6IRUv725HpknKskUnZN4CNT4UUZk9x6j8dVl+EXJObDDxboF1JZv3nDRLxBzDtsYqfkRCzvbvsELDmrHFpyb+I/XB8A+HwvMr9AQIOx4/vcmTVvqVTfFrjfhKwG1Qcn7s9p57mCFD+V5aNMgw9CPgTWVvmve4EQkwkJQfUETpB5HS8hbM9G53bs5tsS1ZzlPs3w/O8vBfyD/h6/tHR3OhKsdVIxsJyTkni9WYmC9lOrjsrRfmwYBuDkHYMHK/j8Vrdvu40oqjBJH7U6bKGZ1EdNzWE9IbK28RENfGlhKrfMHJE+6TI/a42v9A/PVd8BL+ZVw2j683BRX6WNox6pjdvgITAIkPyXhq1sRjN3T5xJEunKPkBeEKGTJnMEqXZclyEZV5QZIuI4wiUJr4NfwyMubtu2Rt+ACts+9zO2HuHFw21m6FutvSdwHMnPigF3GoPJ0SWPWxj7WnbsvV44PQyST55pGM+3ZPfNxK4h1YTAN7PNcxMPKF5NX5wA1Zy7BIPn1s4XjYO8O0WaOFU4pBd5h5xxsz6s62bsixLOrGUh04SGuhPWiIpI4FnY0Q27GYW/BIbnGwfmY2HPGUwvgL"
+            }
+        }
     ]
 }

.github/workflows/build.yml

@@ -1,4 +1,4 @@
-name: Build
+name: Build & Release
 on:
   workflow_dispatch:
   push:
@@ -9,25 +9,31 @@ on:
       - '**/pom.xml'
       - 'pom.xml'
 
+concurrency:
+  group: ci-main
+
 permissions:
-  # used by semantic release
-  contents: write
-  issues: write
-  pull-requests: write
-  # used to publish the jar to github packages
-  packages: write
+  contents: read
 
 jobs:
   build:
     name: Build
     runs-on: ubuntu-latest
+    permissions:
+      # used by semantic release
+      contents: write
+      # used to publish the jar to github packages
+      packages: write
+    outputs:
+      new-release-published: ${{ steps.semantic-release.outputs.new_release_published }}
+      new-release-version: ${{ steps.semantic-release.outputs.new_release_version }}
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v4.1.7
         with:
           fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
 
       - name: Set up JDK 17
-        uses: actions/setup-java@v4
+        uses: actions/setup-java@v4.2.2
         with:
           java-version: '17'
           distribution: 'temurin'
@@ -36,11 +42,51 @@ jobs:
       - name: Run Tests
         run: mvn -B -ntp clean install
 
-      - name: Create new release
-        uses: cycjimmy/semantic-release-action@v3
+      - name: Import GPG key
+        uses: crazy-max/[email protected]
+        with:
+          gpg_private_key: ${{ secrets.OSSRH_GPG_SECRET_KEY }}
+          passphrase: ${{ secrets.OSSRH_GPG_SECRET_KEY_PASSWORD }}
+
+      - id: semantic-release
+        name: Create new Release
+        uses: cycjimmy/[email protected]
         with:
           extra_plugins: |
             @semantic-release/git
             @semantic-release/exec
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          OSSRH_GPG_SECRET_KEY_PASSWORD: ${{ secrets.OSSRH_GPG_SECRET_KEY_PASSWORD }}
+
+  publish-maven-central:
+    name: Publish to Maven Central
+    runs-on: ubuntu-latest
+    needs: build
+    if: needs.build.outputs.new-release-published == 'true'
+    steps:
+      - uses: actions/[email protected]
+
+      - name: Set up JDK 17
+        uses: actions/[email protected]
+        with:
+          java-version: '17'
+          distribution: 'temurin'
+          cache: maven
+          server-id: ossrh
+          server-username: MAVEN_USERNAME
+          server-password: MAVEN_PASSWORD
+
+      - name: Import GPG Key
+        uses: crazy-max/[email protected]
+        with:
+          gpg_private_key: ${{ secrets.OSSRH_GPG_SECRET_KEY }}
+          passphrase: ${{ secrets.OSSRH_GPG_SECRET_KEY_PASSWORD }}
+
+      - name: Publish Package
+        run: |
+          mvn -B -ntp versions:set -DgenerateBackupPoms=false -DnewVersion=${{ needs.build.outputs.new-release-version }}
+          mvn -B -ntp -Psign-with-gpg -Ppublish-ossrh clean deploy -DskipTests -Dgpg.passphrase=${{ secrets.OSSRH_GPG_SECRET_KEY_PASSWORD }}
+        env:
+          MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }}
+          MAVEN_PASSWORD: ${{ secrets.OSSRH_TOKEN }}

.github/workflows/pull-request.yml

@@ -15,8 +15,6 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
-        with:
-          fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
 
       - name: Set up JDK 17
         uses: actions/setup-java@v4

.releaserc.json

@@ -13,7 +13,7 @@
             "@semantic-release/exec",
             {
                 "prepareCmd": "mvn -B -ntp versions:set -DgenerateBackupPoms=false -DnewVersion=${nextRelease.version}",
-                "publishCmd": "mvn -B -ntp clean deploy -DskipTests"
+                "publishCmd": "mvn -B -ntp -Psign-with-gpg clean deploy -DskipTests -Dgpg.passphrase=$OSSRH_GPG_SECRET_KEY_PASSWORD"
             }
         ],
         [
@@ -31,7 +31,9 @@
             "@semantic-release/github",
             {
                 "successComment": false,
-                "releasedLabels": false
+                "releasedLabels": false,
+                "failComment": false,
+                "failTitle": false
             }
         ]
     ]

README.md

@@ -1,13 +1,53 @@
-[![Maven Package](https://github.com/DarkAtra/bfme2-modding-utils/workflows/Maven%20Package/badge.svg)](https://github.com/DarkAtra/bfme2-modding-utils/releases)
+[![Build & Release](https://github.com/DarkAtra/bfme2-modding-utils/actions/workflows/build.yml/badge.svg)](https://github.com/DarkAtra/bfme2-modding-utils/actions/workflows/build.yml)
 
-# About
+# bfme2-modding-utils
+
+## About
 
 This project provides functions to read and write some of EA's file formats, such as:
 
 - [BIG](https://github.com/TheAssemblyArmada/Thyme/wiki/BIG-File-Format)
 - [RefPack](http://wiki.niotso.org/RefPack#Bitstream_specification)
 - Map
 
+## Usage
+
+Add the following dependencies to your `pom.xml` according to your needs:
+
+[//]: # (@formatter:off)
+```xml
+<dependency>
+  <groupId>de.darkatra.bfme2</groupId>
+  <artifactId>big</artifactId>
+  <version>1.0.19</version> <!-- please check if this is the current version -->
+</dependency>
+```
+
+```xml
+<dependency>
+  <groupId>de.darkatra.bfme2</groupId>
+  <artifactId>core</artifactId>
+  <version>1.0.19</version> <!-- please check if this is the current version -->
+</dependency>
+```
+
+```xml
+<dependency>
+  <groupId>de.darkatra.bfme2</groupId>
+  <artifactId>map</artifactId>
+  <version>1.0.19</version> <!-- please check if this is the current version -->
+</dependency>
+```
+
+```xml
+<dependency>
+  <groupId>de.darkatra.bfme2</groupId>
+  <artifactId>refpack</artifactId>
+  <version>1.0.19</version> <!-- please check if this is the current version -->
+</dependency>
+```
+[//]: # (@formatter:on)
+
 ## Build
 
 Clone the project:

pom.xml

@@ -54,8 +54,11 @@
 
         <assertj.version>3.26.3</assertj.version>
         <junit.version>5.11.0</junit.version>
-        <surefire.version>3.4.0</surefire.version>
+
+        <maven-surefire-plugin.version>3.4.0</maven-surefire-plugin.version>
         <maven-source-plugin.version>3.3.1</maven-source-plugin.version>
+        <dokka-maven-plugin.version>1.9.20</dokka-maven-plugin.version>
+        <maven-gpg-plugin.version>3.2.4</maven-gpg-plugin.version>
     </properties>
 
     <dependencyManagement>
@@ -170,15 +173,74 @@
                     </execution>
                 </executions>
             </plugin>
+            <plugin>
+                <groupId>org.jetbrains.dokka</groupId>
+                <artifactId>dokka-maven-plugin</artifactId>
+                <version>${dokka-maven-plugin.version}</version>
+                <executions>
+                    <execution>
+                        <id>attach-javadocs</id>
+                        <phase>package</phase>
+                        <goals>
+                            <goal>javadocJar</goal>
+                        </goals>
+                    </execution>
+                </executions>
+            </plugin>
         </plugins>
         <pluginManagement>
             <plugins>
                 <plugin>
                     <groupId>org.apache.maven.plugins</groupId>
                     <artifactId>maven-surefire-plugin</artifactId>
-                    <version>${surefire.version}</version>
+                    <version>${maven-surefire-plugin.version}</version>
                 </plugin>
             </plugins>
         </pluginManagement>
     </build>
+
+    <profiles>
+        <profile>
+            <id>sign-with-gpg</id>
+            <build>
+                <plugins>
+                    <plugin>
+                        <groupId>org.apache.maven.plugins</groupId>
+                        <artifactId>maven-gpg-plugin</artifactId>
+                        <version>${maven-gpg-plugin.version}</version>
+                        <executions>
+                            <execution>
+                                <id>sign-artifacts</id>
+                                <phase>verify</phase>
+                                <goals>
+                                    <goal>sign</goal>
+                                </goals>
+                            </execution>
+                        </executions>
+                        <configuration>
+                            <keyname>6AC5B1D7</keyname>
+                            <gpgArguments>
+                                <arg>--pinentry-mode</arg>
+                                <arg>loopback</arg>
+                            </gpgArguments>
+                        </configuration>
+                    </plugin>
+                </plugins>
+            </build>
+        </profile>
+
+        <profile>
+            <id>publish-ossrh</id>
+            <distributionManagement>
+                <snapshotRepository>
+                    <id>ossrh</id>
+                    <url>https://s01.oss.sonatype.org/content/repositories/snapshots</url>
+                </snapshotRepository>
+                <repository>
+                    <id>ossrh</id>
+                    <url>https://s01.oss.sonatype.org/service/local/staging/deploy/maven2/</url>
+                </repository>
+            </distributionManagement>
+        </profile>
+    </profiles>
 </project>